lOl Cheat[.]rar

Resubmissions

05-01-2025 11:38

250105-nr4gcasrb1 5

05-01-2025 11:35

250105-np6hxssqgt 7

Sharing

Copy URL

Twitter E-mail

General

Target

lOl Cheat.rar
Size

1.6MB
MD5

f871378b60c0c278671a626d1f0be795
SHA1

1ad82b915d1c1ac73ef0cd7b64b5da34f917d989
SHA256

0486391c3b7fa7320f3582d71a31a418a69ed400bbddbfe8125d1f1ab465f73c
SHA512

96c40a87136688e2846ed913957db198f6d28622763b9e05c01dbface4ffc27553fc7dd909b6bad86c9fe71be9ce0dcb19ba549a929cef2e2ce1729aaabc7d14
SSDEEP

49152:nfKkv5gjc2l+KCyBOxPKZrSonVju2slouxCrv:nfv5kJlB84rbnVjxsl9xWv

Score

5^/10

upx

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/BUTTERCUPMAİN/dControl.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BUTTERCUPMAİN/SkinChanger.exe
unpack002/out.upx

Files

lOl Cheat.rar
.rar
BUTTERCUPMAİN/SkinChanger.exe
.exe windows:6 windows x64 arch:x64

cd9fc83b16b38bbbc61f8fd08719a0c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

urlmon

URLDownloadToFileA

d3d11

D3D11CreateDeviceAndSwapChain

advapi32

RegOpenKeyW
CryptDestroyHash
CryptHashData
CryptCreateHash
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
CryptGetHashParam
LookupPrivilegeValueW
CryptGenRandom
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
OpenThreadToken
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
CryptDestroyKey
RegEnumValueW
CryptReleaseContext
CryptAcquireContextA
CryptImportKey
CryptEncrypt

ws2_32

ntohl
htonl
gethostname
WSACleanup
WSAStartup
recv
WSASetLastError
select
__WSAFDIsSet
sendto
socket
ioctlsocket
send
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
bind
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
WSAGetLastError

crypt32

CertFreeCertificateContext

wldap32

ord60
ord50
ord46
ord211
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord301
ord200
ord143

normaliz

IdnToUnicode
IdnToAscii

ole32

CoUninitialize
CoCreateInstance
CoInitialize

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
UnhandledExceptionFilter
RtlVirtualUnwind
TlsSetValue
TlsGetValue
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlLookupFunctionEntry
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
RaiseException
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
InitializeCriticalSectionEx
GetLastError
DecodePointer
DeleteCriticalSection
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
SetFileAttributesA
GetTickCount64
SetLastError
EnterCriticalSection
LeaveCriticalSection
Sleep
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
FormatMessageA
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetSystemTimeAsFileTime
VirtualFree
GetCurrentProcess
VirtualAlloc
TerminateProcess
InitializeCriticalSection
ResumeThread
CreateProcessW
GetExitCodeProcess
GetSystemInfo
VirtualAllocEx
VirtualFreeEx
GetModuleFileNameW
GetLocaleInfoW
FormatMessageW
LocalFree
GetModuleHandleW
CreateActCtxW
WriteFile
GetTempPathW
CreateFileW
UnmapViewOfFile
DeleteFileW
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetNativeSystemInfo
WaitForSingleObject
DuplicateHandle
GetCurrentThread
ResetEvent
GetTickCount
DeviceIoControl
Thread32Next
Thread32First
GetCurrentThreadId
GetCurrentProcessId
CreateNamedPipeW
TerminateThread
CreateThread
ConnectNamedPipe
WaitForDebugEvent
DebugActiveProcessStop
ContinueDebugEvent
GetExitCodeThread
DebugActiveProcess
DebugSetProcessKillOnExit
CheckRemoteDebuggerPresent
GetProcessId
IsWow64Process
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ReadProcessMemory
CreateRemoteThread
SetThreadContext
VirtualQueryEx
LoadLibraryW
SuspendThread
GetThreadTimes
OpenThread
RtlCaptureContext
GetCPInfo
CompareStringEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
LCMapStringEx
EncodePointer
GetStringTypeW
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
AreFileApisANSI
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
OutputDebugStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetFileSizeEx
HeapReAlloc
SetStdHandle
SetConsoleCtrlHandler
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateDirectoryW
SetCurrentDirectoryW
GetLocaleInfoEx
TryAcquireSRWLockShared
GetProcessHeap
SetEndOfFile
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
WriteConsoleW
GetFileAttributesW
RtlUnwind
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
SwitchToThread
ReleaseSRWLockExclusive
ReleaseSRWLockShared
SetUnhandledExceptionFilter

user32

CreateWindowExW
GetSystemMetrics
RegisterClassExW
ShowWindow
MessageBoxA
LoadIconW
PostQuitMessage
UpdateWindow
UnregisterClassW
DispatchMessageW
PeekMessageW
TranslateMessage
OpenClipboard
CloseClipboard
SetWindowRgn
GetClipboardData
SetClipboardData
GetKeyState
GetDC
MonitorFromWindow
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
ReleaseCapture
SetCursorPos
ReleaseDC
GetCursorPos
SetWindowPos
GetWindowRect
DefWindowProcW
wsprintfW
EmptyClipboard

gdi32

CreateRoundRectRgn
DeleteObject
GetDeviceCaps
CreateRectRgn

shell32

ShellExecuteA

oleaut32

SysFreeString

d3dcompiler_43

D3DCompile

dwmapi

DwmGetColorizationColor
DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

shlwapi

PathFileExistsA
SHDeleteKeyW

Exports

Exports

??0Assembler@asmjit@@QEAA@PEAURuntime@1@@Z
??0CodeGen@asmjit@@QEAA@PEAURuntime@1@@Z
??0HostRuntime@asmjit@@QEAA@XZ
??0JitRuntime@asmjit@@QEAA@XZ
??0Runtime@asmjit@@QEAA@XZ
??0StaticRuntime@asmjit@@QEAA@PEAX_K@Z
??0VMemMgr@asmjit@@QEAA@PEAX@Z
??0X86Assembler@asmjit@@QEAA@PEAURuntime@1@I@Z
??0Zone@asmjit@@QEAA@_K@Z
??1Assembler@asmjit@@UEAA@XZ
??1CodeGen@asmjit@@UEAA@XZ
??1HostRuntime@asmjit@@UEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1Runtime@asmjit@@UEAA@XZ
??1StaticRuntime@asmjit@@UEAA@XZ
??1VMemMgr@asmjit@@QEAA@XZ
??1X86Assembler@asmjit@@UEAA@XZ
??1Zone@asmjit@@QEAA@XZ
??_FVMemMgr@asmjit@@QEAAXXZ
?_alloc@Zone@asmjit@@QEAAPEAX_K@Z
?_emit@X86Assembler@asmjit@@UEAAIIAEBUOperand@2@000@Z
?_grow@Assembler@asmjit@@QEAAI_K@Z
?_grow@PodVectorBase@asmjit@@IEAAI_K0@Z
?_newLabel@Assembler@asmjit@@QEAAIPEAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QEAAPEAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QEAAI_K@Z
?_relocCode@X86Assembler@asmjit@@UEBA_KPEAX_K@Z
?_reserve@Assembler@asmjit@@QEAAI_K@Z
?_reserve@PodVectorBase@asmjit@@IEAAI_K0@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UEAAIII@Z
?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z
?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K@Z
?bind@Assembler@asmjit@@UEAAIAEBULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPEATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPEAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QEAAPEAXPEBX_K@Z
?embed@Assembler@asmjit@@UEAAIPEBXI@Z
?embedLabel@X86Assembler@asmjit@@QEAAIAEBULabel@2@@Z
?emit@Assembler@asmjit@@QEAAII@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@_K@Z
?emit@Assembler@asmjit@@QEAAIIH@Z
?emit@Assembler@asmjit@@QEAAII_K@Z
?flush@HostRuntime@asmjit@@UEAAXPEAX_K@Z
?getCpuInfo@HostRuntime@asmjit@@UEAAPEBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPEBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SA_KXZ
?getPageSize@VMemUtil@asmjit@@SA_KXZ
?getStackAlignment@HostRuntime@asmjit@@UEAAIXZ
?make@Assembler@asmjit@@UEAAPEAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KAEBUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UEAAIPEAX@Z
?release@StaticRuntime@asmjit@@UEAAIPEAX@Z
?release@VMemMgr@asmjit@@QEAAIPEAX@Z
?release@VMemUtil@asmjit@@SAIPEAX_K@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z
?relocCode@Assembler@asmjit@@QEBA_KPEAX_K@Z
?reset@Assembler@asmjit@@QEAAX_N@Z
?reset@PodVectorBase@asmjit@@QEAAX_N@Z
?reset@VMemMgr@asmjit@@QEAAXXZ
?reset@Zone@asmjit@@QEAAX_N@Z
?sdup@Zone@asmjit@@QEAAPEADPEBD@Z
?setArch@X86Assembler@asmjit@@QEAAII@Z
?setError@CodeGen@asmjit@@QEAAIIPEBD@Z
?setErrorHandler@CodeGen@asmjit@@QEAAIPEAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 799KB - Virtual size: 835KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BUTTERCUPMAİN/dControl.exe
.exe windows:5 windows x86 arch:x86

Code Sign

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40
Certificate

Issuer

CN=Sordum Software

Not Before

11-09-2021 21:00

Not After

31-07-2030 21:00

Subject

CN=Sordum Software

Extended Key Usages

ExtKeyUsageCodeSigning

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19-05-2021 05:42

Not After

18-05-2032 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4
Signer

Actual PE Digest

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

cd9fc83b16b38bbbc61f8fd08719a0c7

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

d3d11

advapi32

ws2_32

crypt32

wldap32

normaliz

ole32

kernel32

user32

gdi32

shell32

oleaut32

d3dcompiler_43

dwmapi

imm32

shlwapi

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 457KB - Virtual size: 456KB

.data Size: 799KB - Virtual size: 835KB

.pdata Size: 127KB - Virtual size: 126KB

.rsrc Size: 41KB - Virtual size: 40KB

.reloc Size: 14KB - Virtual size: 13KB

Code Sign

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40Certificate

Extended Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 492KB

UPX1 Size: 262KB - Virtual size: 264KB

.rsrc Size: 57KB - Virtual size: 60KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 56KB - Virtual size: 56KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 457KB - Virtual size: 456KB

.data
Size: 799KB - Virtual size: 835KB

.pdata
Size: 127KB - Virtual size: 126KB

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 14KB - Virtual size: 13KB

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4
Signer

UPX0
Size: - Virtual size: 492KB

UPX1
Size: 262KB - Virtual size: 264KB

.rsrc
Size: 57KB - Virtual size: 60KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 56KB - Virtual size: 56KB