785d71950c369a273ded2c1e4159b0d06bcd9fd63a5eefb2288ba77bbfc2b67d[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

785d71950c369a273ded2c1e4159b0d06bcd9fd63a5eefb2288ba77bbfc2b67d.zip
Size

4.1MB
MD5

ca641de6d4d868a3cefec6201297b6fe
SHA1

b49e0789d1aa4a6a709a6f24480d9bda826bafc9
SHA256

785d71950c369a273ded2c1e4159b0d06bcd9fd63a5eefb2288ba77bbfc2b67d
SHA512

626a948158f27124334b8b5ae8ae90442274611fd35f7fab037c5dc4c1fc329f81f378ff013cd42b72fe8e67a0aa98ab1da9ce21fb0e405e7d2e5bce3b2406d1
SSDEEP

98304:8laK64nKZyjNXQ72MeR3QRc1zO/VgAyEUq6pbYpwwQ4h:8a6nDS23Ec4qAyPq6ZSB

Score

1^/10

Malware Config

Signatures

Files

785d71950c369a273ded2c1e4159b0d06bcd9fd63a5eefb2288ba77bbfc2b67d.zip
.rar

Password: infected
123/7zxa.dll
.dll windows:4 windows x64 arch:x64

Password: infected

1353ce6b26348ac6f792fe77a59eff9d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d
Signer

Actual PE Digest

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringLen
VariantClear
SysAllocStringLen

msvcrt

__dllonexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_purecall
memset
strlen
_initterm
malloc
__CxxFrameHandler
_CxxThrowException
memmove
memcpy
memcmp
free
_onexit

kernel32

GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatusEx
Sleep
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
IsProcessorFeaturePresent
GetLargePageMinimum
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
123/Data/Updater.ex
.exe windows:6 windows x64 arch:x64

Password: infected

894cc25256a891de00b12211d82b7c92

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:71:35:2d:c4:c1:03:b7:0a:e7:25:e9:54:48:63:74
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/05/2023, 00:00

Not After

06/05/2026, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Redwood City,ST=CALIFORNIA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:11:f8:27:d6:a0:b5:14:53:eb:a3:70:67:92:99:66:ff:8a:f3:b7:40:ab:f8:07:f2:8e:21:ae:1e:3e:32:ca:39:87:91:c0:81:64:f2:ba:d4:f3:84:46:e1:25:9d:4e:7d:70:c8:12:34:18:fe:1b:63:fa:e6:ab:a9:6c:ed:81
Signer

Actual PE Digest

a8:11:f8:27:d6:a0:b5:14:53:eb:a3:70:67:92:99:66:ff:8a:f3:b7:40:ab:f8:07:f2:8e:21:ae:1e:3e:32:ca:39:87:91:c0:81:64:f2:ba:d4:f3:84:46:e1:25:9d:4e:7d:70:c8:12:34:18:fe:1b:63:fa:e6:ab:a9:6c:ed:81

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\dev\juno-win_live\build\cefSubProcess\pc64-vc-tool-opt\bin\EACefSubProcess.pdb

Imports

libcef

cef_string_utf8_to_utf16
cef_string_utf16_cmp
cef_string_utf16_clear
cef_string_utf16_set
cef_string_userfree_utf16_free
cef_string_list_alloc
cef_string_list_free
cef_execute_process
cef_api_hash
cef_process_message_create
cef_v8context_get_current_context
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_function
cef_string_map_alloc
cef_string_map_free
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

RtlCaptureContext
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetModuleHandleA

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_purecall
memset
memcpy
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
terminate

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
123/Data/Updater.exe.config
.xml
123/Data/en-US/ActiveXInstallService.adml
.xml
123/Data/en-US/AddRemovePrograms.adml
.xml
123/Data/en-US/AppCompat.adml
.xml
123/Data/en-US/AppXRuntime.adml
.xml
123/Data/en-US/AppxPackageManager.adml
.xml
123/Data/en-US/AttachmentManager.adml
.xml
123/Data/en-US/AuditSettings.adml
.xml
123/Data/en-US/AutoPlay.adml
.xml
123/Data/en-US/Biometrics.adml
.xml
123/Data/en-US/CEIPEnable.adml
.xml
123/Data/en-US/CipherSuiteOrder.adml
.xml
123/Data/en-US/WPN.adml
.xml
123/Data/en-US/Winsrv.adml
.xml
123/Data/en-US/WordWheel.adml
.xml
123/Data/en-US/WorkFolders-Client.adml
.xml
123/Data/en-US/WorkplaceJoin.adml
.xml
123/Data/en-US/wlansvc.adml
.xml
123/Data/en-US/wwansvc.adml
.xml
123/Exlan_setup_v3.1.2.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:58:48:75:0c:af:ae:0c:32:8e:69:3f:4b:7e:96:84
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

11/09/2023, 00:00

Not After

10/09/2026, 23:59

Subject

CN=Ivosight Software Inc.,O=Ivosight Software Inc.,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:ff:3c:e4:a3:81:2c:af:63:37:19:7b:3c:5b:e7:2b:9c:9a:06:fe
Signer

Actual PE Digest

7e:ff:3c:e4:a3:81:2c:af:63:37:19:7b:3c:5b:e7:2b:9c:9a:06:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
123/RarExt.dll
.dll windows:6 windows x64 arch:x64

Password: infected

8a98c04d7afaa78e693918bc54dffff1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:3f:03:50:47:fb:0d:ad:51:57:6c:8f:b7:85:2d:69:19:d2:51:d9:75:55:dd:3a:07:c2:00:de:69:50:2b:22
Signer

Actual PE Digest

67:3f:03:50:47:fb:0d:ad:51:57:6c:8f:b7:85:2d:69:19:d2:51:d9:75:55:dd:3a:07:c2:00:de:69:50:2b:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\WinRAR\rarext\build\64\Release\rarext.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetCurrentProcess
Sleep
SetThreadExecutionState
GetSystemDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetCPInfo
IsDBCSLeadByte
GetLocaleInfoW
GetNumberFormatW
GetTempPathW
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
RtlUnwind
WriteConsoleW
HeapSize
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
QueryPerformanceFrequency
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
FindResourceW
GetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleExW
FoldStringW
GetVersionExW
FindNextFileW
ReadFile
FindFirstFileW
FindClose
DeleteFileW
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
GetDiskFreeSpaceExW
LoadLibraryExW
GetDriveTypeW
CreateDirectoryW
GetFileType
GetFileTime
FlushFileBuffers
GetStdHandle
SetLastError
FreeLibrary
GetFileSize
GetProcAddress
LoadLibraryW
CloseHandle
GetLastError
CreateFileW
SetEndOfFile
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LocalFree
SetFilePointer
SetFileTime
WriteFile
GetEnvironmentStringsW

user32

SetDlgItemTextW
SendMessageW
GetParent
SetWindowTextW
GetDC
ShowWindow
GetDlgItem
InvalidateRect
ReleaseDC
MonitorFromPoint
InsertMenuItemW
DestroyWindow
EqualRect
SetWindowLongPtrW
CreatePopupMenu
GetMonitorInfoW
SendDlgItemMessageW
GetSysColor
AppendMenuW
LoadImageW
GetCursorPos
BeginPaint
EndPaint
CopyImage
EnumDisplayMonitors
CreateWindowExW
MapWindowPoints
LoadCursorW
SetCursor
CharUpperW
CharLowerW
OemToCharBuffA
LoadStringW
SetWindowLongW
SetMenuItemInfoW
GetWindowLongW
GetClassNameW
GetWindow
GetSystemMetrics
SetWindowPos
GetWindowLongPtrW
GetClientRect
GetWindowRect
OemToCharA

gdi32

SetPixel
GetPixel
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
DeleteDC
GetObjectW
SetTextColor
DeleteObject
LineTo
MoveToEx
CreatePen
CreateFontW
GetTextMetricsW
GetTextFaceW
SelectObject
TextOutW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW
DragQueryFileW

ole32

CoTaskMemFree
ReleaseStgMedium
CoSetProxyBlanket
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

SHStrDupW

comctl32

ord8
DestroyPropertySheetPage
CreatePropertySheetPageW

msimg32

GradientFill

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
123/fonts/TwemojiMozilla.ttf
123/psmachine.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Password: infected

e6629031f9cd4202b6dd6d82c41db3c4

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:98:2f:dd:f0:6e:93:e9:11:06:5d:03:7d:4d:d4:82
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/05/2024, 00:00

Not After

06/08/2027, 23:59

Subject

CN=Brave Software\, Inc.,O=Brave Software\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:f7:2b:ff:51:cf:d1:2d:96:67:df:77:2a:31:9b:c1:c4:0b:85:43:05:d3:e7:52:ca:11:79:da:7f:4b:5e:aa
Signer

Actual PE Digest

dd:f7:2b:ff:51:cf:d1:2d:96:67:df:77:2a:31:9b:c1:c4:0b:85:43:05:d3:e7:52:ca:11:79:da:7f:4b:5e:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

psmachine_unsigned.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegEnumValueW
RegQueryValueExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetSecurityDescriptorGroup
GetSidSubAuthority
GetSidLengthRequired
SetNamedSecurityInfoW
GetSecurityDescriptorControl
CopySid
InitializeSid
GetSecurityDescriptorOwner
IsValidSid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD

kernel32

GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
LCMapStringW
GetModuleHandleExW
TlsFree
TlsSetValue
GetCommandLineA
TlsAlloc
InterlockedFlushSList
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetStdHandle
IsDebuggerPresent
ExitProcess
VirtualQuery
GetSystemDirectoryW
lstrcmpW
GetLocalTime
OutputDebugStringW
GetFileInformationByHandle
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetFilePointerEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
InitializeCriticalSectionEx
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
GetLastError
MultiByteToWideChar
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
GetThreadLocale
GetModuleFileNameW
lstrcpynW
lstrlenW
EnterCriticalSection
HeapFree
SetThreadLocale
SizeofResource
GetCPInfo
TlsGetValue
TryEnterCriticalSection
InitializeCriticalSection
CreateMutexW
WaitForSingleObject
ReleaseMutex
Sleep
CloseHandle
GetTickCount
SetLastError
FindNextFileW
GetCurrentProcess
FindClose
GetFileAttributesExW
LockResource
FindResourceExW
GetVersionExW
VerSetConditionMask
GetCurrentProcessId
VerifyVersionInfoW
TerminateProcess
CreateDirectoryW
WriteFile
SetFilePointer
CreateFileW
MoveFileExW
GetSystemTimeAsFileTime
FlushFileBuffers
WideCharToMultiByte
GetPrivateProfileIntW
OutputDebugStringA
GetEnvironmentVariableW
GetCurrentThreadId

ole32

IIDFromString
CoGetStdMarshalEx
CoRegisterPSClsid
CoTaskMemRealloc
WriteClassStm
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
ReadClassStm
OleSaveToStream

oleaut32

BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserFree
BSTR_UserSize
LoadRegTypeLi
VariantInit
LoadTypeLi
SysFreeString
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
VariantClear
SysStringLen

user32

MessageBoxW
wvsprintfW
wsprintfW
EmptyClipboard
OpenClipboard
SetClipboardData
CloseClipboard
CharNextW
CharLowerW
CharUpperW

netapi32

NetGetJoinInformation
NetApiBufferFree

shlwapi

PathAppendW
PathCanonicalizeW
SHQueryValueExW
PathRemoveFileSpecW
PathStripPathW
PathRemoveExtensionW

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect

shell32

SHGetFolderPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 355B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
123/psmachine_arm64.dll

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

1353ce6b26348ac6f792fe77a59eff9d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8dSigner

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 23KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

894cc25256a891de00b12211d82b7c92

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:71:35:2d:c4:c1:03:b7:0a:e7:25:e9:54:48:63:74Certificate

Extended Key Usages

Key Usages

a8:11:f8:27:d6:a0:b5:14:53:eb:a3:70:67:92:99:66:ff:8a:f3:b7:40:ab:f8:07:f2:8e:21:ae:1e:3e:32:ca:39:87:91:c0:81:64:f2:ba:d4:f3:84:46:e1:25:9d:4e:7d:70:c8:12:34:18:fe:1b:63:fa:e6:ab:a9:6c:ed:81Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcef

msvcp140

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 23KB - Virtual size: 24KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d
Signer

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 23KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:71:35:2d:c4:c1:03:b7:0a:e7:25:e9:54:48:63:74
Certificate

a8:11:f8:27:d6:a0:b5:14:53:eb:a3:70:67:92:99:66:ff:8a:f3:b7:40:ab:f8:07:f2:8e:21:ae:1e:3e:32:ca:39:87:91:c0:81:64:f2:ba:d4:f3:84:46:e1:25:9d:4e:7d:70:c8:12:34:18:fe:1b:63:fa:e6:ab:a9:6c:ed:81
Signer

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 23KB - Virtual size: 24KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

94:58:48:75:0c:af:ae:0c:32:8e:69:3f:4b:7e:96:84
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

7e:ff:3c:e4:a3:81:2c:af:63:37:19:7b:3c:5b:e7:2b:9c:9a:06:fe
Signer

.text
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 512B - Virtual size: 12B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

67:3f:03:50:47:fb:0d:ad:51:57:6c:8f:b7:85:2d:69:19:d2:51:d9:75:55:dd:3a:07:c2:00:de:69:50:2b:22
Signer

.text
Size: 398KB - Virtual size: 397KB