quarantine[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

quarantine.7z
Size

4.7MB
MD5

986fe9a6e87749f8f19260e66d0b8c75
SHA1

a63da135100b3ccc31af1c2671a2a424569dcfd7
SHA256

dc4ad0f2c1cd5d827404926ee01e96b5fa78f21f23abd67f33194247547133f4
SHA512

3aa4ec8b5db3ee088745bf0a414ed72a318dddfa8c26a351d50058f3bbec77740d316dc714ffeedb565d6c0072e1d86e9d4365773ceac914e334cf68583637d4
SSDEEP

98304:qZn2QpBTD2uyley/mH2Ee9i/desK7xjmS9WhsWF5g5ks5YLdrlbUwh:qkQpBTCLj/mu4/deJgSIhsUg52LDowh

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/quarantine/FydOzyQ.exe	net_reactor
static1/unpack001/quarantine/mAtJWNv.exe	net_reactor

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/quarantine/DVaKyq7.exe
unpack001/quarantine/FydOzyQ.exe
unpack001/quarantine/mAtJWNv.exe
unpack001/quarantine/uW8i508.exe

Files

quarantine.7z
.7z
quarantine/27JinXS.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2020, 00:00

Not After

18/03/2045, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:4e:42:17:a1:29:7f:ed:5a:cc:d4:17:f8:91:ad:75
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

19/06/2024, 03:25

Not After

28/07/2038, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:dc:82:42:d9:5e:fe:b4:b3:26:95:2a
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/07/2023, 15:07

Not After

11/07/2026, 15:07

Subject

CN=Zive\, Inc.,O=Zive\, Inc.,L=Stamford,ST=Connecticut,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:a9:f0:7e:92:ed:5d:ca:b0:99:3c:0f:08:d3:12:7e:16:16:7a:bf:9b:1e:f0:74:46:4f:54:87:18:60:7a:bd
Signer

Actual PE Digest

1a:a9:f0:7e:92:ed:5d:ca:b0:99:3c:0f:08:d3:12:7e:16:16:7a:bf:9b:1e:f0:74:46:4f:54:87:18:60:7a:bd

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 181KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kjgkbaxb
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uahvpwcs
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/DVaKyq7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.css
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/FydOzyQ.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.css
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/mAtJWNv.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.css
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/systemPTI.exe
.exe windows:4 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Code Sign

33:00:41:01:c7:57:69:43:f4:75:a2:81:d1:00:01:00:41:01:c7
Certificate

Issuer

CN=Microsoft Marketplace CA G 027,OU=EOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/12/2024, 17:35

Not After

13/12/2024, 17:35

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment

61:12:44:a2:00:00:00:00:00:02
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/03/2011, 21:09

Not After

28/03/2031, 21:19

Subject

CN=Microsoft MarketPlace PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:5a:16:d7:4e:26:9f:01:2b:d4:00:00:00:00:00:5a
Certificate

Issuer

CN=Microsoft MarketPlace PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/04/2024, 17:45

Not After

11/04/2029, 17:45

Subject

CN=Microsoft Marketplace CA G 027,OU=EOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

06:fc:a5:dd:4d:2f:a4:4e:04:cc:7a:60:da:b2:24:83:59:d9:ec:a5:c7:38:28:00:5a:f6:61:6b:6a:47:18:c6
Signer

Actual PE Digest

06:fc:a5:dd:4d:2f:a4:4e:04:cc:7a:60:da:b2:24:83:59:d9:ec:a5:c7:38:28:00:5a:f6:61:6b:6a:47:18:c6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mpihbipn
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nxdojhvo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/uW8i508.exe
.exe windows:6 windows x86 arch:x86

2d2cebf631907d5f515ee5ed695548dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\AdminC6\Workspace\1741568240\Project\Debug\Project.pdb

Imports

pdh

PdhComputeCounterStatistics
PdhBrowseCountersHW
PdhCollectQueryDataEx
PdhCloseLog
PdhBrowseCountersW
PdhCollectQueryDataWithTime
PdhCalculateCounterFromRawValue
PdhCloseQuery
PdhCollectQueryData

kernel32

CloseHandle
DecodePointer
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
HeapQueryInformation
HeapSize
HeapReAlloc
LCMapStringW
GetStdHandle
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFullPathNameW
GetTempFileNameW
ReadFile
WriteFile
DebugBreak
DebugActiveProcess
DebugActiveProcessStop
RaiseException
GetLastError
AddVectoredExceptionHandler
GetProcessHeap
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
OpenMutexW
OpenEventW
SetWaitableTimer
Sleep
CreateSemaphoreW
CreateWaitableTimerW
GetCurrentProcess
GetCurrentProcessId
CreateThread
CreateRemoteThread
GetCurrentThreadId
CreateProcessW
GetSystemDirectoryA
GetSystemDirectoryW
VirtualProtect
OpenFileMappingW
CreateTimerQueue
CreateTimerQueueTimer
ReleaseMutexWhenCallbackReturns
OpenJobObjectW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
AddSIDToBoundaryDescriptor
DebugSetProcessKillOnExit
DebugBreakProcess
CreateTapePartition
GetTapeStatus
OpenFile
AddAtomW
CopyFileW
SetVolumeLabelW
SetVolumeMountPointW
DeactivateActCtx
OpenFileById
SetUserGeoID
ReadConsoleInputW
ReadConsoleW
ReadConsoleOutputCharacterW
ReadConsoleOutputAttribute
ReadConsoleOutputW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
SetConsoleCtrlHandler
WriteConsoleW
OutputDebugStringW
GetFileType
GetCommandLineA
GetSystemInfo
HeapValidate
ExitProcess
GetModuleHandleExW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
GetProcAddress
FreeLibrary
VirtualQuery
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

LoadCursorW
SetWindowsHookExW
SetWindowLongW
ClientToScreen
GetCursorPos
MessageBoxW
AdjustWindowRectEx
AdjustWindowRect
SetWindowTextW
SetWindowRgn
SetMenuItemInfoW
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetActiveWindow
CharUpperW
AddClipboardFormatListener
OpenClipboard
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
GetDlgItem
SetWindowPos
OpenIcon
SendMessageW
SetUserObjectInformationW
OpenInputDesktop
OpenDesktopW
ActivateKeyboardLayout
wsprintfW
LoadIconW
SetWindowPlacement

winspool.drv

AddPrintProvidorW
AddPrinterConnectionW
AddPortW
AddMonitorW
AddFormW
AddJobW
AbortPrinter
AddPrintProcessorW
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterW

Sections

.textbss
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.supl
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2eabe9054cad5152567f0699947a2c5b

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

81:4e:42:17:a1:29:7f:ed:5a:cc:d4:17:f8:91:ad:75Certificate

Extended Key Usages

Key Usages

5b:dc:82:42:d9:5e:fe:b4:b3:26:95:2aCertificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1a:a9:f0:7e:92:ed:5d:ca:b0:99:3c:0f:08:d3:12:7e:16:16:7a:bf:9b:1e:f0:74:46:4f:54:87:18:60:7a:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

Size: 181KB - Virtual size: 432KB

.rsrc Size: 1024B - Virtual size: 904B

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 2.6MB

kjgkbaxb Size: 1.6MB - Virtual size: 1.6MB

uahvpwcs Size: 1024B - Virtual size: 4KB

.taggant Size: 8KB - Virtual size: 12KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.css Size: 329KB - Virtual size: 329KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 201KB - Virtual size: 200KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

.css Size: 329KB - Virtual size: 329KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 201KB - Virtual size: 200KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

.css Size: 147KB - Virtual size: 147KB

2eabe9054cad5152567f0699947a2c5b

Code Sign

33:00:41:01:c7:57:69:43:f4:75:a2:81:d1:00:01:00:41:01:c7Certificate

Extended Key Usages

Key Usages

61:12:44:a2:00:00:00:00:00:02Certificate

Key Usages

33:00:00:00:5a:16:d7:4e:26:9f:01:2b:d4:00:00:00:00:00:5aCertificate

Key Usages

01Certificate

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

81:4e:42:17:a1:29:7f:ed:5a:cc:d4:17:f8:91:ad:75
Certificate

5b:dc:82:42:d9:5e:fe:b4:b3:26:95:2a
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:a9:f0:7e:92:ed:5d:ca:b0:99:3c:0f:08:d3:12:7e:16:16:7a:bf:9b:1e:f0:74:46:4f:54:87:18:60:7a:bd
Signer

.rsrc
Size: 1024B - Virtual size: 904B

.idata
Size: 512B - Virtual size: 4KB

kjgkbaxb
Size: 1.6MB - Virtual size: 1.6MB

uahvpwcs
Size: 1024B - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 12KB

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.css
Size: 329KB - Virtual size: 329KB

.text
Size: 201KB - Virtual size: 200KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.css
Size: 329KB - Virtual size: 329KB

.text
Size: 201KB - Virtual size: 200KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.css
Size: 147KB - Virtual size: 147KB

33:00:41:01:c7:57:69:43:f4:75:a2:81:d1:00:01:00:41:01:c7
Certificate

61:12:44:a2:00:00:00:00:00:02
Certificate

33:00:00:00:5a:16:d7:4e:26:9f:01:2b:d4:00:00:00:00:00:5a
Certificate

01
Certificate

06:fc:a5:dd:4d:2f:a4:4e:04:cc:7a:60:da:b2:24:83:59:d9:ec:a5:c7:38:28:00:5a:f6:61:6b:6a:47:18:c6
Signer

.rsrc
Size: 512B - Virtual size: 496B

.idata
Size: 512B - Virtual size: 4KB

mpihbipn
Size: 1.6MB - Virtual size: 1.6MB

nxdojhvo
Size: 1024B - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 12KB

.textbss
Size: - Virtual size: 2.1MB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 11KB - Virtual size: 16KB

.idata
Size: 6KB - Virtual size: 6KB

.supl
Size: 512B - Virtual size: 270B

.reloc
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 143KB - Virtual size: 143KB