MZ Header

Rich Header

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Packer / Compiler

Sections

Data Directory

TLS

StringTable 040904b0

VS_FIXEDFILEINFO

Signers (1)

issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2011
serial: 330000018B4CB8EB9D8F8AC0E900000000018B

Certificates (2)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:01:8b:4c:b8:eb:9d:8f:8a:c0:e9:00:00:00:00:01:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011
        Validity
            Not Before: Mar  4 18:39:51 2020 GMT
            Not After : Mar  3 18:39:51 2021 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:9b:25:ac:60:84:d2:f7:88:e9:0b:d8:40:2c:77:
                    e3:db:88:80:79:11:b2:18:f4:ad:59:af:d1:fd:c7:
                    8d:54:e3:c1:e5:7e:0b:a6:17:cf:3a:58:79:16:25:
                    31:c6:40:ec:0c:2e:d3:8b:8b:fb:a1:22:fd:00:7a:
                    4f:57:96:7f:f5:8c:2c:33:63:9c:d0:80:f1:a3:aa:
                    ec:66:7a:75:ca:05:a2:65:e3:84:70:14:5f:37:c1:
                    62:5f:01:26:41:21:69:5d:34:90:42:b6:46:24:35:
                    11:eb:c8:5f:f8:7f:f4:6e:36:81:c3:8a:fd:9d:28:
                    2c:b1:2b:68:45:af:0c:7f:ce:10:39:99:02:c3:22:
                    03:3a:8e:40:fe:e0:4b:c2:32:80:5a:ce:f5:6a:02:
                    05:64:01:97:d0:e0:0d:45:f0:7f:31:a2:a3:5f:a1:
                    e9:c8:58:2e:dc:9c:c0:cd:c8:8c:e7:a4:0f:fa:d0:
                    94:91:48:64:36:cf:4c:d9:8f:e5:c1:d6:56:e7:8a:
                    85:d5:32:c6:59:90:9a:c6:b2:14:7c:87:73:42:34:
                    24:98:f8:9e:bb:00:c0:b5:3e:57:db:87:9e:68:92:
                    12:1e:05:5d:2f:d8:ff:0c:ef:30:36:e3:5d:83:db:
                    34:b9:37:35:50:4f:37:8e:3b:f6:ba:e9:84:ae:22:
                    03:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                1.3.6.1.4.1.311.10.3.21, Code Signing
            X509v3 Subject Key Identifier: 
                30:6F:C8:9C:B5:D8:91:47:64:07:3E:21:D9:36:A1:1E:4F:19:A5:2C
            X509v3 Subject Alternative Name: 
                DirName:/OU=Microsoft Ireland Operations Limited/serialNumber=230217+458425
            X509v3 Authority Key Identifier: 
                keyid:48:6E:64:E5:50:05:D3:82:AA:17:37:37:22:B5:6D:A8:CA:75:02:95

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         21:94:a8:e7:20:08:df:9c:72:0f:52:78:01:a6:24:ad:e2:21:
         e6:e7:44:b3:3f:7d:1a:4d:a4:81:f8:c0:08:39:8f:a2:30:a0:
         a3:97:02:e3:d5:9b:39:e0:dd:4c:23:92:0f:1c:87:c1:3b:79:
         fc:b2:c7:ac:b0:de:da:a1:2b:48:d7:87:30:d3:b1:20:57:b5:
         c1:a2:2f:8c:f5:05:0a:4a:82:0b:4f:9e:7d:8e:f9:2a:fb:44:
         e8:6a:18:26:c7:82:27:15:4b:2e:43:c1:f3:9c:99:59:4d:c0:
         ac:a6:c2:5d:65:ff:d5:86:4a:b5:6e:17:67:6b:0b:5d:ab:a3:
         bc:de:ff:d5:02:82:67:48:1e:9a:7a:98:73:50:f9:39:a8:76:
         7e:c3:64:b2:22:44:ba:a8:00:3a:df:3b:4b:cb:7b:fc:df:37:
         76:25:a7:f0:72:19:de:68:e7:dd:e0:39:ed:ef:60:cc:4f:8f:
         28:df:2a:d9:66:31:c6:5b:8e:33:a0:a2:8b:77:a8:09:ea:25:
         14:50:3a:64:aa:2b:02:4a:a0:e3:d0:4a:c9:b3:36:99:80:8f:
         0a:fd:97:92:f4:bf:e6:30:af:63:3c:44:dd:3f:36:7a:34:3a:
         e3:91:8a:b8:ba:09:bb:dd:33:68:5f:fe:84:fa:53:de:76:d1:
         5e:97:88:01:11:e5:90:3b:62:3c:4e:98:68:90:c0:6f:b9:ed:
         e9:89:af:b7:16:82:1b:b2:b7:12:2c:3d:4e:b6:d8:b5:22:17:
         eb:5e:4c:7b:5f:67:46:31:06:fc:bf:53:55:ab:dd:57:3d:81:
         e2:56:80:73:d4:c7:7f:1b:5c:67:89:4b:a3:3d:52:e9:a7:b8:
         2e:e5:c3:4f:67:50:82:c5:fe:12:4b:ea:f1:9b:0a:ae:d8:50:
         9e:ef:78:bd:e4:ce:fb:1e:47:56:17:95:90:6a:98:39:eb:13:
         61:e0:c2:5a:0e:6b:0a:9c:e8:8c:df:3b:7e:90:f4:84:fb:c5:
         23:85:76:77:ff:fc:39:8c:26:16:1a:73:05:d3:7c:35:f9:ce:
         a8:5b:98:8f:99:62:41:5e:1c:7e:b6:9f:40:f9:b1:f8:cb:34:
         bb:78:4f:a5:a7:a7:89:15:63:3e:a1:70:f6:75:00:76:76:4d:
         69:49:c2:ed:59:2e:f8:2d:a2:fa:7e:e5:63:90:b5:b2:53:b6:
         00:8d:42:27:a2:30:01:f1:87:01:ec:b2:0b:77:1f:ce:cf:c9:
         82:46:37:20:c1:de:dd:d6:15:a3:9f:9e:36:bb:bb:7c:10:7e:
         44:24:80:2e:eb:16:54:18:e3:34:90:1c:29:a2:de:f2:51:1a:
         65:29:2b:78:d6:61:83:a7

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:0e:90:d2:00:00:00:00:00:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
        Validity
            Not Before: Jul  8 20:59:09 2011 GMT
            Not After : Jul  8 21:09:09 2026 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:ab:f0:fa:72:10:1c:2e:ad:d8:6e:aa:82:10:4d:
                    34:ba:f2:b6:58:21:9f:42:1b:2a:6b:e9:5a:50:aa:
                    b8:06:38:1a:04:49:ba:7f:c3:0c:1e:dd:37:6b:c6:
                    12:d8:0b:f0:38:c2:99:06:b0:c8:39:d5:01:14:31:
                    42:d3:89:0d:79:64:87:7e:94:60:24:6c:af:9e:49:
                    9c:e9:68:5e:d2:df:9b:53:b2:0a:2c:c3:af:d9:a9:
                    2b:ae:7a:09:af:d7:96:59:ca:60:1a:05:e9:66:76:
                    e8:32:52:26:12:2f:e7:ab:08:50:cf:b3:44:b7:5d:
                    d8:c4:2e:03:75:ab:68:f3:cb:6d:f3:3a:5c:a1:16:
                    f4:46:ba:e0:38:64:ac:6e:64:35:78:a6:a0:63:0f:
                    2d:d3:40:93:f8:e3:de:07:0d:d5:5c:79:a5:49:29:
                    e7:0d:be:a0:13:77:be:94:3d:ef:fb:e3:2b:5a:10:
                    1f:4d:56:28:a2:7a:72:e0:12:3a:b7:49:5e:d8:ed:
                    ed:43:91:83:d9:7b:b2:7b:86:1b:d9:3e:b1:8c:5d:
                    e8:89:4f:84:1a:f2:a1:2f:59:e4:90:3b:2d:ae:33:
                    58:c5:b7:3e:fe:32:d3:b3:03:3d:b1:b2:af:92:38:
                    7e:d2:9d:80:2c:f5:4e:56:91:21:35:25:c3:39:6e:
                    64:7f:53:ba:9c:0f:ad:19:23:84:cb:f4:ba:03:86:
                    8d:f7:5f:f0:d0:52:bf:8c:94:87:bc:c0:21:74:25:
                    5f:18:28:b6:cc:27:28:38:25:98:39:4a:36:cf:7c:
                    b1:92:ae:1c:23:a7:a9:66:ec:61:1f:6a:e1:28:49:
                    9d:5f:88:e2:25:5d:d3:21:4b:3e:52:c4:b5:57:3f:
                    24:03:f0:d1:7a:5b:2f:d5:23:e3:70:5d:0f:51:46:
                    77:b3:f8:00:e1:bc:ac:02:82:5f:db:c0:15:b3:bd:
                    1b:d4:55:4b:e7:39:a1:0f:e9:23:49:bc:18:b8:44:
                    7c:45:e4:c1:c3:72:7a:e0:72:e7:24:df:bf:46:99:
                    c5:ef:c2:1c:57:db:83:8d:ec:4d:49:30:a7:ab:8e:
                    df:ec:5b:9f:af:fc:dd:b0:66:e2:c1:97:81:7b:ed:
                    d6:ed:4b:e7:49:29:a7:13:28:a6:a7:7d:67:80:e6:
                    8a:62:78:5f:b2:2f:84:d7:57:9c:5c:bf:77:28:28:
                    f1:ed:6d:c3:28:8f:2c:8f:40:37:4f:c1:e1:85:44:
                    89:c4:09:4c:c5:d4:a5:43:2f:74:95:f7:6e:f8:78:
                    20:58:2c:13:5d:60:95:9a:3e:4f:33:84:da:b0:88:
                    17:de:9e:4e:f4:96:b0:bc:46:a0:6c:98:d2:e0:d6:
                    88:8c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.1.311.21.1: 
                ...
            X509v3 Subject Key Identifier: 
                48:6E:64:E5:50:05:D3:82:AA:17:37:37:22:B5:6D:A8:CA:75:02:95
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                keyid:72:2D:3A:02:31:90:43:B9:14:05:4E:E1:EA:A7:C7:31:D1:23:89:34

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt

            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.311.46.3
                  CPS: http://www.microsoft.com/pkiops/docs/primarycps.htm
                  User Notice:
                    Explicit Text:  

    Signature Algorithm: sha256WithRSAEncryption
         67:f2:86:a5:98:e0:54:79:1a:2e:d3:d8:74:67:22:9b:0b:96:
         11:e1:63:92:99:42:96:7d:d2:79:0c:90:c1:65:5f:2e:2c:3e:
         f8:c3:72:d1:6d:83:fe:be:3f:e8:0a:ca:3b:bf:47:a9:a3:f3:
         69:db:63:bf:22:35:a5:97:5d:65:84:90:7d:8b:46:50:55:d8:
         0c:92:7c:d2:1a:4b:1c:f3:3c:42:8b:52:d0:b0:fd:6b:e3:3e:
         07:2e:29:9b:e6:3d:1b:a5:d4:b5:1d:77:94:39:e2:e9:64:c9:
         44:3d:78:7a:23:f3:13:7d:a6:90:74:83:8d:f4:cb:26:02:46:
         2a:c2:8a:10:bb:a4:a9:05:0c:9b:ed:68:fa:68:2e:95:a0:2a:
         3f:2a:6b:58:49:63:1f:09:69:6e:5a:98:96:e4:83:f4:c0:8f:
         f3:46:2b:de:fc:3b:d0:bd:35:ef:6e:25:ae:e5:af:27:ed:d0:
         dd:f3:0e:af:99:28:97:98:4d:0e:3d:0b:f2:08:89:d6:1f:c3:
         32:18:e2:f0:c5:2d:ce:5b:9e:b4:49:39:0a:c6:0a:c2:c6:ad:
         ae:e5:b2:d9:db:15:88:51:45:58:38:32:71:27:1a:7f:b1:f4:
         27:f8:de:2c:3a:20:69:98:b2:59:89:68:6e:6f:a7:b7:74:c3:
         40:05:06:a6:01:2a:28:3e:82:3f:13:4d:66:0b:c0:b3:4d:f5:
         e1:8f:7f:1c:6f:15:7d:45:a7:76:e5:40:2a:65:a3:c3:5d:52:
         62:86:c3:1d:63:36:97:86:df:da:f3:f8:f2:16:a1:9a:27:e1:
         cd:a5:97:d0:ee:5d:63:41:e3:5b:07:9c:87:3e:06:77:06:d1:
         06:b1:75:1f:14:be:61:61:b5:f0:dc:c6:1b:04:be:df:41:c7:
         0e:28:ee:de:65:2f:ec:97:f6:a1:5c:96:d8:00:d6:a1:46:bd:
         59:f3:97:a5:09:4b:48:10:99:80:1f:d0:00:29:c5:b1:9b:a5:
         3f:45:77:1e:35:c6:d2:a2:a2:9f:7a:7a:22:fa:48:95:1f:ab:
         fb:47:23:80:f5:9e:f8:bf:6b:b7:4b:97:e2:eb:75:78:1a:ec:
         ea:37:99:79:18:4b:ff:d6:b3:23:68:75:e6:af:fa:fc:8b:eb:
         0b:80:ea:69:3b:af:fc:30:ed:04:4c:8e:df:df:75:6d:63:91:
         3d:d1:9d:56:4e:4f:bf:80:57:22:a1:78:11:32:21:7a:ef:41:
         0a:b1:3f:fb:a8:cc:a4:5d:c1:a1:88:9b:57:71:56:4e:48:45:
         c0:42:c9:9b:76:5b:0a:80:48:6b:fd:79:9f:c1:bd:6d:6d:6a:
         c9:52:73:13:0d:7a:50:cd

Cannot convert into OpenSSL::BN

offsetsizetypecomment
01817088EXE06/02/2020 16:50:34#
1bba0011032PKCS7Authenticode Signature#
Path = .rsrc/0/B/102
Size = 1623765
Packed Size = 1623765
--
Path = .rsrc/0/B/102
Type = lzma

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
                    .....      8514064      1623765  102~
------------------- ----- ------------ ------------  ------------------------
                               8514064      1623765  1 files, 0 folders
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

[?] can't find file_offset of VA 0x243c0