eb46d04a56c9abe5e07d96ae82372154c7a499f25f083eb23cf184afad5fd79b

info
MZ
PE
resources
imports
foremost
7zip
signature
hexdump
disasm
log
discuss
donate

filename	eb46d04a56c9abe5e07d96ae82372154c7a499f25f083eb23cf184afad5fd79b
size	20240944 (0x134da30)
md5	1b173707bded1220efe27b3aaaf69e67

type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xd8

Rich Header

lib id	version	times used
95	4035	2
1	0	155
93	4035	17
48	9044	10
6	1735	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	5
TimeDateStamp	0x4b1ae3c1
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10f
Magic	0x10b
LinkerVersion	6.0
SizeOfCode	0x5a00
SizeOfInitializedData	0x1d400
SizeOfUninitializedData	0x400
AddressOfEntryPoint	0x30cb
BaseOfCode	0x1000
BaseOfData	0x7000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	6.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x46000
SizeOfHeaders	0x400
CheckSum	0x134ef60
Subsystem	2
DllCharacteristics	0x8000
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

Nullsoft install system v2.x

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x58d2	0x5a00	R-X CODE
.rdata	0x7000	0x1190	0x1200	R-- IDATA
.data	0x9000	0x1af78	0x400	RW- IDATA
.ndata	0x24000	0xe000	0	RW- UDATA
.rsrc	0x32000	0x13c28	0x13e00	R-- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x73a4	0xb4
RESOURCE	0x32000	0x13c28
EXCEPTION	0	0
SECURITY	0x134cb70	0xec0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x7000	0x28c
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
ICON	#1	55449
ICON	#2	9640
ICON	#3	4264
ICON	#4	3752
ICON	#5	2216
ICON	#6	1384
ICON	#7	1128
DIALOG	#103	288
DIALOG	#105	514
DIALOG	#106	248
DIALOG	#111	238
GROUP_ICON	#103	104
MANIFEST	#1	958

module_name	hint	ord	function_name
KERNEL32.dll	57		CompareFileTime
KERNEL32.dll	731		SearchPathA
KERNEL32.dll	437		GetShortPathNameA
KERNEL32.dll	361		GetFullPathNameA
KERNEL32.dll	622		MoveFileA
KERNEL32.dll	778		SetCurrentDirectoryA
KERNEL32.dll	350		GetFileAttributesA
KERNEL32.dll	369		GetLastError
KERNEL32.dll	75		CreateDirectoryA
KERNEL32.dll	793		SetFileAttributesA
KERNEL32.dll	854		Sleep
KERNEL32.dll	479		GetTickCount
KERNEL32.dll	355		GetFileSize
KERNEL32.dll	381		GetModuleFileNameA
KERNEL32.dll	322		GetCurrentProcess
KERNEL32.dll	67		CopyFileA
KERNEL32.dll	185		ExitProcess
KERNEL32.dll	499		GetWindowsDirectoryA
KERNEL32.dll	799		SetFileTime
KERNEL32.dll	272		GetCommandLineA
KERNEL32.dll	789		SetErrorMode
KERNEL32.dll	594		LoadLibraryA
KERNEL32.dll	969		lstrcpynA
KERNEL32.dll	333		GetDiskFreeSpaceA
KERNEL32.dll	522		GlobalUnlock
KERNEL32.dll	515		GlobalLock
KERNEL32.dll	111		CreateThread
KERNEL32.dll	102		CreateProcessA
KERNEL32.dll	708		RemoveDirectoryA
KERNEL32.dll	83		CreateFileA
KERNEL32.dll	467		GetTempFileNameA
KERNEL32.dll	972		lstrlenA
KERNEL32.dll	957		lstrcatA
KERNEL32.dll	449		GetSystemDirectoryA
KERNEL32.dll	488		GetVersion
KERNEL32.dll	52		CloseHandle
KERNEL32.dll	963		lstrcmpiA
KERNEL32.dll	960		lstrcmpA
KERNEL32.dll	188		ExpandEnvironmentStringsA
KERNEL32.dll	511		GlobalFree
KERNEL32.dll	504		GlobalAlloc
KERNEL32.dll	912		WaitForSingleObject
KERNEL32.dll	346		GetExitCodeProcess
KERNEL32.dll	383		GetModuleHandleA
KERNEL32.dll	595		LoadLibraryExA
KERNEL32.dll	416		GetProcAddress
KERNEL32.dll	248		FreeLibrary
KERNEL32.dll	629		MultiByteToWideChar
KERNEL32.dll	937		WritePrivateProfileStringA
KERNEL32.dll	412		GetPrivateProfileStringA
KERNEL32.dll	932		WriteFile
KERNEL32.dll	693		ReadFile
KERNEL32.dll	628		MulDiv
KERNEL32.dll	795		SetFilePointer
KERNEL32.dll	206		FindClose
KERNEL32.dll	220		FindNextFileA
KERNEL32.dll	210		FindFirstFileA
KERNEL32.dll	131		DeleteFileA
KERNEL32.dll	469		GetTempPathA
USER32.dll	198		EndDialog
USER32.dll	561		ScreenToClient
USER32.dll	372		GetWindowRect
USER32.dll	194		EnableMenuItem
USER32.dll	348		GetSystemMenu
USER32.dll	583		SetClassLongA
USER32.dll	430		IsWindowEnabled
USER32.dll	643		SetWindowPos
USER32.dll	346		GetSysColor
USER32.dll	366		GetWindowLongA
USER32.dll	589		SetCursor
USER32.dll	442		LoadCursorA
USER32.dll	56		CheckDlgButton
USER32.dll	316		GetMessagePos
USER32.dll	440		LoadBitmapA
USER32.dll	27		CallWindowProcA
USER32.dll	433		IsWindowVisible
USER32.dll	66		CloseClipboard
USER32.dll	586		SetClipboardData
USER32.dll	193		EmptyClipboard
USER32.dll	534		RegisterClassA
USER32.dll	676		TrackPopupMenu
USER32.dll	8		AppendMenuA
USER32.dll	94		CreatePopupMenu
USER32.dll	349		GetSystemMetrics
USER32.dll	595		SetDlgItemTextA
USER32.dll	275		GetDlgItemTextA
USER32.dll	482		MessageBoxIndirectA
USER32.dll	45		CharPrevA
USER32.dll	161		DispatchMessageA
USER32.dll	512		PeekMessageA
USER32.dll	153		DestroyWindow
USER32.dll	85		CreateDialogParamA
USER32.dll	634		SetTimer
USER32.dll	646		SetWindowTextA
USER32.dll	516		PostQuitMessage
USER32.dll	599		SetForegroundWindow
USER32.dll	727		wsprintfA
USER32.dll	574		SendMessageTimeoutA
USER32.dll	228		FindWindowExA
USER32.dll	665		SystemParametersInfoA
USER32.dll	96		CreateWindowExA
USER32.dll	246		GetClassInfoA
USER32.dll	158		DialogBoxParamA
USER32.dll	42		CharNextA
USER32.dll	502		OpenClipboard
USER32.dll	225		ExitWindowsEx
USER32.dll	429		IsWindow
USER32.dll	273		GetDlgItem
USER32.dll	640		SetWindowLongA
USER32.dll	448		LoadImageA
USER32.dll	268		GetDC
USER32.dll	196		EnableWindow
USER32.dll	403		InvalidateRect
USER32.dll	571		SendMessageA
USER32.dll	142		DefWindowProcA
USER32.dll	13		BeginPaint
USER32.dll	255		GetClientRect
USER32.dll	226		FillRect
USER32.dll	188		DrawTextA
USER32.dll	200		EndPaint
USER32.dll	658		ShowWindow
GDI32.dll	533		SetBkColor
GDI32.dll	363		GetDeviceCaps
GDI32.dll	143		DeleteObject
GDI32.dll	41		CreateBrushIndirect
GDI32.dll	58		CreateFontIndirectA
GDI32.dll	534		SetBkMode
GDI32.dll	572		SetTextColor
GDI32.dll	526		SelectObject
SHELL32.dll	188		SHGetPathFromIDListA
SHELL32.dll	121		SHBrowseForFolderA
SHELL32.dll	172		SHGetFileInfoA
SHELL32.dll	263		ShellExecuteA
SHELL32.dll	154		SHFileOperationA
SHELL32.dll	195		SHGetSpecialFolderLocation
ADVAPI32.dll	503		RegQueryValueExA
ADVAPI32.dll	516		RegSetValueExA
ADVAPI32.dll	477		RegEnumKeyA
ADVAPI32.dll	481		RegEnumValueA
ADVAPI32.dll	492		RegOpenKeyExA
ADVAPI32.dll	468		RegDeleteKeyA
ADVAPI32.dll	472		RegDeleteValueA
ADVAPI32.dll	459		RegCloseKey
ADVAPI32.dll	465		RegCreateKeyExA
COMCTL32.dll	52		ImageList_AddMasked
COMCTL32.dll	56		ImageList_Destroy
COMCTL32.dll		17
COMCTL32.dll	55		ImageList_Create
ole32.dll	101		CoTaskMemFree
ole32.dll	238		OleInitialize
ole32.dll	261		OleUninitialize
ole32.dll	16		CoCreateInstance
VERSION.dll	1		GetFileVersionInfoSizeA
VERSION.dll			GetFileVersionInfoA
VERSION.dll	10		VerQueryValueA

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Code Signing 2010 CA

serial: 22CF7DA7B76FC5C4E77225CFA1BDA497

Certificates (2)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:cf:7d:a7:b7:6f:c5:c4:e7:72:25:cf:a1:bd:a4:97
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
        Validity
            Not Before: Mar 16 00:00:00 2012 GMT
            Not After : Jun 15 23:59:59 2015 GMT
        Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing AmazGame Age Internet Technology Co., Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=Beijing AmazGame Age Internet Technology Co., Ltd.
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:53:df:13:cf:e4:eb:a0:e3:d7:65:78:f1:2d:
                    07:45:3a:c0:87:cb:70:34:97:da:12:90:13:98:26:
                    90:97:0b:8c:be:2d:b1:26:87:d5:ab:b7:47:f7:52:
                    34:bd:1d:e3:02:72:3d:b5:83:6a:74:61:d7:e8:bd:
                    2a:03:be:26:30:59:71:a8:16:b0:9b:c3:5a:bb:38:
                    32:06:79:69:3b:70:33:6d:32:45:dd:d0:75:75:2f:
                    da:cd:e7:4e:f5:2f:39:ee:39:90:c4:b2:57:84:68:
                    b8:af:d0:27:1c:4c:95:1b:69:8a:0c:1d:00:0d:b2:
                    69:00:35:29:28:bb:63:31:1f:18:dc:3d:39:19:c9:
                    1d:bf:32:e9:df:14:6c:25:3f:30:2f:7f:10:ef:fc:
                    53:c5:5c:c9:14:69:8d:d0:52:b0:6e:5f:e8:f1:70:
                    e4:26:ba:e5:50:dc:df:56:1b:65:13:49:cd:96:af:
                    9f:a4:c0:69:43:ca:ca:2e:ab:14:1e:83:2b:9d:6d:
                    e7:e5:79:0c:a4:ab:ca:83:c4:65:ed:16:32:f4:dc:
                    b9:16:e3:2c:55:19:01:af:07:af:79:e9:bf:8a:ff:
                    51:04:e9:42:39:1e:29:2a:27:00:b4:0b:ab:88:0a:
                    d6:96:03:c1:6b:cc:90:ee:5b:77:b9:dd:87:57:5d:
                    c9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://csc3-2010-crl.verisign.com/CSC3-2010.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/rpa

            X509v3 Extended Key Usage: 
                Code Signing
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com
                CA Issuers - URI:http://csc3-2010-aia.verisign.com/CSC3-2010.cer

            X509v3 Authority Key Identifier: 
                keyid:CF:99:A9:EA:7B:26:F4:4B:C9:8E:8F:D7:F0:05:26:EF:E3:D2:A7:9D

            Netscape Cert Type: 
                Object Signing
            1.3.6.1.4.1.311.2.1.27: 
                0.......
    Signature Algorithm: sha1WithRSAEncryption
         bc:24:95:58:3c:dd:56:3d:f9:34:2f:6d:07:b3:e8:20:ac:64:
         cc:5e:8e:18:61:6f:c3:ab:df:78:ac:57:d6:02:eb:bf:41:23:
         a0:42:ee:d1:2d:44:42:e7:8f:c7:74:ea:5d:cb:7a:3f:98:2f:
         a2:b7:26:bc:2c:22:a7:39:30:ae:69:bc:f0:09:5c:1e:72:86:
         ff:1f:70:4f:5d:b8:bd:75:ed:e8:b1:4b:ac:b1:4d:61:3d:b8:
         c6:f6:a8:67:cb:71:76:21:8e:ae:6a:c5:26:50:78:c7:85:30:
         3f:43:bb:4c:b3:80:c2:4b:3b:20:d2:aa:b8:fd:26:96:73:e9:
         be:8b:72:68:f3:e3:7f:dc:6e:91:d5:d1:a5:88:33:f8:9d:e5:
         08:94:ea:a4:94:6a:04:d8:07:5c:bc:b0:3c:26:c8:41:cc:e9:
         64:96:a1:87:90:2a:5f:d5:5e:44:67:46:1e:46:2f:cf:10:7e:
         17:4e:52:ef:4c:da:f9:b8:d4:d2:00:d3:9c:70:54:2a:08:cc:
         1a:74:4b:23:3a:61:17:40:cf:50:74:3e:0f:6a:f5:63:c5:e2:
         67:bb:fb:80:3e:09:78:4a:8d:6b:ae:a6:e4:24:f6:bf:57:1b:
         51:35:78:22:63:00:4e:56:fd:4d:f3:c8:7f:96:e3:79:bc:3c:
         f1:e9:4d:32

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
        Validity
            Not Before: Feb  8 00:00:00 2010 GMT
            Not After : Feb  7 23:59:59 2020 GMT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:23:4b:5e:a5:d7:8a:bb:32:e9:d4:57:f7:ef:
                    e4:c7:26:7e:ad:19:98:fe:a8:9d:7d:94:f6:36:6b:
                    10:d7:75:81:30:7f:04:68:7f:cb:2b:75:1e:cd:1d:
                    08:8c:df:69:94:a7:37:a3:9c:7b:80:e0:99:e1:ee:
                    37:4d:5f:ce:3b:14:ee:86:d4:d0:f5:27:35:bc:25:
                    0b:38:a7:8c:63:9d:17:a3:08:a5:ab:b0:fb:cd:6a:
                    62:82:4c:d5:21:da:1b:d9:f1:e3:84:3b:8a:2a:4f:
                    85:5b:90:01:4f:c9:a7:76:10:7f:27:03:7c:be:ae:
                    7e:7d:c1:dd:f9:05:bc:1b:48:9c:69:e7:c0:a4:3c:
                    3c:41:00:3e:df:96:e5:c5:e4:94:71:d6:55:01:c7:
                    00:26:4a:40:3c:b5:a1:26:a9:0c:a7:6d:80:8e:90:
                    25:7b:cf:bf:3f:1c:eb:2f:96:fa:e5:87:77:c6:b5:
                    56:b2:7a:3b:54:30:53:1b:df:62:34:ff:1e:d1:f4:
                    5a:93:28:85:e5:4c:17:4e:7e:5b:fd:a4:93:99:7f:
                    df:cd:ef:a4:75:ef:ef:15:f6:47:e7:f8:19:72:d8:
                    2e:34:1a:a6:b4:a7:4c:7e:bd:bb:4f:0c:3d:57:f1:
                    30:d6:a6:36:8e:d6:80:76:d7:19:2e:a5:cd:7e:34:
                    2d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/cps
                  User Notice:
                    Explicit Text: https://www.verisign.com/rpa

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            1.3.6.1.5.5.7.1.12: 
                0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.verisign.com/pca3-g5.crl

            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, Code Signing
            X509v3 Subject Alternative Name: 
                DirName:/CN=VeriSignMPKI-2-8
            X509v3 Subject Key Identifier: 
                CF:99:A9:EA:7B:26:F4:4B:C9:8E:8F:D7:F0:05:26:EF:E3:D2:A7:9D
            X509v3 Authority Key Identifier: 
                keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33

    Signature Algorithm: sha1WithRSAEncryption
         56:22:e6:34:a4:c4:61:cb:48:b9:01:ad:56:a8:64:0f:d9:8c:
         91:c4:bb:cc:0c:e5:ad:7a:a0:22:7f:df:47:38:4a:2d:6c:d1:
         7f:71:1a:7c:ec:70:a9:b1:f0:4f:e4:0f:0c:53:fa:15:5e:fe:
         74:98:49:24:85:81:26:1c:91:14:47:b0:4c:63:8c:bb:a1:34:
         d4:c6:45:e8:0d:85:26:73:03:d0:a9:8c:64:6d:dc:71:92:e6:
         45:05:60:15:59:51:39:fc:58:14:6b:fe:d4:a4:ed:79:6b:08:
         0c:41:72:e7:37:22:06:09:be:23:e9:3f:44:9a:1e:e9:61:9d:
         cc:b1:90:5c:fc:3d:d2:8d:ac:42:3d:65:36:d4:b4:3d:40:28:
         8f:9b:10:cf:23:26:cc:4b:20:cb:90:1f:5d:8c:4c:34:ca:3c:
         d8:e5:37:d6:6f:a5:20:bd:34:eb:26:d9:ae:0d:e7:c5:9a:f7:
         a1:b4:21:91:33:6f:86:e8:58:bb:25:7c:74:0e:58:fe:75:1b:
         63:3f:ce:31:7c:9b:8f:1b:96:9e:c5:53:76:84:5b:9c:ad:91:
         fa:ac:ed:93:ba:5d:c8:21:53:c2:82:53:63:af:12:0d:50:87:
         11:1b:3d:54:52:96:8a:2c:9c:3d:92:1a:08:9a:05:2e:c7:93:
         a5:48:91:d3

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

09 be 6e c1 c1 bc 28 64 d3 7d 5a a0 11 e7 57 13 |..n...(d.}Z...W.| 4b 00 79 23 |K.y# |

Certificates
- Certificate #0
  - 2
    - 22:CF:7D:A7:B7:6F:C5:C4:E7:72:25:CF:A1:BD:A4:97
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: Terms of use at https://www.verisign.com/rpa (c)10
      - CN: VeriSign Class 3 Code Signing 2010 CA
    - 2012-03-16 00:00:00 UTC: 2015-06-15 23:59:59 UTC
    - Subject
      - C: CN
      - ST: Beijing
      - L: Beijing
      - O: Beijing AmazGame Age Internet Technology Co., Ltd.
      - OU: Digital ID Class 3 - Microsoft Software Validation v2
      - CN: Beijing AmazGame Age Internet Technology Co., Ltd.
    - #5
      - rsaEncryption: nil
      - CB:53:DF:13:CF:E4:EB:A0:E3:D7:65:78:F1:2D:07:45:
        3A:C0:87:CB:70:34:97:DA:12:90:13:98:26:90:97:0B:
        8C:BE:2D:B1:26:87:D5:AB:B7:47:F7:52:34:BD:1D:E3:
        02:72:3D:B5:83:6A:74:61:D7:E8:BD:2A:03:BE:26:30:
        59:71:A8:16:B0:9B:C3:5A:BB:38:32:06:79:69:3B:70:
        33:6D:32:45:DD:D0:75:75:2F:DA:CD:E7:4E:F5:2F:39:
        EE:39:90:C4:B2:57:84:68:B8:AF:D0:27:1C:4C:95:1B:
        69:8A:0C:1D:00:0D:B2:69:00:35:29:28:BB:63:31:1F:
        18:DC:3D:39:19:C9:1D:BF:32:E9:DF:14:6C:25:3F:30:
        2F:7F:10:EF:FC:53:C5:5C:C9:14:69:8D:D0:52:B0:6E:
        5F:E8:F1:70:E4:26:BA:E5:50:DC:DF:56:1B:65:13:49:
        CD:96:AF:9F:A4:C0:69:43:CA:CA:2E:AB:14:1E:83:2B:
        9D:6D:E7:E5:79:0C:A4:AB:CA:83:C4:65:ED:16:32:F4:
        DC:B9:16:E3:2C:55:19:01:AF:07:AF:79:E9:BF:8A:FF:
        51:04:E9:42:39:1E:29:2A:27:00:B4:0B:AB:88:0A:D6:
        96:03:C1:6B:CC:90:EE:5B:77:B9:DD:87:57:5D:C9:FF: 0x010001
    - X509v3 extensions
      - basicConstraints
        nil
      - keyUsage: true, 0x80
      - crlDistributionPoints: http://csc3-2010-crl.verisign.com/CSC3-2010.crl
      - certificatePolicies
        2.16.840.1.113733.1.7.23.3
        id-qt-cps: https://www.verisign.com/rpa
      - extendedKeyUsage: codeSigning
      - authorityInfoAccess
        #0
        OCSP: http://ocsp.verisign.com
        caIssuers: http://csc3-2010-aia.verisign.com/CSC3-2010.cer
      - authorityKeyIdentifier:
        cf 99 a9 ea 7b 26 f4 4b c9 8e 8f d7 f0 05 26 ef |....{&.K......&.| e3 d2 a7 9d |.... |
      - nsCertType: 0x10
      - 1.3.6.1.4.1.311.2.1.27
        false: true
  - RSA-SHA1:
```
bc 24 95 58 3c dd 56 3d  f9 34 2f 6d 07 b3 e8 20  |.$.X<.V=.4/m... |
ac 64 cc 5e 8e 18 61 6f  c3 ab df 78 ac 57 d6 02  |.d.^..ao...x.W..|
eb bf 41 23 a0 42 ee d1  2d 44 42 e7 8f c7 74 ea  |..A#.B..-DB...t.|
5d cb 7a 3f 98 2f a2 b7  26 bc 2c 22 a7 39 30 ae  |].z?./..&.,".90.|
69 bc f0 09 5c 1e 72 86  ff 1f 70 4f 5d b8 bd 75  |i...\.r...pO]..u|
ed e8 b1 4b ac b1 4d 61  3d b8 c6 f6 a8 67 cb 71  |...K..Ma=....g.q|
76 21 8e ae 6a c5 26 50  78 c7 85 30 3f 43 bb 4c  |v!..j.&Px..0?C.L|
b3 80 c2 4b 3b 20 d2 aa  b8 fd 26 96 73 e9 be 8b  |...K; ....&.s...|
72 68 f3 e3 7f dc 6e 91  d5 d1 a5 88 33 f8 9d e5  |rh....n.....3...|
08 94 ea a4 94 6a 04 d8  07 5c bc b0 3c 26 c8 41  |.....j...\..<&.A|
cc e9 64 96 a1 87 90 2a  5f d5 5e 44 67 46 1e 46  |..d....*_.^DgF.F|
2f cf 10 7e 17 4e 52 ef  4c da f9 b8 d4 d2 00 d3  |/..~.NR.L.......|
9c 70 54 2a 08 cc 1a 74  4b 23 3a 61 17 40 cf 50  |.pT*...tK#:a.@.P|
74 3e 0f 6a f5 63 c5 e2  67 bb fb 80 3e 09 78 4a  |t>.j.c..g...>.xJ|
8d 6b ae a6 e4 24 f6 bf  57 1b 51 35 78 22 63 00  |.k...$..W.Q5x"c.|
4e 56 fd 4d f3 c8 7f 96  e3 79 bc 3c f1 e9 4d 32  |NV.M.....y.<..M2|
```
- Certificate #1
  - 2
    - 52:00:E5:AA:25:56:FC:1A:86:ED:96:C9:D4:4B:33:C7
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: (c) 2006 VeriSign, Inc. - For authorized use only
      - CN: VeriSign Class 3 Public Primary Certification Authority - G5
    - 2010-02-08 00:00:00 UTC: 2020-02-07 23:59:59 UTC
    - Subject
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: Terms of use at https://www.verisign.com/rpa (c)10
      - CN: VeriSign Class 3 Code Signing 2010 CA
    - #5
      - rsaEncryption: nil
      - F5:23:4B:5E:A5:D7:8A:BB:32:E9:D4:57:F7:EF:E4:C7:
        26:7E:AD:19:98:FE:A8:9D:7D:94:F6:36:6B:10:D7:75:
        81:30:7F:04:68:7F:CB:2B:75:1E:CD:1D:08:8C:DF:69:
        94:A7:37:A3:9C:7B:80:E0:99:E1:EE:37:4D:5F:CE:3B:
        14:EE:86:D4:D0:F5:27:35:BC:25:0B:38:A7:8C:63:9D:
        17:A3:08:A5:AB:B0:FB:CD:6A:62:82:4C:D5:21:DA:1B:
        D9:F1:E3:84:3B:8A:2A:4F:85:5B:90:01:4F:C9:A7:76:
        10:7F:27:03:7C:BE:AE:7E:7D:C1:DD:F9:05:BC:1B:48:
        9C:69:E7:C0:A4:3C:3C:41:00:3E:DF:96:E5:C5:E4:94:
        71:D6:55:01:C7:00:26:4A:40:3C:B5:A1:26:A9:0C:A7:
        6D:80:8E:90:25:7B:CF:BF:3F:1C:EB:2F:96:FA:E5:87:
        77:C6:B5:56:B2:7A:3B:54:30:53:1B:DF:62:34:FF:1E:
        D1:F4:5A:93:28:85:E5:4C:17:4E:7E:5B:FD:A4:93:99:
        7F:DF:CD:EF:A4:75:EF:EF:15:F6:47:E7:F8:19:72:D8:
        2E:34:1A:A6:B4:A7:4C:7E:BD:BB:4F:0C:3D:57:F1:30:
        D6:A6:36:8E:D6:80:76:D7:19:2E:A5:CD:7E:34:2D:89: 0x010001
    - X509v3 extensions
      - basicConstraints
        true
        true: 0
      - certificatePolicies
        2.16.840.1.113733.1.7.23.3
        #0
        id-qt-cps: https://www.verisign.com/cps
        id-qt-unotice: https://www.verisign.com/rpa
      - keyUsage: true, 6
      - 1.3.6.1.5.5.7.1.12
        image/gif
        SHA1:
        8f e5 d3 1a 86 ac 8d 8e 6b c3 cf 80 6a d4 48 18 |........k...j.H.| 2c 7b 19 2e |,{.. |
        http://logo.verisign.com/vslogo.gif
      - crlDistributionPoints: http://crl.verisign.com/pca3-g5.crl
      - authorityInfoAccess
        OCSP: http://ocsp.verisign.com
      - extendedKeyUsage
        clientAuth: codeSigning
      - subjectAltName
        CN: VeriSignMPKI-2-8
      - subjectKeyIdentifier:
        cf 99 a9 ea 7b 26 f4 4b c9 8e 8f d7 f0 05 26 ef |....{&.K......&.| e3 d2 a7 9d |.... |
      - authorityKeyIdentifier:
        7f d3 65 a7 c2 dd ec bb f0 30 09 f3 43 39 fa 02 |..e......0..C9..| af 33 31 33 |.313 |
  - RSA-SHA1:
```
56 22 e6 34 a4 c4 61 cb  48 b9 01 ad 56 a8 64 0f  |V".4..a.H...V.d.|
d9 8c 91 c4 bb cc 0c e5  ad 7a a0 22 7f df 47 38  |.........z."..G8|
4a 2d 6c d1 7f 71 1a 7c  ec 70 a9 b1 f0 4f e4 0f  |J-l..q.|.p...O..|
0c 53 fa 15 5e fe 74 98  49 24 85 81 26 1c 91 14  |.S..^.t.I$..&...|
47 b0 4c 63 8c bb a1 34  d4 c6 45 e8 0d 85 26 73  |G.Lc...4..E...&s|
03 d0 a9 8c 64 6d dc 71  92 e6 45 05 60 15 59 51  |....dm.q..E.`.YQ|
39 fc 58 14 6b fe d4 a4  ed 79 6b 08 0c 41 72 e7  |9.X.k....yk..Ar.|
37 22 06 09 be 23 e9 3f  44 9a 1e e9 61 9d cc b1  |7"...#.?D...a...|
90 5c fc 3d d2 8d ac 42  3d 65 36 d4 b4 3d 40 28  |.\.=...B=e6..=@(|
8f 9b 10 cf 23 26 cc 4b  20 cb 90 1f 5d 8c 4c 34  |....#&.K ...].L4|
ca 3c d8 e5 37 d6 6f a5  20 bd 34 eb 26 d9 ae 0d  |.<..7.o. .4.&...|
e7 c5 9a f7 a1 b4 21 91  33 6f 86 e8 58 bb 25 7c  |......!.3o..X.%||
74 0e 58 fe 75 1b 63 3f  ce 31 7c 9b 8f 1b 96 9e  |t.X.u.c?.1|.....|
c5 53 76 84 5b 9c ad 91  fa ac ed 93 ba 5d c8 21  |.Sv.[........].!|
53 c2 82 53 63 af 12 0d  50 87 11 1b 3d 54 52 96  |S..Sc...P...=TR.|
8a 2c 9c 3d 92 1a 08 9a  05 2e c7 93 a5 48 91 d3  |.,.=.........H..|
```

Signer

1
unnamed
- #0
  - C: US
  - O: VeriSign, Inc.
  - OU: VeriSign Trust Network
  - OU: Terms of use at https://www.verisign.com/rpa (c)10
  - CN: VeriSign Class 3 Code Signing 2010 CA
- 22:CF:7D:A7:B7:6F:C5:C4:E7:72:25:CF:A1:BD:A4:97
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

1d 09 4b 1c 30 ca a8 83  ef 5f bd da 2f fe 65 83  |..K.0...._../.e.|
29 57 12 da                                       |)W..            |

rsaEncryption:

72 c5 7b 13 72 57 73 a3  b4 ec 25 c2 d9 10 18 35  |r.{.rWs...%....5|
c2 70 da 8f 87 08 4e 1b  3c a3 6c 4d a3 9a 4a ad  |.p....N.<.lM..J.|
d3 06 51 a9 94 1b bd 10  46 eb 5f 32 ca 6f 02 48  |..Q.....F._2.o.H|
8a b3 f1 a8 e5 68 4a 7e  cb 5b 87 fd a8 dc 47 3a  |.....hJ~.[....G:|
5a ff 2f a1 4e 56 5f 05  79 01 72 3a 72 4c 9b 5c  |Z./.NV_.y.r:rL.\|
b3 a4 ee d4 fc bc 40 c2  fd 63 51 e2 ac bb ba eb  |......@..cQ.....|
b4 b0 4b c0 0e e9 f3 50  d4 b4 81 85 ca 76 9b 93  |..K....P.....v..|
b7 bc e1 fb 16 01 f9 18  d7 28 46 b3 cf 55 66 ba  |.........(F..Uf.|
89 f3 d9 50 a7 eb b3 a9  3d d3 23 ae b6 f7 dc 7e  |...P....=.#....~|
3d 4f e5 33 84 ee 27 9c  e6 9e a7 be 54 ac f4 3f  |=O.3..'.....T..?|
2f 85 20 fb 6b 1c cd bb  c8 51 aa ba 67 69 82 e0  |/. .k....Q..gi..|
b0 66 b8 4a 7d 08 5b 0b  5e 5f 8a eb 82 eb be de  |.f.J}.[.^_......|
1b 76 ed 93 61 02 d0 1a  c3 80 c6 d9 bc 58 79 25  |.v..a........Xy%|
ff 5e 96 b5 45 55 e1 0c  21 e8 c8 bb 54 ac 70 2a  |.^..EU..!...T.p*|
78 ec 29 8a 94 ec ac 0b  07 cb 9d b5 bc c9 ec 39  |x.)............9|
32 09 23 5d 50 cb 1c d8  a6 a3 dd 56 00 a3 dd 97  |2.#]P......V....|

show previews

offset	size	type	comment
0	111104	EXE	12/05/2009 22:50:41	#
15c1	15	HTM		#
76e0	55449	PNG	(256 x 256)	#
1b200	20129840	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 20240944 bytes (20 MiB)


--
Type = PE
Physical Size = 20240944
CPU = x86
Characteristics = Executable 32-bit NoRelocs NoLineNums NoLocalSyms
Created = 2009-12-05 22:50:41
Headers Size = 1024
Checksum = 20246368
Image Size = 286720
Section Alignment = 4096
File Alignment = 512
Code Size = 23040
Initialized Data Size = 119808
Uninitialized Data Size = 1024
Linker Version = 6.0
OS Version = 4.0
Image Version = 6.0
Subsystem Version = 4.0
Subsystem = Windows GUI
DLL Characteristics = TerminalServerAware
Stack Reserve = 1048576
Stack Commit = 4096
Heap Reserve = 1048576
Heap Commit = 4096
Image Base = 4194304
----
Path = [0]
Size = 20126064
Packed Size = 20126064
Virtual Size = 20126064
Offset = 111104
--
Path = [0]
Type = Nsis
Physical Size = 20126063
Tail Size = 1
Method = LZMA:23
Solid = -
Headers Size = 38363
Embedded Stub Size = 0
SubType = NSIS-2

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
                    .....                      5871  $PLUGINSDIR/System.dll
                    .....                      7291  $PLUGINSDIR/InstallOptions.dll
2007-11-14 20:12:38 .....                       141  $PLUGINSDIR/ioSpecial.ini
2003-09-23 18:34:00 .....                      1481  $PLUGINSDIR/modern-wizard.bmp
2014-01-06 03:15:42 .....                     68203  $PLUGINSDIR/install.ico
2014-01-06 03:15:42 .....                     24144  $PLUGINSDIR/uninstall.ico
2014-01-06 03:15:42 .....                     49479  $PLUGINSDIR/background.bmp
2014-01-06 03:15:42 .....                       581  $PLUGINSDIR/btn_min.bmp
                    .....                      2077  $PLUGINSDIR/SkinBtn.dll
                    .....                      4209  $PLUGINSDIR/nsDialogs.dll
                    .....                       973  $PLUGINSDIR/BgWorker.dll
2014-01-09 08:03:46 .....     19817281     19817281  Mobogenie.7z
                    .....                     82505  $PLUGINSDIR/nsis7z.dll
                    .....                      1918  $PLUGINSDIR/KillProcDLL.dll
                    .....                      9576  $PLUGINSDIR/inetc.dll
                    .....                     24209  uninst.exe.nsis
------------------- ----- ------------ ------------  ------------------------
2014-01-09 08:03:46           19817281     20099939  16 files

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER