MZ Header

Rich Header

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Packer / Compiler

Sections

Data Directory

StringTable 000004b0

VS_FIXEDFILEINFO

Signers (1)

issuer: /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 SHA256 Code Signing CA
serial: 0D565488217137EE9C7ACEA4002FD68B

Certificates (4)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
        Validity
            Not Before: Dec 21 00:00:00 2012 GMT
            Not After : Dec 30 23:59:59 2020 GMT
        Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA - G2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b1:ac:b3:49:54:4b:97:1c:12:0a:d8:25:79:91:
                    22:57:2a:6f:dc:b8:26:c4:43:73:6b:c2:bf:2e:50:
                    5a:fb:14:c2:76:8e:43:01:25:43:b4:a1:e2:45:f4:
                    e8:b7:7b:c3:74:cc:22:d7:b4:94:00:02:f7:4d:ed:
                    bf:b4:b7:44:24:6b:cd:5f:45:3b:d1:44:ce:43:12:
                    73:17:82:8b:69:b4:2b:cb:99:1e:ac:72:1b:26:4d:
                    71:1f:b1:31:dd:fb:51:61:02:53:a6:aa:f5:49:2c:
                    05:78:45:a5:2f:89:ce:e7:99:e7:fe:8c:e2:57:3f:
                    3d:c6:92:dc:4a:f8:7b:33:e4:79:0a:fb:f0:75:88:
                    41:9c:ff:c5:03:51:99:aa:d7:6c:9f:93:69:87:65:
                    29:83:85:c2:60:14:c4:c8:c9:3b:14:da:c0:81:f0:
                    1f:0d:74:de:92:22:ab:ca:f7:fb:74:7c:27:e6:f7:
                    4a:1b:7f:a7:c3:9e:2d:ae:8a:ea:a6:e6:aa:27:16:
                    7d:61:f7:98:71:11:bc:e2:50:a1:4b:e5:5d:fa:e5:
                    0e:a7:2c:9f:aa:65:20:d3:d8:96:e8:c8:7c:a5:4e:
                    48:44:ff:19:e2:44:07:92:0b:d7:68:84:80:5d:6a:
                    78:64:45:cd:60:46:7e:54:c1:13:7c:c5:79:f1:c9:
                    c1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                5F:9A:F5:6E:5C:CC:CC:74:9A:D4:DD:7D:EF:3F:DB:EC:4C:80:2E:DD
            Authority Information Access: 
                OCSP - URI:http://ocsp.thawte.com

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.thawte.com/ThawteTimestampingCA.crl

            X509v3 Extended Key Usage: 
                Time Stamping
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DirName:/CN=TimeStamp-2048-1
    Signature Algorithm: sha1WithRSAEncryption
         03:09:9b:8f:79:ef:7f:59:30:aa:ef:68:b5:fa:e3:09:1d:bb:
         4f:82:06:5d:37:5f:a6:52:9f:16:8d:ea:1c:92:09:44:6e:f5:
         6d:eb:58:7c:30:e8:f9:69:8d:23:73:0b:12:6f:47:a9:ae:39:
         11:f8:2a:b1:9b:b0:1a:c3:8e:eb:59:96:00:ad:ce:0c:4d:b2:
         d0:31:a6:08:5c:2a:7a:fc:e2:7a:1d:57:4c:a8:65:18:e9:79:
         40:62:25:96:6e:c7:c7:37:6a:83:21:08:8e:41:ea:dd:d9:57:
         3f:1d:77:49:87:2a:16:06:5e:a6:38:6a:22:12:a3:51:19:83:
         7e:b6

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA - G2
        Validity
            Not Before: Oct 18 00:00:00 2012 GMT
            Not After : Dec 29 23:59:59 2020 GMT
        Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer - G4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a2:63:0b:39:44:b8:bb:23:a7:44:49:bb:0e:ff:
                    a1:f0:61:0a:53:93:b0:98:db:ad:2c:0f:4a:c5:6e:
                    ff:86:3c:53:55:0f:15:ce:04:3f:2b:fd:a9:96:96:
                    d9:be:61:79:0b:5b:c9:4c:86:76:e5:e0:43:4b:22:
                    95:ee:c2:2b:43:c1:9f:d8:68:b4:8e:40:4f:ee:85:
                    38:b9:11:c5:23:f2:64:58:f0:15:32:6f:4e:57:a1:
                    ae:88:a4:02:d7:2a:1e:cd:4b:e1:dd:63:d5:17:89:
                    32:5b:b0:5e:99:5a:a8:9d:28:50:0e:17:ee:96:db:
                    61:3b:45:51:1d:cf:12:56:0b:92:47:fc:ab:ae:f6:
                    66:3d:47:ac:70:72:e7:92:e7:5f:cd:10:b9:c4:83:
                    64:94:19:bd:25:80:e1:e8:d2:22:a5:d0:ba:02:7a:
                    a1:77:93:5b:65:c3:ee:17:74:bc:41:86:2a:dc:08:
                    4c:8c:92:8c:91:2d:9e:77:44:1f:68:d6:a8:74:77:
                    db:0e:5b:32:8b:56:8b:33:bd:d9:63:c8:49:9d:3a:
                    c5:c5:ea:33:0b:d2:f1:a3:1b:f4:8b:be:d9:b3:57:
                    8b:3b:de:04:a7:7a:22:b2:24:ae:2e:c7:70:c5:be:
                    4e:83:26:08:fb:0b:bd:a9:4f:99:08:e1:10:28:72:
                    aa:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: critical
                Time Stamping
            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                OCSP - URI:http://ts-ocsp.ws.symantec.com
                CA Issuers - URI:http://ts-aia.ws.symantec.com/tss-ca-g2.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://ts-crl.ws.symantec.com/tss-ca-g2.crl

            X509v3 Subject Alternative Name: 
                DirName:/CN=TimeStamp-2048-2
            X509v3 Subject Key Identifier: 
                46:C6:69:A3:0E:4A:14:1E:D5:4C:DA:52:63:17:3F:5E:36:BC:0D:E6
            X509v3 Authority Key Identifier: 
                keyid:5F:9A:F5:6E:5C:CC:CC:74:9A:D4:DD:7D:EF:3F:DB:EC:4C:80:2E:DD

    Signature Algorithm: sha1WithRSAEncryption
         78:3b:b4:91:2a:00:4c:f0:8f:62:30:37:78:a3:84:27:07:6f:
         18:b2:de:25:dc:a0:d4:94:03:aa:86:4e:25:9f:9a:40:03:1c:
         dd:ce:e3:79:cb:21:68:06:da:b6:32:b4:6d:bf:f4:2c:26:63:
         33:e4:49:64:6d:0d:e6:c3:67:0e:f7:05:a4:35:6c:7c:89:16:
         c6:e9:b2:df:b2:e9:dd:20:c6:71:0f:cd:95:74:dc:b6:5c:de:
         bd:37:1f:43:78:e6:78:b5:cd:28:04:20:a3:aa:f1:4b:c4:88:
         29:91:0e:80:d1:11:fc:dd:5c:76:6e:4f:5e:0e:45:46:41:6e:
         0d:b0:ea:38:9a:b1:3a:da:09:71:10:fc:1c:79:b4:80:7b:ac:
         69:f4:fd:9c:b6:0c:16:2b:f1:7f:5b:09:3d:9b:5b:e2:16:ca:
         13:81:6d:00:2e:38:0d:a8:29:8f:2c:e1:b2:f4:5a:a9:01:af:
         15:9c:2c:2f:49:1b:db:22:bb:c3:fe:78:94:51:c3:86:b1:82:
         88:5d:f0:3d:b4:51:a1:79:33:2b:2e:7b:b9:dc:20:09:13:71:
         eb:6a:19:5b:cf:e8:a5:30:57:2c:89:49:3f:b9:cf:7f:c9:bf:
         3e:22:68:63:53:9a:bd:69:74:ac:c5:1d:3c:7f:92:e0:c3:bc:
         1c:d8:04:75

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:56:54:88:21:71:37:ee:9c:7a:ce:a4:00:2f:d6:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA
        Validity
            Not Before: Mar  5 00:00:00 2019 GMT
            Not After : Mar  4 23:59:59 2020 GMT
        Subject: C=IM, L=Douglas, O=Restoro Ltd., OU=Restoro Ltd., CN=Restoro Ltd.
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c6:70:b2:e3:28:3d:63:05:1f:c7:65:6b:84:07:
                    12:57:32:94:80:58:f1:df:df:cb:07:36:56:0c:f2:
                    d7:42:12:08:59:48:27:d7:6e:d0:32:42:13:aa:ed:
                    01:1e:8b:80:1e:7c:10:6b:98:75:05:8b:fe:66:62:
                    e9:aa:0d:f6:e7:e7:04:01:86:5e:a3:b7:73:66:ea:
                    bf:ad:3e:9d:83:04:cb:1a:67:a6:f8:8c:ef:ec:62:
                    6c:0c:3c:1e:46:10:2f:0a:f9:9b:24:fd:ff:21:76:
                    86:f2:8e:8b:bf:a8:55:76:bc:2c:d6:6c:7b:11:88:
                    bb:cc:81:5a:5a:89:b2:c3:0b:0b:6e:39:a9:ff:43:
                    12:e4:c6:5b:e4:8e:b6:fc:3b:d3:cc:1f:38:28:39:
                    1b:4a:0a:9f:15:21:67:b0:d4:d9:aa:a7:3a:a8:e2:
                    e8:6e:60:0b:90:db:a2:52:e6:3b:07:0f:ff:f9:40:
                    98:9c:b5:01:f8:a9:44:0d:67:e9:7d:2a:c5:02:37:
                    10:a0:bf:16:12:aa:9b:4b:96:be:e4:12:88:5f:78:
                    88:26:6c:c0:cd:6f:2e:90:1e:fe:07:18:a6:7e:20:
                    11:f6:9b:c8:31:5e:cd:60:6f:b0:6c:a6:b2:13:45:
                    59:58:9a:84:71:cf:d3:83:27:ac:07:d6:59:51:14:
                    ac:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://sv.symcb.com/sv.crl

            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.4.1
                  CPS: https://d.symcb.com/cps
                  User Notice:
                    Explicit Text: https://d.symcb.com/rpa

            X509v3 Extended Key Usage: 
                Code Signing
            Authority Information Access: 
                OCSP - URI:http://sv.symcd.com
                CA Issuers - URI:http://sv.symcb.com/sv.crt

            X509v3 Authority Key Identifier: 
                keyid:96:3B:53:F0:79:33:97:AF:7D:83:EF:2E:2B:CC:CA:B7:86:1E:72:66

            X509v3 Subject Key Identifier: 
                4E:A1:CA:64:DD:8A:FE:45:9B:1E:92:35:5A:DB:72:A8:45:33:31:52
    Signature Algorithm: sha256WithRSAEncryption
         6d:4c:71:d4:2e:9c:5d:03:47:ca:04:d0:aa:b6:a1:a4:38:eb:
         5b:33:8d:3b:f2:75:bf:83:3c:aa:e6:21:c1:3b:61:52:b4:81:
         8a:21:03:3d:d2:ff:20:1e:90:2d:e7:df:36:2f:bf:a9:c6:4b:
         5d:0f:86:d9:40:6e:0f:4c:4d:46:b4:8f:a6:c8:aa:3f:a5:a3:
         45:ee:57:ea:3d:1d:3f:8e:c6:b5:7b:f3:57:b2:67:99:5a:4c:
         8b:9f:01:d7:80:ce:b1:b1:d6:05:00:20:78:ed:45:d0:32:7d:
         30:98:6f:e8:a1:01:97:f7:b3:7f:45:02:78:0c:0c:18:9f:60:
         a9:ab:d1:b5:20:6a:f3:34:ff:f0:61:a5:70:cc:d0:61:89:41:
         4f:c8:ab:89:b0:b7:fb:f4:53:81:20:fa:af:77:fe:80:dd:94:
         7b:cb:eb:2f:a8:1b:a3:29:0a:8d:4f:12:e4:25:63:5d:96:a9:
         7b:41:27:b4:47:e2:2c:af:a2:8c:bf:37:20:6d:8e:64:8f:f2:
         59:50:73:3c:5b:0b:a5:ea:63:a8:df:ba:36:62:7d:ce:c8:41:
         1b:de:b2:7e:e7:af:ff:60:21:5e:ed:4d:a4:1d:b6:05:35:1f:
         1f:29:93:fa:3d:81:a3:3f:de:d9:16:b5:c8:a3:13:cd:d5:23:
         36:b3:04:fa

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
        Validity
            Not Before: Dec 10 00:00:00 2013 GMT
            Not After : Dec  9 23:59:59 2023 GMT
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:97:83:1e:00:16:af:2c:b1:d2:08:c4:d7:68:93:
                    51:60:1e:71:f6:e2:47:b4:db:58:4d:23:62:6a:b4:
                    bf:5a:1b:51:f7:a3:0d:18:77:68:bb:d8:36:ab:2f:
                    21:50:da:9e:f3:e7:5f:27:4e:0b:c2:97:c8:09:70:
                    93:a9:da:5c:0d:4e:a4:0d:91:a0:b4:ec:14:ce:91:
                    72:54:2e:ce:a3:db:44:e9:52:1b:3f:41:3c:ca:4a:
                    e4:aa:c0:e8:39:ab:53:cc:21:d0:cc:cf:7f:9b:e6:
                    c2:cc:58:6a:82:15:ee:3d:36:cf:1c:c5:97:07:24:
                    8e:f1:7b:be:31:2d:3d:6e:dc:b5:99:42:9f:4b:61:
                    95:5f:1c:70:ee:17:7d:db:8b:e5:61:89:78:c7:68:
                    1b:af:11:78:1a:98:ae:c4:55:47:53:d9:b3:32:d6:
                    a1:0e:46:40:c5:97:92:8a:d1:53:a7:99:5b:85:35:
                    57:d3:ea:93:62:61:20:0a:c7:30:77:24:11:4d:62:
                    83:b6:ba:7b:68:82:31:ee:65:ca:df:f9:d5:8d:b2:
                    35:dc:8c:2b:6f:6a:72:5c:60:84:9c:f2:0c:94:5e:
                    c0:56:52:00:48:cc:d3:f8:a5:7d:de:2f:d7:13:e4:
                    38:a8:84:d5:46:b8:13:86:c2:1b:9d:ea:5a:38:dd:
                    9b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://s2.symcb.com

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: http://www.symauth.com/cps
                  User Notice:
                    Explicit Text: http://www.symauth.com/rpa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://s1.symcb.com/pca3-g5.crl

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, Code Signing
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DirName:/CN=SymantecPKI-1-567
            X509v3 Subject Key Identifier: 
                96:3B:53:F0:79:33:97:AF:7D:83:EF:2E:2B:CC:CA:B7:86:1E:72:66
            X509v3 Authority Key Identifier: 
                keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33

    Signature Algorithm: sha256WithRSAEncryption
         13:85:1a:1e:69:a9:37:f7:a0:bd:a4:af:7e:1d:61:53:fe:9d:
         8c:5e:0c:a6:75:1e:78:17:23:dd:fd:ec:1a:03:55:39:fb:71:
         95:c7:65:5a:a7:8e:30:d2:44:5a:61:db:70:6f:da:21:05:c2:
         2e:73:ba:49:f1:d1:93:fe:5d:c9:cd:5e:03:e0:89:9e:3f:74:
         1e:d7:f7:38:8b:a9:d6:cf:bb:35:2f:33:58:a8:92:56:d1:c8:
         4d:3b:82:e6:79:84:16:fc:28:b0:b1:47:f3:1d:a2:3e:ee:87:
         d9:a6:7f:a4:56:a5:3f:ad:84:2e:29:de:7c:bc:a8:aa:a3:3d:
         04:01:ea:ba:93:a2:0e:50:22:29:17:4c:87:e4:3a:11:5f:d6:
         a4:25:89:9b:05:6b:2f:b4:c9:01:4c:27:7b:0b:ac:19:05:22:
         a0:60:15:3f:da:c9:fb:4d:4c:8f:fb:72:67:77:fd:27:94:c7:
         ba:35:0e:88:49:fe:8d:fd:28:af:4a:12:bd:0d:b3:97:05:de:
         44:0c:15:fa:36:2b:03:dc:c1:50:01:f1:a1:11:5d:14:e5:e2:
         bd:27:4b:54:be:2b:84:5e:0f:a6:c3:74:05:0a:ef:97:c3:89:
         22:b1:1f:77:f3:bd:cd:43:d4:f1:4c:a9:3f:b5:8b:84:af:64:
         f2:d0:14:21

Cannot convert into OpenSSL::BN

offsetsizetypecomment
050688EXE02/24/2012 19:19:59#
4d82811659PNG(256 x 256)#
505b3606029BINoverlay data past EOF#
Path = [0]
Size = 569288
Packed Size = 569288
Offset = 352768
--
Path = [0]
Type = Nsis
Method = LZMA:25
Solid = +

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
                    .....        11264       565185  /System.dll
                    .....        94720               /WmiInspector.dll
                    .....         5632               /ExecDos.dll
                    .....         6656               /md5dll.dll
                    .....         6144               /nsExec.dll
                    .....       120832               /IpConfig.dll
                    .....       289792               /rCrypt.dll
                    .....        45056               /LogEx.dll
                    .....        32256               /inetc.dll
                    .....       186368               //xml.dll
                    .....         8192               /AccessControl.dll
                    .....        25088               /registry.dll
2019-02-11 10:41:30 .....        90536               /modern-header.bmp
                    .....        36864               /MSIBanner.dll
                    .....         3584               /Banner.dll
                    .....         4096               /UserInfo.dll
2019-02-11 10:41:26 .....       488960               /sqlite3.exe
2019-02-11 10:41:30 .....       156296               //installer-164x314.bmp
                    .....         5120               //ButtonEvent.dll
                    .....         9728               //nsDialogs.dll
                    .....                            //stack.dll
------------------- ----- ------------ ------------  ------------------------
                               1627184       565185  21 files, 0 folders
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[?] can't find file_offset of VA 0x7a000