filename | TreasuresOfMontezuma3.exe | |
---|---|---|
size | 1819464 (0x1bc348) | |
md5 | 37f4122d764ede531e484c4056d8bc83 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x108 |
Rich Header
lib id | version | times used |
---|---|---|
149 | 30729 | 24 |
132 | 21022 | 4 |
131 | 30729 | 163 |
147 | 30729 | 17 |
1 | 0 | 123 |
131 | 21022 | 2 |
138 | 30729 | 18 |
132 | 30729 | 67 |
146 | 30729 | 1 |
148 | 21022 | 1 |
145 | 30729 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
kernel32.dll | GetProcAddress | ||
kernel32.dll | GetModuleHandleA | ||
kernel32.dll | LoadLibraryA | ||
wrapper.dll | int __cdecl StartWrapper(void) ?StartWrapper@@YAHXZ | ||
oleaut32.dll | VariantChangeTypeEx | ||
kernel32.dll | RaiseException |
Signers (1)
issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)04/CN=VeriSign Class 3 Code Signing 2004 CA
serial: 261442C16C7FA2318392D768A351391F
Certificates (4)
Certificate: Data: Version: 3 (0x2) Serial Number: 38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA Validity Not Before: Jun 15 00:00:00 2007 GMT Not After : Jun 14 23:59:59 2012 GMT Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (1024 bit) Modulus: 00:c4:b5:f2:52:15:bc:88:86:60:29:16:4a:5b:2f: 4b:91:6b:87:91:f3:35:54:58:35:ea:d1:36:5e:62: 4d:52:51:34:71:c2:7b:66:1d:89:c8:dd:2a:c4:6a: 0a:f6:37:d9:98:74:91:f6:92:ae:b0:b5:76:96:f1: a9:4a:63:45:47:2e:6b:0b:92:4e:4b:2b:8c:ee:58: 4a:8b:d4:07:e4:1a:2c:f8:82:aa:58:d9:cd:42:f3: 2d:c0:75:de:8d:ab:c7:8e:1d:9a:6c:4c:08:95:1e: de:db:ef:67:e1:72:c2:49:c2:9e:60:3c:e1:e2:be: 16:a3:63:78:69:14:7b:ad:2d Exponent: 65537 (0x10001) X509v3 extensions: Authority Information Access: OCSP - URI:http://ocsp.verisign.com X509v3 Basic Constraints: critical CA:FALSE X509v3 CRL Distribution Points: Full Name: URI:http://crl.verisign.com/tss-ca.crl X509v3 Extended Key Usage: critical Time Stamping X509v3 Key Usage: critical Digital Signature, Non Repudiation X509v3 Subject Alternative Name: DirName:/CN=TSA1-2 Signature Algorithm: sha1WithRSAEncryption 50:c5:4b:c8:24:80:df:e4:0d:24:c2:de:1a:b1:a1:02:a1:a6: 82:2d:0c:83:15:81:37:0a:82:0e:2c:b0:5a:17:61:b5:d8:05: fe:88:db:f1:91:91:b3:56:1a:40:a6:eb:92:be:38:39:b0:75: 36:74:3a:98:4f:e4:37:ba:99:89:ca:95:42:1d:b0:b9:c7:a0: 8d:57:e0:fa:d5:64:04:42:35:4e:01:d1:33:a2:17:c8:4d:aa: 27:c7:f2:e1:86:4c:02:38:4d:83:78:c6:fc:53:e0:eb:e0:06: 87:dd:a4:96:9e:5e:0c:98:e2:a5:be:bf:82:85:c3:60:e1:df: ad:28:d8:c7:a5:4b:64:da:c7:1b:5b:bd:ac:39:08:d5:38:22: a1:33:8b:2f:8a:9a:eb:bc:07:21:3f:44:41:09:07:b5:65:1c: 24:bc:48:d3:44:80:eb:a1:cf:c9:02:b4:14:cf:54:c7:16:a3: 80:5c:f9:79:3e:5d:72:7d:88:17:9e:2c:43:a2:ca:53:ce:7d: 3d:f6:2a:3a:b8:4f:94:00:a5:6d:0a:83:5d:f9:5e:53:f4:18: b3:57:0f:70:c3:fb:f5:ad:95:a0:0e:17:de:c4:16:80:60:c9: 0f:2b:6e:86:04:f1:eb:f4:78:27:d1:05:c5:ee:34:5b:5e:b9: 49:32:f2:33
Certificate: Data: Version: 3 (0x2) Serial Number: 47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA Validity Not Before: Dec 4 00:00:00 2003 GMT Not After : Dec 3 23:59:59 2013 GMT Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75: f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da: bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36: 9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af: 0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6: d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6: 1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9: 0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99: 81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33: 95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a: c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26: 87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe: c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78: ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a: 5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f: f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee: ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87: c1:bb Exponent: 65537 (0x10001) X509v3 extensions: Authority Information Access: OCSP - URI:http://ocsp.verisign.com X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 CRL Distribution Points: Full Name: URI:http://crl.verisign.com/ThawteTimestampingCA.crl X509v3 Extended Key Usage: Time Stamping X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Alternative Name: DirName:/CN=TSA2048-1-53 Signature Algorithm: sha1WithRSAEncryption 4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01: d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7: 04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62: 15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00: fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce: e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4: c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7: 3f:4a
Certificate: Data: Version: 3 (0x2) Serial Number: 41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority Validity Not Before: Jul 16 00:00:00 2004 GMT Not After : Jul 15 23:59:59 2014 GMT Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:be:bc:ee:bc:7e:ef:83:eb:e0:37:4f:fb:03:10: 38:be:08:d2:8c:7d:9d:fa:92:7f:19:0c:c2:6b:ee: 42:52:8c:de:d3:1c:48:13:25:ea:c1:63:7a:f9:51: 65:ee:d3:aa:3b:f5:f0:94:9c:2b:fb:f2:66:d4:24: da:f7:f5:9f:6e:19:39:36:bc:d0:a3:76:08:1e:22: 27:24:6c:38:91:27:e2:84:49:ae:1b:8a:a1:fd:25: 82:2c:10:30:e8:71:ab:28:e8:77:4a:51:f1:ec:cd: f8:f0:54:d4:6f:c0:e3:6d:0a:8f:d9:d8:64:8d:63: b2:2d:4e:27:f6:85:0e:fe:6d:e3:29:99:e2:85:47: 7c:2d:86:7f:e8:57:8f:ad:67:c2:33:32:91:13:20: fc:a9:23:14:9a:6d:c2:84:4b:76:68:04:d5:71:2c: 5d:21:fa:88:0d:26:fd:1f:2d:91:2b:e7:01:55:4d: f2:6d:35:28:82:df:d9:6b:5c:b6:d6:d9:aa:81:fd: 5f:cd:83:ba:63:9d:d0:22:fc:a9:3b:42:69:b2:8e: 3a:b5:bc:b4:9e:0f:5e:c4:ea:2c:82:8b:28:fd:53: 08:96:dd:b5:01:20:d1:f9:a5:18:e7:c0:ee:51:70: 37:e1:b6:05:48:52:48:6f:38:ea:c3:e8:6c:7b:44: 84:bb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.23.3 CPS: https://www.verisign.com/rpa X509v3 CRL Distribution Points: Full Name: URI:http://crl.verisign.com/pca3.crl X509v3 Extended Key Usage: TLS Web Client Authentication, Code Signing X509v3 Key Usage: critical Certificate Sign, CRL Sign Netscape Cert Type: Object Signing CA X509v3 Subject Alternative Name: DirName:/CN=Class3CA2048-1-43 X509v3 Subject Key Identifier: 08:F5:51:E8:FB:FE:3D:3D:64:36:7C:68:CF:5B:78:A8:DF:B9:C5:37 X509v3 Authority Key Identifier: DirName:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority serial:70:BA:E4:1D:10:D9:29:34:B6:38:CA:7B:03:CC:BA:BF Signature Algorithm: sha1WithRSAEncryption ae:3a:17:b8:4a:7b:55:fa:64:55:ec:40:a4:ed:49:41:90:99: 9c:89:bc:af:2e:1d:ca:78:23:f9:1c:19:0f:7f:eb:68:bc:32: d9:88:38:de:dc:3f:d3:89:b4:3f:b1:82:96:f1:a4:5a:ba:ed: 2e:26:d3:de:7c:01:6e:00:0a:00:a4:06:92:11:48:09:40:f9: 1c:18:79:67:23:24:e0:bb:d5:e1:50:ae:1b:f5:0e:dd:e0:2e: 81:cd:80:a3:6c:52:4f:91:75:55:8a:ba:22:f2:d2:ea:41:75: 88:2f:63:55:7d:1e:54:5a:95:59:ca:d9:34:81:c0:5f:5e:f6: 7a:b5
Certificate: Data: Version: 3 (0x2) Serial Number: 26:14:42:c1:6c:7f:a2:31:83:92:d7:68:a3:51:39:1f Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA Validity Not Before: Dec 23 00:00:00 2008 GMT Not After : Jan 1 23:59:59 2012 GMT Subject: C=US, ST=Virginia, L=Alexandria, O=Alawar Entertainment Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=-, CN=Alawar Entertainment Inc Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (1024 bit) Modulus: 00:c7:f8:72:b9:82:1b:11:80:ec:3d:70:ab:b0:28: 56:20:56:4d:20:a7:c7:e2:e5:fd:d0:25:8f:d6:6a: 2d:0a:e6:93:dc:8d:1e:ea:20:15:ff:bf:95:7c:81: bc:85:4a:9f:84:95:c3:17:2d:9d:4c:67:3e:5d:15: c2:46:7a:6d:9a:57:23:c8:a7:e7:fa:7b:69:cf:29: e5:fd:30:31:92:12:ea:62:33:29:2d:69:83:f0:77: ba:f3:02:fa:92:5f:c4:ea:a7:f2:a8:7e:4e:99:06: 1c:14:cf:32:1e:f6:e4:d6:27:53:ff:6c:5f:6c:50: f2:31:1a:9c:40:63:ec:0c:e1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:http://CSC3-2004-crl.verisign.com/CSC3-2004.crl X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.23.3 CPS: https://www.verisign.com/rpa X509v3 Extended Key Usage: Code Signing Authority Information Access: OCSP - URI:http://ocsp.verisign.com CA Issuers - URI:http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer X509v3 Authority Key Identifier: keyid:08:F5:51:E8:FB:FE:3D:3D:64:36:7C:68:CF:5B:78:A8:DF:B9:C5:37 Netscape Cert Type: Object Signing 1.3.6.1.4.1.311.2.1.27: 0....... Signature Algorithm: sha1WithRSAEncryption ae:25:ab:af:13:b6:be:f1:8f:49:e7:fe:f2:2d:06:a8:fa:96: 0d:4c:7d:8a:bb:63:ba:0f:03:e7:42:62:0e:3f:6b:e6:fe:cc: c6:95:1c:cc:b0:f5:ac:d4:7e:11:8f:8e:08:ce:02:3d:49:18: 8b:9b:5e:16:19:26:ea:e4:dc:51:4c:46:79:36:77:83:97:87: b1:bf:6e:df:f3:e1:38:9d:58:2e:ec:67:68:0a:9a:2f:cc:91: c4:ee:c7:16:6f:cc:bf:da:15:6d:e1:ef:78:4b:bb:38:ad:08: 55:fa:79:b2:f7:65:52:53:72:ee:57:4f:0c:47:7e:f0:4f:cf: e0:1d:eb:55:46:2a:6c:ba:50:08:15:0c:69:b2:81:a3:97:ef: 27:b5:ad:b7:ca:88:a1:8c:e6:0d:a4:07:1d:99:5f:1f:88:d7: cf:ff:86:ea:50:98:9b:6d:b4:7c:55:40:92:41:0a:03:4e:9c: 56:67:f6:2f:48:03:eb:72:c3:1d:31:62:a3:76:e0:ca:83:01: 46:29:0d:6c:18:fe:dd:c4:34:a4:79:a2:cc:a5:0e:61:cf:db: 74:a5:04:57:bc:27:37:7f:de:18:25:23:9c:3c:56:1a:01:95: 3c:26:d1:eb:de:a3:60:44:26:7c:6f:d7:59:8f:62:a6:13:28: 5a:df:ab:2f
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
2e e1 c4 27 8a 9a ea d6 a7 d9 45 9b 1d ae e9 fb |...'......E.....| d3 36 55 58 |.6UX |
- 1.3.6.1.4.1.311.2.1.15
- #0
- Certificates
- Certificate #0
- 2
- 38:25:D7:FA:F8:61:AF:9E:F4:90:E7:26:B5:D6:5A:D5
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 2007-06-15 00:00:00 UTC: 2012-06-14 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services Signer - G2
- #5
- rsaEncryption: nil
- C4:B5:F2:52:15:BC:88:86:60:29:16:4A:5B:2F:4B:91:
6B:87:91:F3:35:54:58:35:EA:D1:36:5E:62:4D:52:51:
34:71:C2:7B:66:1D:89:C8:DD:2A:C4:6A:0A:F6:37:D9:
98:74:91:F6:92:AE:B0:B5:76:96:F1:A9:4A:63:45:47:
2E:6B:0B:92:4E:4B:2B:8C:EE:58:4A:8B:D4:07:E4:1A:
2C:F8:82:AA:58:D9:CD:42:F3:2D:C0:75:DE:8D:AB:C7:
8E:1D:9A:6C:4C:08:95:1E:DE:DB:EF:67:E1:72:C2:49:
C2:9E:60:3C:E1:E2:BE:16:A3:63:78:69:14:7B:AD:2D: 0x010001
- X509v3 extensions
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- basicConstraints
- true
- nil
- crlDistributionPoints: http://crl.verisign.com/tss-ca.crl
- extendedKeyUsage: true, timeStamping
- keyUsage: true, 0xc0
- subjectAltName
- CN: TSA1-2
- authorityInfoAccess
- RSA-SHA1:
50 c5 4b c8 24 80 df e4 0d 24 c2 de 1a b1 a1 02 |P.K.$....$......| a1 a6 82 2d 0c 83 15 81 37 0a 82 0e 2c b0 5a 17 |...-....7...,.Z.| 61 b5 d8 05 fe 88 db f1 91 91 b3 56 1a 40 a6 eb |a..........V.@..| 92 be 38 39 b0 75 36 74 3a 98 4f e4 37 ba 99 89 |..89.u6t:.O.7...| ca 95 42 1d b0 b9 c7 a0 8d 57 e0 fa d5 64 04 42 |..B......W...d.B| 35 4e 01 d1 33 a2 17 c8 4d aa 27 c7 f2 e1 86 4c |5N..3...M.'....L| 02 38 4d 83 78 c6 fc 53 e0 eb e0 06 87 dd a4 96 |.8M.x..S........| 9e 5e 0c 98 e2 a5 be bf 82 85 c3 60 e1 df ad 28 |.^.........`...(| d8 c7 a5 4b 64 da c7 1b 5b bd ac 39 08 d5 38 22 |...Kd...[..9..8"| a1 33 8b 2f 8a 9a eb bc 07 21 3f 44 41 09 07 b5 |.3./.....!?DA...| 65 1c 24 bc 48 d3 44 80 eb a1 cf c9 02 b4 14 cf |e.$.H.D.........| 54 c7 16 a3 80 5c f9 79 3e 5d 72 7d 88 17 9e 2c |T....\.y>]r}...,| 43 a2 ca 53 ce 7d 3d f6 2a 3a b8 4f 94 00 a5 6d |C..S.}=.*:.O...m| 0a 83 5d f9 5e 53 f4 18 b3 57 0f 70 c3 fb f5 ad |..].^S...W.p....| 95 a0 0e 17 de c4 16 80 60 c9 0f 2b 6e 86 04 f1 |........`..+n...| eb f4 78 27 d1 05 c5 ee 34 5b 5e b9 49 32 f2 33 |..x'....4[^.I2.3|
- 2
- Certificate #1
- 2
- 47:BF:19:95:DF:8D:52:46:43:F7:DB:6D:48:0D:31:A4
- RSA-SHA1: nil
- Issuer
- C: ZA
- ST: Western Cape
- L: Durbanville
- O: Thawte
- OU: Thawte Certification
- CN: Thawte Timestamping CA
- 2003-12-04 00:00:00 UTC: 2013-12-03 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- #5
- rsaEncryption: nil
- A9:CA:B2:A4:CC:CD:20:AF:0A:7D:89:AC:87:75:F0:B4:
4E:F1:DF:C1:0F:BF:67:61:BD:A3:64:1C:DA:BB:F9:CA:
33:AB:84:30:89:58:7E:8C:DB:6B:DD:36:9E:0F:BF:D1:
EC:78:F2:77:A6:7E:6F:3C:BF:93:AF:0D:BA:68:F4:6C:
94:CA:BD:52:2D:AB:48:3D:F5:B6:D5:5D:5F:1B:02:9F:
FA:2F:6B:1E:A4:F7:A3:9A:A6:1A:C8:02:E1:7F:4C:52:
E3:0E:60:EC:40:1C:7E:B9:0D:DE:3F:C7:B4:DF:87:BD:
5F:7A:6A:31:2E:03:99:81:13:A8:47:20:CE:31:73:0D:
57:2D:CD:78:34:33:95:12:99:12:B9:DE:68:2F:AA:E6:
E3:C2:8A:8C:2A:C3:8B:21:87:66:BD:83:58:57:6F:75:
BF:3C:AA:26:87:5D:CA:10:15:3C:9F:84:EA:54:C1:0A:
6E:C4:FE:C5:4A:DD:B9:07:11:97:22:7C:DB:3E:27:D1:
1E:78:EC:9F:31:C9:F1:E6:22:19:DB:C4:B3:47:43:9A:
1A:5F:A0:1E:90:E4:5E:F5:EE:7C:F1:7D:AB:62:01:8F:
F5:4D:0B:DE:D0:22:56:A8:95:CD:AE:88:76:AE:EE:BA:
0D:F3:E4:4D:D9:A0:FB:68:A0:AE:14:3B:B3:87:C1:BB: 0x010001
- X509v3 extensions
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- basicConstraints
- true
- true: 0
- crlDistributionPoints: http://crl.verisign.com/ThawteTimestampingCA.crl
- extendedKeyUsage: timeStamping
- keyUsage: true, 6
- subjectAltName
- CN: TSA2048-1-53
- authorityInfoAccess
- RSA-SHA1:
4a 6b f9 ea 58 c2 44 1c 31 89 79 99 2b 96 bf 82 |Jk..X.D.1.y.+...| ac 01 d6 1c 4c cd b0 8a 58 6e df 08 29 a3 5e c8 |....L...Xn..).^.| ca 93 13 e7 04 52 0d ef 47 27 2f 00 38 b0 e4 c9 |.....R..G'/.8...| 93 4e 9a d4 22 62 15 f7 3f 37 21 4f 70 31 80 f1 |.N.."b..?7!Op1..| 8b 38 87 b3 e8 e8 97 00 fe cf 55 96 4e 24 d2 a9 |.8........U.N$..| 27 4e 7a ae b7 61 41 f3 2a ce e7 c9 d9 5e dd bb |'Nz..aA.*....^..| 2b 85 3e b5 9d b5 d9 e1 57 ff be b4 c5 7e f5 cf |+.>.....W....~..| 0c 9e f0 97 fe 2b d3 3b 52 1b 1b 38 27 f7 3f 4a |.....+.;R..8'.?J|
- 2
- Certificate #2
- 2
- 41:91:A1:5A:39:78:DF:CF:49:65:66:38:1D:4C:75:C2
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- OU: Class 3 Public Primary Certification Authority
- 2004-07-16 00:00:00 UTC: 2014-07-15 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- OU: VeriSign Trust Network
- OU: Terms of use at https://www.verisign.com/rpa (c)04
- CN: VeriSign Class 3 Code Signing 2004 CA
- #5
- rsaEncryption: nil
- BE:BC:EE:BC:7E:EF:83:EB:E0:37:4F:FB:03:10:38:BE:
08:D2:8C:7D:9D:FA:92:7F:19:0C:C2:6B:EE:42:52:8C:
DE:D3:1C:48:13:25:EA:C1:63:7A:F9:51:65:EE:D3:AA:
3B:F5:F0:94:9C:2B:FB:F2:66:D4:24:DA:F7:F5:9F:6E:
19:39:36:BC:D0:A3:76:08:1E:22:27:24:6C:38:91:27:
E2:84:49:AE:1B:8A:A1:FD:25:82:2C:10:30:E8:71:AB:
28:E8:77:4A:51:F1:EC:CD:F8:F0:54:D4:6F:C0:E3:6D:
0A:8F:D9:D8:64:8D:63:B2:2D:4E:27:F6:85:0E:FE:6D:
E3:29:99:E2:85:47:7C:2D:86:7F:E8:57:8F:AD:67:C2:
33:32:91:13:20:FC:A9:23:14:9A:6D:C2:84:4B:76:68:
04:D5:71:2C:5D:21:FA:88:0D:26:FD:1F:2D:91:2B:E7:
01:55:4D:F2:6D:35:28:82:DF:D9:6B:5C:B6:D6:D9:AA:
81:FD:5F:CD:83:BA:63:9D:D0:22:FC:A9:3B:42:69:B2:
8E:3A:B5:BC:B4:9E:0F:5E:C4:EA:2C:82:8B:28:FD:53:
08:96:DD:B5:01:20:D1:F9:A5:18:E7:C0:EE:51:70:37:
E1:B6:05:48:52:48:6F:38:EA:C3:E8:6C:7B:44:84:BB: 0x010001
- X509v3 extensions
- basicConstraints
- true
- true: 0
- certificatePolicies
- 2.16.840.1.113733.1.7.23.3
- id-qt-cps: https://www.verisign.com/rpa
- 2.16.840.1.113733.1.7.23.3
- crlDistributionPoints: http://crl.verisign.com/pca3.crl
- extendedKeyUsage
- clientAuth: codeSigning
- keyUsage: true, 6
- nsCertType: 1
- subjectAltName
- CN: Class3CA2048-1-43
- subjectKeyIdentifier:
08 f5 51 e8 fb fe 3d 3d 64 36 7c 68 cf 5b 78 a8 |..Q...==d6|h.[x.| df b9 c5 37 |...7 |
- authorityKeyIdentifier
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- OU: Class 3 Public Primary Certification Authority
70 ba e4 1d 10 d9 29 34 b6 38 ca 7b 03 cc ba bf |p.....)4.8.{....|
- #0
- unnamed
- basicConstraints
- RSA-SHA1:
ae 3a 17 b8 4a 7b 55 fa 64 55 ec 40 a4 ed 49 41 |.:..J{U.dU.@..IA| 90 99 9c 89 bc af 2e 1d ca 78 23 f9 1c 19 0f 7f |.........x#.....| eb 68 bc 32 d9 88 38 de dc 3f d3 89 b4 3f b1 82 |.h.2..8..?...?..| 96 f1 a4 5a ba ed 2e 26 d3 de 7c 01 6e 00 0a 00 |...Z...&..|.n...| a4 06 92 11 48 09 40 f9 1c 18 79 67 23 24 e0 bb |....H.@...yg#$..| d5 e1 50 ae 1b f5 0e dd e0 2e 81 cd 80 a3 6c 52 |..P...........lR| 4f 91 75 55 8a ba 22 f2 d2 ea 41 75 88 2f 63 55 |O.uU.."...Au./cU| 7d 1e 54 5a 95 59 ca d9 34 81 c0 5f 5e f6 7a b5 |}.TZ.Y..4.._^.z.|
- 2
- Certificate #3
- 2
- 26:14:42:C1:6C:7F:A2:31:83:92:D7:68:A3:51:39:1F
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- OU: VeriSign Trust Network
- OU: Terms of use at https://www.verisign.com/rpa (c)04
- CN: VeriSign Class 3 Code Signing 2004 CA
- 2008-12-23 00:00:00 UTC: 2012-01-01 23:59:59 UTC
- Subject
- C: US
- ST: Virginia
- L: Alexandria
- O: Alawar Entertainment Inc
- OU: Digital ID Class 3 - Microsoft Software Validation v2
- OU: -
- CN: Alawar Entertainment Inc
- #5
- rsaEncryption: nil
- C7:F8:72:B9:82:1B:11:80:EC:3D:70:AB:B0:28:56:20:
56:4D:20:A7:C7:E2:E5:FD:D0:25:8F:D6:6A:2D:0A:E6:
93:DC:8D:1E:EA:20:15:FF:BF:95:7C:81:BC:85:4A:9F:
84:95:C3:17:2D:9D:4C:67:3E:5D:15:C2:46:7A:6D:9A:
57:23:C8:A7:E7:FA:7B:69:CF:29:E5:FD:30:31:92:12:
EA:62:33:29:2D:69:83:F0:77:BA:F3:02:FA:92:5F:C4:
EA:A7:F2:A8:7E:4E:99:06:1C:14:CF:32:1E:F6:E4:D6:
27:53:FF:6C:5F:6C:50:F2:31:1A:9C:40:63:EC:0C:E1: 0x010001
- X509v3 extensions
- basicConstraints
- nil
- keyUsage: true, 0x80
- crlDistributionPoints: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl
- certificatePolicies
- 2.16.840.1.113733.1.7.23.3
- id-qt-cps: https://www.verisign.com/rpa
- 2.16.840.1.113733.1.7.23.3
- extendedKeyUsage: codeSigning
- authorityInfoAccess
- #0
- OCSP: http://ocsp.verisign.com
- caIssuers: http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer
- #0
- authorityKeyIdentifier:
08 f5 51 e8 fb fe 3d 3d 64 36 7c 68 cf 5b 78 a8 |..Q...==d6|h.[x.| df b9 c5 37 |...7 |
- nsCertType: 0x10
- 1.3.6.1.4.1.311.2.1.27
- false: true
- basicConstraints
- RSA-SHA1:
ae 25 ab af 13 b6 be f1 8f 49 e7 fe f2 2d 06 a8 |.%.......I...-..| fa 96 0d 4c 7d 8a bb 63 ba 0f 03 e7 42 62 0e 3f |...L}..c....Bb.?| 6b e6 fe cc c6 95 1c cc b0 f5 ac d4 7e 11 8f 8e |k...........~...| 08 ce 02 3d 49 18 8b 9b 5e 16 19 26 ea e4 dc 51 |...=I...^..&...Q| 4c 46 79 36 77 83 97 87 b1 bf 6e df f3 e1 38 9d |LFy6w.....n...8.| 58 2e ec 67 68 0a 9a 2f cc 91 c4 ee c7 16 6f cc |X..gh../......o.| bf da 15 6d e1 ef 78 4b bb 38 ad 08 55 fa 79 b2 |...m..xK.8..U.y.| f7 65 52 53 72 ee 57 4f 0c 47 7e f0 4f cf e0 1d |.eRSr.WO.G~.O...| eb 55 46 2a 6c ba 50 08 15 0c 69 b2 81 a3 97 ef |.UF*l.P...i.....| 27 b5 ad b7 ca 88 a1 8c e6 0d a4 07 1d 99 5f 1f |'............._.| 88 d7 cf ff 86 ea 50 98 9b 6d b4 7c 55 40 92 41 |......P..m.|U@.A| 0a 03 4e 9c 56 67 f6 2f 48 03 eb 72 c3 1d 31 62 |..N.Vg./H..r..1b| a3 76 e0 ca 83 01 46 29 0d 6c 18 fe dd c4 34 a4 |.v....F).l....4.| 79 a2 cc a5 0e 61 cf db 74 a5 04 57 bc 27 37 7f |y....a..t..W.'7.| de 18 25 23 9c 3c 56 1a 01 95 3c 26 d1 eb de a3 |..%#.
- 2
- Certificate #0
- Signer
- 1
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- OU: VeriSign Trust Network
- OU: Terms of use at https://www.verisign.com/rpa (c)04
- CN: VeriSign Class 3 Code Signing 2004 CA
- 26:14:42:C1:6C:7F:A2:31:83:92:D7:68:A3:51:39:1F
- #0
- SHA1: nil
- #3
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
f5 ee 97 98 12 dc 2d e3 52 dc 0b 8f c6 0c a8 a6 |......-.R.......| 3e 23 c6 86 |>#.. |
- 1.3.6.1.4.1.311.2.1.12:
04 21 04 3e 04 3a 04 40 04 3e 04 32 04 38 04 49 |.!.>.:.@.>.2.8.I| 04 30 00 20 04 1c 04 3e 04 3d 04 42 04 35 04 41 |.0. ...>.=.B.5.A| 04 43 04 3c 04 4b 00 20 00 33 |.C.<.K. .3 |
- rsaEncryption:
87 7c 58 87 66 26 ee 9a 49 a6 6f c4 50 bd a9 46 |.|X.f&..I.o.P..F| 7b be bd b1 0d 09 cf 55 88 5b 39 a1 87 ca 93 81 |{......U.[9.....| f0 88 79 61 4c 90 16 3f 5c 9c c5 76 e9 a1 08 45 |..yaL..?\..v...E| 08 79 7e 97 87 b2 6f bd 82 87 a7 c7 02 ac bc a6 |.y~...o.........| 1c 55 21 fd c3 01 9b c2 35 2b 94 cb 90 b9 ba 39 |.U!.....5+.....9| 22 66 07 33 c4 1b 77 2a a6 22 c0 9a ed a1 d8 5c |"f.3..w*.".....\| 3c d3 13 8c 4a 7c ce 2f e9 37 b3 fd e8 2d d0 b8 |<...J|./.7...-..| e3 ed 0e 9a 08 e7 8b 70 bf 7e bb ee e2 51 ec 0c |.......p.~...Q..|
- countersignature
- 1
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 38:25:D7:FA:F8:61:AF:9E:F4:90:E7:26:B5:D6:5A:D5
- #0
- SHA1: nil
- #2
- contentType: pkcs7-data
- signingTime: 2011-05-19 07:09:22 UTC
- messageDigest:
bd ef b0 5b ce e9 ca dd 9d c3 f1 54 64 2c 44 96 |...[.......Td,D.| 0d a5 1b 50 |...P |
- rsaEncryption:
86 11 ea 93 e1 2a 92 5b e5 8d 79 e2 72 df 91 26 |.....*.[..y.r..&| 5b af ae 6f 49 68 c2 30 e9 c2 f5 10 99 3e c1 b4 |[..oIh.0.....>..| 0b 1e 0d 72 17 12 39 23 ac d1 97 4a a1 9d 4c b4 |...r..9#...J..L.| 42 2b ca 2f 89 4c 6b 3c 5b c2 ae 14 c5 34 80 42 |B+./.Lk<[....4.B| 09 cb 82 c1 13 69 40 57 ad 2d e8 dc 92 ed 7e ae |.....i@W.-....~.| a9 2f d0 68 4e 06 ee 4a 9a c8 02 10 fd 25 80 cf |./.hN..J.....%..| 4a 11 6e e6 b6 a0 a9 3a 0e ff 29 ad f4 d4 20 53 |J.n....:..)... S| 5b ec 8e b9 6d 30 69 7b 2f 61 17 3e 7f 51 39 61 |[...m0i{/a.>.Q9a|
- unnamed
- 1
offset | size | type | comment | |
---|---|---|---|---|
0 | 1814016 | EXE | 05/13/2011 03:36:09 | # |
15c1 | 15 | HTM | # | |
1bae00 | 5448 | PKCS7 | Authenticode Signature | # |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x15bd24
[?] can't find file_offset of VA 0x15cd90
[?] can't find file_offset of VA 0x15d6f0
[?] can't find file_offset of VA 0x15e870
[?] can't find file_offset of VA 0x15f330
[?] can't find file_offset of VA 0x1608d8
[?] can't find file_offset of VA 0x161868
[?] can't find file_offset of VA 0x1624a4
[?] can't find file_offset of VA 0x162bac
[?] can't find file_offset of VA 0x163a6c
[?] can't find file_offset of VA 0x16403c
[?] can't find file_offset of VA 0x164c60
[?] can't find file_offset of VA 0x165288
[?] can't find file_offset of VA 0x166034
[?] can't find file_offset of VA 0x166890
[?] can't find file_offset of VA 0x167768
[?] can't find file_offset of VA 0x167ee0
[?] can't find file_offset of VA 0x168f84
[?] can't find file_offset of VA 0x169a14
[?] can't find file_offset of VA 0x16a714
[?] can't find file_offset of VA 0x16b5ac
[?] can't find file_offset of VA 0x16bb2c
[?] can't find file_offset of VA 0x16c4c8
[?] can't find file_offset of VA 0x16d790
[?] can't find file_offset of VA 0x16e77c
[?] can't find file_offset of VA 0x16f1ec
[?] can't find file_offset of VA 0x170060
[?] can't find file_offset of VA 0x171470
[?] can't find file_offset of VA 0x1724c8
[?] can't find file_offset of VA 0x172f14
[?] can't find file_offset of VA 0x173d9c
[?] can't find file_offset of VA 0x174ae4
[?] can't find file_offset of VA 0x175a9c
[?] can't find file_offset of VA 0x17699c
[?] can't find file_offset of VA 0x1777fc
[?] can't find file_offset of VA 0x1786f4
[?] can't find file_offset of VA 0x17958c
[?] can't find file_offset of VA 0x17a4ac
[?] can't find file_offset of VA 0x17afa0
[?] can't find file_offset of VA 0x17e574
[?] can't find file_offset of VA 0x17f5e0
[?] can't find file_offset of VA 0x180978
[?] can't find file_offset of VA 0x1817f8
[?] can't find file_offset of VA 0x1826b0
[?] can't find file_offset of VA 0x183854
[?] can't find file_offset of VA 0x184548
[?] can't find file_offset of VA 0x1856d4
[?] can't find file_offset of VA 0x185f38
[?] can't find file_offset of VA 0x1865e4
[?] can't find file_offset of VA 0x186c84
[?] can't find file_offset of VA 0x187174
[?] can't find file_offset of VA 0x187814
[?] can't find file_offset of VA 0x1881d0
[?] can't find file_offset of VA 0x188b94
[?] can't find file_offset of VA 0x189a0c
[?] can't find file_offset of VA 0x18b930
[?] can't find file_offset of VA 0x193958
[?] can't find file_offset of VA 0x19b374
[?] can't find file_offset of VA 0x1a15d4
[?] can't find file_offset of VA 0x1b4b60
[?] can't find file_offset of VA 0x1bbd3c
[?] can't find file_offset of VA 0x1cc53c
[?] can't find file_offset of VA 0x1cca34
[?] can't find file_offset of VA 0x1ccc1c
[?] can't find file_offset of VA 0x1d0254
[?] can't find file_offset of VA 0x1d0824
[?] can't find file_offset of VA 0x1d0f30
[?] can't find file_offset of VA 0x1d1cb0
[?] can't find file_offset of VA 0x1d3ba0
[?] can't find file_offset of VA 0x1d62d8
[?] can't find file_offset of VA 0x1d683c
[?] can't find file_offset of VA 0x1d6d8c
[?] can't find file_offset of VA 0x1d6db8
[?] can't find file_offset of VA 0x1d6fd8
[?] can't find file_offset of VA 0x1d8800
[?] can't find file_offset of VA 0x1da478
[?] can't find file_offset of VA 0x1df1d8
[?] can't find file_offset of VA 0x1e328c
[?] can't find file_offset of VA 0x1e6e34
[?] can't find file_offset of VA 0x1ea5c4
[?] can't find file_offset of VA 0x1edd90
[?] can't find file_offset of VA 0x1f1244
[?] can't find file_offset of VA 0x1f5398
[?] can't find file_offset of VA 0x1f8c8c
[?] can't find file_offset of VA 0x1fc374
[?] can't find file_offset of VA 0x1ffae4
[?] can't find file_offset of VA 0x205e6c
[?] can't find file_offset of VA 0x209700
[?] can't find file_offset of VA 0x20c0fc
[?] can't find file_offset of VA 0x210470
[?] can't find file_offset of VA 0x2140f8
[?] can't find file_offset of VA 0x2179b8
[?] can't find file_offset of VA 0x21b5ac
[?] can't find file_offset of VA 0x21f1a0
[?] can't find file_offset of VA 0x222b80
[?] can't find file_offset of VA 0x226338
[?] can't find file_offset of VA 0x229a68
[?] can't find file_offset of VA 0x22d28c
[?] can't find file_offset of VA 0x2309cc
[?] can't find file_offset of VA 0x234124
[?] can't find file_offset of VA 0x237900
[?] too many errors getting resource data, stopped on 0 of 1
[?] can't find file_offset of VA 0x0