comments powered byDisqus

MZ Header

Rich Header

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Packer / Compiler

Sections

Data Directory

TLS

StringTable 040904b0

VS_FIXEDFILEINFO

Signers (1)

issuer: /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 SHA256 Code Signing CA
serial: 4D9D6095B7A209BFDEB3D73500CE60E9

Certificates (4)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
        Validity
            Not Before: Dec 21 00:00:00 2012 GMT
            Not After : Dec 30 23:59:59 2020 GMT
        Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA - G2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b1:ac:b3:49:54:4b:97:1c:12:0a:d8:25:79:91:
                    22:57:2a:6f:dc:b8:26:c4:43:73:6b:c2:bf:2e:50:
                    5a:fb:14:c2:76:8e:43:01:25:43:b4:a1:e2:45:f4:
                    e8:b7:7b:c3:74:cc:22:d7:b4:94:00:02:f7:4d:ed:
                    bf:b4:b7:44:24:6b:cd:5f:45:3b:d1:44:ce:43:12:
                    73:17:82:8b:69:b4:2b:cb:99:1e:ac:72:1b:26:4d:
                    71:1f:b1:31:dd:fb:51:61:02:53:a6:aa:f5:49:2c:
                    05:78:45:a5:2f:89:ce:e7:99:e7:fe:8c:e2:57:3f:
                    3d:c6:92:dc:4a:f8:7b:33:e4:79:0a:fb:f0:75:88:
                    41:9c:ff:c5:03:51:99:aa:d7:6c:9f:93:69:87:65:
                    29:83:85:c2:60:14:c4:c8:c9:3b:14:da:c0:81:f0:
                    1f:0d:74:de:92:22:ab:ca:f7:fb:74:7c:27:e6:f7:
                    4a:1b:7f:a7:c3:9e:2d:ae:8a:ea:a6:e6:aa:27:16:
                    7d:61:f7:98:71:11:bc:e2:50:a1:4b:e5:5d:fa:e5:
                    0e:a7:2c:9f:aa:65:20:d3:d8:96:e8:c8:7c:a5:4e:
                    48:44:ff:19:e2:44:07:92:0b:d7:68:84:80:5d:6a:
                    78:64:45:cd:60:46:7e:54:c1:13:7c:c5:79:f1:c9:
                    c1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                5F:9A:F5:6E:5C:CC:CC:74:9A:D4:DD:7D:EF:3F:DB:EC:4C:80:2E:DD
            Authority Information Access: 
                OCSP - URI:http://ocsp.thawte.com

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.thawte.com/ThawteTimestampingCA.crl

            X509v3 Extended Key Usage: 
                Time Stamping
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DirName:/CN=TimeStamp-2048-1
    Signature Algorithm: sha1WithRSAEncryption
         03:09:9b:8f:79:ef:7f:59:30:aa:ef:68:b5:fa:e3:09:1d:bb:
         4f:82:06:5d:37:5f:a6:52:9f:16:8d:ea:1c:92:09:44:6e:f5:
         6d:eb:58:7c:30:e8:f9:69:8d:23:73:0b:12:6f:47:a9:ae:39:
         11:f8:2a:b1:9b:b0:1a:c3:8e:eb:59:96:00:ad:ce:0c:4d:b2:
         d0:31:a6:08:5c:2a:7a:fc:e2:7a:1d:57:4c:a8:65:18:e9:79:
         40:62:25:96:6e:c7:c7:37:6a:83:21:08:8e:41:ea:dd:d9:57:
         3f:1d:77:49:87:2a:16:06:5e:a6:38:6a:22:12:a3:51:19:83:
         7e:b6

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA - G2
        Validity
            Not Before: Oct 18 00:00:00 2012 GMT
            Not After : Dec 29 23:59:59 2020 GMT
        Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer - G4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a2:63:0b:39:44:b8:bb:23:a7:44:49:bb:0e:ff:
                    a1:f0:61:0a:53:93:b0:98:db:ad:2c:0f:4a:c5:6e:
                    ff:86:3c:53:55:0f:15:ce:04:3f:2b:fd:a9:96:96:
                    d9:be:61:79:0b:5b:c9:4c:86:76:e5:e0:43:4b:22:
                    95:ee:c2:2b:43:c1:9f:d8:68:b4:8e:40:4f:ee:85:
                    38:b9:11:c5:23:f2:64:58:f0:15:32:6f:4e:57:a1:
                    ae:88:a4:02:d7:2a:1e:cd:4b:e1:dd:63:d5:17:89:
                    32:5b:b0:5e:99:5a:a8:9d:28:50:0e:17:ee:96:db:
                    61:3b:45:51:1d:cf:12:56:0b:92:47:fc:ab:ae:f6:
                    66:3d:47:ac:70:72:e7:92:e7:5f:cd:10:b9:c4:83:
                    64:94:19:bd:25:80:e1:e8:d2:22:a5:d0:ba:02:7a:
                    a1:77:93:5b:65:c3:ee:17:74:bc:41:86:2a:dc:08:
                    4c:8c:92:8c:91:2d:9e:77:44:1f:68:d6:a8:74:77:
                    db:0e:5b:32:8b:56:8b:33:bd:d9:63:c8:49:9d:3a:
                    c5:c5:ea:33:0b:d2:f1:a3:1b:f4:8b:be:d9:b3:57:
                    8b:3b:de:04:a7:7a:22:b2:24:ae:2e:c7:70:c5:be:
                    4e:83:26:08:fb:0b:bd:a9:4f:99:08:e1:10:28:72:
                    aa:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: critical
                Time Stamping
            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                OCSP - URI:http://ts-ocsp.ws.symantec.com
                CA Issuers - URI:http://ts-aia.ws.symantec.com/tss-ca-g2.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://ts-crl.ws.symantec.com/tss-ca-g2.crl

            X509v3 Subject Alternative Name: 
                DirName:/CN=TimeStamp-2048-2
            X509v3 Subject Key Identifier: 
                46:C6:69:A3:0E:4A:14:1E:D5:4C:DA:52:63:17:3F:5E:36:BC:0D:E6
            X509v3 Authority Key Identifier: 
                keyid:5F:9A:F5:6E:5C:CC:CC:74:9A:D4:DD:7D:EF:3F:DB:EC:4C:80:2E:DD

    Signature Algorithm: sha1WithRSAEncryption
         78:3b:b4:91:2a:00:4c:f0:8f:62:30:37:78:a3:84:27:07:6f:
         18:b2:de:25:dc:a0:d4:94:03:aa:86:4e:25:9f:9a:40:03:1c:
         dd:ce:e3:79:cb:21:68:06:da:b6:32:b4:6d:bf:f4:2c:26:63:
         33:e4:49:64:6d:0d:e6:c3:67:0e:f7:05:a4:35:6c:7c:89:16:
         c6:e9:b2:df:b2:e9:dd:20:c6:71:0f:cd:95:74:dc:b6:5c:de:
         bd:37:1f:43:78:e6:78:b5:cd:28:04:20:a3:aa:f1:4b:c4:88:
         29:91:0e:80:d1:11:fc:dd:5c:76:6e:4f:5e:0e:45:46:41:6e:
         0d:b0:ea:38:9a:b1:3a:da:09:71:10:fc:1c:79:b4:80:7b:ac:
         69:f4:fd:9c:b6:0c:16:2b:f1:7f:5b:09:3d:9b:5b:e2:16:ca:
         13:81:6d:00:2e:38:0d:a8:29:8f:2c:e1:b2:f4:5a:a9:01:af:
         15:9c:2c:2f:49:1b:db:22:bb:c3:fe:78:94:51:c3:86:b1:82:
         88:5d:f0:3d:b4:51:a1:79:33:2b:2e:7b:b9:dc:20:09:13:71:
         eb:6a:19:5b:cf:e8:a5:30:57:2c:89:49:3f:b9:cf:7f:c9:bf:
         3e:22:68:63:53:9a:bd:69:74:ac:c5:1d:3c:7f:92:e0:c3:bc:
         1c:d8:04:75

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:9d:60:95:b7:a2:09:bf:de:b3:d7:35:00:ce:60:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA
        Validity
            Not Before: Jun 28 00:00:00 2018 GMT
            Not After : Jul 30 23:59:59 2021 GMT
        Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=Endpoint Security, CN=Cisco Systems, Inc.
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:9a:95:d5:ae:3b:4c:36:3f:4c:a9:ba:ff:c0:64:
                    af:68:cc:63:54:6b:3a:bc:62:c9:90:c3:de:2b:ad:
                    29:a3:04:4a:1d:cd:f9:3a:bd:9b:c4:5b:94:e8:8b:
                    f5:c1:a4:a6:f7:7a:17:2d:82:fe:29:c8:3a:43:5a:
                    6a:77:73:63:0f:05:ee:51:62:5a:fb:09:f3:f7:0e:
                    ce:6b:f6:9f:30:4c:c2:0f:d2:4f:bb:84:d9:63:5f:
                    76:a3:69:1b:40:67:dc:72:90:a4:22:72:2e:ae:ad:
                    e5:37:e9:9a:2b:73:9e:78:9d:f3:1c:a4:33:89:29:
                    ca:57:50:a6:5b:87:57:00:6d:9d:99:d0:99:f2:64:
                    37:e9:22:6e:c7:c3:57:76:ea:d9:e3:a4:1c:e9:5c:
                    2c:af:51:32:36:a0:1b:f1:29:ac:a2:3a:b5:4c:ef:
                    3e:58:8f:01:46:2b:2d:51:c2:db:4c:3b:8f:4c:45:
                    c5:88:18:aa:43:2f:e5:3c:a7:86:e0:47:30:da:62:
                    2d:fd:8b:02:32:6e:89:5e:3b:bc:19:ee:c7:49:6b:
                    52:56:38:86:d8:7e:e8:cb:e9:33:c8:b3:e4:60:36:
                    9d:01:a2:10:84:7f:d3:49:71:ff:56:fe:1d:63:53:
                    eb:c8:6b:65:03:08:29:2d:8b:a0:99:31:d5:c6:b2:
                    f1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://sv.symcb.com/sv.crl

            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.4.1
                  CPS: https://d.symcb.com/cps
                  User Notice:
                    Explicit Text: https://d.symcb.com/rpa

            X509v3 Extended Key Usage: 
                Code Signing
            Authority Information Access: 
                OCSP - URI:http://sv.symcd.com
                CA Issuers - URI:http://sv.symcb.com/sv.crt

            X509v3 Authority Key Identifier: 
                keyid:96:3B:53:F0:79:33:97:AF:7D:83:EF:2E:2B:CC:CA:B7:86:1E:72:66

            X509v3 Subject Key Identifier: 
                8B:B8:26:FD:B7:6A:A4:CF:86:94:65:36:CA:EE:5F:8E:DB:9A:06:E2
    Signature Algorithm: sha256WithRSAEncryption
         8c:08:54:60:06:d9:cd:19:01:61:ef:1c:77:6e:d7:d0:99:94:
         07:87:b3:d2:9a:f6:54:c4:b7:ae:d8:a1:2d:84:d1:5f:98:b0:
         62:77:09:17:f5:a8:4a:41:84:d9:35:a4:58:22:98:f1:74:25:
         af:f1:01:1e:89:51:18:79:ef:34:45:cf:9e:99:ef:88:b8:00:
         44:96:30:6f:79:32:08:95:36:00:41:5a:8d:50:da:0a:05:83:
         b4:c6:15:f7:1c:cd:48:6e:9d:73:a7:89:31:c1:cf:c2:3b:bd:
         6b:66:05:80:91:5b:45:a8:5b:20:a0:8e:10:9c:20:a6:ab:6a:
         19:cb:a1:5b:15:89:19:4d:d8:be:a5:5a:b8:45:d4:0a:cd:62:
         6e:f9:80:30:de:15:03:a3:c1:5c:b9:d6:51:fd:66:a3:b5:97:
         60:01:13:d0:bb:1b:c5:84:4b:42:f3:80:6a:08:66:25:1d:3a:
         5d:6d:c8:d5:b8:30:44:d4:99:8d:41:39:43:7a:39:f3:53:99:
         43:4f:8b:7f:58:45:81:4c:b3:1e:1d:22:3b:9b:dd:36:cc:dd:
         65:e9:bd:da:ae:ba:c2:20:83:d9:22:05:81:6c:89:c8:18:b3:
         70:c0:d1:69:93:69:40:bd:8a:7e:78:35:6a:7c:55:16:3a:c7:
         f5:55:ac:0e

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
        Validity
            Not Before: Dec 10 00:00:00 2013 GMT
            Not After : Dec  9 23:59:59 2023 GMT
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:97:83:1e:00:16:af:2c:b1:d2:08:c4:d7:68:93:
                    51:60:1e:71:f6:e2:47:b4:db:58:4d:23:62:6a:b4:
                    bf:5a:1b:51:f7:a3:0d:18:77:68:bb:d8:36:ab:2f:
                    21:50:da:9e:f3:e7:5f:27:4e:0b:c2:97:c8:09:70:
                    93:a9:da:5c:0d:4e:a4:0d:91:a0:b4:ec:14:ce:91:
                    72:54:2e:ce:a3:db:44:e9:52:1b:3f:41:3c:ca:4a:
                    e4:aa:c0:e8:39:ab:53:cc:21:d0:cc:cf:7f:9b:e6:
                    c2:cc:58:6a:82:15:ee:3d:36:cf:1c:c5:97:07:24:
                    8e:f1:7b:be:31:2d:3d:6e:dc:b5:99:42:9f:4b:61:
                    95:5f:1c:70:ee:17:7d:db:8b:e5:61:89:78:c7:68:
                    1b:af:11:78:1a:98:ae:c4:55:47:53:d9:b3:32:d6:
                    a1:0e:46:40:c5:97:92:8a:d1:53:a7:99:5b:85:35:
                    57:d3:ea:93:62:61:20:0a:c7:30:77:24:11:4d:62:
                    83:b6:ba:7b:68:82:31:ee:65:ca:df:f9:d5:8d:b2:
                    35:dc:8c:2b:6f:6a:72:5c:60:84:9c:f2:0c:94:5e:
                    c0:56:52:00:48:cc:d3:f8:a5:7d:de:2f:d7:13:e4:
                    38:a8:84:d5:46:b8:13:86:c2:1b:9d:ea:5a:38:dd:
                    9b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://s2.symcb.com

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: http://www.symauth.com/cps
                  User Notice:
                    Explicit Text: http://www.symauth.com/rpa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://s1.symcb.com/pca3-g5.crl

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, Code Signing
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DirName:/CN=SymantecPKI-1-567
            X509v3 Subject Key Identifier: 
                96:3B:53:F0:79:33:97:AF:7D:83:EF:2E:2B:CC:CA:B7:86:1E:72:66
            X509v3 Authority Key Identifier: 
                keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33

    Signature Algorithm: sha256WithRSAEncryption
         13:85:1a:1e:69:a9:37:f7:a0:bd:a4:af:7e:1d:61:53:fe:9d:
         8c:5e:0c:a6:75:1e:78:17:23:dd:fd:ec:1a:03:55:39:fb:71:
         95:c7:65:5a:a7:8e:30:d2:44:5a:61:db:70:6f:da:21:05:c2:
         2e:73:ba:49:f1:d1:93:fe:5d:c9:cd:5e:03:e0:89:9e:3f:74:
         1e:d7:f7:38:8b:a9:d6:cf:bb:35:2f:33:58:a8:92:56:d1:c8:
         4d:3b:82:e6:79:84:16:fc:28:b0:b1:47:f3:1d:a2:3e:ee:87:
         d9:a6:7f:a4:56:a5:3f:ad:84:2e:29:de:7c:bc:a8:aa:a3:3d:
         04:01:ea:ba:93:a2:0e:50:22:29:17:4c:87:e4:3a:11:5f:d6:
         a4:25:89:9b:05:6b:2f:b4:c9:01:4c:27:7b:0b:ac:19:05:22:
         a0:60:15:3f:da:c9:fb:4d:4c:8f:fb:72:67:77:fd:27:94:c7:
         ba:35:0e:88:49:fe:8d:fd:28:af:4a:12:bd:0d:b3:97:05:de:
         44:0c:15:fa:36:2b:03:dc:c1:50:01:f1:a1:11:5d:14:e5:e2:
         bd:27:4b:54:be:2b:84:5e:0f:a6:c3:74:05:0a:ef:97:c3:89:
         22:b1:1f:77:f3:bd:cd:43:d4:f1:4c:a9:3f:b5:8b:84:af:64:
         f2:d0:14:21

Cannot convert into OpenSSL::BN

offsetsizetypecomment
01360384DLL02/05/2019 16:09:18#
b88b0142HTM#
14c20013312PKCS7Authenticode Signature#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

[?] can't find file_offset of VA 0x13c424

[?] NumberOfNames too big (4137), limiting to 2048