filename | PDFsam_Basic_Installer.exe | |
---|---|---|
size | 5399928 (0x526578) | |
md5 | 5cb26d53ea09da5470f2e6b2a1b650f8 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x128 |
Rich Header
lib id | version | times used |
---|---|---|
152 | 20115 | 10 |
158 | 30319 | 61 |
131 | 30729 | 11 |
171 | 40219 | 70 |
147 | 30729 | 42 |
93 | 4035 | 5 |
109 | 50727 | 510 |
170 | 31118 | 66 |
171 | 31118 | 123 |
175 | 30319 | 82 |
1 | 0 | 688 |
170 | 30319 | 254 |
171 | 30319 | 260 |
155 | 30319 | 1 |
154 | 30319 | 1 |
157 | 30319 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
UPX0 | 0x1000 | 0x425000 | 0 | RWX UDATA | |
UPX1 | 0x426000 | 0x51b000 | 0x51a800 | RWX IDATA | |
.rsrc | 0x941000 | 0xb000 | 0xa800 | RW- IDATA |
Data Directory
TLS
raw start | raw end | index | callbks | zero fill | flags | |
---|---|---|---|---|---|---|
0xd40704 | 0xd40705 | 0x9a5640 | 0xd40708 | 0 | 0 |
id | lang | string |
---|---|---|
96 | 1033 | ff ff 50 40 26 b5 42 6c 5d 41 af a6 ae c3 f3 ad |..P@&.Bl]A......| fd f5 ea 81 b1 a0 10 5a f4 7c 55 8b 41 3a d1 aa |.......Z.|U.A:..| d9 e1 ff ff ff ff a8 e7 3c 31 82 93 c1 f7 d0 97 |........<1......| c7 a7 b1 07 1c cd 26 e0 d3 dd 29 17 b2 34 ed 60 |......&...)..4.`| |
496 | 1033 | ⤣՜羾◤끡᭽䯢檝呇萂腼ꪖ흪ኯ纵熢鶞꣔䮒颖㔧뫯ᑗ굩泹扠ꆹབ |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.DLL | LoadLibraryA | ||
KERNEL32.DLL | GetProcAddress | ||
KERNEL32.DLL | VirtualProtect | ||
KERNEL32.DLL | VirtualAlloc | ||
KERNEL32.DLL | VirtualFree | ||
KERNEL32.DLL | ExitProcess | ||
COMCTL32.dll | ImageList_DrawEx | ||
COMDLG32.dll | GetSaveFileNameW | ||
CRYPT32.dll | CertGetNameStringW | ||
dbghelp.dll | MiniDumpWriteDump | ||
GDI32.dll | PatBlt | ||
IMM32.dll | ImmIsIME | ||
msi.dll | 8 | ||
ole32.dll | OleRun | ||
OLEACC.dll | LresultFromObject | ||
OLEAUT32.dll | 2 | ||
PSAPI.DLL | GetProcessImageFileNameW | ||
SHELL32.dll | 74 | ||
SHLWAPI.dll | UrlEscapeA | ||
urlmon.dll | FindMimeFromData | ||
USER32.dll | GetDC | ||
VERSION.dll | VerQueryValueW | ||
WINHTTP.dll | WinHttpGetIEProxyConfigForCurrentUser | ||
WININET.dll | InternetOpenW | ||
WINMM.dll | PlaySoundA | ||
WINTRUST.dll | WinVerifyTrust | ||
WLDAP32.dll | 27 | ||
WS2_32.dll | 10 |
ord | entry_va | function_name |
---|
module_name | |
---|---|
flags | 0xe13078a4 |
timestamp | 2032-06-01 19:53:02 |
version | 46677.29740 |
ordinal_base | 1835820416 |
nFunctions | 2231830390 |
nNames | 4251992439 |
Names(4251992439) | 0x39d6578a |
Functions(2231830390) | 0x30770c4e |
NameOrdinals(4251992439) | 0x31578a28 |
StringTable 040904e4
CompanyName | PDFsam |
FileDescription | PDFsam Basic Installer |
FileVersion | 3.0.27.26034 |
InternalName | PDF Installer.exe |
LegalCopyright | ANDREA VACONDIO |
OriginalFilename | PDF Installer.exe |
ProductName | PDFsam Basic Installer |
ProductVersion | 3.0.27.26034 |
VS_FIXEDFILEINFO
FileVersion | 3.0.27.26034 |
ProductVersion | 3.0.27.26034 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 4 |
FileType | 1 |
FileSubtype | 0 |
Signers (1)
issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
serial: 76EB5706FDB03A84
Certificates (3)
Certificate: Data: Version: 3 (0x2) Serial Number: 1828629 (0x1be715) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority Validity Not Before: Jan 1 07:00:00 2014 GMT Not After : May 30 07:00:00 2031 GMT Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bf:71:62:08:f1:fa:59:34:f7:1b:c9:18:a3:f7: 80:49:58:e9:22:83:13:a6:c5:20:43:01:3b:84:f1: e6:85:49:9f:27:ea:f6:84:1b:4e:a0:b4:db:70:98: c7:32:01:b1:05:3e:07:4e:ee:f4:fa:4f:2f:59:30: 22:e7:ab:19:56:6b:e2:80:07:fc:f3:16:75:80:39: 51:7b:e5:f9:35:b6:74:4e:a9:8d:82:13:e4:b6:3f: a9:03:83:fa:a2:be:8a:15:6a:7f:de:0b:c3:b6:19: 14:05:ca:ea:c3:a8:04:94:3b:46:7c:32:0d:f3:00: 66:22:c8:8d:69:6d:36:8c:11:18:b7:d3:b2:1c:60: b4:38:fa:02:8c:ce:d3:dd:46:07:de:0a:3e:eb:5d: 7c:c8:7c:fb:b0:2b:53:a4:92:62:69:51:25:05:61: 1a:44:81:8c:2c:a9:43:96:23:df:ac:3a:81:9a:0e: 29:c5:1c:a9:e9:5d:1e:b6:9e:9e:30:0a:39:ce:f1: 88:80:fb:4b:5d:cc:32:ec:85:62:43:25:34:02:56: 27:01:91:b4:3b:70:2a:3f:6e:b1:e8:9c:88:01:7d: 9f:d4:f9:db:53:6d:60:9d:bf:2c:e7:58:ab:b8:5f: 46:fc:ce:c4:1b:03:3c:09:eb:49:31:5c:69:46:b3: e0:47 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE X509v3 Authority Key Identifier: keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 Authority Information Access: OCSP - URI:http://ocsp.godaddy.com/ X509v3 CRL Distribution Points: Full Name: URI:http://crl.godaddy.com/gdroot.crl X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: https://certs.godaddy.com/repository/ Signature Algorithm: sha256WithRSAEncryption 59:0b:53:bd:92:86:11:a7:24:7b:ed:5b:31:cf:1d:1f:6c:70: c5:b8:6e:be:4e:bb:f6:be:97:50:e1:30:7f:ba:28:5c:62:94: c2:e3:7e:33:f7:fb:42:76:85:db:95:1c:8c:22:58:75:09:0c: 88:65:67:39:0a:16:09:c5:a0:38:97:a4:c5:23:93:3f:b4:18: a6:01:06:44:91:e3:a7:69:27:b4:5a:25:7f:3a:b7:32:cd:dd: 84:ff:2a:38:29:33:a4:dd:67:b2:85:fe:a1:88:20:1c:50:89: c8:dc:2a:f6:42:03:37:4c:e6:88:df:d5:af:24:f2:b1:c3:df: cc:b5:ec:e0:99:5e:b7:49:54:20:3c:94:18:0c:c7:1c:52:18: 49:a4:6d:e1:b3:58:0b:c9:d8:ec:d9:ae:1c:32:8e:28:70:0d: e2:fe:a6:17:9e:84:0f:bd:57:70:b3:5a:e9:1f:a0:86:53:bb: ef:7c:ff:69:0b:e0:48:c3:b7:93:0b:c8:0a:54:c4:ac:5d:14: 67:37:6c:ca:a5:2f:31:08:37:aa:6e:6f:8c:bc:9b:e2:57:5d: 24:81:af:97:97:9c:84:ad:6c:ac:37:4c:66:f3:61:91:11:20: e4:be:30:9f:7a:a4:29:09:b0:e1:34:5f:64:77:18:40:51:df: 8c:30:a6:af
Certificate: Data: Version: 3 (0x2) Serial Number: 7 (0x7) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 Validity Not Before: May 3 07:00:00 2011 GMT Not After : May 3 07:00:00 2031 GMT Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b9:e0:cb:10:d4:af:76:bd:d4:93:62:eb:30:64: b8:81:08:6c:c3:04:d9:62:17:8e:2f:ff:3e:65:cf: 8f:ce:62:e6:3c:52:1c:da:16:45:4b:55:ab:78:6b: 63:83:62:90:ce:0f:69:6c:99:c8:1a:14:8b:4c:cc: 45:33:ea:88:dc:9e:a3:af:2b:fe:80:61:9d:79:57: c4:cf:2e:f4:3f:30:3c:5d:47:fc:9a:16:bc:c3:37: 96:41:51:8e:11:4b:54:f8:28:be:d0:8c:be:f0:30: 38:1e:f3:b0:26:f8:66:47:63:6d:de:71:26:47:8f: 38:47:53:d1:46:1d:b4:e3:dc:00:ea:45:ac:bd:bc: 71:d9:aa:6f:00:db:db:cd:30:3a:79:4f:5f:4c:47: f8:1d:ef:5b:c2:c4:9d:60:3b:b1:b2:43:91:d8:a4: 33:4e:ea:b3:d6:27:4f:ad:25:8a:a5:c6:f4:d5:d0: a6:ae:74:05:64:57:88:b5:44:55:d4:2d:2a:3a:3e: f8:b8:bd:e9:32:0a:02:94:64:c4:16:3a:50:f1:4a: ae:e7:79:33:af:0c:20:07:7f:e8:df:04:39:c2:69: 02:6c:63:52:fa:77:c1:1b:c8:74:87:c8:b9:93:18: 50:54:35:4b:69:4e:bc:3b:d3:49:2e:1f:dc:c1:d2: 52:fb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE X509v3 Authority Key Identifier: keyid:3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE Authority Information Access: OCSP - URI:http://ocsp.godaddy.com/ X509v3 CRL Distribution Points: Full Name: URI:http://crl.godaddy.com/gdroot-g2.crl X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: https://certs.godaddy.com/repository/ Signature Algorithm: sha256WithRSAEncryption 08:7e:6c:93:10:c8:38:b8:96:a9:90:4b:ff:a1:5f:4f:04:ef: 6c:3e:9c:88:06:c9:50:8f:a6:73:f7:57:31:1b:be:bc:e4:2f: db:f8:ba:d3:5b:e0:b4:e7:e6:79:62:0e:0c:a2:d7:6a:63:73: 31:b5:f5:a8:48:a4:3b:08:2d:a2:5d:90:d7:b4:7c:25:4f:11: 56:30:c4:b6:44:9d:7b:2c:9d:e5:5e:e6:ef:0c:61:aa:bf:e4: 2a:1b:ee:84:9e:b8:83:7d:c1:43:ce:44:a7:13:70:0d:91:1f: f4:c8:13:ad:83:60:d9:d8:72:a8:73:24:1e:b5:ac:22:0e:ca: 17:89:62:58:44:1b:ab:89:25:01:00:0f:cd:c4:1b:62:db:51: b4:d3:0f:51:2a:9b:f4:bc:73:fc:76:ce:36:a4:cd:d9:d8:2c: ea:ae:9b:f5:2a:b2:90:d1:4d:75:18:8a:3f:8a:41:90:23:7d: 5b:4b:fe:a4:03:58:9b:46:b2:c3:60:60:83:f8:7d:50:41:ce: c2:a1:90:c3:bb:ef:02:2f:d2:15:54:ee:44:15:d9:0a:ae:a7: 8a:33:ed:b1:2d:76:36:26:dc:04:eb:9f:f7:61:1f:15:dc:87: 6f:ee:46:96:28:ad:a1:26:7d:0a:09:a7:2e:04:a3:8d:bc:f8: bc:04:30:01
Certificate: Data: Version: 3 (0x2) Serial Number: 8569038403540105860 (0x76eb5706fdb03a84) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 Validity Not Before: Oct 13 19:50:38 2015 GMT Not After : Oct 13 19:50:38 2016 GMT Subject: C=IT, ST=Reggio Emilia, L=Bibbiano, O=ANDREA VACONDIO, CN=ANDREA VACONDIO Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d5:83:c1:08:d6:b4:e9:c1:d0:11:69:7f:6a:d4: ef:e2:af:ff:75:30:57:cc:f0:1d:8b:98:10:54:41: f5:34:36:57:1c:5c:88:d0:fd:a9:19:2f:62:34:30: 5b:0c:9a:31:a1:35:40:17:70:fe:55:b8:54:ab:7a: 8d:af:e8:09:37:20:0c:bc:0d:f3:fe:c5:e0:0b:df: b2:b1:ad:da:87:6f:b7:95:ff:3a:83:ab:3b:33:26: 66:02:45:c1:bf:3b:99:50:fa:fe:b7:1a:fb:1b:70: 03:dd:c0:90:2f:95:7a:86:45:60:c6:0d:85:89:94: 87:0a:47:ff:a3:f9:ad:e5:cd:31:71:5f:71:32:08: f5:2c:04:85:7a:95:34:c7:00:6f:2f:d6:60:fb:8f: 47:c9:fc:14:c8:ea:e7:9c:5e:54:14:01:e3:e8:c1: 47:77:9e:d5:ed:2e:3e:3b:23:0b:d9:39:b9:98:a6: 8a:e4:03:14:b6:29:67:73:12:41:3e:c6:6c:61:f8: 0d:54:e7:3c:9b:c0:cf:7c:10:58:0a:78:8d:3c:05: d4:ec:0d:1b:c1:28:48:64:0f:b9:4a:74:06:e0:51: 20:ec:65:21:10:c8:4a:5e:92:6c:c1:53:13:1d:80: e1:d2:15:d5:8b:24:80:b1:90:2c:56:82:c7:5b:f7: 12:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: Code Signing X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:http://crl.godaddy.com/gdig2s5-1.crl X509v3 Certificate Policies: Policy: 2.16.840.1.114413.1.7.23.2 CPS: http://certificates.godaddy.com/repository/ Authority Information Access: OCSP - URI:http://ocsp.godaddy.com/ CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt X509v3 Authority Key Identifier: keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE X509v3 Subject Key Identifier: E0:D0:6D:3B:CB:58:4C:F1:34:9F:5C:01:7B:5C:92:56:26:E9:34:DA Signature Algorithm: sha256WithRSAEncryption 94:5c:79:8a:15:d3:69:2c:c2:55:06:b3:e6:01:c3:d3:c6:7f: 0d:83:2a:88:7d:82:9a:c7:51:63:2d:95:f5:5f:69:10:4b:9b: b2:82:a0:80:c8:7d:b2:7a:23:ac:bb:e7:f0:af:45:69:35:aa: 8d:a2:f2:1b:cb:03:af:94:80:9f:f8:a5:3e:ce:2c:64:36:7f: e1:72:a8:78:c2:03:28:0c:8c:db:63:77:4b:dd:a4:71:11:c2: 84:30:06:70:33:7d:c4:3b:45:35:a2:32:d6:22:7d:74:5d:13: 2a:33:d5:25:9b:0a:c1:5d:ed:43:fe:fd:83:f4:f1:af:7e:6c: e9:c2:ba:93:6f:fd:be:33:31:d9:ff:c7:c9:ef:75:0d:e2:83: 94:a9:d4:81:ee:5a:c3:18:4f:1d:7a:ee:91:39:9f:3f:e1:c8: bf:5a:3c:7f:02:98:87:cd:1a:13:15:2c:82:8e:98:d5:84:7f: 9a:38:f6:1e:0c:d4:fe:4f:be:e0:be:9d:94:eb:21:e4:a2:3d: 15:a3:da:80:69:6c:70:e7:81:27:f3:b8:9d:39:27:7d:4d:ea: 11:85:c8:34:c1:fb:a7:92:f0:52:f4:15:ef:4c:04:82:36:f5: 00:8d:6f:da:3b:a5:16:3e:be:a1:b1:7c:ba:cb:fe:5e:97:6b: 29:53:8c:bf
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
da 36 a3 a8 0a fd d3 b3 67 92 6a 0d 3e a9 c1 02 |.6......g.j.>...| 98 92 43 44 |..CD |
- 1.3.6.1.4.1.311.2.1.15
- #0
- Certificates
- Certificate #0
- 2
- 0x1BE715
- RSA-SHA256: nil
- Issuer
- C: US
- O: The Go Daddy Group, Inc.
- OU: Go Daddy Class 2 Certification Authority
- 2014-01-01 07:00:00 UTC: 2031-05-30 07:00:00 UTC
- Subject
- C: US
- ST: Arizona
- L: Scottsdale
- O: GoDaddy.com, Inc.
- CN: Go Daddy Root Certificate Authority - G2
- #5
- rsaEncryption: nil
- BF:71:62:08:F1:FA:59:34:F7:1B:C9:18:A3:F7:80:49:
58:E9:22:83:13:A6:C5:20:43:01:3B:84:F1:E6:85:49:
9F:27:EA:F6:84:1B:4E:A0:B4:DB:70:98:C7:32:01:B1:
05:3E:07:4E:EE:F4:FA:4F:2F:59:30:22:E7:AB:19:56:
6B:E2:80:07:FC:F3:16:75:80:39:51:7B:E5:F9:35:B6:
74:4E:A9:8D:82:13:E4:B6:3F:A9:03:83:FA:A2:BE:8A:
15:6A:7F:DE:0B:C3:B6:19:14:05:CA:EA:C3:A8:04:94:
3B:46:7C:32:0D:F3:00:66:22:C8:8D:69:6D:36:8C:11:
18:B7:D3:B2:1C:60:B4:38:FA:02:8C:CE:D3:DD:46:07:
DE:0A:3E:EB:5D:7C:C8:7C:FB:B0:2B:53:A4:92:62:69:
51:25:05:61:1A:44:81:8C:2C:A9:43:96:23:DF:AC:3A:
81:9A:0E:29:C5:1C:A9:E9:5D:1E:B6:9E:9E:30:0A:39:
CE:F1:88:80:FB:4B:5D:CC:32:EC:85:62:43:25:34:02:
56:27:01:91:B4:3B:70:2A:3F:6E:B1:E8:9C:88:01:7D:
9F:D4:F9:DB:53:6D:60:9D:BF:2C:E7:58:AB:B8:5F:46:
FC:CE:C4:1B:03:3C:09:EB:49:31:5C:69:46:B3:E0:47: 0x010001
- X509v3 extensions
- basicConstraints: true, true
- keyUsage: true, 6
- subjectKeyIdentifier:
3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 |:....g(.....An .| 94 da 0f de |.... |
- authorityKeyIdentifier:
d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd |......L.q.a.=...| a8 6a d4 e3 |.j.. |
- authorityInfoAccess
- OCSP: http://ocsp.godaddy.com/
- crlDistributionPoints: http://crl.godaddy.com/gdroot.crl
- certificatePolicies
- anyPolicy
- id-qt-cps: https://certs.godaddy.com/repository/
- anyPolicy
- RSA-SHA256:
59 0b 53 bd 92 86 11 a7 24 7b ed 5b 31 cf 1d 1f |Y.S.....${.[1...| 6c 70 c5 b8 6e be 4e bb f6 be 97 50 e1 30 7f ba |lp..n.N....P.0..| 28 5c 62 94 c2 e3 7e 33 f7 fb 42 76 85 db 95 1c |(\b...~3..Bv....| 8c 22 58 75 09 0c 88 65 67 39 0a 16 09 c5 a0 38 |."Xu...eg9.....8| 97 a4 c5 23 93 3f b4 18 a6 01 06 44 91 e3 a7 69 |...#.?.....D...i| 27 b4 5a 25 7f 3a b7 32 cd dd 84 ff 2a 38 29 33 |'.Z%.:.2....*8)3| a4 dd 67 b2 85 fe a1 88 20 1c 50 89 c8 dc 2a f6 |..g..... .P...*.| 42 03 37 4c e6 88 df d5 af 24 f2 b1 c3 df cc b5 |B.7L.....$......| ec e0 99 5e b7 49 54 20 3c 94 18 0c c7 1c 52 18 |...^.IT <.....R.| 49 a4 6d e1 b3 58 0b c9 d8 ec d9 ae 1c 32 8e 28 |I.m..X.......2.(| 70 0d e2 fe a6 17 9e 84 0f bd 57 70 b3 5a e9 1f |p.........Wp.Z..| a0 86 53 bb ef 7c ff 69 0b e0 48 c3 b7 93 0b c8 |..S..|.i..H.....| 0a 54 c4 ac 5d 14 67 37 6c ca a5 2f 31 08 37 aa |.T..].g7l../1.7.| 6e 6f 8c bc 9b e2 57 5d 24 81 af 97 97 9c 84 ad |no....W]$.......| 6c ac 37 4c 66 f3 61 91 11 20 e4 be 30 9f 7a a4 |l.7Lf.a.. ..0.z.| 29 09 b0 e1 34 5f 64 77 18 40 51 df 8c 30 a6 af |)...4_dw.@Q..0..|
- 2
- Certificate #1
- 2
- 7
- RSA-SHA256: nil
- Issuer
- C: US
- ST: Arizona
- L: Scottsdale
- O: GoDaddy.com, Inc.
- CN: Go Daddy Root Certificate Authority - G2
- 2011-05-03 07:00:00 UTC: 2031-05-03 07:00:00 UTC
- Subject
- C: US
- ST: Arizona
- L: Scottsdale
- O: GoDaddy.com, Inc.
- OU: http://certs.godaddy.com/repository/
- CN: Go Daddy Secure Certificate Authority - G2
- #5
- rsaEncryption: nil
- B9:E0:CB:10:D4:AF:76:BD:D4:93:62:EB:30:64:B8:81:
08:6C:C3:04:D9:62:17:8E:2F:FF:3E:65:CF:8F:CE:62:
E6:3C:52:1C:DA:16:45:4B:55:AB:78:6B:63:83:62:90:
CE:0F:69:6C:99:C8:1A:14:8B:4C:CC:45:33:EA:88:DC:
9E:A3:AF:2B:FE:80:61:9D:79:57:C4:CF:2E:F4:3F:30:
3C:5D:47:FC:9A:16:BC:C3:37:96:41:51:8E:11:4B:54:
F8:28:BE:D0:8C:BE:F0:30:38:1E:F3:B0:26:F8:66:47:
63:6D:DE:71:26:47:8F:38:47:53:D1:46:1D:B4:E3:DC:
00:EA:45:AC:BD:BC:71:D9:AA:6F:00:DB:DB:CD:30:3A:
79:4F:5F:4C:47:F8:1D:EF:5B:C2:C4:9D:60:3B:B1:B2:
43:91:D8:A4:33:4E:EA:B3:D6:27:4F:AD:25:8A:A5:C6:
F4:D5:D0:A6:AE:74:05:64:57:88:B5:44:55:D4:2D:2A:
3A:3E:F8:B8:BD:E9:32:0A:02:94:64:C4:16:3A:50:F1:
4A:AE:E7:79:33:AF:0C:20:07:7F:E8:DF:04:39:C2:69:
02:6C:63:52:FA:77:C1:1B:C8:74:87:C8:B9:93:18:50:
54:35:4B:69:4E:BC:3B:D3:49:2E:1F:DC:C1:D2:52:FB: 0x010001
- X509v3 extensions
- basicConstraints: true, true
- keyUsage: true, 6
- subjectKeyIdentifier:
40 c2 bd 27 8e cc 34 83 30 a2 33 d7 fb 6c b3 f0 |@..'..4.0.3..l..| b4 2c 80 ce |.,.. |
- authorityKeyIdentifier:
3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 |:....g(.....An .| 94 da 0f de |.... |
- authorityInfoAccess
- OCSP: http://ocsp.godaddy.com/
- crlDistributionPoints: http://crl.godaddy.com/gdroot-g2.crl
- certificatePolicies
- anyPolicy
- id-qt-cps: https://certs.godaddy.com/repository/
- anyPolicy
- RSA-SHA256:
08 7e 6c 93 10 c8 38 b8 96 a9 90 4b ff a1 5f 4f |.~l...8....K.._O| 04 ef 6c 3e 9c 88 06 c9 50 8f a6 73 f7 57 31 1b |..l>....P..s.W1.| be bc e4 2f db f8 ba d3 5b e0 b4 e7 e6 79 62 0e |.../....[....yb.| 0c a2 d7 6a 63 73 31 b5 f5 a8 48 a4 3b 08 2d a2 |...jcs1...H.;.-.| 5d 90 d7 b4 7c 25 4f 11 56 30 c4 b6 44 9d 7b 2c |]...|%O.V0..D.{,| 9d e5 5e e6 ef 0c 61 aa bf e4 2a 1b ee 84 9e b8 |..^...a...*.....| 83 7d c1 43 ce 44 a7 13 70 0d 91 1f f4 c8 13 ad |.}.C.D..p.......| 83 60 d9 d8 72 a8 73 24 1e b5 ac 22 0e ca 17 89 |.`..r.s$..."....| 62 58 44 1b ab 89 25 01 00 0f cd c4 1b 62 db 51 |bXD...%......b.Q| b4 d3 0f 51 2a 9b f4 bc 73 fc 76 ce 36 a4 cd d9 |...Q*...s.v.6...| d8 2c ea ae 9b f5 2a b2 90 d1 4d 75 18 8a 3f 8a |.,....*...Mu..?.| 41 90 23 7d 5b 4b fe a4 03 58 9b 46 b2 c3 60 60 |A.#}[K...X.F..``| 83 f8 7d 50 41 ce c2 a1 90 c3 bb ef 02 2f d2 15 |..}PA......../..| 54 ee 44 15 d9 0a ae a7 8a 33 ed b1 2d 76 36 26 |T.D......3..-v6&| dc 04 eb 9f f7 61 1f 15 dc 87 6f ee 46 96 28 ad |.....a....o.F.(.| a1 26 7d 0a 09 a7 2e 04 a3 8d bc f8 bc 04 30 01 |.&}...........0.|
- 2
- Certificate #2
- 2
- 76:EB:57:06:FD:B0:3A:84
- RSA-SHA256: nil
- Issuer
- C: US
- ST: Arizona
- L: Scottsdale
- O: GoDaddy.com, Inc.
- OU: http://certs.godaddy.com/repository/
- CN: Go Daddy Secure Certificate Authority - G2
- 2015-10-13 19:50:38 UTC: 2016-10-13 19:50:38 UTC
- Subject
- C: IT
- ST: Reggio Emilia
- L: Bibbiano
- O: ANDREA VACONDIO
- CN: ANDREA VACONDIO
- #5
- rsaEncryption: nil
- D5:83:C1:08:D6:B4:E9:C1:D0:11:69:7F:6A:D4:EF:E2:
AF:FF:75:30:57:CC:F0:1D:8B:98:10:54:41:F5:34:36:
57:1C:5C:88:D0:FD:A9:19:2F:62:34:30:5B:0C:9A:31:
A1:35:40:17:70:FE:55:B8:54:AB:7A:8D:AF:E8:09:37:
20:0C:BC:0D:F3:FE:C5:E0:0B:DF:B2:B1:AD:DA:87:6F:
B7:95:FF:3A:83:AB:3B:33:26:66:02:45:C1:BF:3B:99:
50:FA:FE:B7:1A:FB:1B:70:03:DD:C0:90:2F:95:7A:86:
45:60:C6:0D:85:89:94:87:0A:47:FF:A3:F9:AD:E5:CD:
31:71:5F:71:32:08:F5:2C:04:85:7A:95:34:C7:00:6F:
2F:D6:60:FB:8F:47:C9:FC:14:C8:EA:E7:9C:5E:54:14:
01:E3:E8:C1:47:77:9E:D5:ED:2E:3E:3B:23:0B:D9:39:
B9:98:A6:8A:E4:03:14:B6:29:67:73:12:41:3E:C6:6C:
61:F8:0D:54:E7:3C:9B:C0:CF:7C:10:58:0A:78:8D:3C:
05:D4:EC:0D:1B:C1:28:48:64:0F:B9:4A:74:06:E0:51:
20:EC:65:21:10:C8:4A:5E:92:6C:C1:53:13:1D:80:E1:
D2:15:D5:8B:24:80:B1:90:2C:56:82:C7:5B:F7:12:DF: 0x010001
- X509v3 extensions
- basicConstraints
- true
- nil
- extendedKeyUsage: codeSigning
- keyUsage: true, 0x80
- crlDistributionPoints: http://crl.godaddy.com/gdig2s5-1.crl
- certificatePolicies
- 2.16.840.1.114413.1.7.23.2
- id-qt-cps: http://certificates.godaddy.com/repository/
- 2.16.840.1.114413.1.7.23.2
- authorityInfoAccess
- #0
- OCSP: http://ocsp.godaddy.com/
- caIssuers: http://certificates.godaddy.com/repository/gdig2.crt
- #0
- authorityKeyIdentifier:
40 c2 bd 27 8e cc 34 83 30 a2 33 d7 fb 6c b3 f0 |@..'..4.0.3..l..| b4 2c 80 ce |.,.. |
- subjectKeyIdentifier:
e0 d0 6d 3b cb 58 4c f1 34 9f 5c 01 7b 5c 92 56 |..m;.XL.4.\.{\.V| 26 e9 34 da |&.4. |
- basicConstraints
- RSA-SHA256:
94 5c 79 8a 15 d3 69 2c c2 55 06 b3 e6 01 c3 d3 |.\y...i,.U......| c6 7f 0d 83 2a 88 7d 82 9a c7 51 63 2d 95 f5 5f |....*.}...Qc-.._| 69 10 4b 9b b2 82 a0 80 c8 7d b2 7a 23 ac bb e7 |i.K......}.z#...| f0 af 45 69 35 aa 8d a2 f2 1b cb 03 af 94 80 9f |..Ei5...........| f8 a5 3e ce 2c 64 36 7f e1 72 a8 78 c2 03 28 0c |..>.,d6..r.x..(.| 8c db 63 77 4b dd a4 71 11 c2 84 30 06 70 33 7d |..cwK..q...0.p3}| c4 3b 45 35 a2 32 d6 22 7d 74 5d 13 2a 33 d5 25 |.;E5.2."}t].*3.%| 9b 0a c1 5d ed 43 fe fd 83 f4 f1 af 7e 6c e9 c2 |...].C......~l..| ba 93 6f fd be 33 31 d9 ff c7 c9 ef 75 0d e2 83 |..o..31.....u...| 94 a9 d4 81 ee 5a c3 18 4f 1d 7a ee 91 39 9f 3f |.....Z..O.z..9.?| e1 c8 bf 5a 3c 7f 02 98 87 cd 1a 13 15 2c 82 8e |...Z<........,..| 98 d5 84 7f 9a 38 f6 1e 0c d4 fe 4f be e0 be 9d |.....8.....O....| 94 eb 21 e4 a2 3d 15 a3 da 80 69 6c 70 e7 81 27 |..!..=....ilp..'| f3 b8 9d 39 27 7d 4d ea 11 85 c8 34 c1 fb a7 92 |...9'}M....4....| f0 52 f4 15 ef 4c 04 82 36 f5 00 8d 6f da 3b a5 |.R...L..6...o.;.| 16 3e be a1 b1 7c ba cb fe 5e 97 6b 29 53 8c bf |.>...|...^.k)S..|
- 2
- Certificate #0
- Signer
- 1
- unnamed
- #0
- C: US
- ST: Arizona
- L: Scottsdale
- O: GoDaddy.com, Inc.
- OU: http://certs.godaddy.com/repository/
- CN: Go Daddy Secure Certificate Authority - G2
- 76:EB:57:06:FD:B0:3A:84
- #0
- SHA1: nil
- #3
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
7b 1a e2 c3 d2 c4 92 32 c7 f7 e9 b7 37 8d 8e e9 |{......2....7...| 79 32 8c 4b |y2.K |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
06 ef f3 c6 f9 72 d9 78 39 9e 80 17 b3 1b b9 ba |.....r.x9.......| 7a 7e 4e 88 7c 68 44 db c3 da ea ae 18 0e d3 ef |z~N.|hD.........| ae 28 c3 f8 29 63 3a 93 c6 72 57 61 ef e2 7f 09 |.(..)c:..rWa....| 83 0f 04 93 dc 16 4b 77 91 c7 c6 9e 7b 5c 89 20 |......Kw....{\. | b7 43 45 15 13 b6 72 4f ac a9 5c 4b 00 1d 82 e5 |.CE...rO..\K....| 69 d9 65 2a db eb b7 5b f8 f6 d5 42 ca 4e 16 aa |i.e*...[...B.N..| 73 1c ed ea c3 ca 0d 63 95 3b 0d 85 b9 09 aa db |s......c.;......| 2c 78 cd 5f 7e a8 84 48 2e 0a c0 00 fe 07 4a 8e |,x._~..H......J.| 8f e1 f5 59 5b b5 f7 e4 25 e4 ae 1e e4 77 12 c1 |...Y[...%....w..| c0 fd 81 15 d9 8c ae 0c 92 76 a3 6a 56 e6 97 d7 |.........v.jV...| 22 c3 68 40 3e 7a 44 01 f5 c2 dd 78 62 ea 6b 19 |".h@>zD....xb.k.| 15 05 32 60 4b 69 cc c6 74 19 f6 9b e8 6c 2b ff |..2`Ki..t....l+.| 2b 72 3d 39 ed 1b 2b 22 c6 63 97 7b fa 90 9d 84 |+r=9..+".c.{....| f9 56 f5 94 46 64 20 f5 af e4 2b 29 2e 5b 76 9d |.V..Fd ...+).[v.| c5 f0 58 34 3d 9a df 2c f3 b0 59 60 58 b9 78 c7 |..X4=..,..Y`X.x.| 1d 0c 5c 21 03 f4 c7 be e0 8a c7 8d fa dc e1 8b |..\!............|
offset | size | type | comment | |
---|---|---|---|---|
15c1 | 15 | HTM | # | |
2c212e | 471 | GIF | (10 x 7) | # |
366646 | 237 | GIF | (10 x 10) | # |
366733 | 1834565 | BIN | overlay data past EOF | # |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(131070) > stringtable size(64). truncated to 62
[!] cannot convert "P@&\xB5Bl]A\xAF\xA6\xAE\xC3\xF3\xAD\xFD\xF5"... to UTF-16
[!] string size(118112) > stringtable size(82). truncated to 80
[!] refusing to read CURDIRENTRY beyond resource size
[!] refusing to read ICODIRENTRY beyond resource size
[?] can't find file_offset of VA 0x8e9bb246
[?] can't find file_offset of VA 0x30770c4e
[?] can't find file_offset of VA 0x31578a28
[?] can't find file_offset of VA 0x39d6578a
[?] can't find file_offset of VA 0x30770c4e
[?] can't find file_offset of VA 0x31578a28