PDFsam_Basic_Installer.exe - PDF Installer.exe

info
MZ
PE
resources
strings
imports
exports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	PDFsam_Basic_Installer.exe
size	5399928 (0x526578)
md5	5cb26d53ea09da5470f2e6b2a1b650f8

type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x128

Rich Header

lib id	version	times used
152	20115	10
158	30319	61
131	30729	11
171	40219	70
147	30729	42
93	4035	5
109	50727	510
170	31118	66
171	31118	123
175	30319	82
1	0	688
170	30319	254
171	30319	260
155	30319	1
154	30319	1
157	30319	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x565c7a58
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x102
Magic	0x10b
LinkerVersion	10.0
SizeOfCode	0x51b000
SizeOfInitializedData	0xb000
SizeOfUninitializedData	0x425000
AddressOfEntryPoint	0x9404e0
BaseOfCode	0x426000
BaseOfData	0x941000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.1
ImageVersion	0.0
SubsystemVersion	5.1
Reserved1	0
SizeOfImage	0x94c000
SizeOfHeaders	0x1000
CheckSum	0x528ea8
Subsystem	2
DllCharacteristics	0x8140
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0x425000	0	RWX UDATA
UPX1	0x426000	0x51b000	0x51a800	RWX IDATA
.rsrc	0x941000	0xb000	0xa800	RW- IDATA

Data Directory

type	va	size
EXPORT	0x5691e0	0x4605
IMPORT	0x94b2b8	0x52c
RESOURCE	0x941000	0xa2b8
EXCEPTION	0	0
SECURITY	0x525400	0x1178
BASERELOC	0x94b7e4	0x1c
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x9406ec	0x18
LOAD_CONFIG	0x940710	0x48
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0x565c44	0x40
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0xd40704	0xd40705	0x9a5640	0xd40708	0	0

show previews

type	name	size	cp
DLL	#514	1325968	1252
DOWNLOAD	#10000	860	1252
GIF	ACTIVITY	310	1252
IDT_SZSR	#515	1635134	1252
PNG	ARROW-DOWN	117	1252
PNG	ARROW-LEFT	112	1252
PNG	ARROW-RIGHT	118	1252
PNG	ARROW-UP	112	1252
PNG	EDIT-COPY	726	1252
PNG	EDIT-CUT	494	1252
PNG	EDIT-PASTE	759	1252
PNG	EDIT-REDO	364	1252
PNG	EDIT-UNDO	384	1252
PNG	FORMAT-INDENT-DEC	1187	1252
PNG	FORMAT-INDENT-INC	1184	1252
PNG	FORMAT-OL	1184	1252
PNG	FORMAT-UL	1159	1252
REGISTRY	#101	12	1252
REGISTRY	#106	525	1252
TYPELIB	#1	4240	1252
CURSOR	#9	308	1252
CURSOR	#10	308	1252
CURSOR	#11	308	1252
CURSOR	#12	308	1252
ICON	#1	16936	1252
ICON	#2	9640	1252
ICON	#3	4264	1252
ICON	#4	1128	1252
ICON	#5	16936	1252
ICON	#6	9640	1252
ICON	#7	4264	1252
ICON	#8	1128	1252
STRING	#7	64	1252
STRING	#32	82	1252
GROUP_CURSOR	IDC_COL_HEADER	20	1252
GROUP_CURSOR	IDC_DRAG_COPY	20	1252
GROUP_CURSOR	IDC_DRAG_MOVE	20	1252
GROUP_CURSOR	IDC_ROW_HEADER	20	1252
GROUP_ICON	#501	62	1252
GROUP_ICON	#502	62	1252
VERSION	#1	772	1252
HTML	BEHAVIOR-EDIT-MENU	686	1252
HTML	BEHAVIOR-RICHTEXT-MENU	1379	1252
HTML	BEHAVIOR-TEXT-MENU	689	1252
HTML	MASTER-CSS	45018	1252
MANIFEST	#1	773	1252

lang

string

1033

ff ff 50 40 26 b5 42 6c  5d 41 af a6 ae c3 f3 ad  |..P@&.Bl]A......|
fd f5 ea 81 b1 a0 10 5a  f4 7c 55 8b 41 3a d1 aa  |.......Z.|U.A:..|
d9 e1 ff ff ff ff a8 e7  3c 31 82 93 c1 f7 d0 97  |........<1......|
c7 a7 b1 07 1c cd 26 e0  d3 dd 29 17 b2 34 ed 60  |......&...)..4.`|

496

1033

⤣՜羾◤끡᭽䯢檝呇萂腼ꪖ흪ኯ纵熢鶞꣔䮒颖㔧뫯ᑗ굩泹扠ꆹབ

module_name	ord	function_name
KERNEL32.DLL		LoadLibraryA
KERNEL32.DLL		GetProcAddress
KERNEL32.DLL		VirtualProtect
KERNEL32.DLL		VirtualAlloc
KERNEL32.DLL		VirtualFree
KERNEL32.DLL		ExitProcess
COMCTL32.dll		ImageList_DrawEx
COMDLG32.dll		GetSaveFileNameW
CRYPT32.dll		CertGetNameStringW
dbghelp.dll		MiniDumpWriteDump
GDI32.dll		PatBlt
IMM32.dll		ImmIsIME
msi.dll	8
ole32.dll		OleRun
OLEACC.dll		LresultFromObject
OLEAUT32.dll	2
PSAPI.DLL		GetProcessImageFileNameW
SHELL32.dll	74
SHLWAPI.dll		UrlEscapeA
urlmon.dll		FindMimeFromData
USER32.dll		GetDC
VERSION.dll		VerQueryValueW
WINHTTP.dll		WinHttpGetIEProxyConfigForCurrentUser
WININET.dll		InternetOpenW
WINMM.dll		PlaySoundA
WINTRUST.dll		WinVerifyTrust
WLDAP32.dll	27
WS2_32.dll	10

ord	entry_va	function_name

module_name
flags	0xe13078a4
timestamp	2032-06-01 19:53:02
version	46677.29740
ordinal_base	1835820416
nFunctions	2231830390
nNames	4251992439
Names(4251992439)	0x39d6578a
Functions(2231830390)	0x30770c4e
NameOrdinals(4251992439)	0x31578a28

StringTable 040904e4

CompanyName	PDFsam
FileDescription	PDFsam Basic Installer
FileVersion	3.0.27.26034
InternalName	PDF Installer.exe
LegalCopyright	ANDREA VACONDIO
OriginalFilename	PDF Installer.exe
ProductName	PDFsam Basic Installer
ProductVersion	3.0.27.26034

VS_FIXEDFILEINFO

FileVersion	3.0.27.26034
ProductVersion	3.0.27.26034
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	4
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2

serial: 76EB5706FDB03A84

Certificates (3)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1828629 (0x1be715)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Validity
            Not Before: Jan  1 07:00:00 2014 GMT
            Not After : May 30 07:00:00 2031 GMT
        Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:71:62:08:f1:fa:59:34:f7:1b:c9:18:a3:f7:
                    80:49:58:e9:22:83:13:a6:c5:20:43:01:3b:84:f1:
                    e6:85:49:9f:27:ea:f6:84:1b:4e:a0:b4:db:70:98:
                    c7:32:01:b1:05:3e:07:4e:ee:f4:fa:4f:2f:59:30:
                    22:e7:ab:19:56:6b:e2:80:07:fc:f3:16:75:80:39:
                    51:7b:e5:f9:35:b6:74:4e:a9:8d:82:13:e4:b6:3f:
                    a9:03:83:fa:a2:be:8a:15:6a:7f:de:0b:c3:b6:19:
                    14:05:ca:ea:c3:a8:04:94:3b:46:7c:32:0d:f3:00:
                    66:22:c8:8d:69:6d:36:8c:11:18:b7:d3:b2:1c:60:
                    b4:38:fa:02:8c:ce:d3:dd:46:07:de:0a:3e:eb:5d:
                    7c:c8:7c:fb:b0:2b:53:a4:92:62:69:51:25:05:61:
                    1a:44:81:8c:2c:a9:43:96:23:df:ac:3a:81:9a:0e:
                    29:c5:1c:a9:e9:5d:1e:b6:9e:9e:30:0a:39:ce:f1:
                    88:80:fb:4b:5d:cc:32:ec:85:62:43:25:34:02:56:
                    27:01:91:b4:3b:70:2a:3f:6e:b1:e8:9c:88:01:7d:
                    9f:d4:f9:db:53:6d:60:9d:bf:2c:e7:58:ab:b8:5f:
                    46:fc:ce:c4:1b:03:3c:09:eb:49:31:5c:69:46:b3:
                    e0:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE
            X509v3 Authority Key Identifier: 
                keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3

            Authority Information Access: 
                OCSP - URI:http://ocsp.godaddy.com/

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.godaddy.com/gdroot.crl

            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy
                  CPS: https://certs.godaddy.com/repository/

    Signature Algorithm: sha256WithRSAEncryption
         59:0b:53:bd:92:86:11:a7:24:7b:ed:5b:31:cf:1d:1f:6c:70:
         c5:b8:6e:be:4e:bb:f6:be:97:50:e1:30:7f:ba:28:5c:62:94:
         c2:e3:7e:33:f7:fb:42:76:85:db:95:1c:8c:22:58:75:09:0c:
         88:65:67:39:0a:16:09:c5:a0:38:97:a4:c5:23:93:3f:b4:18:
         a6:01:06:44:91:e3:a7:69:27:b4:5a:25:7f:3a:b7:32:cd:dd:
         84:ff:2a:38:29:33:a4:dd:67:b2:85:fe:a1:88:20:1c:50:89:
         c8:dc:2a:f6:42:03:37:4c:e6:88:df:d5:af:24:f2:b1:c3:df:
         cc:b5:ec:e0:99:5e:b7:49:54:20:3c:94:18:0c:c7:1c:52:18:
         49:a4:6d:e1:b3:58:0b:c9:d8:ec:d9:ae:1c:32:8e:28:70:0d:
         e2:fe:a6:17:9e:84:0f:bd:57:70:b3:5a:e9:1f:a0:86:53:bb:
         ef:7c:ff:69:0b:e0:48:c3:b7:93:0b:c8:0a:54:c4:ac:5d:14:
         67:37:6c:ca:a5:2f:31:08:37:aa:6e:6f:8c:bc:9b:e2:57:5d:
         24:81:af:97:97:9c:84:ad:6c:ac:37:4c:66:f3:61:91:11:20:
         e4:be:30:9f:7a:a4:29:09:b0:e1:34:5f:64:77:18:40:51:df:
         8c:30:a6:af

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7 (0x7)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
        Validity
            Not Before: May  3 07:00:00 2011 GMT
            Not After : May  3 07:00:00 2031 GMT
        Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e0:cb:10:d4:af:76:bd:d4:93:62:eb:30:64:
                    b8:81:08:6c:c3:04:d9:62:17:8e:2f:ff:3e:65:cf:
                    8f:ce:62:e6:3c:52:1c:da:16:45:4b:55:ab:78:6b:
                    63:83:62:90:ce:0f:69:6c:99:c8:1a:14:8b:4c:cc:
                    45:33:ea:88:dc:9e:a3:af:2b:fe:80:61:9d:79:57:
                    c4:cf:2e:f4:3f:30:3c:5d:47:fc:9a:16:bc:c3:37:
                    96:41:51:8e:11:4b:54:f8:28:be:d0:8c:be:f0:30:
                    38:1e:f3:b0:26:f8:66:47:63:6d:de:71:26:47:8f:
                    38:47:53:d1:46:1d:b4:e3:dc:00:ea:45:ac:bd:bc:
                    71:d9:aa:6f:00:db:db:cd:30:3a:79:4f:5f:4c:47:
                    f8:1d:ef:5b:c2:c4:9d:60:3b:b1:b2:43:91:d8:a4:
                    33:4e:ea:b3:d6:27:4f:ad:25:8a:a5:c6:f4:d5:d0:
                    a6:ae:74:05:64:57:88:b5:44:55:d4:2d:2a:3a:3e:
                    f8:b8:bd:e9:32:0a:02:94:64:c4:16:3a:50:f1:4a:
                    ae:e7:79:33:af:0c:20:07:7f:e8:df:04:39:c2:69:
                    02:6c:63:52:fa:77:c1:1b:c8:74:87:c8:b9:93:18:
                    50:54:35:4b:69:4e:bc:3b:d3:49:2e:1f:dc:c1:d2:
                    52:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE
            X509v3 Authority Key Identifier: 
                keyid:3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE

            Authority Information Access: 
                OCSP - URI:http://ocsp.godaddy.com/

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.godaddy.com/gdroot-g2.crl

            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy
                  CPS: https://certs.godaddy.com/repository/

    Signature Algorithm: sha256WithRSAEncryption
         08:7e:6c:93:10:c8:38:b8:96:a9:90:4b:ff:a1:5f:4f:04:ef:
         6c:3e:9c:88:06:c9:50:8f:a6:73:f7:57:31:1b:be:bc:e4:2f:
         db:f8:ba:d3:5b:e0:b4:e7:e6:79:62:0e:0c:a2:d7:6a:63:73:
         31:b5:f5:a8:48:a4:3b:08:2d:a2:5d:90:d7:b4:7c:25:4f:11:
         56:30:c4:b6:44:9d:7b:2c:9d:e5:5e:e6:ef:0c:61:aa:bf:e4:
         2a:1b:ee:84:9e:b8:83:7d:c1:43:ce:44:a7:13:70:0d:91:1f:
         f4:c8:13:ad:83:60:d9:d8:72:a8:73:24:1e:b5:ac:22:0e:ca:
         17:89:62:58:44:1b:ab:89:25:01:00:0f:cd:c4:1b:62:db:51:
         b4:d3:0f:51:2a:9b:f4:bc:73:fc:76:ce:36:a4:cd:d9:d8:2c:
         ea:ae:9b:f5:2a:b2:90:d1:4d:75:18:8a:3f:8a:41:90:23:7d:
         5b:4b:fe:a4:03:58:9b:46:b2:c3:60:60:83:f8:7d:50:41:ce:
         c2:a1:90:c3:bb:ef:02:2f:d2:15:54:ee:44:15:d9:0a:ae:a7:
         8a:33:ed:b1:2d:76:36:26:dc:04:eb:9f:f7:61:1f:15:dc:87:
         6f:ee:46:96:28:ad:a1:26:7d:0a:09:a7:2e:04:a3:8d:bc:f8:
         bc:04:30:01

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8569038403540105860 (0x76eb5706fdb03a84)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
        Validity
            Not Before: Oct 13 19:50:38 2015 GMT
            Not After : Oct 13 19:50:38 2016 GMT
        Subject: C=IT, ST=Reggio Emilia, L=Bibbiano, O=ANDREA VACONDIO, CN=ANDREA VACONDIO
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:83:c1:08:d6:b4:e9:c1:d0:11:69:7f:6a:d4:
                    ef:e2:af:ff:75:30:57:cc:f0:1d:8b:98:10:54:41:
                    f5:34:36:57:1c:5c:88:d0:fd:a9:19:2f:62:34:30:
                    5b:0c:9a:31:a1:35:40:17:70:fe:55:b8:54:ab:7a:
                    8d:af:e8:09:37:20:0c:bc:0d:f3:fe:c5:e0:0b:df:
                    b2:b1:ad:da:87:6f:b7:95:ff:3a:83:ab:3b:33:26:
                    66:02:45:c1:bf:3b:99:50:fa:fe:b7:1a:fb:1b:70:
                    03:dd:c0:90:2f:95:7a:86:45:60:c6:0d:85:89:94:
                    87:0a:47:ff:a3:f9:ad:e5:cd:31:71:5f:71:32:08:
                    f5:2c:04:85:7a:95:34:c7:00:6f:2f:d6:60:fb:8f:
                    47:c9:fc:14:c8:ea:e7:9c:5e:54:14:01:e3:e8:c1:
                    47:77:9e:d5:ed:2e:3e:3b:23:0b:d9:39:b9:98:a6:
                    8a:e4:03:14:b6:29:67:73:12:41:3e:c6:6c:61:f8:
                    0d:54:e7:3c:9b:c0:cf:7c:10:58:0a:78:8d:3c:05:
                    d4:ec:0d:1b:c1:28:48:64:0f:b9:4a:74:06:e0:51:
                    20:ec:65:21:10:c8:4a:5e:92:6c:c1:53:13:1d:80:
                    e1:d2:15:d5:8b:24:80:b1:90:2c:56:82:c7:5b:f7:
                    12:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.godaddy.com/gdig2s5-1.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114413.1.7.23.2
                  CPS: http://certificates.godaddy.com/repository/

            Authority Information Access: 
                OCSP - URI:http://ocsp.godaddy.com/
                CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt

            X509v3 Authority Key Identifier: 
                keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE

            X509v3 Subject Key Identifier: 
                E0:D0:6D:3B:CB:58:4C:F1:34:9F:5C:01:7B:5C:92:56:26:E9:34:DA
    Signature Algorithm: sha256WithRSAEncryption
         94:5c:79:8a:15:d3:69:2c:c2:55:06:b3:e6:01:c3:d3:c6:7f:
         0d:83:2a:88:7d:82:9a:c7:51:63:2d:95:f5:5f:69:10:4b:9b:
         b2:82:a0:80:c8:7d:b2:7a:23:ac:bb:e7:f0:af:45:69:35:aa:
         8d:a2:f2:1b:cb:03:af:94:80:9f:f8:a5:3e:ce:2c:64:36:7f:
         e1:72:a8:78:c2:03:28:0c:8c:db:63:77:4b:dd:a4:71:11:c2:
         84:30:06:70:33:7d:c4:3b:45:35:a2:32:d6:22:7d:74:5d:13:
         2a:33:d5:25:9b:0a:c1:5d:ed:43:fe:fd:83:f4:f1:af:7e:6c:
         e9:c2:ba:93:6f:fd:be:33:31:d9:ff:c7:c9:ef:75:0d:e2:83:
         94:a9:d4:81:ee:5a:c3:18:4f:1d:7a:ee:91:39:9f:3f:e1:c8:
         bf:5a:3c:7f:02:98:87:cd:1a:13:15:2c:82:8e:98:d5:84:7f:
         9a:38:f6:1e:0c:d4:fe:4f:be:e0:be:9d:94:eb:21:e4:a2:3d:
         15:a3:da:80:69:6c:70:e7:81:27:f3:b8:9d:39:27:7d:4d:ea:
         11:85:c8:34:c1:fb:a7:92:f0:52:f4:15:ef:4c:04:82:36:f5:
         00:8d:6f:da:3b:a5:16:3e:be:a1:b1:7c:ba:cb:fe:5e:97:6b:
         29:53:8c:bf

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

da 36 a3 a8 0a fd d3 b3 67 92 6a 0d 3e a9 c1 02 |.6......g.j.>...| 98 92 43 44 |..CD |

Certificates
- Certificate #0
  - 2
    - 0x1BE715
    - RSA-SHA256: nil
    - Issuer
      - C: US
      - O: The Go Daddy Group, Inc.
      - OU: Go Daddy Class 2 Certification Authority
    - 2014-01-01 07:00:00 UTC: 2031-05-30 07:00:00 UTC
    - Subject
      - C: US
      - ST: Arizona
      - L: Scottsdale
      - O: GoDaddy.com, Inc.
      - CN: Go Daddy Root Certificate Authority - G2
    - #5
      - rsaEncryption: nil
      - BF:71:62:08:F1:FA:59:34:F7:1B:C9:18:A3:F7:80:49:
        58:E9:22:83:13:A6:C5:20:43:01:3B:84:F1:E6:85:49:
        9F:27:EA:F6:84:1B:4E:A0:B4:DB:70:98:C7:32:01:B1:
        05:3E:07:4E:EE:F4:FA:4F:2F:59:30:22:E7:AB:19:56:
        6B:E2:80:07:FC:F3:16:75:80:39:51:7B:E5:F9:35:B6:
        74:4E:A9:8D:82:13:E4:B6:3F:A9:03:83:FA:A2:BE:8A:
        15:6A:7F:DE:0B:C3:B6:19:14:05:CA:EA:C3:A8:04:94:
        3B:46:7C:32:0D:F3:00:66:22:C8:8D:69:6D:36:8C:11:
        18:B7:D3:B2:1C:60:B4:38:FA:02:8C:CE:D3:DD:46:07:
        DE:0A:3E:EB:5D:7C:C8:7C:FB:B0:2B:53:A4:92:62:69:
        51:25:05:61:1A:44:81:8C:2C:A9:43:96:23:DF:AC:3A:
        81:9A:0E:29:C5:1C:A9:E9:5D:1E:B6:9E:9E:30:0A:39:
        CE:F1:88:80:FB:4B:5D:CC:32:EC:85:62:43:25:34:02:
        56:27:01:91:B4:3B:70:2A:3F:6E:B1:E8:9C:88:01:7D:
        9F:D4:F9:DB:53:6D:60:9D:BF:2C:E7:58:AB:B8:5F:46:
        FC:CE:C4:1B:03:3C:09:EB:49:31:5C:69:46:B3:E0:47: 0x010001
    - X509v3 extensions
      - basicConstraints: true, true
      - keyUsage: true, 6
      - subjectKeyIdentifier:
        3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 |:....g(.....An .| 94 da 0f de |.... |
      - authorityKeyIdentifier:
        d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd |......L.q.a.=...| a8 6a d4 e3 |.j.. |
      - authorityInfoAccess
        OCSP: http://ocsp.godaddy.com/
      - crlDistributionPoints: http://crl.godaddy.com/gdroot.crl
      - certificatePolicies
        anyPolicy
        id-qt-cps: https://certs.godaddy.com/repository/
  - RSA-SHA256:
```
59 0b 53 bd 92 86 11 a7  24 7b ed 5b 31 cf 1d 1f  |Y.S.....${.[1...|
6c 70 c5 b8 6e be 4e bb  f6 be 97 50 e1 30 7f ba  |lp..n.N....P.0..|
28 5c 62 94 c2 e3 7e 33  f7 fb 42 76 85 db 95 1c  |(\b...~3..Bv....|
8c 22 58 75 09 0c 88 65  67 39 0a 16 09 c5 a0 38  |."Xu...eg9.....8|
97 a4 c5 23 93 3f b4 18  a6 01 06 44 91 e3 a7 69  |...#.?.....D...i|
27 b4 5a 25 7f 3a b7 32  cd dd 84 ff 2a 38 29 33  |'.Z%.:.2....*8)3|
a4 dd 67 b2 85 fe a1 88  20 1c 50 89 c8 dc 2a f6  |..g..... .P...*.|
42 03 37 4c e6 88 df d5  af 24 f2 b1 c3 df cc b5  |B.7L.....$......|
ec e0 99 5e b7 49 54 20  3c 94 18 0c c7 1c 52 18  |...^.IT <.....R.|
49 a4 6d e1 b3 58 0b c9  d8 ec d9 ae 1c 32 8e 28  |I.m..X.......2.(|
70 0d e2 fe a6 17 9e 84  0f bd 57 70 b3 5a e9 1f  |p.........Wp.Z..|
a0 86 53 bb ef 7c ff 69  0b e0 48 c3 b7 93 0b c8  |..S..|.i..H.....|
0a 54 c4 ac 5d 14 67 37  6c ca a5 2f 31 08 37 aa  |.T..].g7l../1.7.|
6e 6f 8c bc 9b e2 57 5d  24 81 af 97 97 9c 84 ad  |no....W]$.......|
6c ac 37 4c 66 f3 61 91  11 20 e4 be 30 9f 7a a4  |l.7Lf.a.. ..0.z.|
29 09 b0 e1 34 5f 64 77  18 40 51 df 8c 30 a6 af  |)...4_dw.@Q..0..|
```
- Certificate #1
  - 2
    - 7
    - RSA-SHA256: nil
    - Issuer
      - C: US
      - ST: Arizona
      - L: Scottsdale
      - O: GoDaddy.com, Inc.
      - CN: Go Daddy Root Certificate Authority - G2
    - 2011-05-03 07:00:00 UTC: 2031-05-03 07:00:00 UTC
    - Subject
      - C: US
      - ST: Arizona
      - L: Scottsdale
      - O: GoDaddy.com, Inc.
      - OU: http://certs.godaddy.com/repository/
      - CN: Go Daddy Secure Certificate Authority - G2
    - #5
      - rsaEncryption: nil
      - B9:E0:CB:10:D4:AF:76:BD:D4:93:62:EB:30:64:B8:81:
        08:6C:C3:04:D9:62:17:8E:2F:FF:3E:65:CF:8F:CE:62:
        E6:3C:52:1C:DA:16:45:4B:55:AB:78:6B:63:83:62:90:
        CE:0F:69:6C:99:C8:1A:14:8B:4C:CC:45:33:EA:88:DC:
        9E:A3:AF:2B:FE:80:61:9D:79:57:C4:CF:2E:F4:3F:30:
        3C:5D:47:FC:9A:16:BC:C3:37:96:41:51:8E:11:4B:54:
        F8:28:BE:D0:8C:BE:F0:30:38:1E:F3:B0:26:F8:66:47:
        63:6D:DE:71:26:47:8F:38:47:53:D1:46:1D:B4:E3:DC:
        00:EA:45:AC:BD:BC:71:D9:AA:6F:00:DB:DB:CD:30:3A:
        79:4F:5F:4C:47:F8:1D:EF:5B:C2:C4:9D:60:3B:B1:B2:
        43:91:D8:A4:33:4E:EA:B3:D6:27:4F:AD:25:8A:A5:C6:
        F4:D5:D0:A6:AE:74:05:64:57:88:B5:44:55:D4:2D:2A:
        3A:3E:F8:B8:BD:E9:32:0A:02:94:64:C4:16:3A:50:F1:
        4A:AE:E7:79:33:AF:0C:20:07:7F:E8:DF:04:39:C2:69:
        02:6C:63:52:FA:77:C1:1B:C8:74:87:C8:B9:93:18:50:
        54:35:4B:69:4E:BC:3B:D3:49:2E:1F:DC:C1:D2:52:FB: 0x010001
    - X509v3 extensions
      - basicConstraints: true, true
      - keyUsage: true, 6
      - subjectKeyIdentifier:
        40 c2 bd 27 8e cc 34 83 30 a2 33 d7 fb 6c b3 f0 |@..'..4.0.3..l..| b4 2c 80 ce |.,.. |
      - authorityKeyIdentifier:
        3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 |:....g(.....An .| 94 da 0f de |.... |
      - authorityInfoAccess
        OCSP: http://ocsp.godaddy.com/
      - crlDistributionPoints: http://crl.godaddy.com/gdroot-g2.crl
      - certificatePolicies
        anyPolicy
        id-qt-cps: https://certs.godaddy.com/repository/
  - RSA-SHA256:
```
08 7e 6c 93 10 c8 38 b8  96 a9 90 4b ff a1 5f 4f  |.~l...8....K.._O|
04 ef 6c 3e 9c 88 06 c9  50 8f a6 73 f7 57 31 1b  |..l>....P..s.W1.|
be bc e4 2f db f8 ba d3  5b e0 b4 e7 e6 79 62 0e  |.../....[....yb.|
0c a2 d7 6a 63 73 31 b5  f5 a8 48 a4 3b 08 2d a2  |...jcs1...H.;.-.|
5d 90 d7 b4 7c 25 4f 11  56 30 c4 b6 44 9d 7b 2c  |]...|%O.V0..D.{,|
9d e5 5e e6 ef 0c 61 aa  bf e4 2a 1b ee 84 9e b8  |..^...a...*.....|
83 7d c1 43 ce 44 a7 13  70 0d 91 1f f4 c8 13 ad  |.}.C.D..p.......|
83 60 d9 d8 72 a8 73 24  1e b5 ac 22 0e ca 17 89  |.`..r.s$..."....|
62 58 44 1b ab 89 25 01  00 0f cd c4 1b 62 db 51  |bXD...%......b.Q|
b4 d3 0f 51 2a 9b f4 bc  73 fc 76 ce 36 a4 cd d9  |...Q*...s.v.6...|
d8 2c ea ae 9b f5 2a b2  90 d1 4d 75 18 8a 3f 8a  |.,....*...Mu..?.|
41 90 23 7d 5b 4b fe a4  03 58 9b 46 b2 c3 60 60  |A.#}[K...X.F..``|
83 f8 7d 50 41 ce c2 a1  90 c3 bb ef 02 2f d2 15  |..}PA......../..|
54 ee 44 15 d9 0a ae a7  8a 33 ed b1 2d 76 36 26  |T.D......3..-v6&|
dc 04 eb 9f f7 61 1f 15  dc 87 6f ee 46 96 28 ad  |.....a....o.F.(.|
a1 26 7d 0a 09 a7 2e 04  a3 8d bc f8 bc 04 30 01  |.&}...........0.|
```
- Certificate #2
  - 2
    - 76:EB:57:06:FD:B0:3A:84
    - RSA-SHA256: nil
    - Issuer
      - C: US
      - ST: Arizona
      - L: Scottsdale
      - O: GoDaddy.com, Inc.
      - OU: http://certs.godaddy.com/repository/
      - CN: Go Daddy Secure Certificate Authority - G2
    - 2015-10-13 19:50:38 UTC: 2016-10-13 19:50:38 UTC
    - Subject
      - C: IT
      - ST: Reggio Emilia
      - L: Bibbiano
      - O: ANDREA VACONDIO
      - CN: ANDREA VACONDIO
    - #5
      - rsaEncryption: nil
      - D5:83:C1:08:D6:B4:E9:C1:D0:11:69:7F:6A:D4:EF:E2:
        AF:FF:75:30:57:CC:F0:1D:8B:98:10:54:41:F5:34:36:
        57:1C:5C:88:D0:FD:A9:19:2F:62:34:30:5B:0C:9A:31:
        A1:35:40:17:70:FE:55:B8:54:AB:7A:8D:AF:E8:09:37:
        20:0C:BC:0D:F3:FE:C5:E0:0B:DF:B2:B1:AD:DA:87:6F:
        B7:95:FF:3A:83:AB:3B:33:26:66:02:45:C1:BF:3B:99:
        50:FA:FE:B7:1A:FB:1B:70:03:DD:C0:90:2F:95:7A:86:
        45:60:C6:0D:85:89:94:87:0A:47:FF:A3:F9:AD:E5:CD:
        31:71:5F:71:32:08:F5:2C:04:85:7A:95:34:C7:00:6F:
        2F:D6:60:FB:8F:47:C9:FC:14:C8:EA:E7:9C:5E:54:14:
        01:E3:E8:C1:47:77:9E:D5:ED:2E:3E:3B:23:0B:D9:39:
        B9:98:A6:8A:E4:03:14:B6:29:67:73:12:41:3E:C6:6C:
        61:F8:0D:54:E7:3C:9B:C0:CF:7C:10:58:0A:78:8D:3C:
        05:D4:EC:0D:1B:C1:28:48:64:0F:B9:4A:74:06:E0:51:
        20:EC:65:21:10:C8:4A:5E:92:6C:C1:53:13:1D:80:E1:
        D2:15:D5:8B:24:80:B1:90:2C:56:82:C7:5B:F7:12:DF: 0x010001
    - X509v3 extensions
      - basicConstraints
        true
        nil
      - extendedKeyUsage: codeSigning
      - keyUsage: true, 0x80
      - crlDistributionPoints: http://crl.godaddy.com/gdig2s5-1.crl
      - certificatePolicies
        2.16.840.1.114413.1.7.23.2
        id-qt-cps: http://certificates.godaddy.com/repository/
      - authorityInfoAccess
        #0
        OCSP: http://ocsp.godaddy.com/
        caIssuers: http://certificates.godaddy.com/repository/gdig2.crt
      - authorityKeyIdentifier:
        40 c2 bd 27 8e cc 34 83 30 a2 33 d7 fb 6c b3 f0 |@..'..4.0.3..l..| b4 2c 80 ce |.,.. |
      - subjectKeyIdentifier:
        e0 d0 6d 3b cb 58 4c f1 34 9f 5c 01 7b 5c 92 56 |..m;.XL.4.\.{\.V| 26 e9 34 da |&.4. |
  - RSA-SHA256:
```
94 5c 79 8a 15 d3 69 2c  c2 55 06 b3 e6 01 c3 d3  |.\y...i,.U......|
c6 7f 0d 83 2a 88 7d 82  9a c7 51 63 2d 95 f5 5f  |....*.}...Qc-.._|
69 10 4b 9b b2 82 a0 80  c8 7d b2 7a 23 ac bb e7  |i.K......}.z#...|
f0 af 45 69 35 aa 8d a2  f2 1b cb 03 af 94 80 9f  |..Ei5...........|
f8 a5 3e ce 2c 64 36 7f  e1 72 a8 78 c2 03 28 0c  |..>.,d6..r.x..(.|
8c db 63 77 4b dd a4 71  11 c2 84 30 06 70 33 7d  |..cwK..q...0.p3}|
c4 3b 45 35 a2 32 d6 22  7d 74 5d 13 2a 33 d5 25  |.;E5.2."}t].*3.%|
9b 0a c1 5d ed 43 fe fd  83 f4 f1 af 7e 6c e9 c2  |...].C......~l..|
ba 93 6f fd be 33 31 d9  ff c7 c9 ef 75 0d e2 83  |..o..31.....u...|
94 a9 d4 81 ee 5a c3 18  4f 1d 7a ee 91 39 9f 3f  |.....Z..O.z..9.?|
e1 c8 bf 5a 3c 7f 02 98  87 cd 1a 13 15 2c 82 8e  |...Z<........,..|
98 d5 84 7f 9a 38 f6 1e  0c d4 fe 4f be e0 be 9d  |.....8.....O....|
94 eb 21 e4 a2 3d 15 a3  da 80 69 6c 70 e7 81 27  |..!..=....ilp..'|
f3 b8 9d 39 27 7d 4d ea  11 85 c8 34 c1 fb a7 92  |...9'}M....4....|
f0 52 f4 15 ef 4c 04 82  36 f5 00 8d 6f da 3b a5  |.R...L..6...o.;.|
16 3e be a1 b1 7c ba cb  fe 5e 97 6b 29 53 8c bf  |.>...|...^.k)S..|
```

Signer

1
unnamed
- #0
  - C: US
  - ST: Arizona
  - L: Scottsdale
  - O: GoDaddy.com, Inc.
  - OU: http://certs.godaddy.com/repository/
  - CN: Go Daddy Secure Certificate Authority - G2
- 76:EB:57:06:FD:B0:3A:84
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

7b 1a e2 c3 d2 c4 92 32  c7 f7 e9 b7 37 8d 8e e9  |{......2....7...|
79 32 8c 4b                                       |y2.K            |

rsaEncryption:

06 ef f3 c6 f9 72 d9 78  39 9e 80 17 b3 1b b9 ba  |.....r.x9.......|
7a 7e 4e 88 7c 68 44 db  c3 da ea ae 18 0e d3 ef  |z~N.|hD.........|
ae 28 c3 f8 29 63 3a 93  c6 72 57 61 ef e2 7f 09  |.(..)c:..rWa....|
83 0f 04 93 dc 16 4b 77  91 c7 c6 9e 7b 5c 89 20  |......Kw....{\. |
b7 43 45 15 13 b6 72 4f  ac a9 5c 4b 00 1d 82 e5  |.CE...rO..\K....|
69 d9 65 2a db eb b7 5b  f8 f6 d5 42 ca 4e 16 aa  |i.e*...[...B.N..|
73 1c ed ea c3 ca 0d 63  95 3b 0d 85 b9 09 aa db  |s......c.;......|
2c 78 cd 5f 7e a8 84 48  2e 0a c0 00 fe 07 4a 8e  |,x._~..H......J.|
8f e1 f5 59 5b b5 f7 e4  25 e4 ae 1e e4 77 12 c1  |...Y[...%....w..|
c0 fd 81 15 d9 8c ae 0c  92 76 a3 6a 56 e6 97 d7  |.........v.jV...|
22 c3 68 40 3e 7a 44 01  f5 c2 dd 78 62 ea 6b 19  |".h@>zD....xb.k.|
15 05 32 60 4b 69 cc c6  74 19 f6 9b e8 6c 2b ff  |..2`Ki..t....l+.|
2b 72 3d 39 ed 1b 2b 22  c6 63 97 7b fa 90 9d 84  |+r=9..+".c.{....|
f9 56 f5 94 46 64 20 f5  af e4 2b 29 2e 5b 76 9d  |.V..Fd ...+).[v.|
c5 f0 58 34 3d 9a df 2c  f3 b0 59 60 58 b9 78 c7  |..X4=..,..Y`X.x.|
1d 0c 5c 21 03 f4 c7 be  e0 8a c7 8d fa dc e1 8b  |..\!............|

show previews

offset	size	type	comment
15c1	15	HTM		#
2c212e	471	GIF	(10 x 7)	#
366646	237	GIF	(10 x 10)	#
366733	1834565	BIN	overlay data past EOF	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[!] string size(131070) > stringtable size(64). truncated to 62

[!] cannot convert "P@&\xB5Bl]A\xAF\xA6\xAE\xC3\xF3\xAD\xFD\xF5"... to UTF-16

[!] string size(118112) > stringtable size(82). truncated to 80

[!] refusing to read CURDIRENTRY beyond resource size

[!] refusing to read ICODIRENTRY beyond resource size

[?] can't find file_offset of VA 0x8e9bb246

[?] can't find file_offset of VA 0x30770c4e

[?] can't find file_offset of VA 0x31578a28

[?] can't find file_offset of VA 0x39d6578a