msconfig.exe

info
MZ
PE
resources
strings
imports
exports
foremost
signature
hexdump
disasm
log
discuss
donate

filename	msconfig.exe
size	422816 (0x673a0)
md5	7a26bbd7b5942b49fc0a9cb7268bd030

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xe0

Rich Header

lib id	version	times used
149	30729	27
131	30729	128
147	30729	21
1	0	237
132	30729	100
146	30729	1
148	30729	1
145	30729	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	4
TimeDateStamp	0x529aee77
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x103
Magic	0x10b
LinkerVersion	9.0
SizeOfCode	0x25600
SizeOfInitializedData	0x3b000
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1d728
BaseOfCode	0x1000
BaseOfData	0x27000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.0
ImageVersion	0.0
SubsystemVersion	5.0
Reserved1	0
SizeOfImage	0x83000
SizeOfHeaders	0x400
CheckSum	0x7053f
Subsystem	2
DllCharacteristics	0x8100
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x254e8	0x25600	R-X CODE
.rdata	0x27000	0x4f33	0x5000	R-- IDATA
.data	0x2c000	0x215e0	0x1400	RW- IDATA
.rsrc	0x4e000	0x34aa8	0x34c00	R-- IDATA

Data Directory

type	va	size
EXPORT	0x2bf00	0x33
IMPORT	0x2ab5c	0xdc
RESOURCE	0x4e000	0x34aa8
EXCEPTION	0	0
SECURITY	0x66518	0xe88
BASERELOC	0	0
DEBUG	0x273e0	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0x29b70	0x40
Bound_IAT	0	0
IAT	0x27000	0x374
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size	cp
BITMAP	#101	2998	1252
ICON	#1	816	1252
ICON	#2	304	1252
ICON	#3	176	1252
ICON	#4	1640	1252
ICON	#5	744	1252
ICON	#6	488	1252
ICON	#7	296	1252
ICON	#8	3752	1252
ICON	#9	2216	1252
ICON	#10	1736	1252
ICON	#11	1384	1252
ICON	#12	67624	1252
ICON	#13	38056	1252
ICON	#14	26600	1252
ICON	#15	21640	1252
ICON	#16	16936	1252
ICON	#17	9640	1252
ICON	#18	4264	1252
ICON	#19	2440	1252
ICON	#20	1128	1252
DIALOG	ASKNEXTVOL	646	1252
DIALOG	GETPASSWORD1	314	1252
DIALOG	LICENSEDLG	236	1252
DIALOG	RENAMEDLG	302	1252
DIALOG	REPLACEFILEDLG	824	1252
DIALOG	STARTDLG	594	1252
STRING	#7	482	1252
STRING	#8	460	1252
STRING	#9	536	1252
STRING	#10	326	1252
STRING	#11	1094	1252
STRING	#12	358	1252
STRING	#13	288	1252
STRING	#14	186	1252
STRING	#15	162	1252
GROUP_ICON	#100	286	1252
MANIFEST	#1	1600	1252

id	lang	string
100	1033	Select destination folder
101	1033	Extracting %s
102	1033	Skipping %s
103	1033	Unexpected end of archive
104	1033	The file "%s" header is corrupt
105	1033	Corrupt header is found
106	1033	Main archive header is corrupt
110	1033	The archive comment header is corrupt
111	1033	The archive comment is corrupt
112	1033	Not enough memory
113	1033	Unknown method in %s
114	1033	Cannot open %s
120	1033	Cannot create %s
121	1033	Cannot create folder %s
122	1033	Checksum error in the encrypted file %s. Corrupt file or wrong password.
123	1033	Checksum error in %s
124	1033	Packed data checksum error in %s
130	1033	Wrong password for %s
131	1033	Write error in the file %s. Probably the disk is full
132	1033	Read error in the file %s
133	1033	File close error
134	1033	The required volume is absent
140	1033	The archive is either in unknown format or damaged
141	1033	Extracting from %s
142	1033	Next volume
143	1033	The archive header is corrupt
144	1033	Close
150	1033	Error
151	1033	Errors encountered while performing the operation Look at the information window for more details
152	1033	bytes
153	1033	modified on
154	1033	folder is not accessible
160	1033	Some files could not be created. Please close all applications, reboot Windows and restart this installation
161	1033	Some installation files are corrupt. Please download a fresh copy and retry the installation
162	1033	All files
170	1033	<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>
171	1033	<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>
172	1033	<li>Use <b>Browse</b> button to select the destination
173	1033	folder from the folders tree. It can be also entered
174	1033	manually.</li><br><br>
175	1033	<li>If the destination folder does not exist, it will be
176	1033	created automatically before extraction.</li></ul>
180	1033	The archive is corrupt
185	1033	Extracting files to %s folder
186	1033	Extracting files to temporary folder
190	1033	Extract
191	1033	Extraction progress
195	1033	Total path and file name length must not exceed %d characters
200	1033	Unknown encryption method in %s
201	1033	The specified password is incorrect.
210	1033	Cannot copy %s to %s.
220	1033	Cannot create symbolic link %s
221	1033	Cannot create hard link %s
225	1033	You may need to run this self-extracting archive as administrator

module_name	hint	ord	function_name
COMCTL32.dll	123		InitCommonControlsEx
SHLWAPI.dll	164		SHAutoComplete
KERNEL32.dll	960		ReadFile
KERNEL32.dll	490		GetFileAttributesW
KERNEL32.dll	1121		SetFileAttributesW
KERNEL32.dll	325		FindNextFileW
KERNEL32.dll	507		GetFullPathNameW
KERNEL32.dll	532		GetModuleFileNameW
KERNEL32.dll	334		FindResourceW
KERNEL32.dll	536		GetModuleHandleW
KERNEL32.dll	354		FreeLibrary
KERNEL32.dll	581		GetProcAddress
KERNEL32.dll	831		LoadLibraryW
KERNEL32.dll	449		GetCurrentProcessId
KERNEL32.dll	518		GetLocaleInfoW
KERNEL32.dll	563		GetNumberFormatW
KERNEL32.dll	285		ExpandEnvironmentStringsW
KERNEL32.dll	1273		WaitForSingleObject
KERNEL32.dll	228		DosDateTimeToFileTime
KERNEL32.dll	456		GetDateFormatW
KERNEL32.dll	663		GetTimeFormatW
KERNEL32.dll	293		FileTimeToSystemTime
KERNEL32.dll	292		FileTimeToLocalFileTime
KERNEL32.dll	479		GetExitCodeProcess
KERNEL32.dll	645		GetTempPathW
KERNEL32.dll	864		MoveFileExW
KERNEL32.dll	1202		Sleep
KERNEL32.dll	1238		UnmapViewOfFile
KERNEL32.dll	855		MapViewOfFile
KERNEL32.dll	391		GetCommandLineW
KERNEL32.dll	140		CreateFileMappingW
KERNEL32.dll	659		GetTickCount
KERNEL32.dll	1111		SetEnvironmentVariableW
KERNEL32.dll	889		OpenFileMappingW
KERNEL32.dll	181		CreateThread
KERNEL32.dll	238		EnterCriticalSection
KERNEL32.dll	825		LeaveCriticalSection
KERNEL32.dll	582		GetProcessAffinityMask
KERNEL32.dll	1022		ReleaseSemaphore
KERNEL32.dll	1039		ResetEvent
KERNEL32.dll	209		DeleteCriticalSection
KERNEL32.dll	1113		SetEvent
KERNEL32.dll	1177		SetThreadPriority
KERNEL32.dll	738		InitializeCriticalSection
KERNEL32.dll	133		CreateEventW
KERNEL32.dll	174		CreateSemaphoreW
KERNEL32.dll	1213		SystemTimeToFileTime
KERNEL32.dll	631		GetSystemTime
KERNEL32.dll	838		LocalFileTimeToFileTime
KERNEL32.dll	1297		WideCharToMultiByte
KERNEL32.dll	871		MultiByteToWideChar
KERNEL32.dll	100		CompareStringW
KERNEL32.dll	766		IsDBCSLeadByte
KERNEL32.dll	313		FindFirstFileW
KERNEL32.dll	499		GetFileType
KERNEL32.dll	1101		SetCurrentDirectoryW
KERNEL32.dll	1316		WriteConsoleW
KERNEL32.dll	432		GetConsoleOutputCP
KERNEL32.dll	1306		WriteConsoleA
KERNEL32.dll	1159		SetStdHandle
KERNEL32.dll	516		GetLocaleInfoA
KERNEL32.dll	617		GetStringTypeW
KERNEL32.dll	614		GetStringTypeA
KERNEL32.dll	828		LoadLibraryA
KERNEL32.dll	428		GetConsoleMode
KERNEL32.dll	410		GetConsoleCP
KERNEL32.dll	739		InitializeCriticalSectionAndSpinCount
KERNEL32.dll	935		QueryPerformanceCounter
KERNEL32.dll	1135		SetHandleCount
KERNEL32.dll	474		GetEnvironmentStringsW
KERNEL32.dll	353		FreeEnvironmentStringsW
KERNEL32.dll	472		GetEnvironmentStrings
KERNEL32.dll	352		FreeEnvironmentStringsA
KERNEL32.dll	813		LCMapStringW
KERNEL32.dll	811		LCMapStringA
KERNEL32.dll	778		IsValidCodePage
KERNEL32.dll	567		GetOEMCP
KERNEL32.dll	360		GetACP
KERNEL32.dll	531		GetModuleFileNameA
KERNEL32.dll	281		ExitProcess
KERNEL32.dll	724		HeapSize
KERNEL32.dll	768		IsDebuggerPresent
KERNEL32.dll	1189		SetUnhandledExceptionFilter
KERNEL32.dll	1235		UnhandledExceptionFilter
KERNEL32.dll	1216		TerminateProcess
KERNEL32.dll	1257		VirtualAlloc
KERNEL32.dll	1260		VirtualFree
KERNEL32.dll	717		HeapCreate
KERNEL32.dll	747		InterlockedDecrement
KERNEL32.dll	453		GetCurrentThreadId
KERNEL32.dll	751		InterlockedIncrement
KERNEL32.dll	1222		TlsFree
KERNEL32.dll	1224		TlsSetValue
KERNEL32.dll	1221		TlsAlloc
KERNEL32.dll	1223		TlsGetValue
KERNEL32.dll	610		GetStartupInfoA
KERNEL32.dll	390		GetCommandLineA
KERNEL32.dll	945		RaiseException
KERNEL32.dll	633		GetSystemTimeAsFileTime
KERNEL32.dll	1107		SetEndOfFile
KERNEL32.dll	1126		SetFilePointer
KERNEL32.dll	612		GetStdHandle
KERNEL32.dll	1317		WriteFile
KERNEL32.dll	343		FlushFileBuffers
KERNEL32.dll	527		GetLongPathNameW
KERNEL32.dll	867		MoveFileW
KERNEL32.dll	609		GetShortPathNameW
KERNEL32.dll	129		CreateDirectoryW
KERNEL32.dll	1027		RemoveDirectoryW
KERNEL32.dll	691		GlobalAlloc
KERNEL32.dll	214		DeleteFileW
KERNEL32.dll	302		FindClose
KERNEL32.dll	143		CreateFileW
KERNEL32.dll	221		DeviceIoControl
KERNEL32.dll	1130		SetFileTime
KERNEL32.dll	448		GetCurrentProcess
KERNEL32.dll	82		CloseHandle
KERNEL32.dll	147		CreateHardLinkW
KERNEL32.dll	1139		SetLastError
KERNEL32.dll	514		GetLastError
KERNEL32.dll	447		GetCurrentDirectoryW
KERNEL32.dll	136		CreateFileA
KERNEL32.dll	370		GetCPInfo
KERNEL32.dll	715		HeapAlloc
KERNEL32.dll	722		HeapReAlloc
KERNEL32.dll	719		HeapFree
KERNEL32.dll	1048		RtlUnwind
USER32.dll	216		EnableWindow
USER32.dll	735		ShowWindow
USER32.dll	295		GetDlgItem
USER32.dll	533		MessageBoxW
USER32.dll	249		FindWindowExW
USER32.dll	356		GetParent
USER32.dll	521		MapWindowPoints
USER32.dll	110		CreateWindowExW
USER32.dll	785		UpdateWindow
USER32.dll	491		LoadCursorW
USER32.dll	589		RegisterClassExW
USER32.dll	156		DefWindowProcW
USER32.dll	166		DestroyWindow
USER32.dll	85		CopyRect
USER32.dll	475		IsWindow
USER32.dll	60		CharUpperW
USER32.dll	546		OemToCharBuffA
USER32.dll	493		LoadIconW
USER32.dll	566		PostMessageW
USER32.dll	379		GetSysColor
USER32.dll	659		SetForegroundWindow
USER32.dll	806		WaitForInputIdle
USER32.dll	480		IsWindowVisible
USER32.dll	172		DialogBoxParamW
USER32.dll	163		DestroyIcon
USER32.dll	658		SetFocus
USER32.dll	274		GetClassNameW
USER32.dll	627		SendDlgItemMessageW
USER32.dll	218		EndDialog
USER32.dll	298		GetDlgItemTextW
USER32.dll	656		SetDlgItemTextW
USER32.dll	821		wvsprintfW
USER32.dll	636		SendMessageW
USER32.dll	289		GetDC
USER32.dll	613		ReleaseDC
USER32.dll	563		PeekMessageW
USER32.dll	349		GetMessageW
USER32.dll	764		TranslateMessage
USER32.dll	175		DispatchMessageW
USER32.dll	506		LoadStringW
USER32.dll	412		GetWindowRect
USER32.dll	276		GetClientRect
USER32.dll	710		SetWindowPos
USER32.dll	419		GetWindowTextW
USER32.dll	715		SetWindowTextW
USER32.dll	382		GetSystemMetrics
USER32.dll	398		GetWindow
USER32.dll	406		GetWindowLongW
USER32.dll	708		SetWindowLongW
USER32.dll	487		LoadBitmapW
GDI32.dll	459		GetDeviceCaps
GDI32.dll	48		CreateCompatibleDC
GDI32.dll	509		GetObjectW
GDI32.dll	47		CreateCompatibleBitmap
GDI32.dll	631		SelectObject
GDI32.dll	691		StretchBlt
GDI32.dll	227		DeleteDC
GDI32.dll	230		DeleteObject
COMDLG32.dll	14		GetSaveFileNameW
COMDLG32.dll	4		CommDlgExtendedError
COMDLG32.dll	12		GetOpenFileNameW
ADVAPI32.dll	609		RegOpenKeyExW
ADVAPI32.dll	622		RegQueryValueExW
ADVAPI32.dll	569		RegCreateKeyExW
ADVAPI32.dll	638		RegSetValueExW
ADVAPI32.dll	560		RegCloseKey
ADVAPI32.dll	682		SetFileSecurityW
ADVAPI32.dll	503		OpenProcessToken
ADVAPI32.dll	407		LookupPrivilegeValueW
ADVAPI32.dll	31		AdjustTokenPrivileges
SHELL32.dll	127		SHChangeNotify
SHELL32.dll	189		SHGetFileInfoW
SHELL32.dll	207		SHGetMalloc
SHELL32.dll	223		SHGetSpecialFolderLocation
SHELL32.dll	215		SHGetPathFromIDListW
SHELL32.dll	123		SHBrowseForFolderW
SHELL32.dll	289		ShellExecuteExW
SHELL32.dll	172		SHFileOperationW
ole32.dll	8		CLSIDFromString
ole32.dll	16		CoCreateInstance
ole32.dll	306		OleInitialize
ole32.dll	329		OleUninitialize
ole32.dll	134		CreateStreamOnHGlobal
OLEAUT32.dll		8

ord	entry_va	function_name

module_name	WINRAR.SFX
flags	0
timestamp	2013-12-01 08:08:23
version	0.0
ordinal_base	1
nFunctions	0
nNames	0
Names(0)	0
Functions(0)	0
NameOrdinals(0)	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https:\/\/www.verisign.com\/rpa (c)10/CN=VeriSign Class 3 Code Signing 2010 CA

serial: 6E7B6395AC5B5C8A2AECC4528D9E6510

Certificates (2)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:7b:63:95:ac:5b:5c:8a:2a:ec:c4:52:8d:9e:65:10
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https:\/\/www.verisign.com\/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
        Validity
            Not Before: Dec  3 00:00:00 2012 GMT
            Not After : Feb  1 23:59:59 2015 GMT
        Subject: C=CN, ST=Fujian, L=Xiamen, O=CZ Solution Co., Ltd. , OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=CZ Solution Co., Ltd. 
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:b6:9e:8e:35:05:10:4e:96:29:de:3b:45:22:
                    63:6e:28:86:bb:ee:ab:04:7f:56:0a:94:94:6d:59:
                    15:63:13:30:64:21:1e:b0:74:84:a6:38:2c:db:16:
                    4a:8a:29:d8:58:dc:7b:02:f6:ab:a3:16:53:f1:ae:
                    13:d0:3a:12:10:4b:56:80:2c:6a:88:15:54:fb:82:
                    56:f1:43:7b:29:a6:83:f5:3c:e1:f4:08:6d:4f:b2:
                    1b:c7:5b:cf:15:ff:42:cc:90:64:b1:8b:6e:cc:6a:
                    5f:0a:d1:28:2a:c4:9a:d5:75:31:e8:14:f4:d6:52:
                    43:f8:80:7c:61:43:83:4e:c2:59:0b:fe:5f:67:04:
                    09:bd:67:e6:ab:da:7a:7c:ae:d9:14:52:c7:a1:11:
                    aa:64:92:c3:a2:18:38:fe:0c:71:1b:fe:f3:fd:ba:
                    2f:00:6a:16:b4:0e:bd:9f:74:ba:1b:37:0c:85:a6:
                    63:a2:a9:17:5c:26:21:d9:88:0d:2b:4a:c5:1b:13:
                    33:70:50:74:28:ae:4b:17:a9:bd:fc:05:0b:f4:c5:
                    04:9f:6c:95:d0:52:20:a6:a7:86:bd:a1:09:28:f6:
                    3c:54:aa:da:17:77:f0:63:8e:24:81:b2:33:a3:e5:
                    fd:51:e8:4b:f7:43:9e:b7:71:62:ea:bc:89:bc:e2:
                    f7:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://csc3-2010-crl.verisign.com/CSC3-2010.crl
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/rpa
            X509v3 Extended Key Usage: 
                Code Signing
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com
                CA Issuers - URI:http://csc3-2010-aia.verisign.com/CSC3-2010.cer
            X509v3 Authority Key Identifier: 
                CF:99:A9:EA:7B:26:F4:4B:C9:8E:8F:D7:F0:05:26:EF:E3:D2:A7:9D
            Netscape Cert Type: 
                Object Signing
            1.3.6.1.4.1.311.2.1.27: 
                0.......
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        3c:3a:8c:af:82:d2:39:f7:de:c6:13:7a:ba:d6:7b:3a:65:04:
        e1:54:9d:52:d1:60:69:bb:ce:e4:15:4b:ed:5f:8c:aa:04:2b:
        a5:d5:a1:66:78:d9:66:1d:fb:7c:40:b0:fa:37:ec:ec:15:0b:
        df:f1:76:ef:63:4a:46:0e:26:f6:fe:7e:fe:e4:1c:c3:d4:f5:
        72:7f:1d:3e:ed:35:cd:37:89:9c:d5:21:a6:8a:52:ae:d8:eb:
        d0:84:9a:51:82:a6:bf:1e:4a:b1:22:cf:08:31:5b:94:51:ce:
        50:ae:6f:c4:72:f1:ae:80:78:b0:9e:a6:26:01:a7:c7:26:a6:
        e5:5c:2e:92:c8:36:26:5b:f0:ea:05:16:00:fe:92:89:2b:d9:
        f4:ff:10:fb:ba:1d:f7:b0:f3:1f:89:76:a0:56:52:77:b5:92:
        a3:83:ae:f7:1e:e9:6f:b0:fd:9d:65:ec:d3:ca:bc:23:7d:16:
        59:e0:5c:61:75:ed:72:b3:31:0b:e8:6d:6e:b7:5d:01:ee:b3:
        d6:7b:c0:9a:18:ba:1b:94:fb:00:a2:69:da:34:ea:ef:36:b9:
        a9:47:eb:0a:f3:5e:7d:6f:4f:62:e8:07:90:99:ac:19:dd:76:
        b9:e7:3f:6f:17:ec:ec:d9:93:e0:52:fc:0e:21:91:53:8f:59:
        0e:cc:56:4b

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
        Validity
            Not Before: Feb  8 00:00:00 2010 GMT
            Not After : Feb  7 23:59:59 2020 GMT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https:\/\/www.verisign.com\/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:f5:23:4b:5e:a5:d7:8a:bb:32:e9:d4:57:f7:ef:
                    e4:c7:26:7e:ad:19:98:fe:a8:9d:7d:94:f6:36:6b:
                    10:d7:75:81:30:7f:04:68:7f:cb:2b:75:1e:cd:1d:
                    08:8c:df:69:94:a7:37:a3:9c:7b:80:e0:99:e1:ee:
                    37:4d:5f:ce:3b:14:ee:86:d4:d0:f5:27:35:bc:25:
                    0b:38:a7:8c:63:9d:17:a3:08:a5:ab:b0:fb:cd:6a:
                    62:82:4c:d5:21:da:1b:d9:f1:e3:84:3b:8a:2a:4f:
                    85:5b:90:01:4f:c9:a7:76:10:7f:27:03:7c:be:ae:
                    7e:7d:c1:dd:f9:05:bc:1b:48:9c:69:e7:c0:a4:3c:
                    3c:41:00:3e:df:96:e5:c5:e4:94:71:d6:55:01:c7:
                    00:26:4a:40:3c:b5:a1:26:a9:0c:a7:6d:80:8e:90:
                    25:7b:cf:bf:3f:1c:eb:2f:96:fa:e5:87:77:c6:b5:
                    56:b2:7a:3b:54:30:53:1b:df:62:34:ff:1e:d1:f4:
                    5a:93:28:85:e5:4c:17:4e:7e:5b:fd:a4:93:99:7f:
                    df:cd:ef:a4:75:ef:ef:15:f6:47:e7:f8:19:72:d8:
                    2e:34:1a:a6:b4:a7:4c:7e:bd:bb:4f:0c:3d:57:f1:
                    30:d6:a6:36:8e:d6:80:76:d7:19:2e:a5:cd:7e:34:
                    2d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/cps
                  User Notice:
                    Explicit Text: https://www.verisign.com/rpa
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            1.3.6.1.5.5.7.1.12: 
                0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.verisign.com/pca3-g5.crl
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, Code Signing
            X509v3 Subject Alternative Name: 
                DirName:/CN=VeriSignMPKI-2-8
            X509v3 Subject Key Identifier: 
                CF:99:A9:EA:7B:26:F4:4B:C9:8E:8F:D7:F0:05:26:EF:E3:D2:A7:9D
            X509v3 Authority Key Identifier: 
                7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        56:22:e6:34:a4:c4:61:cb:48:b9:01:ad:56:a8:64:0f:d9:8c:
        91:c4:bb:cc:0c:e5:ad:7a:a0:22:7f:df:47:38:4a:2d:6c:d1:
        7f:71:1a:7c:ec:70:a9:b1:f0:4f:e4:0f:0c:53:fa:15:5e:fe:
        74:98:49:24:85:81:26:1c:91:14:47:b0:4c:63:8c:bb:a1:34:
        d4:c6:45:e8:0d:85:26:73:03:d0:a9:8c:64:6d:dc:71:92:e6:
        45:05:60:15:59:51:39:fc:58:14:6b:fe:d4:a4:ed:79:6b:08:
        0c:41:72:e7:37:22:06:09:be:23:e9:3f:44:9a:1e:e9:61:9d:
        cc:b1:90:5c:fc:3d:d2:8d:ac:42:3d:65:36:d4:b4:3d:40:28:
        8f:9b:10:cf:23:26:cc:4b:20:cb:90:1f:5d:8c:4c:34:ca:3c:
        d8:e5:37:d6:6f:a5:20:bd:34:eb:26:d9:ae:0d:e7:c5:9a:f7:
        a1:b4:21:91:33:6f:86:e8:58:bb:25:7c:74:0e:58:fe:75:1b:
        63:3f:ce:31:7c:9b:8f:1b:96:9e:c5:53:76:84:5b:9c:ad:91:
        fa:ac:ed:93:ba:5d:c8:21:53:c2:82:53:63:af:12:0d:50:87:
        11:1b:3d:54:52:96:8a:2c:9c:3d:92:1a:08:9a:05:2e:c7:93:
        a5:48:91:d3

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

df f7 7f 1b aa 96 3e 2b 69 be 32 27 50 4b b8 16 |......>+i.2'PK..| 0c 34 90 65 |.4.e |

Certificates
- Certificate #0
  - 2
    - 6E:7B:63:95:AC:5B:5C:8A:2A:EC:C4:52:8D:9E:65:10
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: Terms of use at https://www.verisign.com/rpa (c)10
      - CN: VeriSign Class 3 Code Signing 2010 CA
    - 2012-12-03 00:00:00 UTC: 2015-02-01 23:59:59 UTC
    - Subject
      - C: CN
      - ST: Fujian
      - L: Xiamen
      - O: CZ Solution Co., Ltd.
      - OU: Digital ID Class 3 - Microsoft Software Validation v2
      - CN: CZ Solution Co., Ltd.
    - #5
      - rsaEncryption: nil
      - AD:B6:9E:8E:35:05:10:4E:96:29:DE:3B:45:22:63:6E:
        28:86:BB:EE:AB:04:7F:56:0A:94:94:6D:59:15:63:13:
        30:64:21:1E:B0:74:84:A6:38:2C:DB:16:4A:8A:29:D8:
        58:DC:7B:02:F6:AB:A3:16:53:F1:AE:13:D0:3A:12:10:
        4B:56:80:2C:6A:88:15:54:FB:82:56:F1:43:7B:29:A6:
        83:F5:3C:E1:F4:08:6D:4F:B2:1B:C7:5B:CF:15:FF:42:
        CC:90:64:B1:8B:6E:CC:6A:5F:0A:D1:28:2A:C4:9A:D5:
        75:31:E8:14:F4:D6:52:43:F8:80:7C:61:43:83:4E:C2:
        59:0B:FE:5F:67:04:09:BD:67:E6:AB:DA:7A:7C:AE:D9:
        14:52:C7:A1:11:AA:64:92:C3:A2:18:38:FE:0C:71:1B:
        FE:F3:FD:BA:2F:00:6A:16:B4:0E:BD:9F:74:BA:1B:37:
        0C:85:A6:63:A2:A9:17:5C:26:21:D9:88:0D:2B:4A:C5:
        1B:13:33:70:50:74:28:AE:4B:17:A9:BD:FC:05:0B:F4:
        C5:04:9F:6C:95:D0:52:20:A6:A7:86:BD:A1:09:28:F6:
        3C:54:AA:DA:17:77:F0:63:8E:24:81:B2:33:A3:E5:FD:
        51:E8:4B:F7:43:9E:B7:71:62:EA:BC:89:BC:E2:F7:3F: 0x010001
    - X509v3 extensions
      - basicConstraints
        nil
      - keyUsage: true, 0x80
      - crlDistributionPoints: http://csc3-2010-crl.verisign.com/CSC3-2010.crl
      - certificatePolicies
        2.16.840.1.113733.1.7.23.3
        id-qt-cps: https://www.verisign.com/rpa
      - extendedKeyUsage: codeSigning
      - authorityInfoAccess
        #0
        OCSP: http://ocsp.verisign.com
        caIssuers: http://csc3-2010-aia.verisign.com/CSC3-2010.cer
      - authorityKeyIdentifier:
        cf 99 a9 ea 7b 26 f4 4b c9 8e 8f d7 f0 05 26 ef |....{&.K......&.| e3 d2 a7 9d |.... |
      - nsCertType: 0x10
      - 1.3.6.1.4.1.311.2.1.27
        false: true
  - RSA-SHA1:
```
3c 3a 8c af 82 d2 39 f7  de c6 13 7a ba d6 7b 3a  |<:....9....z..{:|
65 04 e1 54 9d 52 d1 60  69 bb ce e4 15 4b ed 5f  |e..T.R.`i....K._|
8c aa 04 2b a5 d5 a1 66  78 d9 66 1d fb 7c 40 b0  |...+...fx.f..|@.|
fa 37 ec ec 15 0b df f1  76 ef 63 4a 46 0e 26 f6  |.7......v.cJF.&.|
fe 7e fe e4 1c c3 d4 f5  72 7f 1d 3e ed 35 cd 37  |.~......r..>.5.7|
89 9c d5 21 a6 8a 52 ae  d8 eb d0 84 9a 51 82 a6  |...!..R......Q..|
bf 1e 4a b1 22 cf 08 31  5b 94 51 ce 50 ae 6f c4  |..J."..1[.Q.P.o.|
72 f1 ae 80 78 b0 9e a6  26 01 a7 c7 26 a6 e5 5c  |r...x...&...&..\|
2e 92 c8 36 26 5b f0 ea  05 16 00 fe 92 89 2b d9  |...6&[........+.|
f4 ff 10 fb ba 1d f7 b0  f3 1f 89 76 a0 56 52 77  |...........v.VRw|
b5 92 a3 83 ae f7 1e e9  6f b0 fd 9d 65 ec d3 ca  |........o...e...|
bc 23 7d 16 59 e0 5c 61  75 ed 72 b3 31 0b e8 6d  |.#}.Y.\au.r.1..m|
6e b7 5d 01 ee b3 d6 7b  c0 9a 18 ba 1b 94 fb 00  |n.]....{........|
a2 69 da 34 ea ef 36 b9  a9 47 eb 0a f3 5e 7d 6f  |.i.4..6..G...^}o|
4f 62 e8 07 90 99 ac 19  dd 76 b9 e7 3f 6f 17 ec  |Ob.......v..?o..|
ec d9 93 e0 52 fc 0e 21  91 53 8f 59 0e cc 56 4b  |....R..!.S.Y..VK|
```
- Certificate #1
  - 2
    - 52:00:E5:AA:25:56:FC:1A:86:ED:96:C9:D4:4B:33:C7
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: (c) 2006 VeriSign, Inc. - For authorized use only
      - CN: VeriSign Class 3 Public Primary Certification Authority - G5
    - 2010-02-08 00:00:00 UTC: 2020-02-07 23:59:59 UTC
    - Subject
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: Terms of use at https://www.verisign.com/rpa (c)10
      - CN: VeriSign Class 3 Code Signing 2010 CA
    - #5
      - rsaEncryption: nil
      - F5:23:4B:5E:A5:D7:8A:BB:32:E9:D4:57:F7:EF:E4:C7:
        26:7E:AD:19:98:FE:A8:9D:7D:94:F6:36:6B:10:D7:75:
        81:30:7F:04:68:7F:CB:2B:75:1E:CD:1D:08:8C:DF:69:
        94:A7:37:A3:9C:7B:80:E0:99:E1:EE:37:4D:5F:CE:3B:
        14:EE:86:D4:D0:F5:27:35:BC:25:0B:38:A7:8C:63:9D:
        17:A3:08:A5:AB:B0:FB:CD:6A:62:82:4C:D5:21:DA:1B:
        D9:F1:E3:84:3B:8A:2A:4F:85:5B:90:01:4F:C9:A7:76:
        10:7F:27:03:7C:BE:AE:7E:7D:C1:DD:F9:05:BC:1B:48:
        9C:69:E7:C0:A4:3C:3C:41:00:3E:DF:96:E5:C5:E4:94:
        71:D6:55:01:C7:00:26:4A:40:3C:B5:A1:26:A9:0C:A7:
        6D:80:8E:90:25:7B:CF:BF:3F:1C:EB:2F:96:FA:E5:87:
        77:C6:B5:56:B2:7A:3B:54:30:53:1B:DF:62:34:FF:1E:
        D1:F4:5A:93:28:85:E5:4C:17:4E:7E:5B:FD:A4:93:99:
        7F:DF:CD:EF:A4:75:EF:EF:15:F6:47:E7:F8:19:72:D8:
        2E:34:1A:A6:B4:A7:4C:7E:BD:BB:4F:0C:3D:57:F1:30:
        D6:A6:36:8E:D6:80:76:D7:19:2E:A5:CD:7E:34:2D:89: 0x010001
    - X509v3 extensions
      - basicConstraints
        true
        true: 0
      - certificatePolicies
        2.16.840.1.113733.1.7.23.3
        #0
        id-qt-cps: https://www.verisign.com/cps
        id-qt-unotice: https://www.verisign.com/rpa
      - keyUsage: true, 6
      - 1.3.6.1.5.5.7.1.12
        image/gif
        SHA1:
        8f e5 d3 1a 86 ac 8d 8e 6b c3 cf 80 6a d4 48 18 |........k...j.H.| 2c 7b 19 2e |,{.. |
        http://logo.verisign.com/vslogo.gif
      - crlDistributionPoints: http://crl.verisign.com/pca3-g5.crl
      - authorityInfoAccess
        OCSP: http://ocsp.verisign.com
      - extendedKeyUsage
        clientAuth: codeSigning
      - subjectAltName
        CN: VeriSignMPKI-2-8
      - subjectKeyIdentifier:
        cf 99 a9 ea 7b 26 f4 4b c9 8e 8f d7 f0 05 26 ef |....{&.K......&.| e3 d2 a7 9d |.... |
      - authorityKeyIdentifier:
        7f d3 65 a7 c2 dd ec bb f0 30 09 f3 43 39 fa 02 |..e......0..C9..| af 33 31 33 |.313 |
  - RSA-SHA1:
```
56 22 e6 34 a4 c4 61 cb  48 b9 01 ad 56 a8 64 0f  |V".4..a.H...V.d.|
d9 8c 91 c4 bb cc 0c e5  ad 7a a0 22 7f df 47 38  |.........z."..G8|
4a 2d 6c d1 7f 71 1a 7c  ec 70 a9 b1 f0 4f e4 0f  |J-l..q.|.p...O..|
0c 53 fa 15 5e fe 74 98  49 24 85 81 26 1c 91 14  |.S..^.t.I$..&...|
47 b0 4c 63 8c bb a1 34  d4 c6 45 e8 0d 85 26 73  |G.Lc...4..E...&s|
03 d0 a9 8c 64 6d dc 71  92 e6 45 05 60 15 59 51  |....dm.q..E.`.YQ|
39 fc 58 14 6b fe d4 a4  ed 79 6b 08 0c 41 72 e7  |9.X.k....yk..Ar.|
37 22 06 09 be 23 e9 3f  44 9a 1e e9 61 9d cc b1  |7"...#.?D...a...|
90 5c fc 3d d2 8d ac 42  3d 65 36 d4 b4 3d 40 28  |.\.=...B=e6..=@(|
8f 9b 10 cf 23 26 cc 4b  20 cb 90 1f 5d 8c 4c 34  |....#&.K ...].L4|
ca 3c d8 e5 37 d6 6f a5  20 bd 34 eb 26 d9 ae 0d  |.<..7.o. .4.&...|
e7 c5 9a f7 a1 b4 21 91  33 6f 86 e8 58 bb 25 7c  |......!.3o..X.%||
74 0e 58 fe 75 1b 63 3f  ce 31 7c 9b 8f 1b 96 9e  |t.X.u.c?.1|.....|
c5 53 76 84 5b 9c ad 91  fa ac ed 93 ba 5d c8 21  |.Sv.[........].!|
53 c2 82 53 63 af 12 0d  50 87 11 1b 3d 54 52 96  |S..Sc...P...=TR.|
8a 2c 9c 3d 92 1a 08 9a  05 2e c7 93 a5 48 91 d3  |.,.=.........H..|
```

Signer

1
unnamed
- #0
  - C: US
  - O: VeriSign, Inc.
  - OU: VeriSign Trust Network
  - OU: Terms of use at https://www.verisign.com/rpa (c)10
  - CN: VeriSign Class 3 Code Signing 2010 CA
- 6E:7B:63:95:AC:5B:5C:8A:2A:EC:C4:52:8D:9E:65:10
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

7e 41 fd 49 12 d8 72 5a  21 18 d7 b3 d1 91 56 af  |~A.I..rZ!.....V.|
71 af bf 0b                                       |q...            |

rsaEncryption:

9d e5 c2 97 5a 6b ac df  e0 6b ee c8 9c 75 bc 3a  |....Zk...k...u.:|
df 7a d1 fb 68 1b 24 54  bc 9e ed be 31 3a e1 a3  |.z..h.$T....1:..|
f7 21 b9 48 59 d9 8a 3d  8d 8a c0 08 0e ad 87 9c  |.!.HY..=........|
28 62 b8 30 3e ea 48 18  32 0d 65 fb ee 84 94 e3  |(b.0>.H.2.e.....|
3a 1e 9b 61 4c cd 1c 2c  3c 43 6d d8 58 bf 16 10  |:..aL..,..a!.4....|
82 ab 1e 1d c0 bf b0 c6  e6 b3 a5 96 82 39 72 c5  |.............9r.|
ce 8b 63 31 ed 2e 28 77  22 88 18 d6 2a c7 00 84  |..c1..(w"...*...|
ad 9a 85 0f 40 b2 2e 9c  02 01 ef f7 07 8b 38 67  |....@.........8g|
2b 87 8a 3e ee db 12 46  75 fa d8 68 5c 34 13 78  |+..>...Fu..h\4.x|
87 87 ab 1f 3e d7 6f 39  5e f0 7e 71 5c 92 e5 24  |....>.o9^.~q\..$|
fb ff 35 e6 3d 06 fd 7e  e0 14 76 e7 9f 7e 34 6f  |..5.=..~..v..~4o|
09 40 2b 35 51 65 07 9d  83 63 0c 83 44 fa 1d 13  |.@+5Qe...c..D...|

show previews

offset	size	type	comment
0	395776	EXE	12/01/2013 08:08:23	#
15c1	15	HTM		#
60a00	27040	BIN	overlay data past EOF	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x0