| filename | launch.exe | |
|---|---|---|
| size | 651696 (0x9f1b0) | |
| md5 | 8cf1d4ca8046767ff4269b8b47a05aa8 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xe8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
| id | lang | string |
|---|---|---|
| 103 | 2052 | tw2launch |
| 109 | 2052 | TW2LAUNCH |
| module_name | hint | ord | function_name |
|---|---|---|---|
| PSAPI.DLL | 6 | EnumProcesses | |
| PSAPI.DLL | 4 | EnumProcessModules | |
| PSAPI.DLL | 13 | GetModuleBaseNameA | |
| WS2_32.dll | 7 | ||
| WS2_32.dll | 10 | ||
| WS2_32.dll | 9 | ||
| WS2_32.dll | 52 | ||
| WS2_32.dll | 11 | ||
| WS2_32.dll | 4 | ||
| WS2_32.dll | 111 | ||
| WS2_32.dll | 16 | ||
| WS2_32.dll | 19 | ||
| WS2_32.dll | 18 | ||
| WS2_32.dll | 151 | ||
| WS2_32.dll | 3 | ||
| WS2_32.dll | 21 | ||
| WS2_32.dll | 23 | ||
| WS2_32.dll | 115 | ||
| SHLWAPI.dll | 68 | PathFileExistsA | |
| SHLWAPI.dll | 138 | PathRemoveFileSpecA | |
| KERNEL32.dll | 390 | GetCommandLineA | |
| KERNEL32.dll | 1107 | SetEndOfFile | |
| KERNEL32.dll | 143 | CreateFileW | |
| KERNEL32.dll | 722 | HeapReAlloc | |
| KERNEL32.dll | 136 | CreateFileA | |
| KERNEL32.dll | 1316 | WriteConsoleW | |
| KERNEL32.dll | 1159 | SetStdHandle | |
| KERNEL32.dll | 617 | GetStringTypeW | |
| KERNEL32.dll | 813 | LCMapStringW | |
| KERNEL32.dll | 1126 | SetFilePointer | |
| KERNEL32.dll | 343 | FlushFileBuffers | |
| KERNEL32.dll | 960 | ReadFile | |
| KERNEL32.dll | 871 | MultiByteToWideChar | |
| KERNEL32.dll | 633 | GetSystemTimeAsFileTime | |
| KERNEL32.dll | 935 | QueryPerformanceCounter | |
| KERNEL32.dll | 717 | HeapCreate | |
| KERNEL32.dll | 499 | GetFileType | |
| KERNEL32.dll | 1135 | SetHandleCount | |
| KERNEL32.dll | 82 | CloseHandle | |
| KERNEL32.dll | 896 | OpenProcess | |
| KERNEL32.dll | 659 | GetTickCount | |
| KERNEL32.dll | 642 | GetTempFileNameA | |
| KERNEL32.dll | 644 | GetTempPathA | |
| KERNEL32.dll | 577 | GetPrivateProfileStringA | |
| KERNEL32.dll | 449 | GetCurrentProcessId | |
| KERNEL32.dll | 112 | CopyFileA | |
| KERNEL32.dll | 1118 | SetFileAttributesA | |
| KERNEL32.dll | 124 | CreateDirectoryA | |
| KERNEL32.dll | 480 | GetExitCodeThread | |
| KERNEL32.dll | 1217 | TerminateThread | |
| KERNEL32.dll | 1273 | WaitForSingleObject | |
| KERNEL32.dll | 531 | GetModuleFileNameA | |
| KERNEL32.dll | 474 | GetEnvironmentStringsW | |
| KERNEL32.dll | 353 | FreeEnvironmentStringsW | |
| KERNEL32.dll | 724 | HeapSize | |
| KERNEL32.dll | 1202 | Sleep | |
| KERNEL32.dll | 831 | LoadLibraryW | |
| KERNEL32.dll | 209 | DeleteCriticalSection | |
| KERNEL32.dll | 739 | InitializeCriticalSectionAndSpinCount | |
| KERNEL32.dll | 428 | GetConsoleMode | |
| KERNEL32.dll | 410 | GetConsoleCP | |
| KERNEL32.dll | 1297 | WideCharToMultiByte | |
| KERNEL32.dll | 825 | LeaveCriticalSection | |
| KERNEL32.dll | 945 | RaiseException | |
| KERNEL32.dll | 1048 | RtlUnwind | |
| KERNEL32.dll | 202 | DecodePointer | |
| KERNEL32.dll | 234 | EncodePointer | |
| KERNEL32.dll | 514 | GetLastError | |
| KERNEL32.dll | 211 | DeleteFileA | |
| KERNEL32.dll | 581 | GetProcAddress | |
| KERNEL32.dll | 536 | GetModuleHandleW | |
| KERNEL32.dll | 281 | ExitProcess | |
| KERNEL32.dll | 282 | ExitThread | |
| KERNEL32.dll | 453 | GetCurrentThreadId | |
| KERNEL32.dll | 181 | CreateThread | |
| KERNEL32.dll | 862 | MoveFileA | |
| KERNEL32.dll | 586 | GetProcessHeap | |
| KERNEL32.dll | 723 | HeapSetInformation | |
| KERNEL32.dll | 611 | GetStartupInfoW | |
| KERNEL32.dll | 719 | HeapFree | |
| KERNEL32.dll | 715 | HeapAlloc | |
| KERNEL32.dll | 370 | GetCPInfo | |
| KERNEL32.dll | 751 | InterlockedIncrement | |
| KERNEL32.dll | 747 | InterlockedDecrement | |
| KERNEL32.dll | 360 | GetACP | |
| KERNEL32.dll | 567 | GetOEMCP | |
| KERNEL32.dll | 778 | IsValidCodePage | |
| KERNEL32.dll | 1221 | TlsAlloc | |
| KERNEL32.dll | 1223 | TlsGetValue | |
| KERNEL32.dll | 1224 | TlsSetValue | |
| KERNEL32.dll | 1222 | TlsFree | |
| KERNEL32.dll | 1139 | SetLastError | |
| KERNEL32.dll | 1235 | UnhandledExceptionFilter | |
| KERNEL32.dll | 1189 | SetUnhandledExceptionFilter | |
| KERNEL32.dll | 768 | IsDebuggerPresent | |
| KERNEL32.dll | 1216 | TerminateProcess | |
| KERNEL32.dll | 448 | GetCurrentProcess | |
| KERNEL32.dll | 772 | IsProcessorFeaturePresent | |
| KERNEL32.dll | 1317 | WriteFile | |
| KERNEL32.dll | 612 | GetStdHandle | |
| KERNEL32.dll | 532 | GetModuleFileNameW | |
| KERNEL32.dll | 238 | EnterCriticalSection | |
| USER32.dll | 735 | ShowWindow | |
| USER32.dll | 412 | GetWindowRect | |
| USER32.dll | 565 | PostMessageA | |
| USER32.dll | 526 | MessageBoxA | |
| USER32.dll | 276 | GetClientRect | |
| USER32.dll | 785 | UpdateWindow | |
| USER32.dll | 539 | MoveWindow | |
| USER32.dll | 291 | GetDesktopWindow | |
| USER32.dll | 171 | DialogBoxParamA | |
| USER32.dll | 218 | EndDialog | |
| USER32.dll | 655 | SetDlgItemTextA | |
| SHELL32.dll | 288 | ShellExecuteExA | |
| SHELL32.dll | 224 | SHGetSpecialFolderPathA |
Signers (1)
issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Code Signing 2009-2 CA
serial: 3D8510B4C5BC9C4989238C1C0559F1D9
Certificates (4)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
Validity
Not Before: May 1 00:00:00 2012 GMT
Not After : Dec 31 23:59:59 2012 GMT
Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer - G3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Modulus:
00:a9:59:66:74:da:3d:8a:7d:7a:d8:fc:f5:80:44:
7b:fe:47:6a:14:55:4e:50:47:0b:ec:d3:ed:ce:f6:
38:f7:4f:69:b9:b1:f0:b6:78:82:0a:8c:76:16:67:
e2:02:ad:b7:0d:a5:8a:f6:03:fc:66:d3:fc:08:2d:
cc:b5:73:59:7b:89:dc:33:6e:66:5a:5e:52:37:b4:
62:d1:92:59:35:14:8b:45:ac:59:b2:4d:24:a2:98:
94:68:42:72:9f:3a:68:e2:6b:8b:9e:22:2d:f4:98:
4e:9a:c6:af:b3:e4:a0:ab:3c:28:bf:23:e1:d7:72:
a4:f2:10:53:67:ae:77:af:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/tss-ca.crl
X509v3 Extended Key Usage: critical
Time Stamping
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Subject Alternative Name:
DirName:/CN=TSA1-3
X509v3 Subject Key Identifier:
B4:B7:F1:89:49:26:60:E7:65:EA:73:AE:DC:D3:38:CD:BF:57:92:6F
Signature Algorithm: sha1WithRSAEncryption
1e:98:aa:27:b7:78:b5:08:b5:c9:72:6d:b7:df:c0:0e:98:a6:
35:c4:88:c9:d2:f6:6d:f1:4b:1a:fb:d5:f9:2d:99:00:9e:d1:
e7:9b:8b:e1:3f:bd:39:80:0c:66:cd:07:bc:5c:98:54:a6:94:
ba:10:d1:4e:8b:ab:f5:6f:65:cc:67:09:a2:80:7c:52:e8:0e:
03:d6:6b:7a:c6:05:18:ec:c8:ac:42:7c:07:2c:a7:3d:08:66:
dc:00:ed:fd:94:1d:73:f2:72:98:93:b1:11:d6:8f:ef:8e:ea:
ac:f4:96:51:0c:d0:8d:df:31:52:4f:5e:af:7d:a7:4a:75:e6:
4e:ce:2b:9f:29:2b:e7:cf:5d:9f:03:7e:6e:27:7b:23:ad:62:
29:66:af:92:e8:2c:ce:bd:9c:7f:dc:cd:17:3c:43:c2:09:3f:
75:45:c7:9e:e4:d7:60:7f:97:c6:e4:aa:c7:69:f5:fc:cd:74:
ac:2c:b0:48:c1:50:4e:70:56:1e:b5:35:d3:8e:be:b1:ed:ac:
bd:fe:0c:ec:85:7d:d5:bb:85:66:44:19:5d:9f:93:eb:82:ba:
63:9e:d3:7c:61:ff:c8:1b:d9:23:58:7f:30:a3:66:a1:39:26:
5e:92:c3:3c:cb:37:32:fa:f5:a3:8d:dc:d5:b0:a3:e9:25:36:
55:d7:81:faCertificate:
Data:
Version: 3 (0x2)
Serial Number:
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
Validity
Not Before: Dec 4 00:00:00 2003 GMT
Not After : Dec 3 23:59:59 2013 GMT
Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75:
f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da:
bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36:
9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af:
0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6:
d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6:
1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9:
0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99:
81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33:
95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a:
c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26:
87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe:
c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78:
ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a:
5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f:
f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee:
ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87:
c1:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/ThawteTimestampingCA.crl
X509v3 Extended Key Usage:
Time Stamping
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
DirName:/CN=TSA2048-1-53
Signature Algorithm: sha1WithRSAEncryption
4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01:
d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7:
04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62:
15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00:
fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce:
e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4:
c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7:
3f:4aCertificate:
Data:
Version: 3 (0x2)
Serial Number:
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
Validity
Not Before: May 21 00:00:00 2009 GMT
Not After : May 20 23:59:59 2019 GMT
Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009-2 CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:67:1d:b4:60:aa:10:49:6f:56:17:7c:66:c9:
5e:86:0d:d5:f1:ac:a7:71:83:8e:8b:89:f8:88:04:
89:15:06:ba:2d:84:21:95:e4:d1:9c:50:4c:fb:d2:
22:bd:da:f2:b2:35:3b:1e:8f:c3:09:fb:fc:13:2e:
5a:bf:89:7c:3d:3b:25:1e:f6:f3:58:7b:9c:f4:01:
b5:c6:0a:b8:80:ce:be:27:74:61:67:27:4d:6a:e5:
ec:81:61:58:79:a3:e0:17:10:12:15:27:b0:e1:4d:
34:7f:2b:47:20:44:b9:de:66:24:66:8a:cd:4f:ba:
1f:c5:38:c8:54:90:e1:72:f6:19:66:75:6a:b9:49:
68:cf:38:79:0d:aa:30:a8:db:2c:60:48:9e:d7:aa:
14:01:a9:83:d7:38:91:30:39:13:96:03:3a:7c:40:
54:b6:ad:e0:2f:1b:83:dc:a8:11:52:3e:02:b3:d7:
2b:fd:21:b6:a7:5c:a3:0f:0b:a9:a6:10:50:0e:34:
2e:4d:a7:ce:c9:5e:25:d4:8c:bc:f3:6e:7c:29:bc:
01:5d:fc:31:87:5a:d5:8c:85:67:58:88:19:a0:bf:
35:f0:ea:2b:a3:21:e7:90:f6:83:e5:a8:ed:60:78:
5e:7b:60:83:fd:57:0b:5d:41:0d:63:54:60:d6:43:
21:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.3
CPS: https://www.verisign.com/cps
User Notice:
Explicit Text: https://www.verisign.com/rpa
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
1.3.6.1.5.5.7.1.12:
0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
X509v3 Extended Key Usage:
TLS Web Client Authentication, Code Signing
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/pca3.crl
X509v3 Subject Alternative Name:
DirName:/CN=Class3CA2048-1-55
X509v3 Subject Key Identifier:
97:D0:6B:A8:26:70:C8:A1:3F:94:1F:08:2D:C4:35:9B:A4:A1:1E:F2
Signature Algorithm: sha1WithRSAEncryption
8b:03:c0:dd:94:d8:41:a2:61:69:b0:15:a8:78:c7:30:c6:90:
3c:7e:42:f7:24:b6:e4:83:73:17:04:7f:04:10:9c:a1:e2:fa:
81:2f:eb:c0:ca:44:e7:72:e0:50:b6:55:10:20:83:6e:96:92:
e4:9a:51:6a:b4:37:31:dc:a5:2d:eb:8c:00:c7:1d:4f:e7:4d:
32:ba:85:f8:4e:be:fa:67:55:65:f0:6a:be:7a:ca:64:38:1a:
10:10:78:45:76:31:f3:86:7a:03:0f:60:c2:b3:5d:9d:f6:8b:
66:76:82:1b:59:e1:83:e5:bd:49:a5:38:56:e5:de:41:77:0e:
58:0fCertificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:85:10:b4:c5:bc:9c:49:89:23:8c:1c:05:59:f1:d9
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009-2 CA
Validity
Not Before: Jun 25 00:00:00 2010 GMT
Not After : Jun 24 23:59:59 2013 GMT
Subject: C=CN, ST=Zhejiang, L=Hangzhou, O=Netease(Hangzhou) Network Co.Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Netease(Hangzhou), CN=Netease(Hangzhou) Network Co.Ltd.
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Modulus:
00:b0:7b:c3:15:4e:3b:b0:68:b2:41:6d:b5:aa:c2:
4d:72:e2:f4:8b:e4:cf:fd:dd:33:b1:c0:0a:d7:15:
8f:9f:39:b3:cf:1b:5d:23:1a:73:de:66:14:22:09:
94:79:16:ec:d7:05:f0:2d:dc:7d:2f:c8:23:2b:86:
5f:23:28:67:11:25:1f:c5:5a:4a:56:6e:91:a1:90:
45:19:b7:3e:72:28:3b:26:14:ca:05:0c:27:f2:92:
cd:91:86:2f:54:27:b8:e2:42:c9:c4:a9:be:e6:c1:
5d:ec:cd:ea:af:5e:a7:9a:63:77:7c:d0:f3:7b:5e:
e4:73:4d:b1:be:cb:9f:d4:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.3
CPS: https://www.verisign.com/rpa
X509v3 Extended Key Usage:
Code Signing
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
CA Issuers - URI:http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer
X509v3 Authority Key Identifier:
keyid:97:D0:6B:A8:26:70:C8:A1:3F:94:1F:08:2D:C4:35:9B:A4:A1:1E:F2
Netscape Cert Type:
Object Signing
1.3.6.1.4.1.311.2.1.27:
0.......
Signature Algorithm: sha1WithRSAEncryption
33:ed:ab:be:22:0c:94:19:f4:0b:08:24:e5:fd:03:91:b6:09:
24:e4:19:14:d2:ff:64:c6:5e:1d:68:ed:99:90:62:a7:79:4c:
a4:7d:aa:87:af:80:0a:2c:96:ea:d1:5a:f9:a5:b1:2a:11:cf:
a2:f0:f0:0b:99:7d:7e:21:c9:43:43:33:65:41:37:34:4b:6c:
0e:be:00:bf:39:85:4d:7d:fb:e3:f6:1b:2e:ba:26:e1:64:5b:
97:47:aa:24:b5:0c:ca:1d:84:d3:6e:c4:b3:30:eb:54:22:52:
4d:8b:d8:98:66:fb:3a:6e:b4:b9:62:54:2b:c9:80:ce:ed:13:
80:24:fb:7d:96:02:6f:c8:05:5d:d7:e2:6e:7a:66:5c:5b:64:
e5:cb:b3:f0:45:3f:a0:dc:0c:cb:ba:43:43:c1:f4:ba:82:59:
4a:1c:a8:5d:7b:98:b4:b9:9d:97:34:aa:b5:24:06:fc:2c:e6:
70:af:b4:d6:8c:52:f9:ce:9d:e8:37:0e:81:d8:9a:b1:67:1a:
c2:b3:19:27:94:f7:eb:81:10:26:79:35:e6:aa:b2:2a:45:db:
ff:ef:d6:0a:c4:71:c8:4e:74:e6:fa:b0:5b:ea:fc:8e:f4:e9:
3e:ae:64:76:e7:97:56:5c:85:c9:2d:f7:2c:24:63:f9:0b:91:
fb:33:44:capkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
e2 8e cc 08 a1 1f f2 8f 10 db bd ae df dc 01 c0 |................| af f5 47 17 |..G. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- Certificates
- Certificate #0
- 2
- 79:A2:A5:85:F9:D1:15:42:13:D9:B8:3E:F6:B6:8D:ED
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 2012-05-01 00:00:00 UTC: 2012-12-31 23:59:59 UTC
- Subject
- C: US
- O: Symantec Corporation
- CN: Symantec Time Stamping Services Signer - G3
- #5
- rsaEncryption: nil
- A9:59:66:74:DA:3D:8A:7D:7A:D8:FC:F5:80:44:7B:FE:
47:6A:14:55:4E:50:47:0B:EC:D3:ED:CE:F6:38:F7:4F:
69:B9:B1:F0:B6:78:82:0A:8C:76:16:67:E2:02:AD:B7:
0D:A5:8A:F6:03:FC:66:D3:FC:08:2D:CC:B5:73:59:7B:
89:DC:33:6E:66:5A:5E:52:37:B4:62:D1:92:59:35:14:
8B:45:AC:59:B2:4D:24:A2:98:94:68:42:72:9F:3A:68:
E2:6B:8B:9E:22:2D:F4:98:4E:9A:C6:AF:B3:E4:A0:AB:
3C:28:BF:23:E1:D7:72:A4:F2:10:53:67:AE:77:AF:51: 0x010001
- X509v3 extensions
- basicConstraints
- true
- nil
- crlDistributionPoints: http://crl.verisign.com/tss-ca.crl
- extendedKeyUsage: true, timeStamping
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- keyUsage: true, 0x80
- subjectAltName
- CN: TSA1-3
- subjectKeyIdentifier:
b4 b7 f1 89 49 26 60 e7 65 ea 73 ae dc d3 38 cd |....I&`.e.s...8.| bf 57 92 6f |.W.o |
- basicConstraints
- RSA-SHA1:
1e 98 aa 27 b7 78 b5 08 b5 c9 72 6d b7 df c0 0e |...'.x....rm....| 98 a6 35 c4 88 c9 d2 f6 6d f1 4b 1a fb d5 f9 2d |..5.....m.K....-| 99 00 9e d1 e7 9b 8b e1 3f bd 39 80 0c 66 cd 07 |........?.9..f..| bc 5c 98 54 a6 94 ba 10 d1 4e 8b ab f5 6f 65 cc |.\.T.....N...oe.| 67 09 a2 80 7c 52 e8 0e 03 d6 6b 7a c6 05 18 ec |g...|R....kz....| c8 ac 42 7c 07 2c a7 3d 08 66 dc 00 ed fd 94 1d |..B|.,.=.f......| 73 f2 72 98 93 b1 11 d6 8f ef 8e ea ac f4 96 51 |s.r............Q| 0c d0 8d df 31 52 4f 5e af 7d a7 4a 75 e6 4e ce |....1RO^.}.Ju.N.| 2b 9f 29 2b e7 cf 5d 9f 03 7e 6e 27 7b 23 ad 62 |+.)+..]..~n'{#.b| 29 66 af 92 e8 2c ce bd 9c 7f dc cd 17 3c 43 c2 |)f...,.......
- 2
- Certificate #1
- 2
- 47:BF:19:95:DF:8D:52:46:43:F7:DB:6D:48:0D:31:A4
- RSA-SHA1: nil
- Issuer
- C: ZA
- ST: Western Cape
- L: Durbanville
- O: Thawte
- OU: Thawte Certification
- CN: Thawte Timestamping CA
- 2003-12-04 00:00:00 UTC: 2013-12-03 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- #5
- rsaEncryption: nil
- A9:CA:B2:A4:CC:CD:20:AF:0A:7D:89:AC:87:75:F0:B4:
4E:F1:DF:C1:0F:BF:67:61:BD:A3:64:1C:DA:BB:F9:CA:
33:AB:84:30:89:58:7E:8C:DB:6B:DD:36:9E:0F:BF:D1:
EC:78:F2:77:A6:7E:6F:3C:BF:93:AF:0D:BA:68:F4:6C:
94:CA:BD:52:2D:AB:48:3D:F5:B6:D5:5D:5F:1B:02:9F:
FA:2F:6B:1E:A4:F7:A3:9A:A6:1A:C8:02:E1:7F:4C:52:
E3:0E:60:EC:40:1C:7E:B9:0D:DE:3F:C7:B4:DF:87:BD:
5F:7A:6A:31:2E:03:99:81:13:A8:47:20:CE:31:73:0D:
57:2D:CD:78:34:33:95:12:99:12:B9:DE:68:2F:AA:E6:
E3:C2:8A:8C:2A:C3:8B:21:87:66:BD:83:58:57:6F:75:
BF:3C:AA:26:87:5D:CA:10:15:3C:9F:84:EA:54:C1:0A:
6E:C4:FE:C5:4A:DD:B9:07:11:97:22:7C:DB:3E:27:D1:
1E:78:EC:9F:31:C9:F1:E6:22:19:DB:C4:B3:47:43:9A:
1A:5F:A0:1E:90:E4:5E:F5:EE:7C:F1:7D:AB:62:01:8F:
F5:4D:0B:DE:D0:22:56:A8:95:CD:AE:88:76:AE:EE:BA:
0D:F3:E4:4D:D9:A0:FB:68:A0:AE:14:3B:B3:87:C1:BB: 0x010001
- X509v3 extensions
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- basicConstraints
- true
- true: 0
- crlDistributionPoints: http://crl.verisign.com/ThawteTimestampingCA.crl
- extendedKeyUsage: timeStamping
- keyUsage: true, 6
- subjectAltName
- CN: TSA2048-1-53
- authorityInfoAccess
- RSA-SHA1:
4a 6b f9 ea 58 c2 44 1c 31 89 79 99 2b 96 bf 82 |Jk..X.D.1.y.+...| ac 01 d6 1c 4c cd b0 8a 58 6e df 08 29 a3 5e c8 |....L...Xn..).^.| ca 93 13 e7 04 52 0d ef 47 27 2f 00 38 b0 e4 c9 |.....R..G'/.8...| 93 4e 9a d4 22 62 15 f7 3f 37 21 4f 70 31 80 f1 |.N.."b..?7!Op1..| 8b 38 87 b3 e8 e8 97 00 fe cf 55 96 4e 24 d2 a9 |.8........U.N$..| 27 4e 7a ae b7 61 41 f3 2a ce e7 c9 d9 5e dd bb |'Nz..aA.*....^..| 2b 85 3e b5 9d b5 d9 e1 57 ff be b4 c5 7e f5 cf |+.>.....W....~..| 0c 9e f0 97 fe 2b d3 3b 52 1b 1b 38 27 f7 3f 4a |.....+.;R..8'.?J|
- 2
- Certificate #2
- 2
- 65:52:26:E1:B2:2E:18:E1:59:0F:29:85:AC:22:E7:5C
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- OU: Class 3 Public Primary Certification Authority
- 2009-05-21 00:00:00 UTC: 2019-05-20 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- OU: VeriSign Trust Network
- OU: Terms of use at https://www.verisign.com/rpa (c)09
- CN: VeriSign Class 3 Code Signing 2009-2 CA
- #5
- rsaEncryption: nil
- BE:67:1D:B4:60:AA:10:49:6F:56:17:7C:66:C9:5E:86:
0D:D5:F1:AC:A7:71:83:8E:8B:89:F8:88:04:89:15:06:
BA:2D:84:21:95:E4:D1:9C:50:4C:FB:D2:22:BD:DA:F2:
B2:35:3B:1E:8F:C3:09:FB:FC:13:2E:5A:BF:89:7C:3D:
3B:25:1E:F6:F3:58:7B:9C:F4:01:B5:C6:0A:B8:80:CE:
BE:27:74:61:67:27:4D:6A:E5:EC:81:61:58:79:A3:E0:
17:10:12:15:27:B0:E1:4D:34:7F:2B:47:20:44:B9:DE:
66:24:66:8A:CD:4F:BA:1F:C5:38:C8:54:90:E1:72:F6:
19:66:75:6A:B9:49:68:CF:38:79:0D:AA:30:A8:DB:2C:
60:48:9E:D7:AA:14:01:A9:83:D7:38:91:30:39:13:96:
03:3A:7C:40:54:B6:AD:E0:2F:1B:83:DC:A8:11:52:3E:
02:B3:D7:2B:FD:21:B6:A7:5C:A3:0F:0B:A9:A6:10:50:
0E:34:2E:4D:A7:CE:C9:5E:25:D4:8C:BC:F3:6E:7C:29:
BC:01:5D:FC:31:87:5A:D5:8C:85:67:58:88:19:A0:BF:
35:F0:EA:2B:A3:21:E7:90:F6:83:E5:A8:ED:60:78:5E:
7B:60:83:FD:57:0B:5D:41:0D:63:54:60:D6:43:21:EF: 0x010001
- X509v3 extensions
- basicConstraints
- true
- true: 0
- certificatePolicies
- 2.16.840.1.113733.1.7.23.3
- #0
- id-qt-cps: https://www.verisign.com/cps
- id-qt-unotice: https://www.verisign.com/rpa
- #0
- 2.16.840.1.113733.1.7.23.3
- keyUsage: true, 6
- 1.3.6.1.5.5.7.1.12
- image/gif
- SHA1:
8f e5 d3 1a 86 ac 8d 8e 6b c3 cf 80 6a d4 48 18 |........k...j.H.| 2c 7b 19 2e |,{.. | - http://logo.verisign.com/vslogo.gif
- SHA1:
- image/gif
- extendedKeyUsage
- clientAuth: codeSigning
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- crlDistributionPoints: http://crl.verisign.com/pca3.crl
- subjectAltName
- CN: Class3CA2048-1-55
- subjectKeyIdentifier:
97 d0 6b a8 26 70 c8 a1 3f 94 1f 08 2d c4 35 9b |..k.&p..?...-.5.| a4 a1 1e f2 |.... |
- basicConstraints
- RSA-SHA1:
8b 03 c0 dd 94 d8 41 a2 61 69 b0 15 a8 78 c7 30 |......A.ai...x.0| c6 90 3c 7e 42 f7 24 b6 e4 83 73 17 04 7f 04 10 |..<~B.$...s.....| 9c a1 e2 fa 81 2f eb c0 ca 44 e7 72 e0 50 b6 55 |...../...D.r.P.U| 10 20 83 6e 96 92 e4 9a 51 6a b4 37 31 dc a5 2d |. .n....Qj.71..-| eb 8c 00 c7 1d 4f e7 4d 32 ba 85 f8 4e be fa 67 |.....O.M2...N..g| 55 65 f0 6a be 7a ca 64 38 1a 10 10 78 45 76 31 |Ue.j.z.d8...xEv1| f3 86 7a 03 0f 60 c2 b3 5d 9d f6 8b 66 76 82 1b |..z..`..]...fv..| 59 e1 83 e5 bd 49 a5 38 56 e5 de 41 77 0e 58 0f |Y....I.8V..Aw.X.|
- 2
- Certificate #3
- 2
- 3D:85:10:B4:C5:BC:9C:49:89:23:8C:1C:05:59:F1:D9
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- OU: VeriSign Trust Network
- OU: Terms of use at https://www.verisign.com/rpa (c)09
- CN: VeriSign Class 3 Code Signing 2009-2 CA
- 2010-06-25 00:00:00 UTC: 2013-06-24 23:59:59 UTC
- Subject
- C: CN
- ST: Zhejiang
- L: Hangzhou
- O: Netease(Hangzhou) Network Co.Ltd.
- OU: Digital ID Class 3 - Microsoft Software Validation v2
- OU: Netease(Hangzhou)
- CN: Netease(Hangzhou) Network Co.Ltd.
- #5
- rsaEncryption: nil
- B0:7B:C3:15:4E:3B:B0:68:B2:41:6D:B5:AA:C2:4D:72:
E2:F4:8B:E4:CF:FD:DD:33:B1:C0:0A:D7:15:8F:9F:39:
B3:CF:1B:5D:23:1A:73:DE:66:14:22:09:94:79:16:EC:
D7:05:F0:2D:DC:7D:2F:C8:23:2B:86:5F:23:28:67:11:
25:1F:C5:5A:4A:56:6E:91:A1:90:45:19:B7:3E:72:28:
3B:26:14:CA:05:0C:27:F2:92:CD:91:86:2F:54:27:B8:
E2:42:C9:C4:A9:BE:E6:C1:5D:EC:CD:EA:AF:5E:A7:9A:
63:77:7C:D0:F3:7B:5E:E4:73:4D:B1:BE:CB:9F:D4:75: 0x010001
- X509v3 extensions
- basicConstraints
- nil
- keyUsage: true, 0x80
- crlDistributionPoints: http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl
- certificatePolicies
- 2.16.840.1.113733.1.7.23.3
- id-qt-cps: https://www.verisign.com/rpa
- 2.16.840.1.113733.1.7.23.3
- extendedKeyUsage: codeSigning
- authorityInfoAccess
- #0
- OCSP: http://ocsp.verisign.com
- caIssuers: http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer
- #0
- authorityKeyIdentifier:
97 d0 6b a8 26 70 c8 a1 3f 94 1f 08 2d c4 35 9b |..k.&p..?...-.5.| a4 a1 1e f2 |.... |
- nsCertType: 0x10
- 1.3.6.1.4.1.311.2.1.27
- false: true
- basicConstraints
- RSA-SHA1:
33 ed ab be 22 0c 94 19 f4 0b 08 24 e5 fd 03 91 |3..."......$....| b6 09 24 e4 19 14 d2 ff 64 c6 5e 1d 68 ed 99 90 |..$.....d.^.h...| 62 a7 79 4c a4 7d aa 87 af 80 0a 2c 96 ea d1 5a |b.yL.}.....,...Z| f9 a5 b1 2a 11 cf a2 f0 f0 0b 99 7d 7e 21 c9 43 |...*.......}~!.C| 43 33 65 41 37 34 4b 6c 0e be 00 bf 39 85 4d 7d |C3eA74Kl....9.M}| fb e3 f6 1b 2e ba 26 e1 64 5b 97 47 aa 24 b5 0c |......&.d[.G.$..| ca 1d 84 d3 6e c4 b3 30 eb 54 22 52 4d 8b d8 98 |....n..0.T"RM...| 66 fb 3a 6e b4 b9 62 54 2b c9 80 ce ed 13 80 24 |f.:n..bT+......$| fb 7d 96 02 6f c8 05 5d d7 e2 6e 7a 66 5c 5b 64 |.}..o..]..nzf\[d| e5 cb b3 f0 45 3f a0 dc 0c cb ba 43 43 c1 f4 ba |....E?.....CC...| 82 59 4a 1c a8 5d 7b 98 b4 b9 9d 97 34 aa b5 24 |.YJ..]{.....4..$| 06 fc 2c e6 70 af b4 d6 8c 52 f9 ce 9d e8 37 0e |..,.p....R....7.| 81 d8 9a b1 67 1a c2 b3 19 27 94 f7 eb 81 10 26 |....g....'.....&| 79 35 e6 aa b2 2a 45 db ff ef d6 0a c4 71 c8 4e |y5...*E......q.N| 74 e6 fa b0 5b ea fc 8e f4 e9 3e ae 64 76 e7 97 |t...[.....>.dv..| 56 5c 85 c9 2d f7 2c 24 63 f9 0b 91 fb 33 44 ca |V\..-.,$c....3D.|
- 2
- Certificate #0
- Signer
- 1
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- OU: VeriSign Trust Network
- OU: Terms of use at https://www.verisign.com/rpa (c)09
- CN: VeriSign Class 3 Code Signing 2009-2 CA
- 3D:85:10:B4:C5:BC:9C:49:89:23:8C:1C:05:59:F1:D9
- #0
- SHA1: nil
- #3
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.12:
59 29 4e 0b 00 33 |Y)N..3 |
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
fd 58 a3 8e e0 d6 90 a7 0e e5 ef 73 66 f9 62 98 |.X.........sf.b.| 31 83 90 22 |1.." |
- rsaEncryption:
aa 4e cc f8 1b db c3 39 9e a9 18 f8 38 44 e1 0d |.N.....9....8D..| 1a 4c b5 4f fd 01 a3 b6 54 cf 17 a7 6a 6d fc 51 |.L.O....T...jm.Q| 9b 2c f7 28 3d 2e f6 95 d0 5d 15 e0 b4 0b aa 9b |.,.(=....]......| 61 72 77 f5 cd b4 07 3a f9 4e b0 97 16 31 88 1a |arw....:.N...1..| c7 51 15 33 cb 86 93 6f 20 df 5c 42 18 84 12 ec |.Q.3...o .\B....| 60 a6 29 28 dd 1e 7c 24 5a 36 c2 8d 4a 41 5a 60 |`.)(..|$Z6..JAZ`| 03 4f 6d e5 87 0f 77 b1 28 ce 87 a3 10 47 99 99 |.Om...w.(....G..| 91 62 5d 58 f6 68 9f 19 4a 5e ff 35 66 20 c7 aa |.b]X.h..J^.5f ..|
- countersignature
- 1
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 79:A2:A5:85:F9:D1:15:42:13:D9:B8:3E:F6:B6:8D:ED
- #0
- SHA1: nil
- #2
- contentType: pkcs7-data
- signingTime: 2012-12-07 02:27:25 UTC
- messageDigest:
a4 1e 62 de 24 10 1c 22 c5 48 6a 81 0b af 3a 46 |..b.$..".Hj...:F| 4e 59 83 cc |NY.. |
- rsaEncryption:
63 a7 86 db 8b 5a f5 06 b2 1b d2 48 80 a6 2a d1 |c....Z.....H..*.| 86 f9 27 de 7b d6 53 91 0e 79 06 6c 6b a9 e9 40 |..'.{.S..y.lk..@| 71 22 61 a7 f5 8c f9 95 a5 7f 8a 86 f0 dc bb 0a |q"a.............| cb 03 58 7e 25 0a 53 7e 8a 0e 34 8a 3b 4e e3 d4 |..X~%.S~..4.;N..| 6d 7b 8c 52 1e f0 f6 56 3a 08 05 fe 35 1b 59 ad |m{.R...V:...5.Y.| 1b e6 19 9f 33 ac d1 7c d6 51 f5 e6 7a 73 b7 18 |....3..|.Q..zs..| ca 12 09 23 f4 3a 1b 56 c6 0a 1f f0 d2 52 11 ab |...#.:.V.....R..| dd 99 4e 41 7e 7d 22 b9 e8 94 94 72 0a d8 73 12 |..NA~}"....r..s.|
- unnamed
- 1
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 646144 | EXE | 12/07/2012 01:54:37 | # |
| 15c1 | 15 | HTM | # | |
| 20878 | 66560 | PNG | (256 x 256) | # |
| 5de30 | 66560 | PNG | (256 x 256) | # |
| 9dc00 | 5552 | PKCS7 | Authenticode Signature | # |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] ignoring invalid PEdump::BITMAPINFOHEADER