OverwolfInstaller.exe

info
MZ
PE
resources
imports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	OverwolfInstaller.exe
size	993208 (0xf27b8)
md5	ade427e18bdd878a4c43efe8c11c1077

type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x5266924c
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x102
Magic	0x10b
LinkerVersion	8.0
SizeOfCode	0xea400
SizeOfInitializedData	0x6e00
SizeOfUninitializedData	0
AddressOfEntryPoint	0xec282
BaseOfCode	0x2000
BaseOfData	0xee000
ImageBase	0x400000
SectionAlignment	0x2000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0xf8000
SizeOfHeaders	0x200
CheckSum	0xfe22e
Subsystem	2
DllCharacteristics	0x8540
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C# v7.0 / Basic .NET

Sections

name	va	vsize	raw size	flags
.text	0x2000	0xea340	0xea400	R-X CODE
.rsrc	0xee000	0x6bf1	0x6c00	R-- IDATA
.reloc	0xf6000	0xc	0x200	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xec234	0x4c
RESOURCE	0xee000	0x6bf1
EXCEPTION	0	0
SECURITY	0xf1400	0x13b8
BASERELOC	0xf6000	0xc
DEBUG	0xec298	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0xec290	8
Delay_IAT	0	0
CLR_Header	0x2000	0x48

show previews

type	name	size
ICON	#2	8624
ICON	#3	1128
ICON	#4	4264
ICON	#5	9640
GROUP_ICON	#32512	62
VERSION	#1	852
MANIFEST	#1	2615

module_name	hint	ord	function_name
mscoree.dll			_CorExeMain

VS_FIXEDFILEINFO

dwSignature	0xfeef
FileVersion	30516.1.32.5043
ProductVersion	30516.1.63.5043
StrucVersion	0x200001
FileFlagsMask	0
FileFlags	0x40000
FileOS	0x10000
FileType	0
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2

serial: 02E4635116A814330262E360005D60EB

Certificates (3)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
        Validity
            Not Before: May 10 00:00:00 2010 GMT
            Not After : May 10 23:59:59 2015 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Time Stamping Signer
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:35:a0:36:70:22:81:11:c3:b2:83:b9:d3:28:
                    c6:36:cd:25:6b:a9:7b:b2:1c:f6:9b:51:9c:ef:35:
                    f4:ed:08:8e:5e:38:08:f8:77:3c:0a:42:e0:f3:70:
                    dc:a3:d7:ca:f5:4c:0b:cf:ff:22:9c:0a:7e:68:d6:
                    09:a2:2a:84:7b:a6:9d:b4:a9:c1:33:e2:ef:1f:17:
                    48:ca:3a:cd:46:e6:c5:aa:77:bd:e3:77:9a:fa:47:
                    53:40:28:59:43:93:f1:a4:81:ea:ef:80:b5:4f:a7:
                    08:ce:ba:6e:bc:ca:76:0c:97:64:59:86:24:bb:3d:
                    82:90:a8:55:b1:92:d3:a0:a7:05:ac:9f:53:25:08:
                    10:47:99:cd:98:de:68:e5:b4:50:78:a3:af:01:cc:
                    59:43:58:e4:76:6e:7e:ac:c7:e2:9e:1f:4f:b0:47:
                    2d:c8:0c:a3:49:27:80:75:8c:bb:06:91:65:0f:90:
                    9b:f4:ba:d1:81:c8:5c:6a:ec:14:e9:25:09:bf:23:
                    16:f4:95:46:40:40:21:bb:83:96:fd:86:1f:7a:c8:
                    0d:10:8e:a2:f8:19:07:58:7f:9f:bd:37:02:60:f2:
                    a4:e9:9d:44:3f:30:05:e4:a7:70:99:51:9a:e8:17:
                    f1:55:ca:b2:61:89:65:46:a7:6a:f2:58:46:7e:aa:
                    a0:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8

            X509v3 Subject Key Identifier: 
                2E:2D:B0:0A:44:4A:D3:87:C0:02:07:CE:97:7D:50:62:20:FD:0F:83
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: critical
                Time Stamping
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl

            Authority Information Access: 
                OCSP - URI:http://ocsp.usertrust.com

    Signature Algorithm: sha1WithRSAEncryption
         c8:fb:63:f8:0b:75:75:2c:3a:f1:f2:13:a7:2d:b6:a3:1a:9c:
         ad:01:07:d3:34:8e:77:e0:c2:6e:ae:02:5d:48:4f:a4:d2:21:
         b6:36:fd:2a:35:43:7c:6b:df:80:87:0b:15:f0:76:32:00:b4:
         ce:b5:67:a4:2f:2f:20:1b:9c:54:9e:83:3f:1f:5f:14:95:62:
         82:0f:22:41:22:1f:70:b3:f3:f7:42:de:6c:51:cd:4b:f8:21:
         ac:9b:3b:8c:b1:e5:e6:28:8f:ce:2a:8a:f9:aa:52:4d:8c:5b:
         77:ba:4d:5a:58:db:bb:6a:04:cc:52:1e:9d:e2:28:37:0e:bb:
         e7:0e:91:c7:f8:db:f1:81:98:eb:cd:37:b3:0e:ab:65:d3:62:
         ec:3a:a5:76:eb:13:a8:35:93:c9:2e:0a:01:ec:c0:e8:cc:3d:
         7e:b6:eb:e2:c1:ec:d3:14:92:82:66:87:50:dc:fd:50:97:ac:
         b3:4a:76:73:06:c4:86:11:3a:b3:5f:43:04:52:6f:ea:b3:d0:
         74:36:4c:ca:f1:1b:79:84:37:70:63:ad:74:b9:aa:0e:f3:98:
         b0:86:08:eb:db:e0:1f:8c:10:f2:39:64:9b:ae:4f:0a:2c:92:
         8a:4f:18:b5:91:e5:8d:1a:93:5f:1f:ae:f1:a6:f0:2e:97:d0:
         d2:f6:2b:3c

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
        Validity
            Not Before: Aug 24 00:00:00 2011 GMT
            Not After : May 30 10:48:38 2020 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Code Signing CA 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f8:e7:a7:e8:f1:97:28:40:68:80:37:d2:c8:
                    3f:8e:92:8a:92:37:87:47:80:ea:4c:99:cf:6e:f9:
                    15:47:bd:ee:75:f4:44:ac:d0:c3:d4:4d:f7:19:c0:
                    d3:3c:4d:c1:47:b9:59:65:16:93:8c:d9:0a:84:9b:
                    9f:e8:f6:6a:63:58:fe:5f:dc:d1:7f:4b:51:9f:00:
                    1c:00:87:54:20:07:57:a0:82:c9:2f:98:af:33:8a:
                    bb:7b:80:22:25:6a:6c:af:c2:2c:6c:79:13:bd:a3:
                    2a:48:d6:b5:8e:61:55:e9:6b:e8:3d:80:bf:14:03:
                    85:18:8e:7e:4c:e9:c2:19:88:73:92:72:cd:fa:ff:
                    50:4d:cb:2c:a6:7b:1a:73:b1:00:90:2c:d9:32:e2:
                    fb:fd:ac:95:42:36:ec:34:c5:13:53:68:b2:c1:9f:
                    40:9f:da:7b:c8:9d:62:6c:93:a2:42:d7:79:9f:97:
                    4f:31:5b:50:21:a1:ab:af:d9:1c:b2:ce:75:be:5b:
                    2c:56:00:24:8d:11:c1:75:1f:f0:fe:d2:95:fe:f0:
                    e1:31:23:18:67:c0:5b:13:fd:5a:98:94:94:ff:ff:
                    59:02:1f:00:ac:e6:f1:f2:fa:3a:73:b3:1d:42:fc:
                    54:75:cf:51:31:2f:e3:db:81:d9:77:23:2a:4f:59:
                    ce:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8

            X509v3 Subject Key Identifier: 
                1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.usertrust.com/UTNAddTrustObject_CA.crt
                OCSP - URI:http://ocsp.usertrust.com

    Signature Algorithm: sha1WithRSAEncryption
         95:89:77:93:68:01:5e:7c:d9:2d:37:07:90:5d:5a:42:5e:0c:
         64:b4:36:b5:0f:f6:ab:d5:39:27:de:22:46:a4:49:1c:66:4b:
         46:19:59:2e:79:49:03:f6:9c:92:df:6d:50:35:5c:0c:91:2e:
         60:03:59:d0:f1:64:f7:69:09:f6:7e:fe:eb:34:b3:6d:b1:bf:
         66:9c:a3:ba:31:78:b9:87:35:61:3d:92:31:1b:ef:f4:e8:9e:
         d6:ac:45:fa:0c:36:3c:80:67:bb:bd:ef:2e:c2:90:e1:3d:71:
         2f:3b:c1:b0:58:7e:45:c3:52:71:03:07:f6:f3:39:4d:8b:36:
         21:1b:01:df:d9:da:5e:2b:eb:0e:97:80:1e:44:1c:50:88:f5:
         c6:12:33:4a:a8:4d:a5:8d:2f:94:0c:7b:c6:bf:9a:2c:c3:32:
         cd:bd:8c:27:26:f0:e1:30:03:50:06:82:bc:f4:3b:b3:83:75:
         06:c6:ef:ba:ee:d3:80:f8:52:c6:ac:cb:79:f2:38:9e:7b:b0:
         92:58:42:91:05:c8:96:21:ad:b9:4b:16:81:14:69:f1:37:b0:
         fe:34:f7:dc:b0:df:97:f5:43:10:9b:76:8f:b4:65:f5:e8:9f:
         13:b7:1e:ac:6f:c4:69:8a:5f:ba:3c:61:7e:5e:49:86:23:13:
         2e:af:15:48

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:e4:63:51:16:a8:14:33:02:62:e3:60:00:5d:60:eb
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Code Signing CA 2
        Validity
            Not Before: Dec 26 00:00:00 2011 GMT
            Not After : Feb 10 23:59:59 2014 GMT
        Subject: C=IL/postalCode=51200, ST=Tel Aviv, L=Bnei Berak/street=Halechi 27 st., O=Overwolf Ltd, CN=Overwolf Ltd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:88:5b:51:a8:f4:dc:55:64:fb:0b:33:97:e5:
                    da:95:cf:5a:03:e8:16:e3:2d:fd:79:7a:a4:1a:5d:
                    4f:11:0f:e9:94:26:9f:ea:2e:44:56:5c:b3:71:d4:
                    6d:50:c8:be:8a:b7:ed:03:f6:3d:a7:05:e7:11:bd:
                    0c:e8:0f:05:dc:22:24:b7:02:02:b2:a2:5e:94:f5:
                    61:a9:2c:1e:0d:ce:ed:35:30:b9:9c:36:2c:66:77:
                    9a:d8:5d:05:7e:18:3c:fa:5e:96:5a:91:6e:4d:39:
                    26:93:cc:80:63:f1:a8:42:49:b8:12:50:00:d6:fa:
                    66:0e:a0:46:95:f6:b6:22:f1:76:90:85:ef:cc:21:
                    e5:df:ed:4c:10:63:96:33:03:1b:37:af:b3:51:0d:
                    d1:6a:15:d8:67:f5:6a:e0:e3:91:da:fd:e0:d7:42:
                    f4:7b:ba:e8:a9:0f:dd:49:b3:57:df:63:79:3e:b5:
                    b7:98:d0:82:3f:0b:51:f9:97:e8:28:6f:4d:ac:df:
                    4e:e2:d3:f7:73:47:7e:84:a1:8b:b8:05:f3:09:c8:
                    7c:7a:15:c7:c4:41:e9:29:a1:70:0e:8c:0a:ca:45:
                    aa:5c:98:a2:15:2b:ee:9a:a5:3b:38:a2:45:89:3c:
                    ca:98:2c:30:b9:f5:75:8a:e9:ba:c0:cb:fe:dc:f5:
                    84:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1

            X509v3 Subject Key Identifier: 
                99:32:0B:4D:A4:76:45:CD:0E:CD:DF:28:F4:A1:E1:7F:B3:C5:FD:3C
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                Code Signing
            Netscape Cert Type: 
                Object Signing
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.1.3.2
                  CPS: https://secure.comodo.net/CPS

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/COMODOCodeSigningCA2.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca.com/COMODOCodeSigningCA2.crt
                OCSP - URI:http://ocsp.comodoca.com

    Signature Algorithm: sha1WithRSAEncryption
         0e:f9:0f:b2:e1:5d:92:17:62:dc:62:49:55:c7:b0:7c:c8:d3:
         36:ca:9b:84:d6:57:00:d6:f0:31:9c:5e:46:54:33:28:4c:e4:
         93:04:08:33:6a:a0:d9:d2:b0:46:de:10:40:24:1d:9e:db:e1:
         ab:67:2b:f4:69:45:5f:b3:de:d6:f1:3f:22:2b:b6:10:17:d7:
         c4:82:5e:3e:a8:62:15:42:bb:67:1e:b5:10:58:3d:8c:4e:37:
         ec:48:5a:f2:ed:0b:52:28:87:05:d2:73:77:7c:fa:a5:da:7f:
         51:ca:88:95:4b:1f:37:d4:16:68:8f:db:c9:1a:06:1e:7b:5d:
         54:df:00:e2:dc:28:9f:99:15:5d:d5:89:a9:b3:62:e4:c9:25:
         97:b4:4b:ed:a4:14:65:e4:f0:23:8f:63:6d:ba:a4:e7:b3:07:
         c7:2c:8d:73:06:bf:9e:c4:e5:4a:55:ed:a7:b4:c3:44:eb:36:
         a2:8e:ae:90:6a:8d:fe:36:6b:cf:d6:fd:77:f7:a4:c1:8c:d9:
         45:d9:52:f7:f8:2b:fe:05:6f:3c:ea:f5:0e:27:8d:6e:cf:cf:
         38:22:63:6f:16:03:09:ae:ec:13:f6:87:ad:1c:8a:94:31:d7:
         24:cd:c8:0d:87:bd:88:fb:16:7e:aa:94:8c:ab:6a:b7:25:5b:
         f5:68:0a:5d

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

d4 92 ca 58 43 ff 0b f7 f6 fd 37 58 d0 80 8e 4d |...XC.....7X...M| 3f 8a ca 88 |?... |

Certificates
- Certificate #0
  - 2
    - 47:8A:8E:FB:59:E1:D8:3F:0C:E1:42:D2:A2:87:07:BE
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - ST: UT
      - L: Salt Lake City
      - O: The USERTRUST Network
      - OU: http://www.usertrust.com
      - CN: UTN-USERFirst-Object
    - 2010-05-10 00:00:00 UTC: 2015-05-10 23:59:59 UTC
    - Subject
      - C: GB
      - ST: Greater Manchester
      - L: Salford
      - O: COMODO CA Limited
      - CN: COMODO Time Stamping Signer
    - #5
      - rsaEncryption: nil
      - BC:35:A0:36:70:22:81:11:C3:B2:83:B9:D3:28:C6:36:
        CD:25:6B:A9:7B:B2:1C:F6:9B:51:9C:EF:35:F4:ED:08:
        8E:5E:38:08:F8:77:3C:0A:42:E0:F3:70:DC:A3:D7:CA:
        F5:4C:0B:CF:FF:22:9C:0A:7E:68:D6:09:A2:2A:84:7B:
        A6:9D:B4:A9:C1:33:E2:EF:1F:17:48:CA:3A:CD:46:E6:
        C5:AA:77:BD:E3:77:9A:FA:47:53:40:28:59:43:93:F1:
        A4:81:EA:EF:80:B5:4F:A7:08:CE:BA:6E:BC:CA:76:0C:
        97:64:59:86:24:BB:3D:82:90:A8:55:B1:92:D3:A0:A7:
        05:AC:9F:53:25:08:10:47:99:CD:98:DE:68:E5:B4:50:
        78:A3:AF:01:CC:59:43:58:E4:76:6E:7E:AC:C7:E2:9E:
        1F:4F:B0:47:2D:C8:0C:A3:49:27:80:75:8C:BB:06:91:
        65:0F:90:9B:F4:BA:D1:81:C8:5C:6A:EC:14:E9:25:09:
        BF:23:16:F4:95:46:40:40:21:BB:83:96:FD:86:1F:7A:
        C8:0D:10:8E:A2:F8:19:07:58:7F:9F:BD:37:02:60:F2:
        A4:E9:9D:44:3F:30:05:E4:A7:70:99:51:9A:E8:17:F1:
        55:CA:B2:61:89:65:46:A7:6A:F2:58:46:7E:AA:A0:07: 0x010001
    - #6
      - authorityKeyIdentifier:
        da ed 64 74 14 9c 14 3c ab dd 99 a9 bd 5b 28 4d |..dt...<.....[(M| 8b 3c c9 d8 |.<.. |
      - subjectKeyIdentifier:
        2e 2d b0 0a 44 4a d3 87 c0 02 07 ce 97 7d 50 62 |.-..DJ.......}Pb| 20 fd 0f 83 | ... |
      - keyUsage: true, 0xc0
      - basicConstraints
        true
        nil
      - extendedKeyUsage: true, timeStamping
      - crlDistributionPoints: http://crl.usertrust.com/UTN-USERFirst-Object.crl
      - authorityInfoAccess
        OCSP: http://ocsp.usertrust.com
  - RSA-SHA1:
```
c8 fb 63 f8 0b 75 75 2c  3a f1 f2 13 a7 2d b6 a3  |..c..uu,:....-..|
1a 9c ad 01 07 d3 34 8e  77 e0 c2 6e ae 02 5d 48  |......4.w..n..]H|
4f a4 d2 21 b6 36 fd 2a  35 43 7c 6b df 80 87 0b  |O..!.6.*5C|k....|
15 f0 76 32 00 b4 ce b5  67 a4 2f 2f 20 1b 9c 54  |..v2....g.// ..T|
9e 83 3f 1f 5f 14 95 62  82 0f 22 41 22 1f 70 b3  |..?._..b.."A".p.|
f3 f7 42 de 6c 51 cd 4b  f8 21 ac 9b 3b 8c b1 e5  |..B.lQ.K.!..;...|
e6 28 8f ce 2a 8a f9 aa  52 4d 8c 5b 77 ba 4d 5a  |.(..*...RM.[w.MZ|
58 db bb 6a 04 cc 52 1e  9d e2 28 37 0e bb e7 0e  |X..j..R...(7....|
91 c7 f8 db f1 81 98 eb  cd 37 b3 0e ab 65 d3 62  |.........7...e.b|
ec 3a a5 76 eb 13 a8 35  93 c9 2e 0a 01 ec c0 e8  |.:.v...5........|
cc 3d 7e b6 eb e2 c1 ec  d3 14 92 82 66 87 50 dc  |.=~.........f.P.|
fd 50 97 ac b3 4a 76 73  06 c4 86 11 3a b3 5f 43  |.P...Jvs....:._C|
04 52 6f ea b3 d0 74 36  4c ca f1 1b 79 84 37 70  |.Ro...t6L...y.7p|
63 ad 74 b9 aa 0e f3 98  b0 86 08 eb db e0 1f 8c  |c.t.............|
10 f2 39 64 9b ae 4f 0a  2c 92 8a 4f 18 b5 91 e5  |..9d..O.,..O....|
8d 1a 93 5f 1f ae f1 a6  f0 2e 97 d0 d2 f6 2b 3c  |..._..........+<|
```
- Certificate #1
  - 2
    - 10:70:9D:4F:F5:54:08:D7:30:60:01:D8:EA:91:75:BB
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - ST: UT
      - L: Salt Lake City
      - O: The USERTRUST Network
      - OU: http://www.usertrust.com
      - CN: UTN-USERFirst-Object
    - 2011-08-24 00:00:00 UTC: 2020-05-30 10:48:38 UTC
    - Subject
      - C: GB
      - ST: Greater Manchester
      - L: Salford
      - O: COMODO CA Limited
      - CN: COMODO Code Signing CA 2
    - #5
      - rsaEncryption: nil
      - CB:F8:E7:A7:E8:F1:97:28:40:68:80:37:D2:C8:3F:8E:
        92:8A:92:37:87:47:80:EA:4C:99:CF:6E:F9:15:47:BD:
        EE:75:F4:44:AC:D0:C3:D4:4D:F7:19:C0:D3:3C:4D:C1:
        47:B9:59:65:16:93:8C:D9:0A:84:9B:9F:E8:F6:6A:63:
        58:FE:5F:DC:D1:7F:4B:51:9F:00:1C:00:87:54:20:07:
        57:A0:82:C9:2F:98:AF:33:8A:BB:7B:80:22:25:6A:6C:
        AF:C2:2C:6C:79:13:BD:A3:2A:48:D6:B5:8E:61:55:E9:
        6B:E8:3D:80:BF:14:03:85:18:8E:7E:4C:E9:C2:19:88:
        73:92:72:CD:FA:FF:50:4D:CB:2C:A6:7B:1A:73:B1:00:
        90:2C:D9:32:E2:FB:FD:AC:95:42:36:EC:34:C5:13:53:
        68:B2:C1:9F:40:9F:DA:7B:C8:9D:62:6C:93:A2:42:D7:
        79:9F:97:4F:31:5B:50:21:A1:AB:AF:D9:1C:B2:CE:75:
        BE:5B:2C:56:00:24:8D:11:C1:75:1F:F0:FE:D2:95:FE:
        F0:E1:31:23:18:67:C0:5B:13:FD:5A:98:94:94:FF:FF:
        59:02:1F:00:AC:E6:F1:F2:FA:3A:73:B3:1D:42:FC:54:
        75:CF:51:31:2F:E3:DB:81:D9:77:23:2A:4F:59:CE:23: 0x010001
    - #6
      - authorityKeyIdentifier:
        da ed 64 74 14 9c 14 3c ab dd 99 a9 bd 5b 28 4d |..dt...<.....[(M| 8b 3c c9 d8 |.<.. |
      - subjectKeyIdentifier:
        1e c5 b1 2c 7d 87 da 02 68 7c 25 bc 0c 07 84 3f |...,}...h|%....?| b6 cf de f1 |.... |
      - keyUsage: true, 6
      - basicConstraints
        true
        true: 0
      - extendedKeyUsage: codeSigning
      - certificatePolicies: anyPolicy
      - crlDistributionPoints: http://crl.usertrust.com/UTN-USERFirst-Object.crl
      - authorityInfoAccess
        #0
        caIssuers: http://crt.usertrust.com/UTNAddTrustObject_CA.crt
        OCSP: http://ocsp.usertrust.com
  - RSA-SHA1:
```
95 89 77 93 68 01 5e 7c  d9 2d 37 07 90 5d 5a 42  |..w.h.^|.-7..]ZB|
5e 0c 64 b4 36 b5 0f f6  ab d5 39 27 de 22 46 a4  |^.d.6.....9'."F.|
49 1c 66 4b 46 19 59 2e  79 49 03 f6 9c 92 df 6d  |I.fKF.Y.yI.....m|
50 35 5c 0c 91 2e 60 03  59 d0 f1 64 f7 69 09 f6  |P5\...`.Y..d.i..|
7e fe eb 34 b3 6d b1 bf  66 9c a3 ba 31 78 b9 87  |~..4.m..f...1x..|
35 61 3d 92 31 1b ef f4  e8 9e d6 ac 45 fa 0c 36  |5a=.1.......E..6|
3c 80 67 bb bd ef 2e c2  90 e1 3d 71 2f 3b c1 b0  |<.g.......=q/;..|
58 7e 45 c3 52 71 03 07  f6 f3 39 4d 8b 36 21 1b  |X~E.Rq....9M.6!.|
01 df d9 da 5e 2b eb 0e  97 80 1e 44 1c 50 88 f5  |....^+.....D.P..|
c6 12 33 4a a8 4d a5 8d  2f 94 0c 7b c6 bf 9a 2c  |..3J.M../..{...,|
c3 32 cd bd 8c 27 26 f0  e1 30 03 50 06 82 bc f4  |.2...'&..0.P....|
3b b3 83 75 06 c6 ef ba  ee d3 80 f8 52 c6 ac cb  |;..u........R...|
79 f2 38 9e 7b b0 92 58  42 91 05 c8 96 21 ad b9  |y.8.{..XB....!..|
4b 16 81 14 69 f1 37 b0  fe 34 f7 dc b0 df 97 f5  |K...i.7..4......|
43 10 9b 76 8f b4 65 f5  e8 9f 13 b7 1e ac 6f c4  |C..v..e.......o.|
69 8a 5f ba 3c 61 7e 5e  49 86 23 13 2e af 15 48  |i._.
```
- Certificate #2
  - 2
    - 02:E4:63:51:16:A8:14:33:02:62:E3:60:00:5D:60:EB
    - RSA-SHA1: nil
    - Issuer
      - C: GB
      - ST: Greater Manchester
      - L: Salford
      - O: COMODO CA Limited
      - CN: COMODO Code Signing CA 2
    - 2011-12-26 00:00:00 UTC: 2014-02-10 23:59:59 UTC
    - Subject
      - C: IL
      - postalCode: 51200
      - ST: Tel Aviv
      - L: Bnei Berak
      - street: Halechi 27 st.
      - O: Overwolf Ltd
      - CN: Overwolf Ltd
    - #5
      - rsaEncryption: nil
      - F0:88:5B:51:A8:F4:DC:55:64:FB:0B:33:97:E5:DA:95:
        CF:5A:03:E8:16:E3:2D:FD:79:7A:A4:1A:5D:4F:11:0F:
        E9:94:26:9F:EA:2E:44:56:5C:B3:71:D4:6D:50:C8:BE:
        8A:B7:ED:03:F6:3D:A7:05:E7:11:BD:0C:E8:0F:05:DC:
        22:24:B7:02:02:B2:A2:5E:94:F5:61:A9:2C:1E:0D:CE:
        ED:35:30:B9:9C:36:2C:66:77:9A:D8:5D:05:7E:18:3C:
        FA:5E:96:5A:91:6E:4D:39:26:93:CC:80:63:F1:A8:42:
        49:B8:12:50:00:D6:FA:66:0E:A0:46:95:F6:B6:22:F1:
        76:90:85:EF:CC:21:E5:DF:ED:4C:10:63:96:33:03:1B:
        37:AF:B3:51:0D:D1:6A:15:D8:67:F5:6A:E0:E3:91:DA:
        FD:E0:D7:42:F4:7B:BA:E8:A9:0F:DD:49:B3:57:DF:63:
        79:3E:B5:B7:98:D0:82:3F:0B:51:F9:97:E8:28:6F:4D:
        AC:DF:4E:E2:D3:F7:73:47:7E:84:A1:8B:B8:05:F3:09:
        C8:7C:7A:15:C7:C4:41:E9:29:A1:70:0E:8C:0A:CA:45:
        AA:5C:98:A2:15:2B:EE:9A:A5:3B:38:A2:45:89:3C:CA:
        98:2C:30:B9:F5:75:8A:E9:BA:C0:CB:FE:DC:F5:84:DB: 0x010001
    - #6
      - authorityKeyIdentifier:
        1e c5 b1 2c 7d 87 da 02 68 7c 25 bc 0c 07 84 3f |...,}...h|%....?| b6 cf de f1 |.... |
      - subjectKeyIdentifier:
        99 32 0b 4d a4 76 45 cd 0e cd df 28 f4 a1 e1 7f |.2.M.vE....(....| b3 c5 fd 3c |...< |
      - keyUsage: true, 0x80
      - basicConstraints
        true
        nil
      - extendedKeyUsage: codeSigning
      - nsCertType: 0x10
      - certificatePolicies
        1.3.6.1.4.1.6449.1.2.1.3.2
        id-qt-cps: https://secure.comodo.net/CPS
      - crlDistributionPoints: http://crl.comodoca.com/COMODOCodeSigningCA2.crl
      - authorityInfoAccess
        #0
        caIssuers: http://crt.comodoca.com/COMODOCodeSigningCA2.crt
        OCSP: http://ocsp.comodoca.com
  - RSA-SHA1:
```
0e f9 0f b2 e1 5d 92 17  62 dc 62 49 55 c7 b0 7c  |.....]..b.bIU..||
c8 d3 36 ca 9b 84 d6 57  00 d6 f0 31 9c 5e 46 54  |..6....W...1.^FT|
33 28 4c e4 93 04 08 33  6a a0 d9 d2 b0 46 de 10  |3(L....3j....F..|
40 24 1d 9e db e1 ab 67  2b f4 69 45 5f b3 de d6  |@$.....g+.iE_...|
f1 3f 22 2b b6 10 17 d7  c4 82 5e 3e a8 62 15 42  |.?"+......^>.b.B|
bb 67 1e b5 10 58 3d 8c  4e 37 ec 48 5a f2 ed 0b  |.g...X=.N7.HZ...|
52 28 87 05 d2 73 77 7c  fa a5 da 7f 51 ca 88 95  |R(...sw|....Q...|
4b 1f 37 d4 16 68 8f db  c9 1a 06 1e 7b 5d 54 df  |K.7..h......{]T.|
00 e2 dc 28 9f 99 15 5d  d5 89 a9 b3 62 e4 c9 25  |...(...]....b..%|
97 b4 4b ed a4 14 65 e4  f0 23 8f 63 6d ba a4 e7  |..K...e..#.cm...|
b3 07 c7 2c 8d 73 06 bf  9e c4 e5 4a 55 ed a7 b4  |...,.s.....JU...|
c3 44 eb 36 a2 8e ae 90  6a 8d fe 36 6b cf d6 fd  |.D.6....j..6k...|
77 f7 a4 c1 8c d9 45 d9  52 f7 f8 2b fe 05 6f 3c  |w.....E.R..+..o<|
ea f5 0e 27 8d 6e cf cf  38 22 63 6f 16 03 09 ae  |...'.n..8"co....|
ec 13 f6 87 ad 1c 8a 94  31 d7 24 cd c8 0d 87 bd  |........1.$.....|
88 fb 16 7e aa 94 8c ab  6a b7 25 5b f5 68 0a 5d  |...~....j.%[.h.]|
```

Signer

1
unnamed
- #0
  - C: GB
  - ST: Greater Manchester
  - L: Salford
  - O: COMODO CA Limited
  - CN: COMODO Code Signing CA 2
- 02:E4:63:51:16:A8:14:33:02:62:E3:60:00:5D:60:EB
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

41 1f ab 31 5d 67 75 73  b3 30 be 34 87 3f 58 a3  |A..1]gus.0.4.?X.|
e5 9d 19 d4                                       |....            |

rsaEncryption:

57 04 54 70 0c 10 34 7b  6a b1 e3 f2 2d 1a b5 6f  |W.Tp..4{j...-..o|
7b 8b a0 d8 ac 6a 16 c1  1a 07 b2 5e e1 f2 6f ef  |{....j.....^..o.|
3e 02 d4 be 56 4c 7f a1  f9 a4 2b 22 6a d0 28 5d  |>...VL....+"j.(]|
3a 20 c0 72 da 97 cb 4a  6b 8d b6 19 fc cb dd 67  |: .r...Jk......g|
25 9b 6a d1 ad bd 14 d1  cc 5b e8 c0 01 1c 0b da  |%.j......[......|
2d 56 77 62 ec 13 1b dd  ff 69 f9 a4 70 57 f7 8a  |-Vwb.....i..pW..|
ce 87 24 ef 51 5a 0b 93  d0 ec 3d 6c ff 6e de b9  |..$.QZ....=l.n..|
75 f5 4a ce 70 63 28 b3  79 2a 2c 5f 52 ed 34 2f  |u.J.pc(.y*,_R.4/|
74 16 a9 7a 33 26 ab 56  96 4b 3c 50 10 3c 35 a7  |t..z3&.V.K,O...|
18 60 35 8d 46 26 48 34  a5 3a 6a 98 d0 55 f1 ae  |.`5.F&H4.:j..U..|
a0 4d a9 5a e8 e0 41 2c  3c d0 36 99 09 4a 2c 63  |.M.Z..A,<.6..J,c|
25 41 94 02 82 63 cb 66  90 98 79 5e 02 58 9a 82  |%A...c.f..y^.X..|
03 22 60 fe cd 03 c9 e5  a1 ca ca 3d f3 5e 79 9f  |."`........=.^y.|

countersignature

unnamed
- #0
  - C: US
  - ST: UT
  - L: Salt Lake City
  - O: The USERTRUST Network
  - OU: http://www.usertrust.com
  - CN: UTN-USERFirst-Object
- 47:8A:8E:FB:59:E1:D8:3F:0C:E1:42:D2:A2:87:07:BE
SHA1: nil

contentType: pkcs7-data
signingTime: 2013-10-22 15:00:17 UTC

messageDigest:

d1 0d 30 b5 dc 13 e4 19  62 42 13 91 cf 6c 61 19  |..0.....bB...la.|
17 7d c5 d1                                       |.}..            |

rsaEncryption:

80 92 c8 e6 e2 02 49 5a  3a 3e d2 17 82 84 1e 0c  |......IZ:>......|
60 08 38 53 5e fb c0 d3  7c c3 6a 8e 2a 7a e2 42  |`.8S^...|.j.*z.B|
4c 6c 72 bd b1 af 3b a3  b8 91 da 8a 36 a8 c5 22  |Llr...;.....6.."|
96 14 39 46 56 ed 42 0e  3c a1 f1 05 fb 65 de e5  |..9FV.B.<....e..|
90 fa 53 e7 c6 1c d9 2a  47 6a 69 1c 21 a8 27 70  |..S....*Gji.!.'p|
95 f8 1b 1f 1c 0b ac 4b  f1 ab 32 8e fd 3f 04 c4  |.......K..2..?..|
5b 00 93 1f a4 15 de ab  6c df 22 e6 4e 0c 02 02  |[.......l.".N...|
40 e6 f6 3a ea 0b 1f 20  bd 51 1c 59 e5 4c b9 f7  |@..:... .Q.Y.L..|
d1 e9 a1 ca 36 27 f5 b9  77 06 78 5e f2 cf 49 11  |....6'..w.x^..I.|
e1 05 77 95 30 a7 f9 25  34 7e 70 68 02 90 20 f4  |..w.0..%4~ph.. .|
38 a4 11 a5 0f 16 42 7d  e5 5c c8 14 8f b0 ce e2  |8.....B}.\......|
1d bc 40 e1 01 b3 04 36  18 14 31 6e 86 bc fb 98  |..@....6..1n....|
f8 62 25 d0 be 14 b3 61  eb 8f 5d db 78 73 4b ea  |.b%....a..].xsK.|
d7 48 24 1f fe 73 e7 b0  a7 76 e4 77 a0 9b 1e b3  |.H$..s...v.w....|
47 b0 49 2c 46 bb 98 f0  ec 1a 6b 7f 13 47 f7 73  |G.I,F.....k..G.s|
cb cd af dd 87 bf a8 28  00 3c 50 82 84 b1 3c 62  |.......(.

show previews

offset	size	type	comment
0	988160	EXE	10/22/2013 14:57:16	#
15c1	15	HTM		#
39c8a	1033	PNG	(15 x 15)	#
3a136	2227	PNG	(320 x 56)	#
3aa8c	990	PNG	(320 x 4)	#
3af0d	1039	PNG	(16 x 16)	#
3b3bf	594	PNG	(16 x 16)	#
4e784	8624	PNG	(256 x 256)	#
5807e	12027	JPG		#
5b01c	12399	JPG		#
5e12e	7210	PNG	(510 x 287)	#
5fdfb	6512	PNG	(510 x 287)	#
6180e	7164	PNG	(510 x 287)	#
634ad	6776	PNG	(510 x 287)	#
64fc8	6771	PNG	(510 x 287)	#
66ade	6627	PNG	(510 x 287)	#
68564	6156	PNG	(510 x 287)	#
69e13	6745	PNG	(510 x 287)	#
6b90f	7179	PNG	(510 x 287)	#
6d5bd	7113	PNG	(510 x 287)	#
ea760	8624	PNG	(256 x 256)	#
f1400	5048	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[?] invalid VS_VERSIONINFO child type "a\x00r\x00F\x00"