| filename | Setup.exe | |
|---|---|---|
| size | 3294328 (0x324478) | |
| md5 | 293a6ec59c28eb50b1530348ec87c172 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x108 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 171 | 30319 | 4 |
| 152 | 20115 | 3 |
| 132 | 30729 | 1 |
| 131 | 30729 | 15 |
| 158 | 40219 | 45 |
| 147 | 30729 | 37 |
| 1 | 0 | 795 |
| 170 | 40219 | 170 |
| 171 | 40219 | 411 |
| 154 | 40219 | 1 |
| 157 | 40219 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0x19618a | 0x216 | |
| RESOURCE | 0x189000 | 0xc5c0 | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0x323000 | 0x1478 | |
| BASERELOC | 0 | 0 | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0 | 0 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0 | 0 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.dll | GetCommandLineA | ||
| KERNEL32.dll | GetModuleHandleA | ||
| KERNEL32.dll | lstrcmpiA | ||
| USER32.dll | MessageBoxA | ||
| IMM32.dll | ImmSetCompositionWindow | ||
| GDI32.dll | UnrealizeObject | ||
| ole32.dll | CreateStreamOnHGlobal | ||
| ADVAPI32.dll | RegQueryValueExA | ||
| VERSION.dll | VerQueryValueA |
VS_FIXEDFILEINFO
| dwSignature | 0xfeef |
| FileVersion | 16.2.0.1 |
| ProductVersion | 0.2.63.1 |
| StrucVersion | 1 |
| FileFlagsMask | 0 |
| FileFlags | 0x40000 |
| FileOS | 4 |
| FileType | 0 |
| FileSubtype | 0 |
Signers (1)
issuer: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2
serial: 03210A27BF81D359C5333208DDA8F10D
Certificates (4)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
Validity
Not Before: May 1 00:00:00 2012 GMT
Not After : Dec 31 23:59:59 2012 GMT
Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer - G3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Modulus:
00:a9:59:66:74:da:3d:8a:7d:7a:d8:fc:f5:80:44:
7b:fe:47:6a:14:55:4e:50:47:0b:ec:d3:ed:ce:f6:
38:f7:4f:69:b9:b1:f0:b6:78:82:0a:8c:76:16:67:
e2:02:ad:b7:0d:a5:8a:f6:03:fc:66:d3:fc:08:2d:
cc:b5:73:59:7b:89:dc:33:6e:66:5a:5e:52:37:b4:
62:d1:92:59:35:14:8b:45:ac:59:b2:4d:24:a2:98:
94:68:42:72:9f:3a:68:e2:6b:8b:9e:22:2d:f4:98:
4e:9a:c6:af:b3:e4:a0:ab:3c:28:bf:23:e1:d7:72:
a4:f2:10:53:67:ae:77:af:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/tss-ca.crl
X509v3 Extended Key Usage: critical
Time Stamping
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Subject Alternative Name:
DirName:/CN=TSA1-3
X509v3 Subject Key Identifier:
B4:B7:F1:89:49:26:60:E7:65:EA:73:AE:DC:D3:38:CD:BF:57:92:6F
Signature Algorithm: sha1WithRSAEncryption
1e:98:aa:27:b7:78:b5:08:b5:c9:72:6d:b7:df:c0:0e:98:a6:
35:c4:88:c9:d2:f6:6d:f1:4b:1a:fb:d5:f9:2d:99:00:9e:d1:
e7:9b:8b:e1:3f:bd:39:80:0c:66:cd:07:bc:5c:98:54:a6:94:
ba:10:d1:4e:8b:ab:f5:6f:65:cc:67:09:a2:80:7c:52:e8:0e:
03:d6:6b:7a:c6:05:18:ec:c8:ac:42:7c:07:2c:a7:3d:08:66:
dc:00:ed:fd:94:1d:73:f2:72:98:93:b1:11:d6:8f:ef:8e:ea:
ac:f4:96:51:0c:d0:8d:df:31:52:4f:5e:af:7d:a7:4a:75:e6:
4e:ce:2b:9f:29:2b:e7:cf:5d:9f:03:7e:6e:27:7b:23:ad:62:
29:66:af:92:e8:2c:ce:bd:9c:7f:dc:cd:17:3c:43:c2:09:3f:
75:45:c7:9e:e4:d7:60:7f:97:c6:e4:aa:c7:69:f5:fc:cd:74:
ac:2c:b0:48:c1:50:4e:70:56:1e:b5:35:d3:8e:be:b1:ed:ac:
bd:fe:0c:ec:85:7d:d5:bb:85:66:44:19:5d:9f:93:eb:82:ba:
63:9e:d3:7c:61:ff:c8:1b:d9:23:58:7f:30:a3:66:a1:39:26:
5e:92:c3:3c:cb:37:32:fa:f5:a3:8d:dc:d5:b0:a3:e9:25:36:
55:d7:81:faCertificate:
Data:
Version: 3 (0x2)
Serial Number:
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
Validity
Not Before: Dec 4 00:00:00 2003 GMT
Not After : Dec 3 23:59:59 2013 GMT
Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75:
f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da:
bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36:
9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af:
0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6:
d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6:
1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9:
0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99:
81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33:
95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a:
c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26:
87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe:
c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78:
ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a:
5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f:
f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee:
ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87:
c1:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/ThawteTimestampingCA.crl
X509v3 Extended Key Usage:
Time Stamping
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
DirName:/CN=TSA2048-1-53
Signature Algorithm: sha1WithRSAEncryption
4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01:
d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7:
04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62:
15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00:
fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce:
e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4:
c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7:
3f:4aCertificate:
Data:
Version: 3 (0x2)
Serial Number:
03:21:0a:27:bf:81:d3:59:c5:33:32:08:dd:a8:f1:0d
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA - G2
Validity
Not Before: Aug 12 00:00:00 2011 GMT
Not After : Aug 11 23:59:59 2013 GMT
Subject: C=RU, ST=Moscow region, L=Dubna, O=Softdeluxe, CN=Softdeluxe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:3f:05:ef:8a:59:65:a3:3e:91:62:ad:03:02:
b1:3e:67:3e:8f:ac:15:12:12:a0:42:d7:fc:da:12:
87:a5:1b:33:0f:9c:6b:a7:09:cb:84:47:da:cb:74:
0a:d4:66:ce:74:fa:6b:cc:6e:a7:fa:1f:74:31:8b:
75:24:23:80:bb:dd:c0:66:f1:89:a3:ef:3c:1f:06:
e9:37:fe:1f:29:5b:99:f0:8c:0d:dc:b8:91:01:0b:
4c:9a:76:81:a9:18:a6:99:b3:76:d7:47:f4:05:57:
87:e8:80:00:54:2b:b6:0c:45:9e:c4:91:8d:01:e6:
4a:a5:36:c6:bf:73:08:c4:2d:de:fa:4f:0a:15:55:
c4:9e:41:1a:89:be:60:43:69:42:b4:30:03:27:dd:
91:bb:fb:ea:25:48:b6:96:0d:0a:31:a7:86:98:d9:
a7:a1:e1:1d:c6:38:c4:45:9a:ba:a2:b0:86:b6:94:
32:51:01:d7:52:14:41:15:f2:72:4a:cd:27:29:41:
10:30:2b:11:d7:58:e7:96:ed:2f:cb:5a:aa:d6:35:
f7:bd:f6:5f:9f:ba:d3:b2:b1:e4:f1:57:33:c4:a0:
ea:cd:6e:69:4a:04:2b:8c:b6:cb:6e:62:46:80:65:
31:e8:e0:95:f7:08:4e:8e:4b:5d:f5:70:a1:70:61:
5e:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://cs-g2-crl.thawte.com/ThawteCSG2.crl
X509v3 Extended Key Usage:
Code Signing, Microsoft Commercial Code Signing
2.5.29.4:
0.0.0..
+.....7.......
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
Netscape Cert Type:
Object Signing
Signature Algorithm: sha1WithRSAEncryption
54:ca:6a:c7:85:71:71:d1:3f:c9:64:38:b7:e5:55:fe:cd:6b:
7e:ee:aa:7a:e9:f5:79:72:54:1e:07:99:b8:8c:b6:e3:a4:64:
e1:fd:d9:ac:fc:67:cb:5b:a9:c7:b7:b0:94:62:ba:e6:f9:4c:
6c:71:6b:b2:75:50:a4:45:fc:66:9f:a9:b4:47:30:b9:8e:3b:
38:ae:1f:7c:2b:a7:3b:76:1b:aa:39:c2:63:e4:89:43:2b:dd:
91:92:eb:6b:55:fe:60:79:ec:be:d0:ab:be:71:8a:85:12:7c:
c0:63:52:89:6d:f4:99:54:f4:ff:5f:67:35:0d:ec:50:19:9f:
98:5f:91:0f:5e:4a:b7:60:9c:06:2d:7c:96:77:14:b8:5d:e3:
60:4d:24:c9:6d:b7:0c:71:f5:7e:87:50:dc:37:d3:52:85:fc:
b2:ec:d3:af:f9:f1:83:ee:e1:2a:28:c1:72:51:0b:ca:5b:ed:
cd:57:93:54:ac:a1:f2:c9:02:ec:19:b2:37:5d:cc:b6:69:90:
22:ca:64:b2:30:dc:10:35:f6:24:6d:a1:7e:4f:5f:ab:8d:bd:
4a:6b:72:20:9f:7d:90:5e:4b:2a:95:65:ec:49:48:fc:b7:03:
d8:90:1d:a8:fc:eb:03:6c:f7:4d:5f:57:ad:e7:b7:bc:c6:f6:
fb:2f:bc:efCertificate:
Data:
Version: 3 (0x2)
Serial Number:
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
Validity
Not Before: Feb 8 00:00:00 2010 GMT
Not After : Feb 7 23:59:59 2020 GMT
Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA - G2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:8b:cf:75:5b:9f:25:da:7e:39:b0:93:db:38:
d3:a9:23:d0:82:fa:e9:24:7e:5c:0b:8e:83:f8:e6:
7a:59:e6:a3:c5:98:a7:99:d2:44:ff:00:a6:a5:39:
04:8a:da:29:88:ea:db:a2:f3:1c:99:15:26:c2:b1:
f4:fc:e1:0c:47:a9:09:11:06:0a:20:92:b9:c7:a0:
04:8c:5c:94:19:ab:5b:25:2c:1d:62:7e:70:0d:ce:
61:6c:dd:2b:82:c9:ce:5d:48:5f:f7:c2:be:bc:41:
23:1e:4f:29:5d:d7:4f:bc:f4:c5:2a:fc:63:e6:7c:
26:4e:99:a7:79:41:9e:10:4a:7a:79:c9:c6:86:f7:
86:95:d2:26:ce:3c:18:2a:d6:7c:ce:af:cd:ad:bb:
f7:82:2c:70:26:37:45:e5:0f:47:22:c6:01:28:bd:
2e:83:5c:6a:a4:47:c1:e7:d0:d8:6b:81:46:3f:21:
17:f5:07:c5:43:5a:a6:67:2c:b8:7b:60:11:b5:83:
ee:f5:74:0a:72:71:44:3d:58:fe:e8:1a:ab:38:c3:
59:db:7f:6e:38:7d:76:c7:72:69:98:36:96:57:d3:
66:1c:d2:54:91:04:2e:54:19:b0:dc:3d:b5:22:5e:
86:d5:2a:7e:20:df:5d:e6:7a:b1:65:fe:c5:02:4e:
31:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.thawte.com/ThawtePCA.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
X509v3 Extended Key Usage:
TLS Web Client Authentication, Code Signing
X509v3 Subject Alternative Name:
DirName:/CN=VeriSignMPKI-2-10
X509v3 Subject Key Identifier:
D4:0D:65:3F:7A:BD:34:C6:FE:47:E7:4C:0D:C0:BD:F2:DE:15:AB:71
X509v3 Authority Key Identifier:
keyid:7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50
Signature Algorithm: sha1WithRSAEncryption
56:fe:53:5c:e1:c7:9e:bc:a7:ed:7e:53:6d:6a:14:4b:51:8c:
40:5e:80:5f:aa:a4:e8:2f:ef:38:c8:04:c9:ca:3e:cf:df:3a:
58:4e:b0:d4:b6:63:c5:29:57:fa:02:05:9a:45:4d:68:db:2a:
1b:d4:34:3d:9f:00:c3:5a:cb:95:49:a5:6e:e1:b0:c5:fc:41:
4d:41:4a:6f:d3:77:c8:d7:38:8d:e4:19:de:18:f3:1f:15:65:
83:6d:45:0c:53:f9:0a:9a:2e:a5:5d:bf:6f:32:81:18:92:19:
6a:55:00:ad:63:1c:52:06:7e:55:d9:29:68:ae:4a:7c:18:9a:
79:88:6b:23:23:d8:27:38:2a:29:87:76:ca:fb:c7:b6:62:23:
1f:ed:7a:56:4c:dd:9c:32:5b:f5:3d:0c:46:18:95:3b:2a:23:
68:83:64:41:d9:00:6d:0f:19:24:15:68:72:bd:c5:71:67:6e:
ac:4c:db:90:eb:51:a5:1a:62:07:d0:be:6a:00:47:3c:72:2f:
ec:4f:61:3e:73:85:ce:5a:0a:b7:ba:c0:1c:13:75:e3:22:39:
28:dd:6d:1d:09:46:9d:4f:ba:e8:40:81:91:c6:a4:ce:94:72:
1b:01:cf:2a:6e:15:67:95:89:ae:7d:b7:b7:cd:f9:0a:3d:75:
b6:6b:3c:25pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
bc 65 50 ba 4f 4f bd cd 52 14 ea 79 cf 6e 40 64 |.eP.OO..R..y.n@d| ab d3 e2 ab |.... |
- 1.3.6.1.4.1.311.2.1.15
- #0
- Certificates
- Certificate #0
- 2
- 79:A2:A5:85:F9:D1:15:42:13:D9:B8:3E:F6:B6:8D:ED
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 2012-05-01 00:00:00 UTC: 2012-12-31 23:59:59 UTC
- Subject
- C: US
- O: Symantec Corporation
- CN: Symantec Time Stamping Services Signer - G3
- #5
- rsaEncryption: nil
- A9:59:66:74:DA:3D:8A:7D:7A:D8:FC:F5:80:44:7B:FE:
47:6A:14:55:4E:50:47:0B:EC:D3:ED:CE:F6:38:F7:4F:
69:B9:B1:F0:B6:78:82:0A:8C:76:16:67:E2:02:AD:B7:
0D:A5:8A:F6:03:FC:66:D3:FC:08:2D:CC:B5:73:59:7B:
89:DC:33:6E:66:5A:5E:52:37:B4:62:D1:92:59:35:14:
8B:45:AC:59:B2:4D:24:A2:98:94:68:42:72:9F:3A:68:
E2:6B:8B:9E:22:2D:F4:98:4E:9A:C6:AF:B3:E4:A0:AB:
3C:28:BF:23:E1:D7:72:A4:F2:10:53:67:AE:77:AF:51: 0x010001
- X509v3 extensions
- basicConstraints
- true
- nil
- crlDistributionPoints: http://crl.verisign.com/tss-ca.crl
- extendedKeyUsage: true, timeStamping
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- keyUsage: true, 0x80
- subjectAltName
- CN: TSA1-3
- subjectKeyIdentifier:
b4 b7 f1 89 49 26 60 e7 65 ea 73 ae dc d3 38 cd |....I&`.e.s...8.| bf 57 92 6f |.W.o |
- basicConstraints
- RSA-SHA1:
1e 98 aa 27 b7 78 b5 08 b5 c9 72 6d b7 df c0 0e |...'.x....rm....| 98 a6 35 c4 88 c9 d2 f6 6d f1 4b 1a fb d5 f9 2d |..5.....m.K....-| 99 00 9e d1 e7 9b 8b e1 3f bd 39 80 0c 66 cd 07 |........?.9..f..| bc 5c 98 54 a6 94 ba 10 d1 4e 8b ab f5 6f 65 cc |.\.T.....N...oe.| 67 09 a2 80 7c 52 e8 0e 03 d6 6b 7a c6 05 18 ec |g...|R....kz....| c8 ac 42 7c 07 2c a7 3d 08 66 dc 00 ed fd 94 1d |..B|.,.=.f......| 73 f2 72 98 93 b1 11 d6 8f ef 8e ea ac f4 96 51 |s.r............Q| 0c d0 8d df 31 52 4f 5e af 7d a7 4a 75 e6 4e ce |....1RO^.}.Ju.N.| 2b 9f 29 2b e7 cf 5d 9f 03 7e 6e 27 7b 23 ad 62 |+.)+..]..~n'{#.b| 29 66 af 92 e8 2c ce bd 9c 7f dc cd 17 3c 43 c2 |)f...,.......
- 2
- Certificate #1
- 2
- 47:BF:19:95:DF:8D:52:46:43:F7:DB:6D:48:0D:31:A4
- RSA-SHA1: nil
- Issuer
- C: ZA
- ST: Western Cape
- L: Durbanville
- O: Thawte
- OU: Thawte Certification
- CN: Thawte Timestamping CA
- 2003-12-04 00:00:00 UTC: 2013-12-03 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- #5
- rsaEncryption: nil
- A9:CA:B2:A4:CC:CD:20:AF:0A:7D:89:AC:87:75:F0:B4:
4E:F1:DF:C1:0F:BF:67:61:BD:A3:64:1C:DA:BB:F9:CA:
33:AB:84:30:89:58:7E:8C:DB:6B:DD:36:9E:0F:BF:D1:
EC:78:F2:77:A6:7E:6F:3C:BF:93:AF:0D:BA:68:F4:6C:
94:CA:BD:52:2D:AB:48:3D:F5:B6:D5:5D:5F:1B:02:9F:
FA:2F:6B:1E:A4:F7:A3:9A:A6:1A:C8:02:E1:7F:4C:52:
E3:0E:60:EC:40:1C:7E:B9:0D:DE:3F:C7:B4:DF:87:BD:
5F:7A:6A:31:2E:03:99:81:13:A8:47:20:CE:31:73:0D:
57:2D:CD:78:34:33:95:12:99:12:B9:DE:68:2F:AA:E6:
E3:C2:8A:8C:2A:C3:8B:21:87:66:BD:83:58:57:6F:75:
BF:3C:AA:26:87:5D:CA:10:15:3C:9F:84:EA:54:C1:0A:
6E:C4:FE:C5:4A:DD:B9:07:11:97:22:7C:DB:3E:27:D1:
1E:78:EC:9F:31:C9:F1:E6:22:19:DB:C4:B3:47:43:9A:
1A:5F:A0:1E:90:E4:5E:F5:EE:7C:F1:7D:AB:62:01:8F:
F5:4D:0B:DE:D0:22:56:A8:95:CD:AE:88:76:AE:EE:BA:
0D:F3:E4:4D:D9:A0:FB:68:A0:AE:14:3B:B3:87:C1:BB: 0x010001
- X509v3 extensions
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- basicConstraints
- true
- true: 0
- crlDistributionPoints: http://crl.verisign.com/ThawteTimestampingCA.crl
- extendedKeyUsage: timeStamping
- keyUsage: true, 6
- subjectAltName
- CN: TSA2048-1-53
- authorityInfoAccess
- RSA-SHA1:
4a 6b f9 ea 58 c2 44 1c 31 89 79 99 2b 96 bf 82 |Jk..X.D.1.y.+...| ac 01 d6 1c 4c cd b0 8a 58 6e df 08 29 a3 5e c8 |....L...Xn..).^.| ca 93 13 e7 04 52 0d ef 47 27 2f 00 38 b0 e4 c9 |.....R..G'/.8...| 93 4e 9a d4 22 62 15 f7 3f 37 21 4f 70 31 80 f1 |.N.."b..?7!Op1..| 8b 38 87 b3 e8 e8 97 00 fe cf 55 96 4e 24 d2 a9 |.8........U.N$..| 27 4e 7a ae b7 61 41 f3 2a ce e7 c9 d9 5e dd bb |'Nz..aA.*....^..| 2b 85 3e b5 9d b5 d9 e1 57 ff be b4 c5 7e f5 cf |+.>.....W....~..| 0c 9e f0 97 fe 2b d3 3b 52 1b 1b 38 27 f7 3f 4a |.....+.;R..8'.?J|
- 2
- Certificate #2
- 2
- 03:21:0A:27:BF:81:D3:59:C5:33:32:08:DD:A8:F1:0D
- RSA-SHA1: nil
- Issuer
- C: US
- O: Thawte, Inc.
- CN: Thawte Code Signing CA - G2
- 2011-08-12 00:00:00 UTC: 2013-08-11 23:59:59 UTC
- Subject
- C: RU
- ST: Moscow region
- L: Dubna
- O: Softdeluxe
- CN: Softdeluxe
- #5
- rsaEncryption: nil
- B6:3F:05:EF:8A:59:65:A3:3E:91:62:AD:03:02:B1:3E:
67:3E:8F:AC:15:12:12:A0:42:D7:FC:DA:12:87:A5:1B:
33:0F:9C:6B:A7:09:CB:84:47:DA:CB:74:0A:D4:66:CE:
74:FA:6B:CC:6E:A7:FA:1F:74:31:8B:75:24:23:80:BB:
DD:C0:66:F1:89:A3:EF:3C:1F:06:E9:37:FE:1F:29:5B:
99:F0:8C:0D:DC:B8:91:01:0B:4C:9A:76:81:A9:18:A6:
99:B3:76:D7:47:F4:05:57:87:E8:80:00:54:2B:B6:0C:
45:9E:C4:91:8D:01:E6:4A:A5:36:C6:BF:73:08:C4:2D:
DE:FA:4F:0A:15:55:C4:9E:41:1A:89:BE:60:43:69:42:
B4:30:03:27:DD:91:BB:FB:EA:25:48:B6:96:0D:0A:31:
A7:86:98:D9:A7:A1:E1:1D:C6:38:C4:45:9A:BA:A2:B0:
86:B6:94:32:51:01:D7:52:14:41:15:F2:72:4A:CD:27:
29:41:10:30:2B:11:D7:58:E7:96:ED:2F:CB:5A:AA:D6:
35:F7:BD:F6:5F:9F:BA:D3:B2:B1:E4:F1:57:33:C4:A0:
EA:CD:6E:69:4A:04:2B:8C:B6:CB:6E:62:46:80:65:31:
E8:E0:95:F7:08:4E:8E:4B:5D:F5:70:A1:70:61:5E:7D: 0x010001
- X509v3 extensions
- basicConstraints
- true
- nil
- crlDistributionPoints: http://cs-g2-crl.thawte.com/ThawteCSG2.crl
- extendedKeyUsage
- codeSigning: msCodeCom
- 2.5.29.4
- msCodeCom: 0x80
- authorityInfoAccess
- OCSP: http://ocsp.thawte.com
- nsCertType: 0x10
- basicConstraints
- RSA-SHA1:
54 ca 6a c7 85 71 71 d1 3f c9 64 38 b7 e5 55 fe |T.j..qq.?.d8..U.| cd 6b 7e ee aa 7a e9 f5 79 72 54 1e 07 99 b8 8c |.k~..z..yrT.....| b6 e3 a4 64 e1 fd d9 ac fc 67 cb 5b a9 c7 b7 b0 |...d.....g.[....| 94 62 ba e6 f9 4c 6c 71 6b b2 75 50 a4 45 fc 66 |.b...Llqk.uP.E.f| 9f a9 b4 47 30 b9 8e 3b 38 ae 1f 7c 2b a7 3b 76 |...G0..;8..|+.;v| 1b aa 39 c2 63 e4 89 43 2b dd 91 92 eb 6b 55 fe |..9.c..C+....kU.| 60 79 ec be d0 ab be 71 8a 85 12 7c c0 63 52 89 |`y.....q...|.cR.| 6d f4 99 54 f4 ff 5f 67 35 0d ec 50 19 9f 98 5f |m..T.._g5..P..._| 91 0f 5e 4a b7 60 9c 06 2d 7c 96 77 14 b8 5d e3 |..^J.`..-|.w..].| 60 4d 24 c9 6d b7 0c 71 f5 7e 87 50 dc 37 d3 52 |`M$.m..q.~.P.7.R| 85 fc b2 ec d3 af f9 f1 83 ee e1 2a 28 c1 72 51 |...........*(.rQ| 0b ca 5b ed cd 57 93 54 ac a1 f2 c9 02 ec 19 b2 |..[..W.T........| 37 5d cc b6 69 90 22 ca 64 b2 30 dc 10 35 f6 24 |7]..i.".d.0..5.$| 6d a1 7e 4f 5f ab 8d bd 4a 6b 72 20 9f 7d 90 5e |m.~O_...Jkr .}.^| 4b 2a 95 65 ec 49 48 fc b7 03 d8 90 1d a8 fc eb |K*.e.IH.........| 03 6c f7 4d 5f 57 ad e7 b7 bc c6 f6 fb 2f bc ef |.l.M_W......./..|
- 2
- Certificate #3
- 2
- 47:97:4D:78:73:A5:BC:AB:0D:2F:B3:70:19:2F:CE:5E
- RSA-SHA1: nil
- Issuer
- C: US
- O: thawte, Inc.
- OU: Certification Services Division
- OU: (c) 2006 thawte, Inc. - For authorized use only
- CN: thawte Primary Root CA
- 2010-02-08 00:00:00 UTC: 2020-02-07 23:59:59 UTC
- Subject
- C: US
- O: Thawte, Inc.
- CN: Thawte Code Signing CA - G2
- #5
- rsaEncryption: nil
- B7:8B:CF:75:5B:9F:25:DA:7E:39:B0:93:DB:38:D3:A9:
23:D0:82:FA:E9:24:7E:5C:0B:8E:83:F8:E6:7A:59:E6:
A3:C5:98:A7:99:D2:44:FF:00:A6:A5:39:04:8A:DA:29:
88:EA:DB:A2:F3:1C:99:15:26:C2:B1:F4:FC:E1:0C:47:
A9:09:11:06:0A:20:92:B9:C7:A0:04:8C:5C:94:19:AB:
5B:25:2C:1D:62:7E:70:0D:CE:61:6C:DD:2B:82:C9:CE:
5D:48:5F:F7:C2:BE:BC:41:23:1E:4F:29:5D:D7:4F:BC:
F4:C5:2A:FC:63:E6:7C:26:4E:99:A7:79:41:9E:10:4A:
7A:79:C9:C6:86:F7:86:95:D2:26:CE:3C:18:2A:D6:7C:
CE:AF:CD:AD:BB:F7:82:2C:70:26:37:45:E5:0F:47:22:
C6:01:28:BD:2E:83:5C:6A:A4:47:C1:E7:D0:D8:6B:81:
46:3F:21:17:F5:07:C5:43:5A:A6:67:2C:B8:7B:60:11:
B5:83:EE:F5:74:0A:72:71:44:3D:58:FE:E8:1A:AB:38:
C3:59:DB:7F:6E:38:7D:76:C7:72:69:98:36:96:57:D3:
66:1C:D2:54:91:04:2E:54:19:B0:DC:3D:B5:22:5E:86:
D5:2A:7E:20:DF:5D:E6:7A:B1:65:FE:C5:02:4E:31:2D: 0x010001
- X509v3 extensions
- basicConstraints
- true
- true: 0
- crlDistributionPoints: http://crl.thawte.com/ThawtePCA.crl
- keyUsage: true, 6
- authorityInfoAccess
- OCSP: http://ocsp.thawte.com
- extendedKeyUsage
- clientAuth: codeSigning
- subjectAltName
- CN: VeriSignMPKI-2-10
- subjectKeyIdentifier:
d4 0d 65 3f 7a bd 34 c6 fe 47 e7 4c 0d c0 bd f2 |..e?z.4..G.L....| de 15 ab 71 |...q |
- authorityKeyIdentifier:
7b 5b 45 cf af ce cb 7a fd 31 92 1a 6a b6 f3 46 |{[E....z.1..j..F| eb 57 48 50 |.WHP |
- basicConstraints
- RSA-SHA1:
56 fe 53 5c e1 c7 9e bc a7 ed 7e 53 6d 6a 14 4b |V.S\......~Smj.K| 51 8c 40 5e 80 5f aa a4 e8 2f ef 38 c8 04 c9 ca |Q.@^._.../.8....| 3e cf df 3a 58 4e b0 d4 b6 63 c5 29 57 fa 02 05 |>..:XN...c.)W...| 9a 45 4d 68 db 2a 1b d4 34 3d 9f 00 c3 5a cb 95 |.EMh.*..4=...Z..| 49 a5 6e e1 b0 c5 fc 41 4d 41 4a 6f d3 77 c8 d7 |I.n....AMAJo.w..| 38 8d e4 19 de 18 f3 1f 15 65 83 6d 45 0c 53 f9 |8........e.mE.S.| 0a 9a 2e a5 5d bf 6f 32 81 18 92 19 6a 55 00 ad |....].o2....jU..| 63 1c 52 06 7e 55 d9 29 68 ae 4a 7c 18 9a 79 88 |c.R.~U.)h.J|..y.| 6b 23 23 d8 27 38 2a 29 87 76 ca fb c7 b6 62 23 |k##.'8*).v....b#| 1f ed 7a 56 4c dd 9c 32 5b f5 3d 0c 46 18 95 3b |..zVL..2[.=.F..;| 2a 23 68 83 64 41 d9 00 6d 0f 19 24 15 68 72 bd |*#h.dA..m..$.hr.| c5 71 67 6e ac 4c db 90 eb 51 a5 1a 62 07 d0 be |.qgn.L...Q..b...| 6a 00 47 3c 72 2f ec 4f 61 3e 73 85 ce 5a 0a b7 |j.G
s..Z..| ba c0 1c 13 75 e3 22 39 28 dd 6d 1d 09 46 9d 4f |....u."9(.m..F.O| ba e8 40 81 91 c6 a4 ce 94 72 1b 01 cf 2a 6e 15 |..@......r...*n.| 67 95 89 ae 7d b7 b7 cd f9 0a 3d 75 b6 6b 3c 25 |g...}.....=u.k<%|
- 2
- Certificate #0
- 1
- unnamed
- #0
- C: US
- O: Thawte, Inc.
- CN: Thawte Code Signing CA - G2
- 03:21:0A:27:BF:81:D3:59:C5:33:32:08:DD:A8:F1:0D
- #0
- SHA1: nil
- #2
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeCom
- messageDigest:
87 49 02 24 21 d1 4c 7b 6d 81 ac fc 0e aa 99 d9 |.I.$!.L{m.......| f2 70 01 e1 |.p.. | - 1.3.6.1.4.1.311.2.1.12:
00 47 00 69 00 76 00 65 00 61 00 77 00 61 00 79 |.G.i.v.e.a.w.a.y| 00 6f 00 66 00 74 00 68 00 65 00 64 00 61 00 79 |.o.f.t.h.e.d.a.y| 00 2e 00 63 00 6f 00 6d 00 20 00 49 00 6e 00 73 |...c.o.m. .I.n.s| 00 74 00 61 00 6c 00 6c 00 65 00 72 |.t.a.l.l.e.r |
- rsaEncryption:
3a 97 09 3a 86 b8 a0 d5 cf d8 28 03 d9 4b f8 a4 |:..:......(..K..| 9f 23 af 27 ef 62 22 0c 4c 7a 14 75 e0 53 a6 b9 |.#.'.b".Lz.u.S..| 47 2d a4 5a 41 1c 7f a6 ec e2 cd 42 0e 59 3b 68 |G-.ZA......B.Y;h| 25 40 c6 89 2c ca e7 7b 02 41 e4 01 27 04 db e4 |%@..,..{.A..'...| a7 a7 0d 82 07 05 49 23 b8 8d b2 fd 0b 0b 7e 15 |......I#......~.| de 79 a5 d8 56 df b3 9c 46 2c b9 ac 62 70 8d 4d |.y..V...F,..bp.M| bc 69 28 c5 4b 23 71 2a f1 35 5a 81 d3 cd 50 0f |.i(.K#q*.5Z...P.| c4 98 26 62 48 4e 46 07 5a 10 44 6a c2 d5 5b 43 |..&bHNF.Z.Dj..[C| 7b 80 8e 01 53 50 49 20 b1 97 15 61 16 18 30 22 |{...SPI ...a..0"| 5c f2 51 a0 c1 6b 22 36 88 2e 08 94 65 d9 c5 0f |\.Q..k"6....e...| ab a5 52 fa 0f 5d 54 3e 48 be 68 f4 4f 1f e0 04 |..R..]T>H.h.O...| 98 7a 2b a5 99 d2 da 56 5e 41 11 3e 01 b3 db bf |.z+....V^A.>....| 2f dd eb df be 81 02 58 01 f5 fd aa 6c f1 b8 66 |/......X....l..f| fb a2 ca 11 a1 9a e1 7a 15 11 9e 84 e8 75 a8 39 |.......z.....u.9| 9b ee 75 c9 3a 10 db 26 1a 1f 28 69 e3 fc 47 03 |..u.:..&..(i..G.| a8 ba 6a 96 49 c7 02 56 f0 2c d2 58 8c 11 8b 52 |..j.I..V.,.X...R| - countersignature
- 1
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 79:A2:A5:85:F9:D1:15:42:13:D9:B8:3E:F6:B6:8D:ED
- #0
- SHA1: nil
- #2
- contentType: pkcs7-data
- signingTime: 2012-10-09 17:20:16 UTC
- messageDigest:
20 16 a4 78 46 b5 8b 6e ce dd ca 6a e3 7d ce 50 | ..xF..n...j.}.P| c3 8e 9f 43 |...C |
- rsaEncryption:
1b d9 58 57 11 5f 25 6f cb 13 1b c6 b5 f5 da 92 |..XW._%o........| da 3d 6a 55 5b ca ac 53 f7 ae 2a 83 fa a2 81 59 |.=jU[..S..*....Y| 9f c3 c2 61 54 7c 75 08 0b aa f0 e4 e8 bf 6b cc |...aT|u.......k.| c2 e5 a2 d4 ac 28 7d 46 37 a8 73 3b a9 ee 8c 8f |.....(}F7.s;....| e8 3c 48 85 b8 99 68 8a 7f ec 78 25 b6 f2 74 5c |.
- unnamed
- 1
- unnamed
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 3289088 | EXE | 10/09/2012 17:14:09 | # |
| 15c1 | 15 | HTM | # | |
| 323000 | 5240 | PKCS7 | Authenticode Signature | # |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x192848
[?] can't find file_offset of VA 0x192b44
[?] can't find file_offset of VA 0x192c24
[?] can't find file_offset of VA 0x192d10
[?] can't find file_offset of VA 0x193020
[?] can't find file_offset of VA 0x1930d4
[?] can't find file_offset of VA 0x1931bc
[?] can't find file_offset of VA 0x1931f0
[?] can't find file_offset of VA 0x193238
[?] can't find file_offset of VA 0x1932bc
[?] can't find file_offset of VA 0x1932e8
[?] can't find file_offset of VA 0x19346c
[?] can't find file_offset of VA 0x193954
[?] can't find file_offset of VA 0x193bb8
[?] can't find file_offset of VA 0x193e94
[?] can't find file_offset of VA 0x193f20
[?] can't find file_offset of VA 0x193fcc
[?] can't find file_offset of VA 0x1940ac
[?] can't find file_offset of VA 0x194554
[?] can't find file_offset of VA 0x19477c
[?] can't find file_offset of VA 0x1947a8
[?] can't find file_offset of VA 0x194ce4
[?] can't find file_offset of VA 0x194cf8
[?] can't find file_offset of VA 0x194d1c
[?] can't find file_offset of VA 0x194d30
[?] can't find file_offset of VA 0x194d44
[?] can't find file_offset of VA 0x194d58
[?] can't find file_offset of VA 0x194d6c
[?] can't find file_offset of VA 0x194d80
[?] can't find file_offset of VA 0x194d94
[?] can't find file_offset of VA 0x194da8
[?] can't find file_offset of VA 0x194dbc
[?] can't find file_offset of VA 0x194dd0
[?] can't find file_offset of VA 0x194de4
[?] can't find file_offset of VA 0x194df8
[?] can't find file_offset of VA 0x194e0c
[?] can't find file_offset of VA 0x194e20
[?] invalid VS_VERSIONINFO child type "t\x00r\x00i\x00"