| filename | muestra6.bin | |
|---|---|---|
| size | 152656 (0x25450) | |
| md5 | 50ea80fd625cfbb549d4cfd60056268a | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
| mimetype | application/x-dosexec | |
| clamav | Win.Trojan.Zbot-19653 FOUND | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xe0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000000a0:
PE Header
Packer / Compiler
This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x28000 | 0 | RWX UDATA | |
| UPX1 | 0x29000 | 0x24000 | 0x23c00 | RWX IDATA | |
| .rsrc | 0x4d000 | 0x1000 | 0x600 | RW- IDATA |
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0x4d398 | 0x110 | |
| RESOURCE | 0x4d000 | 0x398 | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0x24800 | 0xc50 | |
| BASERELOC | 0 | 0 | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0 | 0 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0 | 0 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
| id | lang | string |
|---|---|---|
| 48 | 1033 | 쬃릮꜌鷰䍓펠䒀ꓸꖁ舼ꁍꞼ媍ᩭ囒鎙ᓱ씥抠濴쵲 |
| 80 | 1033 | a0 36 47 3a 05 b4 71 c9 87 f9 45 3d 14 31 8b ae |.6G:..q...E=.1..| ee b7 9b da 7c 99 da 64 73 e5 3d a3 12 c8 99 28 |....|..ds.=....(| 29 e4 44 a3 68 11 21 80 be 3d ed fa 89 09 |).D.h.!..=.... | |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.DLL | LoadLibraryA | ||
| KERNEL32.DLL | GetProcAddress | ||
| KERNEL32.DLL | VirtualProtect | ||
| KERNEL32.DLL | VirtualAlloc | ||
| KERNEL32.DLL | VirtualFree | ||
| KERNEL32.DLL | ExitProcess | ||
| advapi32.dll | CloseTrace | ||
| user32.dll | ToAscii |
StringTable 040904B0
| CompanyName | StarNet Communications Corp. |
| FileDescription | Tee Gaily Bonn |
| FileVersion | 8.3 |
| InternalName | Offend Sin Baron |
VS_FIXEDFILEINFO
| FileVersion | 8.3.0.0 |
| ProductVersion | 8.3.0.0 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
Signers (1)
issuer: /CN=Root Agency
serial: -31F38AD25428CE7DB953E148407C3864
Certificates (3)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)31:f3:8a:d2:54:28:ce:7d:b9:53:e1:48:40:7c:38:64
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=Root Agency
Validity
Not Before: Mar 9 11:20:00 2012 GMT
Not After : Dec 31 23:59:59 2039 GMT
Subject: CN=Fyntxgqlutf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:9a:5b:08:7b:90:e8:19:68:b9:20:74:6b:33:85:
b6:af:fb:7f:4f:95:e7:32:d8:31:bd:85:b8:43:06:
39:1b:f3:24:74:0e:bf:57:5f:61:99:77:df:5f:bf:
b1:76:0e:cf:3a:0e:4f:85:f7:15:86:e9:51:d6:a9:
23:9a:43:bc:0e:0a:47:6a:93:2f:83:b8:80:fd:6c:
30:0f:66:b7:7e:3b:8a:c8:da:a3:83:52:b2:67:89:
45:ee:20:97:ce:e0:e2:9f:16:e6:33:25:79:eb:29:
fb:9e:ee:e2:44:d0:90:09:69:b9:4b:02:21:55:86:
61:30:e6:37:41:5e:89:62:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
2.5.29.1:
0>.....-...O..a!..dc..0.1.0...U....Root Agency...7l...d......\5.
Signature Algorithm: md5WithRSAEncryption
Signature Value:
3f:39:80:54:26:6e:ed:7c:1f:b2:98:80:ec:48:ea:dc:79:3c:
00:b8:cd:fe:da:80:34:ab:70:8e:a5:07:7c:3b:27:fd:87:1d:
6f:49:15:02:70:48:36:4e:18:c5:4d:5f:ca:55:28:5c:7a:75:
e7:7c:f9:5f:33:d1:05:8c:3a:f1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
Validity
Not Before: Jun 15 00:00:00 2007 GMT
Not After : Jun 14 23:59:59 2012 GMT
Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer - G2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c4:b5:f2:52:15:bc:88:86:60:29:16:4a:5b:2f:
4b:91:6b:87:91:f3:35:54:58:35:ea:d1:36:5e:62:
4d:52:51:34:71:c2:7b:66:1d:89:c8:dd:2a:c4:6a:
0a:f6:37:d9:98:74:91:f6:92:ae:b0:b5:76:96:f1:
a9:4a:63:45:47:2e:6b:0b:92:4e:4b:2b:8c:ee:58:
4a:8b:d4:07:e4:1a:2c:f8:82:aa:58:d9:cd:42:f3:
2d:c0:75:de:8d:ab:c7:8e:1d:9a:6c:4c:08:95:1e:
de:db:ef:67:e1:72:c2:49:c2:9e:60:3c:e1:e2:be:
16:a3:63:78:69:14:7b:ad:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/tss-ca.crl
X509v3 Extended Key Usage: critical
Time Stamping
X509v3 Key Usage: critical
Digital Signature, Non Repudiation
X509v3 Subject Alternative Name:
DirName:/CN=TSA1-2
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
50:c5:4b:c8:24:80:df:e4:0d:24:c2:de:1a:b1:a1:02:a1:a6:
82:2d:0c:83:15:81:37:0a:82:0e:2c:b0:5a:17:61:b5:d8:05:
fe:88:db:f1:91:91:b3:56:1a:40:a6:eb:92:be:38:39:b0:75:
36:74:3a:98:4f:e4:37:ba:99:89:ca:95:42:1d:b0:b9:c7:a0:
8d:57:e0:fa:d5:64:04:42:35:4e:01:d1:33:a2:17:c8:4d:aa:
27:c7:f2:e1:86:4c:02:38:4d:83:78:c6:fc:53:e0:eb:e0:06:
87:dd:a4:96:9e:5e:0c:98:e2:a5:be:bf:82:85:c3:60:e1:df:
ad:28:d8:c7:a5:4b:64:da:c7:1b:5b:bd:ac:39:08:d5:38:22:
a1:33:8b:2f:8a:9a:eb:bc:07:21:3f:44:41:09:07:b5:65:1c:
24:bc:48:d3:44:80:eb:a1:cf:c9:02:b4:14:cf:54:c7:16:a3:
80:5c:f9:79:3e:5d:72:7d:88:17:9e:2c:43:a2:ca:53:ce:7d:
3d:f6:2a:3a:b8:4f:94:00:a5:6d:0a:83:5d:f9:5e:53:f4:18:
b3:57:0f:70:c3:fb:f5:ad:95:a0:0e:17:de:c4:16:80:60:c9:
0f:2b:6e:86:04:f1:eb:f4:78:27:d1:05:c5:ee:34:5b:5e:b9:
49:32:f2:33
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
Validity
Not Before: Dec 4 00:00:00 2003 GMT
Not After : Dec 3 23:59:59 2013 GMT
Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75:
f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da:
bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36:
9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af:
0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6:
d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6:
1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9:
0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99:
81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33:
95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a:
c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26:
87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe:
c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78:
ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a:
5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f:
f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee:
ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87:
c1:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/ThawteTimestampingCA.crl
X509v3 Extended Key Usage:
Time Stamping
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
DirName:/CN=TSA2048-1-53
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01:
d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7:
04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62:
15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00:
fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce:
e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4:
c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7:
3f:4a
pkcs7-signedData
- 1
- MD5: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- MD5
5f 92 5b e1 c9 ff 01 a0 44 c2 09 e2 2e 64 eb 2f |_.[.....D....d./|
- 1.3.6.1.4.1.311.2.1.15
- #0
- unnamed
- #0
- 2
- -66396715566570345796519172247641667684
- RSA-MD5: nil
- CN: Root Agency
- 2012-03-09 11:20:00 UTC: 2039-12-31 23:59:59 UTC
- CN: Fyntxgqlutf
- #5
- rsaEncryption: nil
- 9A:5B:08:7B:90:E8:19:68:B9:20:74:6B:33:85:B6:AF:
FB:7F:4F:95:E7:32:D8:31:BD:85:B8:43:06:39:1B:F3:
24:74:0E:BF:57:5F:61:99:77:DF:5F:BF:B1:76:0E:CF:
3A:0E:4F:85:F7:15:86:E9:51:D6:A9:23:9A:43:BC:0E:
0A:47:6A:93:2F:83:B8:80:FD:6C:30:0F:66:B7:7E:3B:
8A:C8:DA:A3:83:52:B2:67:89:45:EE:20:97:CE:E0:E2:
9F:16:E6:33:25:79:EB:29:FB:9E:EE:E2:44:D0:90:09:
69:B9:4B:02:21:55:86:61:30:E6:37:41:5E:89:62:B9: 0x010001
- 2.5.29.1
12 e4 09 2d 06 1d 1d 4f 00 8d 61 21 dc 16 64 63 |...-...O..a!..dc|
- CN: Root Agency
06 37 6c 00 aa 00 64 8a 11 cf b8 d4 aa 5c 35 f4 |.7l...d......\5.|
- RSA-MD5:
3f 39 80 54 26 6e ed 7c 1f b2 98 80 ec 48 ea dc |?9.T&n.|.....H..| 79 3c 00 b8 cd fe da 80 34 ab 70 8e a5 07 7c 3b |y<......4.p...|;| 27 fd 87 1d 6f 49 15 02 70 48 36 4e 18 c5 4d 5f |'...oI..pH6N..M_| ca 55 28 5c 7a 75 e7 7c f9 5f 33 d1 05 8c 3a f1 |.U(\zu.|._3...:.|
- 2
- Certificate #1
- 2
- 38:25:D7:FA:F8:61:AF:9E:F4:90:E7:26:B5:D6:5A:D5
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 2007-06-15 00:00:00 UTC: 2012-06-14 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services Signer - G2
- #5
- rsaEncryption: nil
- C4:B5:F2:52:15:BC:88:86:60:29:16:4A:5B:2F:4B:91:
6B:87:91:F3:35:54:58:35:EA:D1:36:5E:62:4D:52:51:
34:71:C2:7B:66:1D:89:C8:DD:2A:C4:6A:0A:F6:37:D9:
98:74:91:F6:92:AE:B0:B5:76:96:F1:A9:4A:63:45:47:
2E:6B:0B:92:4E:4B:2B:8C:EE:58:4A:8B:D4:07:E4:1A:
2C:F8:82:AA:58:D9:CD:42:F3:2D:C0:75:DE:8D:AB:C7:
8E:1D:9A:6C:4C:08:95:1E:DE:DB:EF:67:E1:72:C2:49:
C2:9E:60:3C:E1:E2:BE:16:A3:63:78:69:14:7B:AD:2D: 0x010001
- X509v3 extensions
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- basicConstraints
- true
- nil
- crlDistributionPoints: http://crl.verisign.com/tss-ca.crl
- extendedKeyUsage: true, timeStamping
- keyUsage: true, 0xc0
- subjectAltName
- CN: TSA1-2
- authorityInfoAccess
- RSA-SHA1:
50 c5 4b c8 24 80 df e4 0d 24 c2 de 1a b1 a1 02 |P.K.$....$......| a1 a6 82 2d 0c 83 15 81 37 0a 82 0e 2c b0 5a 17 |...-....7...,.Z.| 61 b5 d8 05 fe 88 db f1 91 91 b3 56 1a 40 a6 eb |a..........V.@..| 92 be 38 39 b0 75 36 74 3a 98 4f e4 37 ba 99 89 |..89.u6t:.O.7...| ca 95 42 1d b0 b9 c7 a0 8d 57 e0 fa d5 64 04 42 |..B......W...d.B| 35 4e 01 d1 33 a2 17 c8 4d aa 27 c7 f2 e1 86 4c |5N..3...M.'....L| 02 38 4d 83 78 c6 fc 53 e0 eb e0 06 87 dd a4 96 |.8M.x..S........| 9e 5e 0c 98 e2 a5 be bf 82 85 c3 60 e1 df ad 28 |.^.........`...(| d8 c7 a5 4b 64 da c7 1b 5b bd ac 39 08 d5 38 22 |...Kd...[..9..8"| a1 33 8b 2f 8a 9a eb bc 07 21 3f 44 41 09 07 b5 |.3./.....!?DA...| 65 1c 24 bc 48 d3 44 80 eb a1 cf c9 02 b4 14 cf |e.$.H.D.........| 54 c7 16 a3 80 5c f9 79 3e 5d 72 7d 88 17 9e 2c |T....\.y>]r}...,| 43 a2 ca 53 ce 7d 3d f6 2a 3a b8 4f 94 00 a5 6d |C..S.}=.*:.O...m| 0a 83 5d f9 5e 53 f4 18 b3 57 0f 70 c3 fb f5 ad |..].^S...W.p....| 95 a0 0e 17 de c4 16 80 60 c9 0f 2b 6e 86 04 f1 |........`..+n...| eb f4 78 27 d1 05 c5 ee 34 5b 5e b9 49 32 f2 33 |..x'....4[^.I2.3|
- 2
- Certificate #2
- 2
- 47:BF:19:95:DF:8D:52:46:43:F7:DB:6D:48:0D:31:A4
- RSA-SHA1: nil
- Issuer
- C: ZA
- ST: Western Cape
- L: Durbanville
- O: Thawte
- OU: Thawte Certification
- CN: Thawte Timestamping CA
- 2003-12-04 00:00:00 UTC: 2013-12-03 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- #5
- rsaEncryption: nil
- A9:CA:B2:A4:CC:CD:20:AF:0A:7D:89:AC:87:75:F0:B4:
4E:F1:DF:C1:0F:BF:67:61:BD:A3:64:1C:DA:BB:F9:CA:
33:AB:84:30:89:58:7E:8C:DB:6B:DD:36:9E:0F:BF:D1:
EC:78:F2:77:A6:7E:6F:3C:BF:93:AF:0D:BA:68:F4:6C:
94:CA:BD:52:2D:AB:48:3D:F5:B6:D5:5D:5F:1B:02:9F:
FA:2F:6B:1E:A4:F7:A3:9A:A6:1A:C8:02:E1:7F:4C:52:
E3:0E:60:EC:40:1C:7E:B9:0D:DE:3F:C7:B4:DF:87:BD:
5F:7A:6A:31:2E:03:99:81:13:A8:47:20:CE:31:73:0D:
57:2D:CD:78:34:33:95:12:99:12:B9:DE:68:2F:AA:E6:
E3:C2:8A:8C:2A:C3:8B:21:87:66:BD:83:58:57:6F:75:
BF:3C:AA:26:87:5D:CA:10:15:3C:9F:84:EA:54:C1:0A:
6E:C4:FE:C5:4A:DD:B9:07:11:97:22:7C:DB:3E:27:D1:
1E:78:EC:9F:31:C9:F1:E6:22:19:DB:C4:B3:47:43:9A:
1A:5F:A0:1E:90:E4:5E:F5:EE:7C:F1:7D:AB:62:01:8F:
F5:4D:0B:DE:D0:22:56:A8:95:CD:AE:88:76:AE:EE:BA:
0D:F3:E4:4D:D9:A0:FB:68:A0:AE:14:3B:B3:87:C1:BB: 0x010001
- X509v3 extensions
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- basicConstraints
- true
- true: 0
- crlDistributionPoints: http://crl.verisign.com/ThawteTimestampingCA.crl
- extendedKeyUsage: timeStamping
- keyUsage: true, 6
- subjectAltName
- CN: TSA2048-1-53
- authorityInfoAccess
- RSA-SHA1:
4a 6b f9 ea 58 c2 44 1c 31 89 79 99 2b 96 bf 82 |Jk..X.D.1.y.+...| ac 01 d6 1c 4c cd b0 8a 58 6e df 08 29 a3 5e c8 |....L...Xn..).^.| ca 93 13 e7 04 52 0d ef 47 27 2f 00 38 b0 e4 c9 |.....R..G'/.8...| 93 4e 9a d4 22 62 15 f7 3f 37 21 4f 70 31 80 f1 |.N.."b..?7!Op1..| 8b 38 87 b3 e8 e8 97 00 fe cf 55 96 4e 24 d2 a9 |.8........U.N$..| 27 4e 7a ae b7 61 41 f3 2a ce e7 c9 d9 5e dd bb |'Nz..aA.*....^..| 2b 85 3e b5 9d b5 d9 e1 57 ff be b4 c5 7e f5 cf |+.>.....W....~..| 0c 9e f0 97 fe 2b d3 3b 52 1b 1b 38 27 f7 3f 4a |.....+.;R..8'.?J|
- 2
- #0
- 1
- #0
- CN: Root Agency
- -66396715566570345796519172247641667684
- MD5: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
7a d6 3d 5f 6a 5f 0a aa 1d d4 c6 0e d3 fd 0d 85 |z.=_j_..........|
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
52 62 82 e5 b9 0a a0 50 7d d1 81 a8 98 71 9c e2 |Rb.....P}....q..| 7d b0 ac f5 7e 6e 58 16 2d c2 4c a4 70 05 b3 f9 |}...~nX.-.L.p...| 40 8b e6 90 b9 fe 16 6f 87 46 c3 13 df 13 da 2f |@......o.F...../| a4 b1 23 d2 fb 30 2d 1f 97 76 c3 ab f3 6e 9b 95 |..#..0-..v...n..| 16 24 d4 ec f8 d1 1b 0a df 4b 89 ee 16 19 06 d1 |.$.......K......| c7 26 c9 a7 0f 51 75 3b 82 2b 38 dd 3c c5 19 01 |.&...Qu;.+8.<...| 37 0c d6 ed e2 0b cb 6b f6 38 b5 35 e1 cd 90 f9 |7......k.8.5....| 1e c5 83 8d f7 3d 17 4a 2c 89 89 20 80 0f 52 ed |.....=.J,.. ..R.|
- countersignature
- 1
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 38:25:D7:FA:F8:61:AF:9E:F4:90:E7:26:B5:D6:5A:D5
- #0
- SHA1: nil
- #2
- contentType: pkcs7-data
- signingTime: 2012-03-09 11:19:22 UTC
- messageDigest:
ee 05 cf 0b 91 5c a1 59 0a 97 d9 89 d2 01 19 85 |.....\.Y........| 8e 11 2f ac |../. |
- rsaEncryption:
8a 07 08 b2 a1 02 31 5a f3 a5 77 f7 f5 ef ea 69 |......1Z..w....i| 48 76 07 09 52 54 37 ba b2 c1 c7 5a bc 87 f5 c1 |Hv..RT7....Z....| 83 09 16 1f 4b a1 57 4b 38 67 99 1d 44 d6 d9 c2 |....K.WK8g..D...| 4d 42 41 11 5e 71 c1 d2 ce 1a 12 c7 5b 1a 75 b7 |MBA.^q......[.u.| 66 dc 1b 96 6f ca 39 b0 fe 50 c8 f8 33 37 4e 2f |f...o.9..P..37N/| 50 e3 39 99 e0 05 cc 36 ea fd 5d 34 8a fa b5 0a |P.9....6..]4....| 40 70 d6 b0 04 4a 88 1f 9f f0 b1 c1 5e c7 e9 f1 |@p...J......^...| 24 81 bd ad 8b 99 3f 6c 2e 2e ff b7 ad f8 ad 6b |$.....?l.......k|
- unnamed
- 1
- #0
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(83152) > stringtable size(46). truncated to 44
[!] string size(27968) > stringtable size(46). truncated to 44
[!] cannot convert "G:\x05\xB4q\xC9\x87\xF9E=\x141\x8B\xAE\xEE\xB7"... to UTF-16