filenameppup__
size1615240 (0x18a588)
md55201a2e6acb40bc05820d4587abaf383
typePE32 executable (DLL) (console) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xf8

Rich Header

lib idversiontimes used
150204134
1493072946
13130729252
1323072991
1095072729
1235072731
10487
13830729289
146307291
148210221
145307291

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x5d1dac3c
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x2102
Magic0x10b
LinkerVersion9.0
SizeOfCode0x186000
SizeOfInitializedData0x3000
SizeOfUninitializedData0x390000
AddressOfEntryPoint0x516710
BaseOfCode0x391000
BaseOfData0x517000
ImageBase0x10000000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.0
ImageVersion0.0
SubsystemVersion5.0
Reserved10
SizeOfImage0x51a000
SizeOfHeaders0x1000
CheckSum0x196771
Subsystem3
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22 DLL

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x3900000RWX UDATA
UPX10x3910000x1860000x185a00RWX IDATA
.rsrc0x5170000x30000x2c00RW- IDATA

Data Directory

typevasize
EXPORT0x5199a00x8c
IMPORT0x51963c0x364
RESOURCE0x5170000x263c
EXCEPTION00
SECURITY0x188a000x1b88
BASERELOC0x519a2c0x10
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x5169040x48
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
BITMAP#14113221252
BITMAP#1436801252
BITMAP#1446801252
BITMAP#14613221252
BITMAP#15037121252
BITMAP#1516581252
BITMAP#1526581252
BITMAP#1536581252
BITMAP#1546581252
BITMAP#1556581252
BITMAP#1566581252
BITMAP#16510001252
BITMAP#1663601252
BITMAP#1672001252
BITMAP#17837121252
BITMAP#18224401252
BITMAP#18324401252
ICON#17441252
ICON#22961252
ICON#322161252
ICON#413841252
ICON#513841252
RCDATAIDR_PNG_BUBBLE_LOAD_017261252
RCDATAIDR_PNG_BUBBLE_LOAD_028291252
RCDATAIDR_PNG_BUBBLE_LOAD_037131252
RCDATAIDR_PNG_BUBBLE_LOAD_048261252
RCDATAIDR_PNG_BUBBLE_LOAD_057341252
RCDATAIDR_PNG_BUBBLE_LOAD_068481252
RCDATAIDR_PNG_BUBBLE_LOAD_077201252
RCDATAIDR_PNG_BUBBLE_LOAD_088311252
RCDATAIDR_PNG_BUBBLE_LOAD_BG41461252
RCDATAIDR_PNG_BUBBLE_LOAD_CLOSE_DN29091252
RCDATAIDR_PNG_BUBBLE_LOAD_CLOSE_HV28491252
RCDATAIDR_PNG_BUBBLE_LOAD_CLOSE_NM28561252
RCDATAIDR_PNG_BUBBLE_LOAD_FAIL9011252
RCDATAIDR_PNG_LARGE_ICON50581252
RCDATA#16831061252
RCDATA#16934781252
RCDATA#17031321252
RCDATA#17131351252
RCDATA#17228091252
RCDATA#17328291252
RCDATA#17429901252
RCDATA#17528161252
RCDATA#17627721252
RCDATA#18117975121252
RCDATA#1853943831252
RCDATA#1872415441252
RCDATA#188981841252
RCDATA#1891644641252
RCDATA#1909371252
RCDATA#1911689681252
RCDATA#19213431252
RCDATA#19371511252
RCDATA#19418481252
GROUP_ICON#118621252
GROUP_ICON#120201252
VERSION#17641252
MANIFEST#26221252
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLVirtualProtect
KERNEL32.DLLVirtualAlloc
KERNEL32.DLLVirtualFree
ADVAPI32.dllFreeSid
GDI32.dllLineTo
IMM32.dllImmDisableIME
MSIMG32.dllAlphaBlend
ole32.dllOleCreate
OLEAUT32.dll6
PSAPI.DLLEnumProcesses
SHELL32.dllShellExecuteW
SHLWAPI.dllStrToIntW
urlmon.dllUrlMkGetSessionOption
USER32.dllGetDC
VERSION.dllVerQueryValueW
WININET.dllInternetOpenA
WS2_32.dll151
ordentry_vafunction_name
10x1c20RunSohuNewsDirectly
20x2020StartManualPopupServer
30x1ce0StartPopupServer
module_namepopup.dll
flags0
timestamp2019-07-04 07:35:09
version0.0
ordinal_base1
nFunctions3
nNames3
Names(3)0x5199d4
Functions(3)0x5199c8
NameOrdinals(3)0x5199e0

StringTable 080404b0

CompanyNameSogou.com Inc.
FileDescription搜狗输入法 网络更新程序
FileVersion3.1.0.2169
InternalNameSogouPY sgutil
LegalCopyright© 2019 Sogou.com Inc. All rights reserved.
OriginalFilenamesgutil.dll
ProductName搜狗输入法
ProductVersion3.1.0.2169

VS_FIXEDFILEINFO

FileVersion3.1.0.2169
ProductVersion3.1.0.2169
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0xa
FileOS4
FileType1
FileSubtype0

Signers (1)

issuer: /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 SHA256 Code Signing CA
serial: 74790656541E5FE8DE4499CA86EFF532

Certificates (2)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:79:06:56:54:1e:5f:e8:de:44:99:ca:86:ef:f5:32
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA
        Validity
            Not Before: Jun 25 00:00:00 2019 GMT
            Not After : Jun 24 23:59:59 2022 GMT
        Subject: C=CN, L=Beijing, O=Beijing Sogou Technology Development Co., Ltd., OU=Security, CN=Beijing Sogou Technology Development Co., Ltd.
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6a:68:31:f3:2f:12:e9:f1:fa:39:7c:35:2d:
                    d4:1b:77:3f:7b:3c:1b:eb:cc:80:e3:8a:40:6a:a5:
                    30:ff:64:f4:6f:ff:16:08:69:35:82:cc:e4:27:b7:
                    ef:3a:57:3c:07:5f:ac:ea:be:00:b3:78:f1:bd:81:
                    0b:9a:43:c5:fa:42:6c:be:51:11:99:d8:df:90:25:
                    02:3f:98:e1:a0:0a:4a:d9:d8:be:b7:df:b4:73:81:
                    87:6d:e5:45:a6:68:b5:56:2b:93:29:db:1a:31:98:
                    2a:71:65:7b:a6:62:d6:43:08:4b:90:d4:e0:7f:ed:
                    bc:60:26:ee:b0:a4:fc:b1:2d:2d:9c:cd:6e:25:d0:
                    6c:c8:3c:2f:cb:f5:9b:64:31:1b:67:d8:6f:7d:de:
                    f2:05:55:a4:6e:0e:a1:6c:16:ef:18:51:47:49:b1:
                    ac:ac:89:fb:55:d0:3c:be:d6:9e:a8:7e:39:4a:37:
                    7d:81:1c:40:b5:8a:8b:cf:6b:36:61:8e:b7:7a:dd:
                    d7:c9:b4:2a:1d:ce:8d:df:03:ff:29:cd:92:1b:3e:
                    4b:a5:be:85:58:97:2c:19:b4:9e:b5:eb:4f:da:1b:
                    a7:ac:18:4d:e2:63:af:f5:77:b4:8b:93:79:e1:8e:
                    a4:4a:f3:a6:fe:fc:28:bb:de:0a:e1:93:12:46:b6:
                    ec:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://sv.symcb.com/sv.crl

            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.4.1
                  CPS: https://d.symcb.com/cps
                  User Notice:
                    Explicit Text: https://d.symcb.com/rpa

            X509v3 Extended Key Usage: 
                Code Signing
            Authority Information Access: 
                OCSP - URI:http://sv.symcd.com
                CA Issuers - URI:http://sv.symcb.com/sv.crt

            X509v3 Authority Key Identifier: 
                keyid:96:3B:53:F0:79:33:97:AF:7D:83:EF:2E:2B:CC:CA:B7:86:1E:72:66

            X509v3 Subject Key Identifier: 
                ED:1E:04:E7:E6:85:76:BD:EA:0B:3C:98:E7:0F:28:5B:4F:43:8C:B1
    Signature Algorithm: sha256WithRSAEncryption
         1a:18:e2:8a:56:02:9c:19:10:74:80:f5:a5:d4:fe:45:22:9d:
         c1:7f:d0:f5:47:d1:20:59:47:2d:a2:25:0d:96:a1:50:5d:d9:
         4e:44:6f:b2:91:1c:10:e5:da:38:16:5e:52:db:de:dc:07:2c:
         69:14:22:31:83:7a:15:9f:03:8f:ae:fc:55:e1:e7:8b:0f:f0:
         34:50:0e:b2:77:bc:17:97:bf:cc:36:6e:ed:ec:32:b7:4f:70:
         0b:d1:ea:5c:53:c4:26:1f:b5:4d:2f:71:77:2a:a1:67:06:97:
         03:92:43:82:fe:d6:8d:c4:71:ad:32:dd:af:a0:71:aa:69:76:
         b8:42:e7:b5:41:35:f8:05:d5:2e:50:f9:fe:b3:68:c0:ab:01:
         8c:a7:f4:08:84:c0:ef:f1:f0:29:b3:e2:9d:7c:80:a6:26:38:
         56:23:74:05:15:fc:a7:e5:71:2f:e9:29:b3:c7:6e:13:e5:68:
         49:ab:cd:0e:e9:4c:5c:b6:a1:fd:e4:5b:23:82:5f:fd:11:b5:
         34:c8:95:de:fa:e9:9c:c9:d8:6f:34:2b:57:35:da:b8:91:12:
         83:9b:d0:aa:96:fb:cd:dc:9a:48:28:5a:c7:8e:5b:59:11:f2:
         83:5a:7e:66:d9:53:79:92:e6:3e:76:77:a7:da:5b:50:63:c6:
         f3:5a:dd:95
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
        Validity
            Not Before: Dec 10 00:00:00 2013 GMT
            Not After : Dec  9 23:59:59 2023 GMT
        Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:83:1e:00:16:af:2c:b1:d2:08:c4:d7:68:93:
                    51:60:1e:71:f6:e2:47:b4:db:58:4d:23:62:6a:b4:
                    bf:5a:1b:51:f7:a3:0d:18:77:68:bb:d8:36:ab:2f:
                    21:50:da:9e:f3:e7:5f:27:4e:0b:c2:97:c8:09:70:
                    93:a9:da:5c:0d:4e:a4:0d:91:a0:b4:ec:14:ce:91:
                    72:54:2e:ce:a3:db:44:e9:52:1b:3f:41:3c:ca:4a:
                    e4:aa:c0:e8:39:ab:53:cc:21:d0:cc:cf:7f:9b:e6:
                    c2:cc:58:6a:82:15:ee:3d:36:cf:1c:c5:97:07:24:
                    8e:f1:7b:be:31:2d:3d:6e:dc:b5:99:42:9f:4b:61:
                    95:5f:1c:70:ee:17:7d:db:8b:e5:61:89:78:c7:68:
                    1b:af:11:78:1a:98:ae:c4:55:47:53:d9:b3:32:d6:
                    a1:0e:46:40:c5:97:92:8a:d1:53:a7:99:5b:85:35:
                    57:d3:ea:93:62:61:20:0a:c7:30:77:24:11:4d:62:
                    83:b6:ba:7b:68:82:31:ee:65:ca:df:f9:d5:8d:b2:
                    35:dc:8c:2b:6f:6a:72:5c:60:84:9c:f2:0c:94:5e:
                    c0:56:52:00:48:cc:d3:f8:a5:7d:de:2f:d7:13:e4:
                    38:a8:84:d5:46:b8:13:86:c2:1b:9d:ea:5a:38:dd:
                    9b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://s2.symcb.com

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: http://www.symauth.com/cps
                  User Notice:
                    Explicit Text: http://www.symauth.com/rpa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://s1.symcb.com/pca3-g5.crl

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, Code Signing
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DirName:/CN=SymantecPKI-1-567
            X509v3 Subject Key Identifier: 
                96:3B:53:F0:79:33:97:AF:7D:83:EF:2E:2B:CC:CA:B7:86:1E:72:66
            X509v3 Authority Key Identifier: 
                keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33

    Signature Algorithm: sha256WithRSAEncryption
         13:85:1a:1e:69:a9:37:f7:a0:bd:a4:af:7e:1d:61:53:fe:9d:
         8c:5e:0c:a6:75:1e:78:17:23:dd:fd:ec:1a:03:55:39:fb:71:
         95:c7:65:5a:a7:8e:30:d2:44:5a:61:db:70:6f:da:21:05:c2:
         2e:73:ba:49:f1:d1:93:fe:5d:c9:cd:5e:03:e0:89:9e:3f:74:
         1e:d7:f7:38:8b:a9:d6:cf:bb:35:2f:33:58:a8:92:56:d1:c8:
         4d:3b:82:e6:79:84:16:fc:28:b0:b1:47:f3:1d:a2:3e:ee:87:
         d9:a6:7f:a4:56:a5:3f:ad:84:2e:29:de:7c:bc:a8:aa:a3:3d:
         04:01:ea:ba:93:a2:0e:50:22:29:17:4c:87:e4:3a:11:5f:d6:
         a4:25:89:9b:05:6b:2f:b4:c9:01:4c:27:7b:0b:ac:19:05:22:
         a0:60:15:3f:da:c9:fb:4d:4c:8f:fb:72:67:77:fd:27:94:c7:
         ba:35:0e:88:49:fe:8d:fd:28:af:4a:12:bd:0d:b3:97:05:de:
         44:0c:15:fa:36:2b:03:dc:c1:50:01:f1:a1:11:5d:14:e5:e2:
         bd:27:4b:54:be:2b:84:5e:0f:a6:c3:74:05:0a:ef:97:c3:89:
         22:b1:1f:77:f3:bd:cd:43:d4:f1:4c:a9:3f:b5:8b:84:af:64:
         f2:d0:14:21
pkcs7-signedData
  • 1
    • SHA256: nil
    • 1.3.6.1.4.1.311.2.1.4
      • #0
        • 1.3.6.1.4.1.311.2.1.15
          • :
        • SHA256
          • 93 2c e0 f4 78 fc 3f 62  78 ac 2b d9 fc 4e 7f 4b  |.,..x.?bx.+..N.K|
07 a8 2a e4 4b 30 69 ad  46 37 73 d6 34 d9 33 52  |..*.K0i.F7s.4.3R|
    • Certificates
      • Certificate #0
        • 2
          • 74:79:06:56:54:1E:5F:E8:DE:44:99:CA:86:EF:F5:32
          • RSA-SHA256: nil
          • Issuer
            • C: US
            • O: Symantec Corporation
            • OU: Symantec Trust Network
            • CN: Symantec Class 3 SHA256 Code Signing CA
          • 2019-06-25 00:00:00 UTC: 2022-06-24 23:59:59 UTC
          • Subject
            • C: CN
            • L: Beijing
            • O: Beijing Sogou Technology Development Co., Ltd.
            • OU: Security
            • CN: Beijing Sogou Technology Development Co., Ltd.
          • #5
            • rsaEncryption: nil
            • E5:6A:68:31:F3:2F:12:E9:F1:FA:39:7C:35:2D:D4:1B:
              77:3F:7B:3C:1B:EB:CC:80:E3:8A:40:6A:A5:30:FF:64:
              F4:6F:FF:16:08:69:35:82:CC:E4:27:B7:EF:3A:57:3C:
              07:5F:AC:EA:BE:00:B3:78:F1:BD:81:0B:9A:43:C5:FA:
              42:6C:BE:51:11:99:D8:DF:90:25:02:3F:98:E1:A0:0A:
              4A:D9:D8:BE:B7:DF:B4:73:81:87:6D:E5:45:A6:68:B5:
              56:2B:93:29:DB:1A:31:98:2A:71:65:7B:A6:62:D6:43:
              08:4B:90:D4:E0:7F:ED:BC:60:26:EE:B0:A4:FC:B1:2D:
              2D:9C:CD:6E:25:D0:6C:C8:3C:2F:CB:F5:9B:64:31:1B:
              67:D8:6F:7D:DE:F2:05:55:A4:6E:0E:A1:6C:16:EF:18:
              51:47:49:B1:AC:AC:89:FB:55:D0:3C:BE:D6:9E:A8:7E:
              39:4A:37:7D:81:1C:40:B5:8A:8B:CF:6B:36:61:8E:B7:
              7A:DD:D7:C9:B4:2A:1D:CE:8D:DF:03:FF:29:CD:92:1B:
              3E:4B:A5:BE:85:58:97:2C:19:B4:9E:B5:EB:4F:DA:1B:
              A7:AC:18:4D:E2:63:AF:F5:77:B4:8B:93:79:E1:8E:A4:
              4A:F3:A6:FE:FC:28:BB:DE:0A:E1:93:12:46:B6:EC:43              : 0x010001
          • X509v3 extensions
            • basicConstraints
              • nil
            • keyUsage: true, 0x80
            • crlDistributionPoints: http://sv.symcb.com/sv.crl
            • certificatePolicies
              • 2.23.140.1.4.1
                • #0
                  • id-qt-cps: https://d.symcb.com/cps
                  • id-qt-unotice: https://d.symcb.com/rpa
            • extendedKeyUsage: codeSigning
            • authorityInfoAccess
              • #0
                • OCSP: http://sv.symcd.com
                • caIssuers: http://sv.symcb.com/sv.crt
            • authorityKeyIdentifier: 
              96 3b 53 f0 79 33 97 af  7d 83 ef 2e 2b cc ca b7  |.;S.y3..}...+...|
86 1e 72 66                                       |..rf            |
            • subjectKeyIdentifier: 
              ed 1e 04 e7 e6 85 76 bd  ea 0b 3c 98 e7 0f 28 5b  |......v...<...([|
4f 43 8c b1                                       |OC..            |
        • RSA-SHA256: 
          1a 18 e2 8a 56 02 9c 19  10 74 80 f5 a5 d4 fe 45  |....V....t.....E|
22 9d c1 7f d0 f5 47 d1  20 59 47 2d a2 25 0d 96  |".....G. YG-.%..|
a1 50 5d d9 4e 44 6f b2  91 1c 10 e5 da 38 16 5e  |.P].NDo......8.^|
52 db de dc 07 2c 69 14  22 31 83 7a 15 9f 03 8f  |R....,i."1.z....|
ae fc 55 e1 e7 8b 0f f0  34 50 0e b2 77 bc 17 97  |..U.....4P..w...|
bf cc 36 6e ed ec 32 b7  4f 70 0b d1 ea 5c 53 c4  |..6n..2.Op...\S.|
26 1f b5 4d 2f 71 77 2a  a1 67 06 97 03 92 43 82  |&..M/qw*.g....C.|
fe d6 8d c4 71 ad 32 dd  af a0 71 aa 69 76 b8 42  |....q.2...q.iv.B|
e7 b5 41 35 f8 05 d5 2e  50 f9 fe b3 68 c0 ab 01  |..A5....P...h...|
8c a7 f4 08 84 c0 ef f1  f0 29 b3 e2 9d 7c 80 a6  |.........)...|..|
26 38 56 23 74 05 15 fc  a7 e5 71 2f e9 29 b3 c7  |&8V#t.....q/.)..|
6e 13 e5 68 49 ab cd 0e  e9 4c 5c b6 a1 fd e4 5b  |n..hI....L\....[|
23 82 5f fd 11 b5 34 c8  95 de fa e9 9c c9 d8 6f  |#._...4........o|
34 2b 57 35 da b8 91 12  83 9b d0 aa 96 fb cd dc  |4+W5............|
9a 48 28 5a c7 8e 5b 59  11 f2 83 5a 7e 66 d9 53  |.H(Z..[Y...Z~f.S|
79 92 e6 3e 76 77 a7 da  5b 50 63 c6 f3 5a dd 95  |y..>vw..[Pc..Z..|
      • Certificate #1
        • 2
          • 3D:78:D7:F9:76:49:60:B2:61:7D:F4:F0:1E:CA:86:2A
          • RSA-SHA256: nil
          • Issuer
            • C: US
            • O: VeriSign, Inc.
            • OU: VeriSign Trust Network
            • OU: (c) 2006 VeriSign, Inc. - For authorized use only
            • CN: VeriSign Class 3 Public Primary Certification Authority - G5
          • 2013-12-10 00:00:00 UTC: 2023-12-09 23:59:59 UTC
          • Subject
            • C: US
            • O: Symantec Corporation
            • OU: Symantec Trust Network
            • CN: Symantec Class 3 SHA256 Code Signing CA
          • #5
            • rsaEncryption: nil
            • 97:83:1E:00:16:AF:2C:B1:D2:08:C4:D7:68:93:51:60:
              1E:71:F6:E2:47:B4:DB:58:4D:23:62:6A:B4:BF:5A:1B:
              51:F7:A3:0D:18:77:68:BB:D8:36:AB:2F:21:50:DA:9E:
              F3:E7:5F:27:4E:0B:C2:97:C8:09:70:93:A9:DA:5C:0D:
              4E:A4:0D:91:A0:B4:EC:14:CE:91:72:54:2E:CE:A3:DB:
              44:E9:52:1B:3F:41:3C:CA:4A:E4:AA:C0:E8:39:AB:53:
              CC:21:D0:CC:CF:7F:9B:E6:C2:CC:58:6A:82:15:EE:3D:
              36:CF:1C:C5:97:07:24:8E:F1:7B:BE:31:2D:3D:6E:DC:
              B5:99:42:9F:4B:61:95:5F:1C:70:EE:17:7D:DB:8B:E5:
              61:89:78:C7:68:1B:AF:11:78:1A:98:AE:C4:55:47:53:
              D9:B3:32:D6:A1:0E:46:40:C5:97:92:8A:D1:53:A7:99:
              5B:85:35:57:D3:EA:93:62:61:20:0A:C7:30:77:24:11:
              4D:62:83:B6:BA:7B:68:82:31:EE:65:CA:DF:F9:D5:8D:
              B2:35:DC:8C:2B:6F:6A:72:5C:60:84:9C:F2:0C:94:5E:
              C0:56:52:00:48:CC:D3:F8:A5:7D:DE:2F:D7:13:E4:38:
              A8:84:D5:46:B8:13:86:C2:1B:9D:EA:5A:38:DD:9B:DB              : 0x010001
          • X509v3 extensions
            • authorityInfoAccess
              • OCSP: http://s2.symcb.com
            • basicConstraints
              • true
              • true: 0
            • certificatePolicies
              • 2.16.840.1.113733.1.7.23.3
                • #0
                  • id-qt-cps: http://www.symauth.com/cps
                  • id-qt-unotice: http://www.symauth.com/rpa
            • crlDistributionPoints: http://s1.symcb.com/pca3-g5.crl
            • extendedKeyUsage
              • clientAuth: codeSigning
            • keyUsage: true, 6
            • subjectAltName
              • CN: SymantecPKI-1-567
            • subjectKeyIdentifier: 
              96 3b 53 f0 79 33 97 af  7d 83 ef 2e 2b cc ca b7  |.;S.y3..}...+...|
86 1e 72 66                                       |..rf            |
            • authorityKeyIdentifier: 
              7f d3 65 a7 c2 dd ec bb  f0 30 09 f3 43 39 fa 02  |..e......0..C9..|
af 33 31 33                                       |.313            |
        • RSA-SHA256: 
          13 85 1a 1e 69 a9 37 f7  a0 bd a4 af 7e 1d 61 53  |....i.7.....~.aS|
fe 9d 8c 5e 0c a6 75 1e  78 17 23 dd fd ec 1a 03  |...^..u.x.#.....|
55 39 fb 71 95 c7 65 5a  a7 8e 30 d2 44 5a 61 db  |U9.q..eZ..0.DZa.|
70 6f da 21 05 c2 2e 73  ba 49 f1 d1 93 fe 5d c9  |po.!...s.I....].|
cd 5e 03 e0 89 9e 3f 74  1e d7 f7 38 8b a9 d6 cf  |.^....?t...8....|
bb 35 2f 33 58 a8 92 56  d1 c8 4d 3b 82 e6 79 84  |.5/3X..V..M;..y.|
16 fc 28 b0 b1 47 f3 1d  a2 3e ee 87 d9 a6 7f a4  |..(..G...>......|
56 a5 3f ad 84 2e 29 de  7c bc a8 aa a3 3d 04 01  |V.?...).|....=..|
ea ba 93 a2 0e 50 22 29  17 4c 87 e4 3a 11 5f d6  |.....P").L..:._.|
a4 25 89 9b 05 6b 2f b4  c9 01 4c 27 7b 0b ac 19  |.%...k/...L'{...|
05 22 a0 60 15 3f da c9  fb 4d 4c 8f fb 72 67 77  |.".`.?...ML..rgw|
fd 27 94 c7 ba 35 0e 88  49 fe 8d fd 28 af 4a 12  |.'...5..I...(.J.|
bd 0d b3 97 05 de 44 0c  15 fa 36 2b 03 dc c1 50  |......D...6+...P|
01 f1 a1 11 5d 14 e5 e2  bd 27 4b 54 be 2b 84 5e  |....]....'KT.+.^|
0f a6 c3 74 05 0a ef 97  c3 89 22 b1 1f 77 f3 bd  |...t......"..w..|
cd 43 d4 f1 4c a9 3f b5  8b 84 af 64 f2 d0 14 21  |.C..L.?....d...!|
    • Signer
      • 1
      • unnamed
        • #0
          • C: US
          • O: Symantec Corporation
          • OU: Symantec Trust Network
          • CN: Symantec Class 3 SHA256 Code Signing CA
        • 74:79:06:56:54:1E:5F:E8:DE:44:99:CA:86:EF:F5:32
      • SHA256: nil
      • #3
        • contentType: 1.3.6.1.4.1.311.2.1.4
        • 1.3.6.1.4.1.311.2.1.11: msCodeInd
        • 1.3.6.1.4.1.311.2.1.12: 
          64 1c 72 d7 8f 93 51 65  6c d5                    |d.r...Qel.      |
        • messageDigest: 
          47 0d 60 f7 b5 80 32 74  f0 f9 3c e5 6c 03 71 7c  |G.`...2t..<.l.q||
68 a6 26 a9 fc 26 ff 8b  61 85 5f 2a 33 81 a5 06  |h.&..&..a._*3...|
      • rsaEncryption: 
        5b 1b 78 87 c0 23 6e 7b  75 8c df d1 9a b6 9e 78  |[.x..#n{u......x|
43 98 22 56 13 dd 42 6b  7e 93 da 2d 97 ea c6 c4  |C."V..Bk~..-....|
73 4b 9c a0 52 8c 83 d0  d2 d4 b8 07 ed 39 ce 19  |sK..R........9..|
a7 c8 a3 b3 9d 2c 32 57  52 d5 10 8f e4 d7 5d 76  |.....,2WR.....]v|
f6 8a 81 fa 0c 9b 10 7a  2b a8 80 40 e0 93 a4 25  |.......z+..@...%|
2c f0 64 f4 01 78 2a 62  6b c7 da 64 a4 bd 52 a0  |,.d..x*bk..d..R.|
b6 96 cc 27 41 cf 91 d5  58 e1 fd 42 cb 49 d4 cf  |...'A...X..B.I..|
85 33 3a f1 6d 66 11 c8  b6 3e bb 7c 5a c1 46 09  |.3:.mf...>.|Z.F.|
bf 75 b2 e0 bb ba 07 17  00 63 41 a4 4e ee 37 c1  |.u.......cA.N.7.|
8a 7e 1b ca 53 5c 51 43  6f 18 8b e5 32 93 a6 24  |.~..S\QCo...2..$|
b0 bb 47 93 2e fe b6 91  18 02 0d e2 cf 3c eb 98  |..G..........<..|
90 6f fb 7b cd c9 2f 4b  0b 33 86 fd f1 d5 2b 39  |.o.{../K.3....+9|
39 a7 ce 15 2b 93 a3 e2  b5 f7 c4 d4 5e 45 98 29  |9...+.......^E.)|
19 b9 ef 86 78 b7 f6 21  04 32 96 bf 8a 1e 4c 2d  |....x..!.2....L-|
8a 91 60 21 44 16 75 73  3e 89 a6 87 d0 e6 48 62  |..`!D.us>.....Hb|
36 fb be 29 81 3f 61 f5  95 ab a2 b2 71 3b c0 11  |6..).?a.....q;..|
      • 1.3.6.1.4.1.311.3.3.1
        • pkcs7-signedData
          • 3
            • SHA256
            • id-smime-ct-TSTInfo
              • 1
                • 2.16.840.1.113733.1.7.23.3
                • SHA1
                  • fa 9b 2f 98 49 5e 8c 42  f9 a6 a9 ca 72 9f ae 99  |../.I^.B....r...|
8e 27 91 07                                       |.'..            |
                • A6:5D:38:0F:EA:51:34:14:50:37:58:F5:9F:49:AA:D8:
                  FC:1D:06:4F
                • 2019-07-04 07:35:37 UTC
                • 0x1E
                • #5
                  • C: US
                  • O: Symantec Corporation
                  • OU: Symantec Trust Network
                  • CN: Symantec SHA256 TimeStamping Signer - G3
            • Certificates
              • Certificate #0
                • 2
                  • 7B:05:B1:D4:49:68:51:44:F7:C9:89:D2:9C:19:9D:12
                  • RSA-SHA256: nil
                  • Issuer
                    • C: US
                    • O: VeriSign, Inc.
                    • OU: VeriSign Trust Network
                    • OU: (c) 2008 VeriSign, Inc. - For authorized use only
                    • CN: VeriSign Universal Root Certification Authority
                  • 2016-01-12 00:00:00 UTC: 2031-01-11 23:59:59 UTC
                  • Subject
                    • C: US
                    • O: Symantec Corporation
                    • OU: Symantec Trust Network
                    • CN: Symantec SHA256 TimeStamping CA
                  • #5
                    • rsaEncryption: nil
                    • BB:59:9D:59:55:4F:9D:8C:72:5D:1A:81:A2:EB:55:F3:
                      B0:01:AD:3C:71:AC:32:8F:05:6B:86:9A:27:00:32:97:
                      6A:4D:C9:64:14:4B:29:BB:C2:D9:29:B9:2E:EC:63:B3:
                      E1:CF:3F:0B:56:90:F8:62:1B:7E:EB:A6:07:E2:DE:7F:
                      5E:6D:40:38:D4:91:06:E7:41:7C:79:1C:CB:CB:AD:1B:
                      BF:D8:95:91:F3:F0:EE:6C:F8:AD:96:39:2E:7F:C1:27:
                      B8:78:39:C5:84:A5:ED:ED:AF:87:8E:CE:8D:C7:6D:EA:
                      D2:98:B5:3A:1F:1E:39:9D:C3:F4:9A:A8:F4:84:E1:C4:
                      D1:7C:71:C6:06:29:B4:3F:E4:83:0D:26:C3:7B:08:3E:
                      4D:F9:0A:B7:33:49:FF:CA:3B:D4:F5:B2:9B:4B:E1:88:
                      99:1A:F5:C0:E9:33:14:D6:DF:C7:80:DB:91:EE:FE:BC:
                      92:57:72:77:F4:CD:A8:CC:FE:09:F5:93:37:BE:95:88:
                      6A:C5:DC:F4:B1:4B:D4:CE:E8:09:91:5F:B5:84:79:35:
                      8A:78:AC:19:32:8F:23:C1:32:41:1B:59:0E:A9:3E:B1:
                      CC:F9:D6:2B:EF:B7:D8:E4:D5:1D:6D:11:3A:92:F6:93:
                      C9:9C:E3:48:EE:BB:53:0E:D4:36:97:86:78:C5:A1:37                      : 0x010001
                  • #6
                    • keyUsage: true, 6
                    • basicConstraints
                      • true
                      • true: 0
                    • certificatePolicies
                      • 2.16.840.1.113733.1.7.23.3
                        • #0
                          • id-qt-cps: https://d.symcb.com/cps
                          • id-qt-unotice: https://d.symcb.com/rpa
                    • authorityInfoAccess
                      • OCSP: http://s.symcd.com
                    • crlDistributionPoints: http://s.symcb.com/universal-root.crl
                    • extendedKeyUsage: timeStamping
                    • subjectAltName
                      • CN: TimeStamp-2048-3
                    • subjectKeyIdentifier: 
                      af 63 d6 ca a3 4e 85 72  e0 a7 bc 41 f3 29 a2 38  |.c...N.r...A.).8|
7f 80 75 62                                       |..ub            |
                    • authorityKeyIdentifier: 
                      b6 77 fa 69 48 47 9f 53  12 d5 c2 ea 07 32 76 07  |.w.iHG.S.....2v.|
d1 97 07 19                                       |....            |
                • RSA-SHA256: 
                  75 ea b0 2d d5 34 19 5c  32 45 fe 0e e1 d4 4f a6  |u..-.4.\2E....O.|
78 c1 6f d7 ea dd dc 4f  f3 a1 c8 81 88 f7 a7 8f  |x.o....O........|
15 e6 40 29 ad e6 5d f4  a2 d9 56 64 84 71 30 2a  |..@)..]...Vd.q0*|
dd 1e 61 17 66 20 56 06  98 19 8d 5d 71 f2 f8 97  |..a.f V....]q...|
bc 09 fd 1c 91 47 c9 e2  e8 8d 03 fb cc 90 2f d6  |.....G......../.|
0a 6c 4e 33 ec d6 b4 93  c8 4c 90 63 48 39 40 21  |.lN3.....L.cH9@!|
c4 dd d6 6e 89 98 3c b5  98 97 e8 a9 06 b7 09 c9  |...n..<.........|
8f 53 57 41 90 2f e1 1e  4d 4e dc ca 10 78 6c 42  |.SWA./..MN...xlB|
6e f0 b6 c5 f8 61 5c 52  f5 4e f6 6b 8d f7 4a 7a  |n....a\R.N.k..Jz|
be f3 cd fd 03 d7 d9 f6  03 a8 0f e3 53 f7 0a 75  |............S..u|
ec c6 75 2e aa 66 85 04  99 b7 f8 06 57 e1 c6 0e  |..u..f......W...|
f6 e8 af da ec 9b 18 1f  aa b9 e3 3a 00 bf ce 8a  |...........:....|
94 cb 01 db 9e c7 38 bb  0f 52 ab d1 e3 94 03 60  |......8..R.....`|
0a 4d a0 fe 27 6d 14 32  fc 3f 97 40 e1 bf 99 89  |.M..'m.2.?.@....|
db e4 39 14 bd da e4 d3  c3 ea 2b 5a b3 95 58 55  |..9.......+Z..XU|
04 7d c7 9a ec 23 03 8d  85 2a d2 ff ae a9 61 81  |.}...#...*....a.|
              • Certificate #1
                • 2
                  • 7B:D4:E5:AF:BA:CC:07:3F:A1:01:23:04:22:41:4D:12
                  • RSA-SHA256: nil
                  • Issuer
                    • C: US
                    • O: Symantec Corporation
                    • OU: Symantec Trust Network
                    • CN: Symantec SHA256 TimeStamping CA
                  • 2017-12-23 00:00:00 UTC: 2029-03-22 23:59:59 UTC
                  • Subject
                    • C: US
                    • O: Symantec Corporation
                    • OU: Symantec Trust Network
                    • CN: Symantec SHA256 TimeStamping Signer - G3
                  • #5
                    • rsaEncryption: nil
                    • AF:0E:8A:AA:F8:DC:BF:69:7B:54:17:71:47:09:BD:8D:
                      3C:81:F8:74:15:77:67:90:9C:FD:DE:4E:02:9E:4B:76:
                      F6:E5:36:3E:65:D5:24:20:6D:30:F9:DD:1D:83:E9:3F:
                      27:4A:33:4E:6D:16:8A:E4:8D:40:8D:22:AA:BE:A7:0B:
                      1B:D2:07:B6:3C:B5:1A:24:28:F8:1B:72:51:3D:C8:09:
                      88:26:08:3A:F9:FA:43:23:75:47:70:0C:B3:5F:5B:8F:
                      08:1D:72:48:57:65:4D:AF:02:3C:40:F7:F4:DD:32:38:
                      93:3F:E5:2C:A6:F3:59:23:CB:80:DE:13:4D:F9:10:C9:
                      AA:0A:18:6C:55:61:57:D1:F1:02:2C:C4:B5:AB:F2:6C:
                      23:D2:9F:0D:0F:19:6C:AD:85:62:69:FD:4E:85:C1:8A:
                      52:31:AB:5B:D8:C9:74:52:E3:57:6C:22:BF:55:7F:6F:
                      CA:06:AB:3F:4A:B7:22:76:65:EC:EC:36:F2:96:95:81:
                      26:2C:FD:BB:98:AA:01:38:D3:AF:25:40:9B:09:53:F0:
                      29:57:85:58:5E:EA:85:48:41:21:87:E5:DE:B4:D3:26:
                      B2:7B:40:53:58:79:8E:52:31:06:4D:94:03:45:C4:CE:
                      3C:03:EC:B7:00:F2:3A:22:C5:B4:6F:E5:EF:B0:8A:9B                      : 0x010001
                  • X509v3 extensions
                    • basicConstraints
                      • true
                      • nil
                    • certificatePolicies
                      • 2.16.840.1.113733.1.7.23.3
                        • #0
                          • id-qt-cps: https://d.symcb.com/cps
                          • id-qt-unotice: https://d.symcb.com/rpa
                    • crlDistributionPoints: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl
                    • extendedKeyUsage: true, timeStamping
                    • keyUsage: true, 0x80
                    • authorityInfoAccess
                      • #0
                        • OCSP: http://ts-ocsp.ws.symantec.com
                        • caIssuers: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer
                    • subjectAltName
                      • CN: TimeStamp-2048-6
                    • subjectKeyIdentifier: 
                      a5 13 01 a9 9f 85 cc 1b  6e 16 1e 5f 3b 31 aa 79  |........n.._;1.y|
36 00 7b 1d                                       |6.{.            |
                    • authorityKeyIdentifier: 
                      af 63 d6 ca a3 4e 85 72  e0 a7 bc 41 f3 29 a2 38  |.c...N.r...A.).8|
7f 80 75 62                                       |..ub            |
                • RSA-SHA256: 
                  46 9e af f0 b8 a2 5f a2  99 48 cf a8 27 4b 21 cd  |F....._..H..'K!.|
b2 b9 a6 72 70 63 2f e3  55 29 7b 39 46 4e e7 7e  |...rpc/.U){9FN.~|
65 06 58 8b bc 57 8a 92  0d 08 d8 10 ba 36 24 fa  |e.X..W.......6$.|
0a 7b fb 3b d3 62 bf 4a  94 15 e6 82 db 8a 54 6d  |.{.;.b.J......Tm|
ff 28 fe 67 cf 71 3f e6  33 09 d9 a2 59 10 f4 1e  |.(.g.q?.3...Y...|
4a fe 65 cc de d4 6b e3  52 29 75 00 4a 2b a5 cc  |J.e...k.R)u.J+..|
cb 9b e8 a9 4d f7 b4 17  59 92 41 c3 b7 3f 86 e6  |....M...Y.A..?..|
f6 c0 7f 44 3c 46 5c 17  5a e3 a4 3b d5 69 26 d5  |...D.z.".t..G....|
91 25 b2 1b 96 e9 85 08  e8 dd ea 74 60 6e 60 a5  |.%.........t`n`.|
56 7a 0d c8 44 58 dc e6  f9 48 14 9e e5 bf de 00  |Vz..DX...H......|
bd 77 b1 98 14 72 14 24  df c7 11 2c 1f 00 3f c3  |.w...r.$...,..?.|
4b 14 c6 67 1c cc 1e 06  a3 90 5f 5c 54 8b 3e e3  |K..g......_\T.>.|
33 5b 82 0f c5 b7 86 02  4e 71 9f e9 66 45 3f 76  |3[......Nq..fE?v|
            • 1
              • unnamed
                • #0
                  • C: US
                  • O: Symantec Corporation
                  • OU: Symantec Trust Network
                  • CN: Symantec SHA256 TimeStamping CA
                • 7B:D4:E5:AF:BA:CC:07:3F:A1:01:23:04:22:41:4D:12
              • SHA256
              • #2
                • contentType: id-smime-ct-TSTInfo
                • signingTime: 2019-07-04 07:35:37 UTC
                • messageDigest: 
                  07 df de 42 0f 7f 90 1b  e0 58 77 6c b0 bf b3 6b  |...B.....Xwl...k|
93 b2 48 3d 2b 5d d2 4c  ff 42 9d 32 b5 42 f5 b3  |..H=+].L.B.2.B..|
                • id-smime-aa-signingCertificateV2: 
                  c4 74 ce 76 00 7d 02 39  4e 0d a5 e4 de 7c 14 c6  |.t.v.}.9N....|..|
80 f9 e2 82 01 3c fe f6  53 ef 5d b7 1f df 61 f8  |.....<..S.]...a.|
              • rsaEncryption
              • 9a d3 c1 39 87 b4 43 61  b7 ee b4 0b 30 c1 7f 78  |...9..Ca....0..x|
a1 c6 52 8e 0b 54 54 24  90 ed 89 fc 38 d0 a4 96  |..R..TT$....8...|
72 70 93 ab 6b 90 8d 8a  d8 7f b1 63 b0 7c a8 c0  |rp..k......c.|..|
5f 17 56 84 c9 29 5f a7  38 98 b3 05 9d 96 d4 b2  |_.V..)_.8.......|
81 a3 1f 5d 10 97 9b 2e  40 d3 5b d9 c4 90 79 9f  |...]....@.[...y.|
1d 7d 35 81 e6 1d 45 3a  ac 66 1b 6a 6c bb cf 35  |.}5...E:.f.jl..5|
52 24 41 77 60 f3 03 03  15 22 2f 86 c9 b0 02 2a  |R$Aw`...."/....*|
a7 04 d4 50 db 57 42 a8  4f c2 b0 44 9d 2c b5 b0  |...P.WB.O..D.,..|
85 94 69 04 ec 6f 57 d2  57 d0 1e e2 47 7d 70 87  |..i..oW.W...G}p.|
c6 f3 86 3c 83 11 1e 80  12 ca 9c 57 c5 b2 2d 39  |...<.......W..-9|
0d b7 bc 20 d3 44 bf 2b  4d d9 84 c7 94 e0 8c af  |... .D.+M.......|
4c d1 82 ea 2a d6 47 58  71 04 7d d3 00 6e c6 5c  |L...*.GXq.}..n.\|
f9 b1 b5 8b 28 cc 66 8c  bc f8 26 4b d4 18 97 fc  |....(.f...&K....|
53 b7 b7 4f 06 72 4b 5b  ff cd 00 f6 06 c7 26 24  |S..O.rK[......&$|
fb 5c 48 a4 30 95 18 c6  f0 b3 b1 d1 44 9b 92 fe  |.\H.0.......D...|
2a 6e d0 3c 81 ed ee 6b  90 9a 7f 45 15 13 02 0b  |*n.<...k...E....|
offsetsizetypecomment
01608192DLL07/04/2019 07:35:24#
15c115HTM#
188a007048PKCS7Authenticode Signature#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] can't find file_offset of VA 0x224e54
[?] can't find file_offset of VA 0x225380
[?] can't find file_offset of VA 0x225628
[?] can't find file_offset of VA 0x2258d0
[?] can't find file_offset of VA 0x225dfc
[?] can't find file_offset of VA 0x226c7c
[?] can't find file_offset of VA 0x226f10
[?] can't find file_offset of VA 0x2271a4
[?] can't find file_offset of VA 0x227438
[?] can't find file_offset of VA 0x2276cc
[?] can't find file_offset of VA 0x227960
[?] can't find file_offset of VA 0x227bf4
[?] can't find file_offset of VA 0x227fdc
[?] can't find file_offset of VA 0x228144
[?] can't find file_offset of VA 0x22820c
[?] can't find file_offset of VA 0x22908c
[?] can't find file_offset of VA 0x229a14
[?] can't find file_offset of VA 0x22b5bc
[?] can't find file_offset of VA 0x22bb24
[?] can't find file_offset of VA 0x22bdfc
[?] can't find file_offset of VA 0x22c13c
[?] can't find file_offset of VA 0x22c408
[?] can't find file_offset of VA 0x22c744
[?] can't find file_offset of VA 0x22ca24
[?] can't find file_offset of VA 0x22cd74
[?] can't find file_offset of VA 0x22d044
[?] can't find file_offset of VA 0x22d384
[?] can't find file_offset of VA 0x22e3b8
[?] can't find file_offset of VA 0x22ef18
[?] can't find file_offset of VA 0x22fa3c
[?] can't find file_offset of VA 0x230564
[?] can't find file_offset of VA 0x2308ec
[?] can't find file_offset of VA 0x231cb0
[?] can't find file_offset of VA 0x2328d4
[?] can't find file_offset of VA 0x23366c
[?] can't find file_offset of VA 0x2342a8
[?] can't find file_offset of VA 0x234ee8
[?] can't find file_offset of VA 0x2359e4
[?] can't find file_offset of VA 0x2364f4
[?] can't find file_offset of VA 0x2370a4
[?] can't find file_offset of VA 0x237ba4
[?] can't find file_offset of VA 0x238678
[!] refusing to read ICODIRENTRY beyond resource size