| filename | Pokki_PokkiSetup (1).exe | |
|---|---|---|
| size | 802640 (0xc3f50) | |
| md5 | 5add99ada049e74036952dfde56ebb31 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xe8 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 149 | 30729 | 26 |
| 131 | 30729 | 176 |
| 109 | 50727 | 2 |
| 123 | 50727 | 25 |
| 1 | 0 | 177 |
| 132 | 30729 | 83 |
| 148 | 21022 | 1 |
| 151 | 0 | 1 |
| 145 | 30729 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX Modified >> *$igBy Ahmed18 This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x159000 | 0 | RWX UDATA | |
| UPX1 | 0x15a000 | 0xa8000 | 0xa7400 | RWX IDATA | |
| .rsrc | 0x202000 | 0x1c000 | 0x1b600 | RW- IDATA |
Data Directory
| id | lang | string |
|---|---|---|
| 992 | 0 | 92 23 26 9b 6c c9 45 f2 74 af 0d c4 59 78 9b 9c |.#&.l.E.t...Yx..| e3 49 9b 47 51 9b 0f 7a 9b db 12 01 e7 47 82 9b |.I.GQ..z.....G..| 8f 2f 0f 77 f2 3c af 07 2e 92 08 9a a2 0e 93 3c |./.w.<.........<| 7a 9e 0a aa 0b 5e b5 9b 50 93 93 89 82 94 17 db |z....^..P.......| f4 c9 fb de 93 fc 04 9c 2f 0f 04 1e 0c 5e c6 79 |......../....^.y| de 14 0e 06 1c 07 21 1f 03 6f 2f 47 9c c7 4f 9c |......!..o/G..O.| 8b 82 a3 e4 |.... | |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.DLL | LoadLibraryA | ||
| KERNEL32.DLL | GetProcAddress | ||
| KERNEL32.DLL | VirtualProtect | ||
| KERNEL32.DLL | VirtualAlloc | ||
| KERNEL32.DLL | VirtualFree | ||
| KERNEL32.DLL | ExitProcess | ||
| ADVAPI32.dll | RegCloseKey | ||
| ole32.dll | CoInitializeEx | ||
| SHELL32.dll | SHGetFolderPathW | ||
| urlmon.dll | URLDownloadToFileA | ||
| USER32.dll | LoadStringW | ||
| VERSION.dll | VerQueryValueW |
StringTable 000004b0
| CompanyName | Pokki |
| LegalCopyright | ©2011 Pokki |
| ProductName | Pokki for Pokki |
| FileDescription | Pokki for Pokki Setup Program |
| FileVersion | 1.0.0.0 |
| InternalName | Installer.exe |
| OriginalFilename | Pokki_PokkiSetup.exe |
| ProductVersion | 1.0.0.0 |
StringTable 000004b0
| CompanyName | Pokki |
| LegalCopyright | © 2011 Pokki. All rights reserved. |
| ProductName | Pokki Download Helper |
| FileDescription | Pokki Download Helper Setup Program |
| FileVersion | 1.3.1.282 |
| InternalName | Installer.exe |
| OriginalFilename | Installer.exe |
| ProductVersion | 1.3.1.282 |
VS_FIXEDFILEINFO
| FileVersion | 1.0.0.0 |
| ProductVersion | 1.0.0.0 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
VS_FIXEDFILEINFO
| FileVersion | 1.3.1.282 |
| ProductVersion | 1.3.1.282 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
Signers (1)
issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https:\/\/www.verisign.com\/rpa (c)10/CN=VeriSign Class 3 Code Signing 2010 CA
serial: 7F0C02A0B2F2B0727327296C8736183B
Certificates (3)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
Validity
Not Before: May 1 00:00:00 2012 GMT
Not After : Dec 31 23:59:59 2012 GMT
Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer - G3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a9:59:66:74:da:3d:8a:7d:7a:d8:fc:f5:80:44:
7b:fe:47:6a:14:55:4e:50:47:0b:ec:d3:ed:ce:f6:
38:f7:4f:69:b9:b1:f0:b6:78:82:0a:8c:76:16:67:
e2:02:ad:b7:0d:a5:8a:f6:03:fc:66:d3:fc:08:2d:
cc:b5:73:59:7b:89:dc:33:6e:66:5a:5e:52:37:b4:
62:d1:92:59:35:14:8b:45:ac:59:b2:4d:24:a2:98:
94:68:42:72:9f:3a:68:e2:6b:8b:9e:22:2d:f4:98:
4e:9a:c6:af:b3:e4:a0:ab:3c:28:bf:23:e1:d7:72:
a4:f2:10:53:67:ae:77:af:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/tss-ca.crl
X509v3 Extended Key Usage: critical
Time Stamping
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Subject Alternative Name:
DirName:/CN=TSA1-3
X509v3 Subject Key Identifier:
B4:B7:F1:89:49:26:60:E7:65:EA:73:AE:DC:D3:38:CD:BF:57:92:6F
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
1e:98:aa:27:b7:78:b5:08:b5:c9:72:6d:b7:df:c0:0e:98:a6:
35:c4:88:c9:d2:f6:6d:f1:4b:1a:fb:d5:f9:2d:99:00:9e:d1:
e7:9b:8b:e1:3f:bd:39:80:0c:66:cd:07:bc:5c:98:54:a6:94:
ba:10:d1:4e:8b:ab:f5:6f:65:cc:67:09:a2:80:7c:52:e8:0e:
03:d6:6b:7a:c6:05:18:ec:c8:ac:42:7c:07:2c:a7:3d:08:66:
dc:00:ed:fd:94:1d:73:f2:72:98:93:b1:11:d6:8f:ef:8e:ea:
ac:f4:96:51:0c:d0:8d:df:31:52:4f:5e:af:7d:a7:4a:75:e6:
4e:ce:2b:9f:29:2b:e7:cf:5d:9f:03:7e:6e:27:7b:23:ad:62:
29:66:af:92:e8:2c:ce:bd:9c:7f:dc:cd:17:3c:43:c2:09:3f:
75:45:c7:9e:e4:d7:60:7f:97:c6:e4:aa:c7:69:f5:fc:cd:74:
ac:2c:b0:48:c1:50:4e:70:56:1e:b5:35:d3:8e:be:b1:ed:ac:
bd:fe:0c:ec:85:7d:d5:bb:85:66:44:19:5d:9f:93:eb:82:ba:
63:9e:d3:7c:61:ff:c8:1b:d9:23:58:7f:30:a3:66:a1:39:26:
5e:92:c3:3c:cb:37:32:fa:f5:a3:8d:dc:d5:b0:a3:e9:25:36:
55:d7:81:fa
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
Validity
Not Before: Dec 4 00:00:00 2003 GMT
Not After : Dec 3 23:59:59 2013 GMT
Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75:
f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da:
bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36:
9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af:
0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6:
d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6:
1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9:
0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99:
81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33:
95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a:
c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26:
87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe:
c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78:
ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a:
5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f:
f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee:
ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87:
c1:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.verisign.com/ThawteTimestampingCA.crl
X509v3 Extended Key Usage:
Time Stamping
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
DirName:/CN=TSA2048-1-53
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01:
d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7:
04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62:
15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00:
fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce:
e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4:
c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7:
3f:4a
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:0c:02:a0:b2:f2:b0:72:73:27:29:6c:87:36:18:3b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https:\/\/www.verisign.com\/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
Validity
Not Before: Feb 28 00:00:00 2012 GMT
Not After : Apr 25 23:59:59 2015 GMT
Subject: C=US, ST=California, L=San Diego, O=Pokki, OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=Pokki
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:0f:10:04:fd:8a:e2:12:31:04:ee:9b:0f:cb:
c1:b0:9d:d7:22:5d:ff:f0:14:26:62:1b:59:ba:9b:
b3:55:81:ff:82:c7:cc:f1:91:3e:93:71:7e:ca:b7:
3a:56:89:07:0a:f4:11:54:94:d2:ff:cb:20:62:bc:
02:97:be:8b:00:0d:f3:d1:26:32:a2:8c:48:63:bb:
f9:3b:70:1f:19:eb:a8:99:e8:97:8c:66:fd:97:88:
0c:6d:74:50:12:a6:91:13:77:46:9c:70:c7:17:ac:
fc:3e:52:6f:0f:91:3c:dd:5c:a7:ae:77:ba:51:54:
9b:93:f8:d5:da:9c:75:2b:3e:2e:fe:12:56:63:f7:
8b:4c:94:f4:11:55:b1:b9:8f:77:7d:60:90:a7:c0:
61:ab:d4:44:80:c4:31:1b:09:76:c1:56:6e:06:e4:
6e:c3:84:78:94:50:7d:d6:f4:62:90:b6:17:fe:3f:
93:d4:1b:77:9b:fb:6b:06:cd:38:d0:f7:3e:20:98:
23:4c:a7:0a:1e:c2:38:a2:9e:8b:03:13:d6:af:90:
07:57:9e:72:c3:af:cd:86:a0:c2:0c:57:b9:b2:bc:
79:d0:d5:a0:a6:b7:63:13:cb:a2:57:8f:dc:47:40:
7a:4e:8a:fb:7e:48:be:39:65:1f:41:6e:48:97:32:
b2:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:http://csc3-2010-crl.verisign.com/CSC3-2010.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.3
CPS: https://www.verisign.com/rpa
X509v3 Extended Key Usage:
Code Signing
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
CA Issuers - URI:http://csc3-2010-aia.verisign.com/CSC3-2010.cer
X509v3 Authority Key Identifier:
CF:99:A9:EA:7B:26:F4:4B:C9:8E:8F:D7:F0:05:26:EF:E3:D2:A7:9D
Netscape Cert Type:
Object Signing
1.3.6.1.4.1.311.2.1.27:
0.......
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
c2:7f:40:ec:29:dd:dc:95:af:df:0f:c1:22:cd:34:de:10:6b:
58:cc:4e:94:0a:84:f5:4c:ca:65:32:9d:21:b1:e0:f5:c8:7c:
57:c0:ca:00:03:7c:5b:44:cd:d9:1c:a2:11:25:cc:aa:23:c8:
0b:89:32:22:df:4c:56:91:d1:88:50:30:17:7f:a4:7a:15:7c:
08:3a:dd:12:0d:f8:c3:01:a5:b0:88:57:b4:6b:bc:c5:c9:39:
ed:a3:ed:7c:de:08:b2:31:ff:fb:86:5f:51:57:f4:93:e7:cf:
c2:41:c8:b9:aa:1e:6d:2f:77:2d:95:68:85:9f:80:af:08:25:
c0:52:5a:fb:67:e2:08:76:52:37:a5:6d:11:03:d0:5c:f3:e7:
3d:09:08:f9:81:e3:c4:f8:4e:11:94:a5:6f:01:fb:eb:88:f5:
df:51:e1:7f:a1:17:68:f2:b3:8b:ae:bb:65:30:00:0e:77:67:
b6:79:df:90:19:0e:28:66:7b:95:3c:c8:6a:f6:eb:d1:48:77:
65:11:f4:2e:eb:e6:4d:8f:1b:4a:7c:70:2a:e9:21:14:5e:27:
24:33:20:80:7e:d3:09:1c:8b:2e:e5:d8:d0:d6:ba:db:a8:fa:
80:59:04:5a:af:d9:b8:b0:8f:79:f7:fa:c3:f3:7f:61:d8:47:
87:e0:cf:af
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
40 e6 61 cb b6 cf da e1 3d e8 11 a1 b0 49 18 32 |@.a.....=....I.2| 96 4c eb f2 |.L.. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- Certificates
- Certificate #0
- 2
- 79:A2:A5:85:F9:D1:15:42:13:D9:B8:3E:F6:B6:8D:ED
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 2012-05-01 00:00:00 UTC: 2012-12-31 23:59:59 UTC
- Subject
- C: US
- O: Symantec Corporation
- CN: Symantec Time Stamping Services Signer - G3
- #5
- rsaEncryption: nil
- A9:59:66:74:DA:3D:8A:7D:7A:D8:FC:F5:80:44:7B:FE:
47:6A:14:55:4E:50:47:0B:EC:D3:ED:CE:F6:38:F7:4F:
69:B9:B1:F0:B6:78:82:0A:8C:76:16:67:E2:02:AD:B7:
0D:A5:8A:F6:03:FC:66:D3:FC:08:2D:CC:B5:73:59:7B:
89:DC:33:6E:66:5A:5E:52:37:B4:62:D1:92:59:35:14:
8B:45:AC:59:B2:4D:24:A2:98:94:68:42:72:9F:3A:68:
E2:6B:8B:9E:22:2D:F4:98:4E:9A:C6:AF:B3:E4:A0:AB:
3C:28:BF:23:E1:D7:72:A4:F2:10:53:67:AE:77:AF:51: 0x010001
- X509v3 extensions
- basicConstraints
- true
- nil
- crlDistributionPoints: http://crl.verisign.com/tss-ca.crl
- extendedKeyUsage: true, timeStamping
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- keyUsage: true, 0x80
- subjectAltName
- CN: TSA1-3
- subjectKeyIdentifier:
b4 b7 f1 89 49 26 60 e7 65 ea 73 ae dc d3 38 cd |....I&`.e.s...8.| bf 57 92 6f |.W.o |
- basicConstraints
- RSA-SHA1:
1e 98 aa 27 b7 78 b5 08 b5 c9 72 6d b7 df c0 0e |...'.x....rm....| 98 a6 35 c4 88 c9 d2 f6 6d f1 4b 1a fb d5 f9 2d |..5.....m.K....-| 99 00 9e d1 e7 9b 8b e1 3f bd 39 80 0c 66 cd 07 |........?.9..f..| bc 5c 98 54 a6 94 ba 10 d1 4e 8b ab f5 6f 65 cc |.\.T.....N...oe.| 67 09 a2 80 7c 52 e8 0e 03 d6 6b 7a c6 05 18 ec |g...|R....kz....| c8 ac 42 7c 07 2c a7 3d 08 66 dc 00 ed fd 94 1d |..B|.,.=.f......| 73 f2 72 98 93 b1 11 d6 8f ef 8e ea ac f4 96 51 |s.r............Q| 0c d0 8d df 31 52 4f 5e af 7d a7 4a 75 e6 4e ce |....1RO^.}.Ju.N.| 2b 9f 29 2b e7 cf 5d 9f 03 7e 6e 27 7b 23 ad 62 |+.)+..]..~n'{#.b| 29 66 af 92 e8 2c ce bd 9c 7f dc cd 17 3c 43 c2 |)f...,.......
- 2
- Certificate #1
- 2
- 47:BF:19:95:DF:8D:52:46:43:F7:DB:6D:48:0D:31:A4
- RSA-SHA1: nil
- Issuer
- C: ZA
- ST: Western Cape
- L: Durbanville
- O: Thawte
- OU: Thawte Certification
- CN: Thawte Timestamping CA
- 2003-12-04 00:00:00 UTC: 2013-12-03 23:59:59 UTC
- Subject
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- #5
- rsaEncryption: nil
- A9:CA:B2:A4:CC:CD:20:AF:0A:7D:89:AC:87:75:F0:B4:
4E:F1:DF:C1:0F:BF:67:61:BD:A3:64:1C:DA:BB:F9:CA:
33:AB:84:30:89:58:7E:8C:DB:6B:DD:36:9E:0F:BF:D1:
EC:78:F2:77:A6:7E:6F:3C:BF:93:AF:0D:BA:68:F4:6C:
94:CA:BD:52:2D:AB:48:3D:F5:B6:D5:5D:5F:1B:02:9F:
FA:2F:6B:1E:A4:F7:A3:9A:A6:1A:C8:02:E1:7F:4C:52:
E3:0E:60:EC:40:1C:7E:B9:0D:DE:3F:C7:B4:DF:87:BD:
5F:7A:6A:31:2E:03:99:81:13:A8:47:20:CE:31:73:0D:
57:2D:CD:78:34:33:95:12:99:12:B9:DE:68:2F:AA:E6:
E3:C2:8A:8C:2A:C3:8B:21:87:66:BD:83:58:57:6F:75:
BF:3C:AA:26:87:5D:CA:10:15:3C:9F:84:EA:54:C1:0A:
6E:C4:FE:C5:4A:DD:B9:07:11:97:22:7C:DB:3E:27:D1:
1E:78:EC:9F:31:C9:F1:E6:22:19:DB:C4:B3:47:43:9A:
1A:5F:A0:1E:90:E4:5E:F5:EE:7C:F1:7D:AB:62:01:8F:
F5:4D:0B:DE:D0:22:56:A8:95:CD:AE:88:76:AE:EE:BA:
0D:F3:E4:4D:D9:A0:FB:68:A0:AE:14:3B:B3:87:C1:BB: 0x010001
- X509v3 extensions
- authorityInfoAccess
- OCSP: http://ocsp.verisign.com
- basicConstraints
- true
- true: 0
- crlDistributionPoints: http://crl.verisign.com/ThawteTimestampingCA.crl
- extendedKeyUsage: timeStamping
- keyUsage: true, 6
- subjectAltName
- CN: TSA2048-1-53
- authorityInfoAccess
- RSA-SHA1:
4a 6b f9 ea 58 c2 44 1c 31 89 79 99 2b 96 bf 82 |Jk..X.D.1.y.+...| ac 01 d6 1c 4c cd b0 8a 58 6e df 08 29 a3 5e c8 |....L...Xn..).^.| ca 93 13 e7 04 52 0d ef 47 27 2f 00 38 b0 e4 c9 |.....R..G'/.8...| 93 4e 9a d4 22 62 15 f7 3f 37 21 4f 70 31 80 f1 |.N.."b..?7!Op1..| 8b 38 87 b3 e8 e8 97 00 fe cf 55 96 4e 24 d2 a9 |.8........U.N$..| 27 4e 7a ae b7 61 41 f3 2a ce e7 c9 d9 5e dd bb |'Nz..aA.*....^..| 2b 85 3e b5 9d b5 d9 e1 57 ff be b4 c5 7e f5 cf |+.>.....W....~..| 0c 9e f0 97 fe 2b d3 3b 52 1b 1b 38 27 f7 3f 4a |.....+.;R..8'.?J|
- 2
- Certificate #2
- 2
- 7F:0C:02:A0:B2:F2:B0:72:73:27:29:6C:87:36:18:3B
- RSA-SHA1: nil
- Issuer
- C: US
- O: VeriSign, Inc.
- OU: VeriSign Trust Network
- OU: Terms of use at https://www.verisign.com/rpa (c)10
- CN: VeriSign Class 3 Code Signing 2010 CA
- 2012-02-28 00:00:00 UTC: 2015-04-25 23:59:59 UTC
- Subject
- C: US
- ST: California
- L: San Diego
- O: Pokki
- OU: Digital ID Class 3 - Microsoft Software Validation v2
- CN: Pokki
- #5
- rsaEncryption: nil
- BD:0F:10:04:FD:8A:E2:12:31:04:EE:9B:0F:CB:C1:B0:
9D:D7:22:5D:FF:F0:14:26:62:1B:59:BA:9B:B3:55:81:
FF:82:C7:CC:F1:91:3E:93:71:7E:CA:B7:3A:56:89:07:
0A:F4:11:54:94:D2:FF:CB:20:62:BC:02:97:BE:8B:00:
0D:F3:D1:26:32:A2:8C:48:63:BB:F9:3B:70:1F:19:EB:
A8:99:E8:97:8C:66:FD:97:88:0C:6D:74:50:12:A6:91:
13:77:46:9C:70:C7:17:AC:FC:3E:52:6F:0F:91:3C:DD:
5C:A7:AE:77:BA:51:54:9B:93:F8:D5:DA:9C:75:2B:3E:
2E:FE:12:56:63:F7:8B:4C:94:F4:11:55:B1:B9:8F:77:
7D:60:90:A7:C0:61:AB:D4:44:80:C4:31:1B:09:76:C1:
56:6E:06:E4:6E:C3:84:78:94:50:7D:D6:F4:62:90:B6:
17:FE:3F:93:D4:1B:77:9B:FB:6B:06:CD:38:D0:F7:3E:
20:98:23:4C:A7:0A:1E:C2:38:A2:9E:8B:03:13:D6:AF:
90:07:57:9E:72:C3:AF:CD:86:A0:C2:0C:57:B9:B2:BC:
79:D0:D5:A0:A6:B7:63:13:CB:A2:57:8F:DC:47:40:7A:
4E:8A:FB:7E:48:BE:39:65:1F:41:6E:48:97:32:B2:71: 0x010001
- X509v3 extensions
- basicConstraints
- nil
- keyUsage: true, 0x80
- crlDistributionPoints: http://csc3-2010-crl.verisign.com/CSC3-2010.crl
- certificatePolicies
- 2.16.840.1.113733.1.7.23.3
- id-qt-cps: https://www.verisign.com/rpa
- 2.16.840.1.113733.1.7.23.3
- extendedKeyUsage: codeSigning
- authorityInfoAccess
- #0
- OCSP: http://ocsp.verisign.com
- caIssuers: http://csc3-2010-aia.verisign.com/CSC3-2010.cer
- #0
- authorityKeyIdentifier:
cf 99 a9 ea 7b 26 f4 4b c9 8e 8f d7 f0 05 26 ef |....{&.K......&.| e3 d2 a7 9d |.... | - nsCertType: 0x10
- 1.3.6.1.4.1.311.2.1.27
- false: true
- basicConstraints
- RSA-SHA1:
c2 7f 40 ec 29 dd dc 95 af df 0f c1 22 cd 34 de |..@.).......".4.| 10 6b 58 cc 4e 94 0a 84 f5 4c ca 65 32 9d 21 b1 |.kX.N....L.e2.!.| e0 f5 c8 7c 57 c0 ca 00 03 7c 5b 44 cd d9 1c a2 |...|W....|[D....| 11 25 cc aa 23 c8 0b 89 32 22 df 4c 56 91 d1 88 |.%..#...2".LV...| 50 30 17 7f a4 7a 15 7c 08 3a dd 12 0d f8 c3 01 |P0...z.|.:......| a5 b0 88 57 b4 6b bc c5 c9 39 ed a3 ed 7c de 08 |...W.k...9...|..| b2 31 ff fb 86 5f 51 57 f4 93 e7 cf c2 41 c8 b9 |.1..._QW.....A..| aa 1e 6d 2f 77 2d 95 68 85 9f 80 af 08 25 c0 52 |..m/w-.h.....%.R| 5a fb 67 e2 08 76 52 37 a5 6d 11 03 d0 5c f3 e7 |Z.g..vR7.m...\..| 3d 09 08 f9 81 e3 c4 f8 4e 11 94 a5 6f 01 fb eb |=.......N...o...| 88 f5 df 51 e1 7f a1 17 68 f2 b3 8b ae bb 65 30 |...Q....h.....e0| 00 0e 77 67 b6 79 df 90 19 0e 28 66 7b 95 3c c8 |..wg.y....(f{.<.| 6a f6 eb d1 48 77 65 11 f4 2e eb e6 4d 8f 1b 4a |j...Hwe.....M..J| 7c 70 2a e9 21 14 5e 27 24 33 20 80 7e d3 09 1c ||p*.!.^'$3 .~...| 8b 2e e5 d8 d0 d6 ba db a8 fa 80 59 04 5a af d9 |...........Y.Z..| b8 b0 8f 79 f7 fa c3 f3 7f 61 d8 47 87 e0 cf af |...y.....a.G....|
- 2
- Certificate #0
- Signer
- 1
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- OU: VeriSign Trust Network
- OU: Terms of use at https://www.verisign.com/rpa (c)10
- CN: VeriSign Class 3 Code Signing 2010 CA
- 7F:0C:02:A0:B2:F2:B0:72:73:27:29:6C:87:36:18:3B
- #0
- SHA1: nil
- #3
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
de e1 ce 82 48 be 7e 8a 5f 9e 78 25 d1 44 c4 ab |....H.~._.x%.D..| c5 70 60 c7 |.p`. |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
b4 0c 9c 2c 2c 21 7b 68 d9 01 98 1b 15 05 e8 49 |...,,!{h.......I| 16 26 9d ec 34 f6 f9 a8 c2 fa 37 76 e1 8f 04 b2 |.&..4.....7v....| 90 06 fe ae 40 bf c8 ea d2 41 99 f7 62 86 6b d7 |....@....A..b.k.| b1 a2 0b 51 eb 4a 1f b4 71 b2 20 d6 6d 22 4d fa |...Q.J..q. .m"M.| e7 4b d1 8b 22 7e 13 22 1b 7d 61 50 a3 02 cf 31 |.K.."~.".}aP...1| 70 d7 f8 27 70 3f 51 ab f2 fa fa bd 0f 46 2c c2 |p..'p?Q......F,.| 48 b2 88 ae dc 73 da 94 df 5d a4 4c 7d fa 46 8f |H....s...].L}.F.| 20 dd 62 0f 5d 16 0c cb 91 17 39 dc 1e 05 b2 d9 | .b.].....9.....| 88 93 e6 d3 c7 3c b4 ad 8d 27 29 d7 1c 56 ef 1d |.....<...')..V..| cd ff 62 ff 22 24 31 79 07 8a 7e 74 90 5e 33 8c |..b."$1y..~t.^3.| 5a 90 46 15 86 3e 02 b1 7f 4b 99 c3 0e 4e c9 98 |Z.F..>...K...N..| 49 87 8f f9 a5 f5 5f 4d 87 e2 f2 34 24 14 79 05 |I....._M...4$.y.| 45 64 a5 66 68 47 88 77 f4 e9 c9 51 f0 6a 45 d5 |Ed.fhG.w...Q.jE.| 37 9d e3 08 19 5d 24 17 cc 52 5c da e7 2d c4 da |7....]$..R\..-..| bf 8f d4 5f fb 81 43 6d 47 f6 89 68 b9 79 46 6c |..._..CmG..h.yFl| e5 22 4d 3d b8 89 c6 4c 8a 82 41 7d 40 77 05 68 |."M=...L..A}@w.h| - countersignature
- 1
- unnamed
- #0
- C: US
- O: VeriSign, Inc.
- CN: VeriSign Time Stamping Services CA
- 79:A2:A5:85:F9:D1:15:42:13:D9:B8:3E:F6:B6:8D:ED
- #0
- SHA1: nil
- #2
- contentType: pkcs7-data
- signingTime: 2012-11-20 19:33:19 UTC
- messageDigest:
46 65 88 4b 8c 3b 0e d4 e6 04 ca ec 7b d3 cd b9 |Fe.K.;......{...| ad 3b b6 ef |.;.. |
- rsaEncryption:
23 4a a8 4a b5 54 96 a6 85 51 60 b9 44 ce 29 4e |#J.J.T...Q`.D.)N| 46 ea 5b cf 1a dd 74 2e f3 7f 80 5c 3b e0 00 fc |F.[...t....\;...| 4e c3 b8 9a a9 5e 9e a9 62 e6 52 32 b7 60 4b ff |N....^..b.R2.`K.| d2 59 ea f8 33 07 d2 b4 28 a7 5c a2 3b 46 16 26 |.Y..3...(.\.;F.&| e5 4e 3f 0d cf 8e 30 8c 3a dc ef 61 ae f1 0e df |.N?...0.:..a....| 75 51 f1 84 b6 48 78 d1 7c 65 04 a8 11 86 4a db |uQ...Hx.|e....J.| cd c8 21 22 fa d7 d8 fe a0 11 27 e9 7f b1 3f 47 |..!"......'...?G| 6c dd 2a c1 55 14 4b 56 ac 6a ff f8 a2 ca d8 b0 |l.*.U.KV.j......|
- unnamed
- 1
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0x41424
[?] can't find file_offset of VA 0x11fb7c
[!] string size(18212) > stringtable size(100). truncated to 98
[!] cannot convert "&\x9Bl\xC9E\xF2t\xAF\r\xC4Yx\x9B\x9C\xE3I"... to UTF-16
[!] refusing to read ICODIRENTRY beyond resource size