IsRunning.exe

info
MZ
PE
resources
imports
exports
foremost
signature
hexdump
disasm
log
discuss
donate

filename	IsRunning.exe
size	61064 (0xee88)
md5	aa3e5a8f37743901d9950fef6ebb29ed

type	PE32 executable (console) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x50
blocks_in_file	2
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0xf
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0x1a
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x200

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001c0:

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	8
TimeDateStamp	0x37e13c02
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x818e
Magic	0x10b
LinkerVersion	2.25
SizeOfCode	0xa000
SizeOfInitializedData	0x6000
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1000
BaseOfCode	0x1000
BaseOfData	0xb000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	1.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x17000
SizeOfHeaders	0x600
CheckSum	0x14d86
Subsystem	3
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x2000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

Borland C++

Sections

name	va	vsize	raw size	flags
.text	0x1000	0xa000	0x9200	R-X CODE
.data	0xb000	0x6000	0x2800	RW- IDATA
.tls	0x11000	0x1000	0x200	RW- IDATA
.rdata	0x12000	0x1000	0x200	R-- IDATA SHARED
.idata	0x13000	0x1000	0x600	R-- IDATA
.edata	0x14000	0x1000	0x200	R-- IDATA
.rsrc	0x15000	0x1000	0x200	R-- IDATA
.reloc	0x16000	0x1000	0xa00	R-- IDATA SHARED

Data Directory

type	va	size
EXPORT	0x14000	0x6d
IMPORT	0x13000	0x552
RESOURCE	0x15000	0x200
EXCEPTION	0	0
SECURITY	0xd800	0x1688
BASERELOC	0x16000	0x890
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x12000	0x18
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x411000	0x4110ac	0x40b114	0x412010	0	0

show previews

type	name	size	cp
RCDATA	DVCLAL	16	0

module_name	hint	ord	function_name
KERNEL32.DLL			CloseHandle
KERNEL32.DLL			CreateFileA
KERNEL32.DLL			CreateToolhelp32Snapshot
KERNEL32.DLL			EnterCriticalSection
KERNEL32.DLL			ExitProcess
KERNEL32.DLL			GetACP
KERNEL32.DLL			GetCPInfo
KERNEL32.DLL			GetCommandLineA
KERNEL32.DLL			GetCurrentThreadId
KERNEL32.DLL			GetEnvironmentStrings
KERNEL32.DLL			GetFileType
KERNEL32.DLL			GetLastError
KERNEL32.DLL			GetLocalTime
KERNEL32.DLL			GetModuleFileNameA
KERNEL32.DLL			GetModuleHandleA
KERNEL32.DLL			GetOEMCP
KERNEL32.DLL			GetProcAddress
KERNEL32.DLL			GetProcessHeap
KERNEL32.DLL			GetStartupInfoA
KERNEL32.DLL			GetStdHandle
KERNEL32.DLL			GetStringTypeW
KERNEL32.DLL			GetVersion
KERNEL32.DLL			GetVersionExA
KERNEL32.DLL			GlobalMemoryStatus
KERNEL32.DLL			HeapAlloc
KERNEL32.DLL			HeapFree
KERNEL32.DLL			InitializeCriticalSection
KERNEL32.DLL			LeaveCriticalSection
KERNEL32.DLL			LoadLibraryA
KERNEL32.DLL			MultiByteToWideChar
KERNEL32.DLL			Process32First
KERNEL32.DLL			Process32Next
KERNEL32.DLL			RaiseException
KERNEL32.DLL			RtlUnwind
KERNEL32.DLL			SetConsoleCtrlHandler
KERNEL32.DLL			SetFilePointer
KERNEL32.DLL			SetHandleCount
KERNEL32.DLL			TlsAlloc
KERNEL32.DLL			TlsFree
KERNEL32.DLL			TlsGetValue
KERNEL32.DLL			TlsSetValue
KERNEL32.DLL			UnhandledExceptionFilter
KERNEL32.DLL			VirtualAlloc
KERNEL32.DLL			VirtualFree
KERNEL32.DLL			VirtualQuery
KERNEL32.DLL			WideCharToMultiByte
KERNEL32.DLL			WriteFile
USER32.DLL			EnumThreadWindows
USER32.DLL			MessageBoxA
USER32.DLL			wsprintfA

ord	entry_va	function_name
1	0x1060	__GetExceptDLLinfo
2	0xb120	___CPPdebugHook

module_name	IsRunning.exe
flags	0
timestamp	0
version	0.0
ordinal_base	1
nFunctions	2
nNames	2
Names(2)	0x14030
Functions(2)	0x14028
NameOrdinals(2)	0x14038

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https:\/\/www.verisign.com\/rpa (c)04/CN=VeriSign Class 3 Code Signing 2004 CA

serial: 7ADE0C565B1D729B61C6DF9195897E03

Certificates (4)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
        Validity
            Not Before: Dec  4 00:00:00 2003 GMT
            Not After : Dec  3 23:59:59 2013 GMT
        Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75:
                    f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da:
                    bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36:
                    9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af:
                    0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6:
                    d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6:
                    1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9:
                    0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99:
                    81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33:
                    95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a:
                    c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26:
                    87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe:
                    c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78:
                    ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a:
                    5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f:
                    f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee:
                    ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87:
                    c1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.verisign.com/ThawteTimestampingCA.crl
            X509v3 Extended Key Usage: 
                Time Stamping
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DirName:/CN=TSA2048-1-53
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01:
        d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7:
        04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62:
        15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00:
        fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce:
        e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4:
        c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7:
        3f:4a

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
        Validity
            Not Before: Dec  4 00:00:00 2003 GMT
            Not After : Dec  3 23:59:59 2008 GMT
        Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b2:50:28:48:dd:d3:68:7a:84:18:44:66:75:5d:
                    7e:c4:b8:9f:63:26:ff:3d:43:9c:7c:11:38:10:25:
                    55:73:d9:75:27:69:fd:4e:b9:20:5c:d3:0a:f9:a0:
                    1b:2a:ed:55:56:21:61:d8:1e:db:e4:bc:33:6b:c7:
                    ef:dd:a3:37:65:8e:1b:93:0c:b6:53:1e:5c:7c:66:
                    35:5f:05:8a:45:fe:76:4e:df:53:80:a2:81:20:9d:
                    ae:88:5c:a2:08:f7:e5:30:f9:ee:22:37:4c:42:0a:
                    ce:df:c6:1f:c4:d6:55:e9:81:3f:b5:52:a3:2c:aa:
                    01:7a:f2:a2:aa:8d:35:fe:9f:e6:5d:6a:05:9f:3d:
                    6b:e3:bf:96:c0:fe:cc:60:f9:40:e7:07:a0:44:eb:
                    81:51:6e:a5:2a:f2:b6:8a:10:28:ed:8f:dc:06:a0:
                    86:50:9a:7b:4a:08:0d:30:1d:ca:10:9e:6b:f7:e9:
                    58:ae:04:a9:40:99:b2:28:e8:8f:16:ac:3c:e3:53:
                    6f:4b:d3:35:9d:b5:6f:64:1d:b3:96:2c:bb:3d:e7:
                    79:eb:6d:7a:f9:16:e6:26:ad:af:ef:99:53:b7:40:
                    2c:95:b8:79:aa:fe:d4:52:ab:29:74:7e:42:ec:39:
                    1e:a2:6a:16:e6:59:bb:24:68:d8:00:80:43:10:87:
                    80:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.verisign.com/tss-ca.crl
            X509v3 Extended Key Usage: critical
                Time Stamping
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Subject Alternative Name: 
                DirName:/CN=TSA2048-1-54
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        87:78:70:da:4e:52:01:20:5b:e0:79:c9:82:30:c4:fd:b9:19:
        96:bd:91:00:c3:bd:cd:cd:c6:f4:0e:d8:ff:f9:4d:c0:33:62:
        30:11:c5:f5:74:1b:d4:92:de:5f:9c:20:13:b1:7c:45:be:50:
        cd:83:e7:80:17:83:a7:27:93:67:13:46:fb:ca:b8:98:41:03:
        cc:9b:51:5b:05:8b:7f:a8:6f:f3:1b:50:1b:24:2e:f2:69:8d:
        6c:22:f7:bb:ca:16:95:ed:0c:74:c0:68:77:d9:eb:99:62:87:
        c1:73:90:f8:89:74:7a:23:ab:a3:98:7b:97:b1:f7:8f:29:71:
        4d:2e:75:1b:48:41:da:f0:b5:0d:20:54:d6:77:a0:97:82:63:
        69:fd:09:cf:8a:f0:75:bb:09:9b:d9:f9:11:55:26:9a:61:32:
        be:7a:02:b0:7b:86:be:a2:c3:8b:22:2c:78:d1:35:76:bc:92:
        73:5c:f9:b9:e6:4c:15:0a:23:cc:e4:d2:d4:34:2e:49:40:15:
        3c:0f:60:7a:24:c6:a5:66:ef:96:cf:70:eb:3e:e7:f4:0d:7e:
        dc:d1:7c:a3:76:71:69:c1:9c:4f:47:30:35:21:b1:a2:af:1a:
        62:3c:2b:d9:8e:aa:2a:07:7b:d8:18:b3:5c:7b:e2:9d:a5:6f:
        fe:3c:89:ad

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
        Validity
            Not Before: Jul 16 00:00:00 2004 GMT
            Not After : Jul 15 23:59:59 2014 GMT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https:\/\/www.verisign.com\/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:be:bc:ee:bc:7e:ef:83:eb:e0:37:4f:fb:03:10:
                    38:be:08:d2:8c:7d:9d:fa:92:7f:19:0c:c2:6b:ee:
                    42:52:8c:de:d3:1c:48:13:25:ea:c1:63:7a:f9:51:
                    65:ee:d3:aa:3b:f5:f0:94:9c:2b:fb:f2:66:d4:24:
                    da:f7:f5:9f:6e:19:39:36:bc:d0:a3:76:08:1e:22:
                    27:24:6c:38:91:27:e2:84:49:ae:1b:8a:a1:fd:25:
                    82:2c:10:30:e8:71:ab:28:e8:77:4a:51:f1:ec:cd:
                    f8:f0:54:d4:6f:c0:e3:6d:0a:8f:d9:d8:64:8d:63:
                    b2:2d:4e:27:f6:85:0e:fe:6d:e3:29:99:e2:85:47:
                    7c:2d:86:7f:e8:57:8f:ad:67:c2:33:32:91:13:20:
                    fc:a9:23:14:9a:6d:c2:84:4b:76:68:04:d5:71:2c:
                    5d:21:fa:88:0d:26:fd:1f:2d:91:2b:e7:01:55:4d:
                    f2:6d:35:28:82:df:d9:6b:5c:b6:d6:d9:aa:81:fd:
                    5f:cd:83:ba:63:9d:d0:22:fc:a9:3b:42:69:b2:8e:
                    3a:b5:bc:b4:9e:0f:5e:c4:ea:2c:82:8b:28:fd:53:
                    08:96:dd:b5:01:20:d1:f9:a5:18:e7:c0:ee:51:70:
                    37:e1:b6:05:48:52:48:6f:38:ea:c3:e8:6c:7b:44:
                    84:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/rpa
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.verisign.com/pca3.crl
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, Code Signing
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Netscape Cert Type: 
                Object Signing CA
            X509v3 Subject Alternative Name: 
                DirName:/CN=Class3CA2048-1-43
            X509v3 Subject Key Identifier: 
                08:F5:51:E8:FB:FE:3D:3D:64:36:7C:68:CF:5B:78:A8:DF:B9:C5:37
            X509v3 Authority Key Identifier: 
                DirName:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
                serial:70:BA:E4:1D:10:D9:29:34:B6:38:CA:7B:03:CC:BA:BF
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        ae:3a:17:b8:4a:7b:55:fa:64:55:ec:40:a4:ed:49:41:90:99:
        9c:89:bc:af:2e:1d:ca:78:23:f9:1c:19:0f:7f:eb:68:bc:32:
        d9:88:38:de:dc:3f:d3:89:b4:3f:b1:82:96:f1:a4:5a:ba:ed:
        2e:26:d3:de:7c:01:6e:00:0a:00:a4:06:92:11:48:09:40:f9:
        1c:18:79:67:23:24:e0:bb:d5:e1:50:ae:1b:f5:0e:dd:e0:2e:
        81:cd:80:a3:6c:52:4f:91:75:55:8a:ba:22:f2:d2:ea:41:75:
        88:2f:63:55:7d:1e:54:5a:95:59:ca:d9:34:81:c0:5f:5e:f6:
        7a:b5

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:de:0c:56:5b:1d:72:9b:61:c6:df:91:95:89:7e:03
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https:\/\/www.verisign.com\/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
        Validity
            Not Before: Feb  5 00:00:00 2007 GMT
            Not After : Feb  9 23:59:59 2008 GMT
        Subject: C=US, ST=California, L=Palo Alto, O=Hewlett-Packard Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Hewlett-Packard Company, CN=Hewlett-Packard Company
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c9:04:c8:27:95:2b:cf:2c:d4:48:56:54:36:c9:
                    01:40:0e:48:b5:61:b2:bb:82:f9:ee:53:e7:e2:dc:
                    a4:a3:7c:45:04:fb:d4:48:26:90:ff:b9:67:cc:98:
                    8b:09:b7:52:da:ac:7c:63:e0:12:8f:8d:b6:d6:64:
                    71:f6:ca:1b:90:e8:b4:b2:de:e2:8d:e3:0b:63:50:
                    51:a7:4f:9e:f6:ab:90:d9:34:83:8f:79:d3:da:ee:
                    c6:96:07:c8:5c:34:cc:96:83:f0:d0:a6:6b:f8:e3:
                    47:14:38:e3:f8:90:46:3c:47:bf:10:2a:90:ea:17:
                    26:68:39:05:6d:0a:56:bc:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://CSC3-2004-crl.verisign.com/CSC3-2004.crl
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/rpa
            X509v3 Extended Key Usage: 
                Code Signing
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com
                CA Issuers - URI:http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer
            X509v3 Authority Key Identifier: 
                08:F5:51:E8:FB:FE:3D:3D:64:36:7C:68:CF:5B:78:A8:DF:B9:C5:37
            Netscape Cert Type: 
                Object Signing
            1.3.6.1.4.1.311.2.1.27: 
                0.......
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        16:d9:27:d6:fc:a4:53:28:0f:3e:bc:36:c9:21:22:0c:20:0e:
        20:03:29:6f:04:f8:80:39:d7:67:df:b8:3a:03:b5:42:71:db:
        07:9f:05:a8:b0:66:f8:67:50:6e:49:1f:05:53:01:79:9b:71:
        f4:3b:f5:8c:ce:b7:f3:6f:5b:31:ef:78:61:35:f0:40:4a:c9:
        5b:a1:e8:9b:8a:29:e4:c4:cd:ac:a3:35:9f:e4:0b:e3:df:e4:
        ad:b8:2f:fe:62:3b:40:59:8c:19:29:a5:a8:89:9c:09:ec:b5:
        cb:48:4f:79:fb:94:ef:15:2c:2d:c6:c2:e6:72:17:18:3a:4d:
        20:0b:57:31:dd:df:73:e4:ba:d4:1f:c8:79:9f:63:c8:34:67:
        0d:be:42:04:2d:82:f1:79:d5:bb:0a:07:3c:a1:93:d1:93:83:
        86:9c:cf:bf:4c:ae:73:d9:cf:14:c4:88:4e:69:8d:b7:03:5f:
        d8:3b:dc:8a:41:0d:a8:18:32:20:d9:30:8a:c1:46:9d:db:b4:
        09:5e:f6:88:a2:bd:99:95:93:ea:08:79:e5:da:fd:7a:c4:15:
        31:f1:3b:d1:f6:78:a9:69:fd:f9:26:b9:08:e5:2c:e0:83:2a:
        4a:24:43:76:2c:48:13:9d:09:c4:c0:21:d0:58:2b:0d:5b:c4:
        c5:ad:8e:04

pkcs7-signedData

1
- MD5: nil
- 1.3.6.1.4.1.311.2.1.4
  - #0
    - 1.3.6.1.4.1.311.2.1.15
      - :
        00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
    - MD5
      - 22 52 6c dd fe 1b e4 04 b0 26 a4 bb 7f 9a b4 ed |"Rl......&......|
- Certificates
  - Certificate #0
    - 2
      - 47:BF:19:95:DF:8D:52:46:43:F7:DB:6D:48:0D:31:A4
      - RSA-SHA1: nil
      - Issuer
        C: ZA
        ST: Western Cape
        L: Durbanville
        O: Thawte
        OU: Thawte Certification
        CN: Thawte Timestamping CA
      - 2003-12-04 00:00:00 UTC: 2013-12-03 23:59:59 UTC
      - Subject
        C: US
        O: VeriSign, Inc.
        CN: VeriSign Time Stamping Services CA
      - #5
        rsaEncryption: nil
        A9:CA:B2:A4:CC:CD:20:AF:0A:7D:89:AC:87:75:F0:B4:
        4E:F1:DF:C1:0F:BF:67:61:BD:A3:64:1C:DA:BB:F9:CA:
        33:AB:84:30:89:58:7E:8C:DB:6B:DD:36:9E:0F:BF:D1:
        EC:78:F2:77:A6:7E:6F:3C:BF:93:AF:0D:BA:68:F4:6C:
        94:CA:BD:52:2D:AB:48:3D:F5:B6:D5:5D:5F:1B:02:9F:
        FA:2F:6B:1E:A4:F7:A3:9A:A6:1A:C8:02:E1:7F:4C:52:
        E3:0E:60:EC:40:1C:7E:B9:0D:DE:3F:C7:B4:DF:87:BD:
        5F:7A:6A:31:2E:03:99:81:13:A8:47:20:CE:31:73:0D:
        57:2D:CD:78:34:33:95:12:99:12:B9:DE:68:2F:AA:E6:
        E3:C2:8A:8C:2A:C3:8B:21:87:66:BD:83:58:57:6F:75:
        BF:3C:AA:26:87:5D:CA:10:15:3C:9F:84:EA:54:C1:0A:
        6E:C4:FE:C5:4A:DD:B9:07:11:97:22:7C:DB:3E:27:D1:
        1E:78:EC:9F:31:C9:F1:E6:22:19:DB:C4:B3:47:43:9A:
        1A:5F:A0:1E:90:E4:5E:F5:EE:7C:F1:7D:AB:62:01:8F:
        F5:4D:0B:DE:D0:22:56:A8:95:CD:AE:88:76:AE:EE:BA:
        0D:F3:E4:4D:D9:A0:FB:68:A0:AE:14:3B:B3:87:C1:BB: 0x010001
      - X509v3 extensions
        authorityInfoAccess
        OCSP: http://ocsp.verisign.com
        basicConstraints
        true
        true: 0
        crlDistributionPoints: http://crl.verisign.com/ThawteTimestampingCA.crl
        extendedKeyUsage: timeStamping
        keyUsage: true, 6
        subjectAltName
        CN: TSA2048-1-53
    - RSA-SHA1:
```
4a 6b f9 ea 58 c2 44 1c  31 89 79 99 2b 96 bf 82  |Jk..X.D.1.y.+...|
ac 01 d6 1c 4c cd b0 8a  58 6e df 08 29 a3 5e c8  |....L...Xn..).^.|
ca 93 13 e7 04 52 0d ef  47 27 2f 00 38 b0 e4 c9  |.....R..G'/.8...|
93 4e 9a d4 22 62 15 f7  3f 37 21 4f 70 31 80 f1  |.N.."b..?7!Op1..|
8b 38 87 b3 e8 e8 97 00  fe cf 55 96 4e 24 d2 a9  |.8........U.N$..|
27 4e 7a ae b7 61 41 f3  2a ce e7 c9 d9 5e dd bb  |'Nz..aA.*....^..|
2b 85 3e b5 9d b5 d9 e1  57 ff be b4 c5 7e f5 cf  |+.>.....W....~..|
0c 9e f0 97 fe 2b d3 3b  52 1b 1b 38 27 f7 3f 4a  |.....+.;R..8'.?J|
```
  - Certificate #1
    - 2
      - 0D:E9:2B:F0:D4:D8:29:88:18:32:05:09:5E:9A:76:88
      - RSA-SHA1: nil
      - Issuer
        C: US
        O: VeriSign, Inc.
        CN: VeriSign Time Stamping Services CA
      - 2003-12-04 00:00:00 UTC: 2008-12-03 23:59:59 UTC
      - Subject
        C: US
        O: VeriSign, Inc.
        CN: VeriSign Time Stamping Services Signer
      - #5
        rsaEncryption: nil
        B2:50:28:48:DD:D3:68:7A:84:18:44:66:75:5D:7E:C4:
        B8:9F:63:26:FF:3D:43:9C:7C:11:38:10:25:55:73:D9:
        75:27:69:FD:4E:B9:20:5C:D3:0A:F9:A0:1B:2A:ED:55:
        56:21:61:D8:1E:DB:E4:BC:33:6B:C7:EF:DD:A3:37:65:
        8E:1B:93:0C:B6:53:1E:5C:7C:66:35:5F:05:8A:45:FE:
        76:4E:DF:53:80:A2:81:20:9D:AE:88:5C:A2:08:F7:E5:
        30:F9:EE:22:37:4C:42:0A:CE:DF:C6:1F:C4:D6:55:E9:
        81:3F:B5:52:A3:2C:AA:01:7A:F2:A2:AA:8D:35:FE:9F:
        E6:5D:6A:05:9F:3D:6B:E3:BF:96:C0:FE:CC:60:F9:40:
        E7:07:A0:44:EB:81:51:6E:A5:2A:F2:B6:8A:10:28:ED:
        8F:DC:06:A0:86:50:9A:7B:4A:08:0D:30:1D:CA:10:9E:
        6B:F7:E9:58:AE:04:A9:40:99:B2:28:E8:8F:16:AC:3C:
        E3:53:6F:4B:D3:35:9D:B5:6F:64:1D:B3:96:2C:BB:3D:
        E7:79:EB:6D:7A:F9:16:E6:26:AD:AF:EF:99:53:B7:40:
        2C:95:B8:79:AA:FE:D4:52:AB:29:74:7E:42:EC:39:1E:
        A2:6A:16:E6:59:BB:24:68:D8:00:80:43:10:87:80:6B: 0x010001
      - X509v3 extensions
        authorityInfoAccess
        OCSP: http://ocsp.verisign.com
        basicConstraints
        true
        nil
        crlDistributionPoints: http://crl.verisign.com/tss-ca.crl
        extendedKeyUsage: true, timeStamping
        keyUsage: true, 0xc0
        subjectAltName
        CN: TSA2048-1-54
    - RSA-SHA1:
```
87 78 70 da 4e 52 01 20  5b e0 79 c9 82 30 c4 fd  |.xp.NR. [.y..0..|
b9 19 96 bd 91 00 c3 bd  cd cd c6 f4 0e d8 ff f9  |................|
4d c0 33 62 30 11 c5 f5  74 1b d4 92 de 5f 9c 20  |M.3b0...t...._. |
13 b1 7c 45 be 50 cd 83  e7 80 17 83 a7 27 93 67  |..|E.P.......'.g|
13 46 fb ca b8 98 41 03  cc 9b 51 5b 05 8b 7f a8  |.F....A...Q[....|
6f f3 1b 50 1b 24 2e f2  69 8d 6c 22 f7 bb ca 16  |o..P.$..i.l"....|
95 ed 0c 74 c0 68 77 d9  eb 99 62 87 c1 73 90 f8  |...t.hw...b..s..|
89 74 7a 23 ab a3 98 7b  97 b1 f7 8f 29 71 4d 2e  |.tz#...{....)qM.|
75 1b 48 41 da f0 b5 0d  20 54 d6 77 a0 97 82 63  |u.HA.... T.w...c|
69 fd 09 cf 8a f0 75 bb  09 9b d9 f9 11 55 26 9a  |i.....u......U&.|
61 32 be 7a 02 b0 7b 86  be a2 c3 8b 22 2c 78 d1  |a2.z..{.....",x.|
35 76 bc 92 73 5c f9 b9  e6 4c 15 0a 23 cc e4 d2  |5v..s\...L..#...|
d4 34 2e 49 40 15 3c 0f  60 7a 24 c6 a5 66 ef 96  |.4.I@.<.`z$..f..|
cf 70 eb 3e e7 f4 0d 7e  dc d1 7c a3 76 71 69 c1  |.p.>...~..|.vqi.|
9c 4f 47 30 35 21 b1 a2  af 1a 62 3c 2b d9 8e aa  |.OG05!....b<+...|
2a 07 7b d8 18 b3 5c 7b  e2 9d a5 6f fe 3c 89 ad  |*.{...\{...o.<..|
```
  - Certificate #2
    - 2
      - 41:91:A1:5A:39:78:DF:CF:49:65:66:38:1D:4C:75:C2
      - RSA-SHA1: nil
      - Issuer
        C: US
        O: VeriSign, Inc.
        OU: Class 3 Public Primary Certification Authority
      - 2004-07-16 00:00:00 UTC: 2014-07-15 23:59:59 UTC
      - Subject
        C: US
        O: VeriSign, Inc.
        OU: VeriSign Trust Network
        OU: Terms of use at https://www.verisign.com/rpa (c)04
        CN: VeriSign Class 3 Code Signing 2004 CA
      - #5
        rsaEncryption: nil
        BE:BC:EE:BC:7E:EF:83:EB:E0:37:4F:FB:03:10:38:BE:
        08:D2:8C:7D:9D:FA:92:7F:19:0C:C2:6B:EE:42:52:8C:
        DE:D3:1C:48:13:25:EA:C1:63:7A:F9:51:65:EE:D3:AA:
        3B:F5:F0:94:9C:2B:FB:F2:66:D4:24:DA:F7:F5:9F:6E:
        19:39:36:BC:D0:A3:76:08:1E:22:27:24:6C:38:91:27:
        E2:84:49:AE:1B:8A:A1:FD:25:82:2C:10:30:E8:71:AB:
        28:E8:77:4A:51:F1:EC:CD:F8:F0:54:D4:6F:C0:E3:6D:
        0A:8F:D9:D8:64:8D:63:B2:2D:4E:27:F6:85:0E:FE:6D:
        E3:29:99:E2:85:47:7C:2D:86:7F:E8:57:8F:AD:67:C2:
        33:32:91:13:20:FC:A9:23:14:9A:6D:C2:84:4B:76:68:
        04:D5:71:2C:5D:21:FA:88:0D:26:FD:1F:2D:91:2B:E7:
        01:55:4D:F2:6D:35:28:82:DF:D9:6B:5C:B6:D6:D9:AA:
        81:FD:5F:CD:83:BA:63:9D:D0:22:FC:A9:3B:42:69:B2:
        8E:3A:B5:BC:B4:9E:0F:5E:C4:EA:2C:82:8B:28:FD:53:
        08:96:DD:B5:01:20:D1:F9:A5:18:E7:C0:EE:51:70:37:
        E1:B6:05:48:52:48:6F:38:EA:C3:E8:6C:7B:44:84:BB: 0x010001
      - X509v3 extensions
        basicConstraints
        true
        true: 0
        certificatePolicies
        2.16.840.1.113733.1.7.23.3
        id-qt-cps: https://www.verisign.com/rpa
        crlDistributionPoints: http://crl.verisign.com/pca3.crl
        extendedKeyUsage
        clientAuth: codeSigning
        keyUsage: true, 6
        nsCertType: 1
        subjectAltName
        CN: Class3CA2048-1-43
        subjectKeyIdentifier:
        08 f5 51 e8 fb fe 3d 3d 64 36 7c 68 cf 5b 78 a8 |..Q...==d6|h.[x.| df b9 c5 37 |...7 |
        authorityKeyIdentifier
        unnamed
        #0
        C: US
        O: VeriSign, Inc.
        OU: Class 3 Public Primary Certification Authority
        70 ba e4 1d 10 d9 29 34 b6 38 ca 7b 03 cc ba bf |p.....)4.8.{....|
    - RSA-SHA1:
```
ae 3a 17 b8 4a 7b 55 fa  64 55 ec 40 a4 ed 49 41  |.:..J{U.dU.@..IA|
90 99 9c 89 bc af 2e 1d  ca 78 23 f9 1c 19 0f 7f  |.........x#.....|
eb 68 bc 32 d9 88 38 de  dc 3f d3 89 b4 3f b1 82  |.h.2..8..?...?..|
96 f1 a4 5a ba ed 2e 26  d3 de 7c 01 6e 00 0a 00  |...Z...&..|.n...|
a4 06 92 11 48 09 40 f9  1c 18 79 67 23 24 e0 bb  |....H.@...yg#$..|
d5 e1 50 ae 1b f5 0e dd  e0 2e 81 cd 80 a3 6c 52  |..P...........lR|
4f 91 75 55 8a ba 22 f2  d2 ea 41 75 88 2f 63 55  |O.uU.."...Au./cU|
7d 1e 54 5a 95 59 ca d9  34 81 c0 5f 5e f6 7a b5  |}.TZ.Y..4.._^.z.|
```
  - Certificate #3
    - 2
      - 7A:DE:0C:56:5B:1D:72:9B:61:C6:DF:91:95:89:7E:03
      - RSA-SHA1: nil
      - Issuer
        C: US
        O: VeriSign, Inc.
        OU: VeriSign Trust Network
        OU: Terms of use at https://www.verisign.com/rpa (c)04
        CN: VeriSign Class 3 Code Signing 2004 CA
      - 2007-02-05 00:00:00 UTC: 2008-02-09 23:59:59 UTC
      - Subject
        C: US
        ST: California
        L: Palo Alto
        O: Hewlett-Packard Company
        OU: Digital ID Class 3 - Microsoft Software Validation v2
        OU: Hewlett-Packard Company
        CN: Hewlett-Packard Company
      - #5
        rsaEncryption: nil
        C9:04:C8:27:95:2B:CF:2C:D4:48:56:54:36:C9:01:40:
        0E:48:B5:61:B2:BB:82:F9:EE:53:E7:E2:DC:A4:A3:7C:
        45:04:FB:D4:48:26:90:FF:B9:67:CC:98:8B:09:B7:52:
        DA:AC:7C:63:E0:12:8F:8D:B6:D6:64:71:F6:CA:1B:90:
        E8:B4:B2:DE:E2:8D:E3:0B:63:50:51:A7:4F:9E:F6:AB:
        90:D9:34:83:8F:79:D3:DA:EE:C6:96:07:C8:5C:34:CC:
        96:83:F0:D0:A6:6B:F8:E3:47:14:38:E3:F8:90:46:3C:
        47:BF:10:2A:90:EA:17:26:68:39:05:6D:0A:56:BC:0F: 0x010001
      - X509v3 extensions
        basicConstraints
        nil
        keyUsage: true, 0x80
        crlDistributionPoints: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl
        certificatePolicies
        2.16.840.1.113733.1.7.23.3
        id-qt-cps: https://www.verisign.com/rpa
        extendedKeyUsage: codeSigning
        authorityInfoAccess
        #0
        OCSP: http://ocsp.verisign.com
        caIssuers: http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer
        authorityKeyIdentifier:
        08 f5 51 e8 fb fe 3d 3d 64 36 7c 68 cf 5b 78 a8 |..Q...==d6|h.[x.| df b9 c5 37 |...7 |
        nsCertType: 0x10
        1.3.6.1.4.1.311.2.1.27
        false: true
    - RSA-SHA1:
```
16 d9 27 d6 fc a4 53 28  0f 3e bc 36 c9 21 22 0c  |..'...S(.>.6.!".|
20 0e 20 03 29 6f 04 f8  80 39 d7 67 df b8 3a 03  | . .)o...9.g..:.|
b5 42 71 db 07 9f 05 a8  b0 66 f8 67 50 6e 49 1f  |.Bq......f.gPnI.|
05 53 01 79 9b 71 f4 3b  f5 8c ce b7 f3 6f 5b 31  |.S.y.q.;.....o[1|
ef 78 61 35 f0 40 4a c9  5b a1 e8 9b 8a 29 e4 c4  |.xa5.@J.[....)..|
cd ac a3 35 9f e4 0b e3  df e4 ad b8 2f fe 62 3b  |...5......../.b;|
40 59 8c 19 29 a5 a8 89  9c 09 ec b5 cb 48 4f 79  |@Y..)........HOy|
fb 94 ef 15 2c 2d c6 c2  e6 72 17 18 3a 4d 20 0b  |....,-...r..:M .|
57 31 dd df 73 e4 ba d4  1f c8 79 9f 63 c8 34 67  |W1..s.....y.c.4g|
0d be 42 04 2d 82 f1 79  d5 bb 0a 07 3c a1 93 d1  |..B.-..y....<...|
93 83 86 9c cf bf 4c ae  73 d9 cf 14 c4 88 4e 69  |......L.s.....Ni|
8d b7 03 5f d8 3b dc 8a  41 0d a8 18 32 20 d9 30  |..._.;..A...2 .0|
8a c1 46 9d db b4 09 5e  f6 88 a2 bd 99 95 93 ea  |..F....^........|
08 79 e5 da fd 7a c4 15  31 f1 3b d1 f6 78 a9 69  |.y...z..1.;..x.i|
fd f9 26 b9 08 e5 2c e0  83 2a 4a 24 43 76 2c 48  |..&...,..*J$Cv,H|
13 9d 09 c4 c0 21 d0 58  2b 0d 5b c4 c5 ad 8e 04  |.....!.X+.[.....|
```
- Signer
  - 1
  - unnamed
    - #0
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: Terms of use at https://www.verisign.com/rpa (c)04
      - CN: VeriSign Class 3 Code Signing 2004 CA
    - 7A:DE:0C:56:5B:1D:72:9B:61:C6:DF:91:95:89:7E:03
  - MD5: nil
  - #3
    - contentType: 1.3.6.1.4.1.311.2.1.4
    - 1.3.6.1.4.1.311.2.1.11: msCodeInd
    - messageDigest:
```
32 ff 49 d4 22 4d fd bc  3f 7c f5 cd 79 7d 35 b7  |2.I."M..?|..y}5.|
```
    - 1.3.6.1.4.1.311.2.1.12:
```
00 43 00 68 00 65 00 63  00 6b 00 20 00 69 00 66  |.C.h.e.c.k. .i.f|
00 20 00 61 00 20 00 73  00 70 00 65 00 63 00 69  |. .a. .s.p.e.c.i|
00 66 00 69 00 65 00 64  00 20 00 70 00 72 00 6f  |.f.i.e.d. .p.r.o|
00 67 00 72 00 61 00 6d  00 20 00 69 00 73 00 20  |.g.r.a.m. .i.s. |
00 72 00 75 00 6e 00 6e  00 69 00 6e 00 67        |.r.u.n.n.i.n.g  |
```
  - rsaEncryption:
```
87 9d c5 04 8e 14 68 c6  66 75 a2 7a 0e 82 48 c6  |......h.fu.z..H.|
6f a4 32 42 df d3 6f fb  d9 48 00 de 34 cc 98 f3  |o.2B..o..H..4...|
07 e2 82 73 8b 08 1c 8c  5b d2 7a ba 2d c7 00 92  |...s....[.z.-...|
f9 87 36 6a 88 8c c0 fe  c4 e7 74 a3 0c 70 4b 82  |..6j......t..pK.|
8a 7b 10 74 12 dd f7 98  38 d5 53 0c a8 2f 42 8e  |.{.t....8.S../B.|
2d b4 57 41 a2 a7 0c 28  6c 01 c4 61 49 95 9f e9  |-.WA...(l..aI...|
e2 ae a0 7b 18 82 31 09  31 54 e1 12 0f 5a f4 cf  |...{..1.1T...Z..|
66 ff 86 5c ff 36 85 b9  75 62 60 43 33 e0 b6 69  |f..\.6..ub`C3..i|
```
  - countersignature
    - 1
      - unnamed
        #0
        C: US
        O: VeriSign, Inc.
        CN: VeriSign Time Stamping Services CA
        0D:E9:2B:F0:D4:D8:29:88:18:32:05:09:5E:9A:76:88
      - MD5: nil
      - #2
        contentType: pkcs7-data
        signingTime: 2007-06-19 19:21:25 UTC
        messageDigest:
        54 ef 79 8d 3c 64 a9 c2 bf 32 d5 dc ab 76 44 20 |T.y.
      - rsaEncryption:
        a8 dd 01 10 e0 ef 5d 6c e1 d1 f2 9c 0e c2 3b 4b |......]l......;K| 17 ec 70 d2 90 64 f8 4f 23 82 b1 83 c7 da f1 e9 |..p..d.O#.......| 6b 32 71 9c 71 b6 24 61 ed 62 16 c4 ae da 7a 6c |k2q.q.$a.b....zl| 22 08 dd 60 69 00 29 95 43 ad 2c a0 14 9c 53 20 |"..`i.).C.,...S | 48 3a c7 cb 93 b4 f0 72 4e 3e b6 ed 49 da 0d 1b |H:.....rN>..I...| db 75 38 61 13 95 80 80 ea a7 27 ec 86 8e be ff |.u8a......'.....| 28 52 a8 03 c1 33 29 76 88 ab b0 56 3d b1 55 54 |(R...3)v...V=.UT| 79 21 33 b2 8f ff 24 a6 10 ba 06 35 8e 60 82 97 |y!3...$....5.`..| 8d 72 b6 9f f7 32 8b 73 13 9c be c3 02 39 7d 0b |.r...2.s.....9}.| 3d c9 b1 e0 b2 9b 01 93 a7 86 31 de e5 95 5f 3d |=.........1..._=| 13 41 12 be e7 c2 67 36 76 9f 89 e8 fb 16 9d 29 |.A....g6v......)| a4 da 76 de 57 b5 ae ad f6 75 d6 71 b5 0f b0 b1 |..v.W....u.q....| 7b 9d 80 b4 b6 6c b1 09 92 68 38 61 68 d9 c2 07 |{....l...h8ah...| af d2 97 f9 30 4a 50 3b 14 f5 09 4c b7 20 18 f4 |....0JP;...L. ..| 0d 5f 52 2f 02 af 0d 9d 3e a1 88 b4 c4 91 c1 85 |._R/....>.......| 18 a5 1b 0c f9 ab 6a 71 0d 4a 1d f8 b5 58 ce ca |......jq.J...X..|

show previews

offset	size	type	comment
0	55296	EXE	09/16/1999 18:50:42	#
15c1	15	HTM		#
d800	5768	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK