csrss.exe

info
MZ
PE
resources
imports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	csrss.exe
size	959152 (0xea2b0)
md5	c5b56599534a94abbca58e35b2f84636

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xe8

Rich Header

lib id	version	times used
132	21022	26
149	21022	16
123	50727	11
1	0	80
0	0	1
131	21022	73
148	21022	1
145	21022	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	4
TimeDateStamp	0x5d5c957c
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x103
Magic	0x10b
LinkerVersion	9.0
SizeOfCode	0xbe00
SizeOfInitializedData	0xdd800
SizeOfUninitializedData	0
AddressOfEntryPoint	0x6be9
BaseOfCode	0x1000
BaseOfData	0xd000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.0
ImageVersion	0.0
SubsystemVersion	5.0
Reserved1	0
SizeOfImage	0x208000
SizeOfHeaders	0x400
CheckSum	0xf4dc3
Subsystem	2
DllCharacteristics	0x8000
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0xbc64	0xbe00	R-X CODE
.rdata	0xd000	0xd7c30	0xd7e00	R-- IDATA
.data	0xe5000	0x193c	0xe00	RW- IDATA
.rsrc	0xe7000	0x120e28	0x4000	R-- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xe45d4	0x78
RESOURCE	0xe7000	0x3e28
EXCEPTION	0	0
SECURITY	0xe8e00	0x14b0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0xd000	0x114
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
ICON	#1	9640
ICON	#2	3240
ICON	#3	1128
RCDATA	#1	346
RCDATA	#864	128
GROUP_ICON	#129	48
VERSION	#1	928

module_name	hint	function_name
KERNEL32.dll	753	LoadLibraryA
KERNEL32.dll	544	GetProcAddress
KERNEL32.dll	1108	VirtualAlloc
KERNEL32.dll	505	GetModuleHandleW
KERNEL32.dll	367	GetCommandLineA
KERNEL32.dll	569	GetStartupInfoA
KERNEL32.dll	1045	SetUnhandledExceptionFilter
KERNEL32.dll	1057	Sleep
KERNEL32.dll	260	ExitProcess
KERNEL32.dll	1165	WriteFile
KERNEL32.dll	571	GetStdHandle
KERNEL32.dll	500	GetModuleFileNameA
KERNEL32.dll	330	FreeEnvironmentStringsA
KERNEL32.dll	447	GetEnvironmentStrings
KERNEL32.dll	331	FreeEnvironmentStringsW
KERNEL32.dll	1146	WideCharToMultiByte
KERNEL32.dll	486	GetLastError
KERNEL32.dll	449	GetEnvironmentStringsW
KERNEL32.dll	1000	SetHandleCount
KERNEL32.dll	471	GetFileType
KERNEL32.dll	190	DeleteCriticalSection
KERNEL32.dll	1076	TlsGetValue
KERNEL32.dll	1074	TlsAlloc
KERNEL32.dll	1077	TlsSetValue
KERNEL32.dll	1075	TlsFree
KERNEL32.dll	704	InterlockedIncrement
KERNEL32.dll	1004	SetLastError
KERNEL32.dll	429	GetCurrentThreadId
KERNEL32.dll	700	InterlockedDecrement
KERNEL32.dll	671	HeapCreate
KERNEL32.dll	1111	VirtualFree
KERNEL32.dll	673	HeapFree
KERNEL32.dll	852	QueryPerformanceCounter
KERNEL32.dll	614	GetTickCount
KERNEL32.dll	426	GetCurrentProcessId
KERNEL32.dll	591	GetSystemTimeAsFileTime
KERNEL32.dll	751	LeaveCriticalSection
KERNEL32.dll	217	EnterCriticalSection
KERNEL32.dll	1069	TerminateProcess
KERNEL32.dll	425	GetCurrentProcess
KERNEL32.dll	1086	UnhandledExceptionFilter
KERNEL32.dll	721	IsDebuggerPresent
KERNEL32.dll	693	InitializeCriticalSectionAndSpinCount
KERNEL32.dll	347	GetCPInfo
KERNEL32.dll	338	GetACP
KERNEL32.dll	531	GetOEMCP
KERNEL32.dll	731	IsValidCodePage
KERNEL32.dll	669	HeapAlloc
KERNEL32.dll	676	HeapReAlloc
KERNEL32.dll	914	RtlUnwind
KERNEL32.dll	678	HeapSize
KERNEL32.dll	488	GetLocaleInfoA
KERNEL32.dll	737	LCMapStringA
KERNEL32.dll	794	MultiByteToWideChar
KERNEL32.dll	739	LCMapStringW
KERNEL32.dll	573	GetStringTypeA
KERNEL32.dll	576	GetStringTypeW
USER32.dll	238	ExitWindowsEx
USER32.dll	484	LoadStringW
GDI32.dll	558	PathToRegion
GDI32.dll	500	GetStockObject
ADVAPI32.dll	616	RegQueryValueExW
ADVAPI32.dll	602	RegOpenKeyExA
SHLWAPI.dll	365	wvnsprintfW

StringTable 040904B0

Comments
mpanyName	NFileDescription
Total Security	<FileVersion
0, 0, 1061	:InternalName
BoxLd.exe	?4LegalCopyright
Qihu 360 Software Co., Ltd. All rights reserved.	(
galTrademarks	BOriginalFilename
BoxLd.exe
ivateBuild	FProductName
Total Security	@ProductVersion
0, 0, 1061
ecialBuild	D

VS_FIXEDFILEINFO

FileVersion	2.0.0.1061
ProductVersion	2.0.0.1061
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=VHRGUMCPBKMFRGRSFG

serial: -644DA584BA53615AB4653CF592A13E50

Certificates (4)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)64:4d:a5:84:ba:53:61:5a:b4:65:3c:f5:92:a1:3e:50
        Signature Algorithm: sha1WithRSA
        Issuer: CN=VHRGUMCPBKMFRGRSFG
        Validity
            Not Before: Aug  8 16:56:06 2019 GMT
            Not After : Dec 31 23:59:59 2039 GMT
        Subject: CN=VHRGUMCPBKMFRGRSFG
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c1:ed:ea:ed:26:28:de:43:a0:2e:68:a3:af:af:
                    16:0f:31:5a:95:b6:f9:04:1d:80:16:ea:1c:0c:52:
                    94:4a:0e:1f:09:b9:bf:ba:4a:b7:d7:49:8a:17:7f:
                    65:b4:17:f1:9e:0e:0b:fc:8c:14:ba:fc:e0:ec:44:
                    a1:57:cb:3c:c8:63:9c:62:3e:8e:50:13:0c:81:0f:
                    c1:f4:90:c7:22:a4:c7:58:36:3e:63:c0:86:d2:21:
                    e6:29:8f:29:3d:cb:34:b2:93:c1:5e:9d:41:ee:36:
                    72:0e:4a:83:20:58:24:dd:e4:a9:dc:e9:83:81:06:
                    4f:b7:69:f5:5e:58:ad:94:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                Code Signing
            2.5.29.1: 
                0E..J....G..b.0.......0.1.0...U....VHRGUMCPBKMFRGRSFG....Z{E...K..
m^..
    Signature Algorithm: sha1WithRSA
    Signature Value:
        3c:7b:85:fa:91:1c:d4:80:1e:ba:01:c7:ee:b5:8b:0a:e3:c3:
        fe:2b:67:96:a3:d6:13:16:de:35:ba:51:40:e4:ad:86:68:0a:
        54:89:f4:d1:e5:63:20:ae:76:7a:77:49:5f:6b:24:83:b8:cf:
        42:ce:6d:04:f3:2a:8c:ca:e8:1a:8e:3c:c1:f0:6e:95:8e:43:
        d9:01:85:57:83:11:2a:65:c2:a5:bb:25:26:5c:72:90:88:30:
        1c:70:43:b5:ea:54:39:7a:b5:60:38:a2:de:5b:46:32:68:f0:
        57:b5:0c:06:fe:82:14:6d:50:cd:08:92:27:19:ef:e6:47:5f:
        94:0a

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
        Validity
            Not Before: Jun  7 08:09:10 2005 GMT
            Not After : May 30 10:48:38 2020 GMT
        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http:\/\/www.usertrust.com, CN=UTN-USERFirst-Object
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ce:aa:81:3f:a3:a3:61:78:aa:31:00:55:95:11:
                    9e:27:0f:1f:1c:df:3a:9b:82:68:30:c0:4a:61:1d:
                    f1:2f:0e:fa:be:79:f7:a5:23:ef:55:51:96:84:cd:
                    db:e3:b9:6e:3e:31:d8:0a:20:67:c7:f4:d9:bf:94:
                    eb:47:04:3e:02:ce:2a:a2:5d:87:04:09:f6:30:9d:
                    18:8a:97:b2:aa:1c:fc:41:d2:a1:36:cb:fb:3d:91:
                    ba:e7:d9:70:35:fa:e4:e7:90:c3:9b:a3:9b:d3:3c:
                    f5:12:99:77:b1:b7:09:e0:68:e6:1c:b8:f3:94:63:
                    88:6a:6a:fe:0b:76:c9:be:f4:22:e4:67:b9:ab:1a:
                    5e:77:c1:85:07:dd:0d:6c:bf:ee:06:c7:77:6a:41:
                    9e:a7:0f:d7:fb:ee:94:17:b7:fc:85:be:a4:ab:c4:
                    1c:31:dd:d7:b6:d1:e4:f0:ef:df:16:8f:b2:52:93:
                    d7:a1:d4:89:a1:07:2e:bf:e1:01:12:42:1e:1a:e1:
                    d8:95:34:db:64:79:28:ff:ba:2e:11:c2:e5:e8:5b:
                    92:48:fb:47:0b:c2:6c:da:ad:32:83:41:f3:a5:e5:
                    41:70:fd:65:90:6d:fa:fa:51:c4:f9:bd:96:2b:19:
                    04:2c:d3:6d:a7:dc:f0:7f:6f:83:65:e2:6a:ab:87:
                    86:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
            X509v3 Subject Key Identifier: 
                DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl
            Authority Information Access: 
                OCSP - URI:http://ocsp.usertrust.com
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        4d:42:2f:a6:c1:8a:eb:07:80:90:58:46:8c:f8:19:39:66:2a:
        3c:5a:2c:6d:cf:d4:d9:87:55:8d:79:0b:12:88:7b:40:8f:d5:
        c7:f8:4b:8d:55:16:63:ad:b7:57:dc:3b:2b:bd:d3:c1:4f:1e:
        03:87:4b:44:9b:e3:e2:40:45:26:f3:26:49:2b:6a:84:f1:54:
        7a:d4:42:da:fc:d3:6a:bb:66:7e:ca:9e:ea:e9:bb:dc:07:c7:
        c3:92:4e:83:3c:81:49:9f:92:d5:32:09:ea:49:2e:a1:11:71:
        9a:36:d2:c5:4e:68:b6:cb:0e:1b:25:16:af:6c:de:5d:76:d8:
        1f:72:b1:93:26:86:17:db:18:de:af:45:e9:df:fb:98:af:14:
        18:ed:a4:5e:f6:89:94:45:f0:55:04:4a:dd:ff:27:dd:06:4a:
        40:f6:b4:bc:f1:e4:0f:99:02:bb:fd:5d:0e:2e:28:c1:be:3b:
        5f:1a:3f:97:10:84:bc:16:3e:d8:a3:9c:63:1d:66:cb:5c:5f:
        da:3e:f3:0f:0a:09:35:22:db:db:c0:3f:00:f9:e6:0d:5d:67:
        d1:fd:a0:1e:03:2b:d9:40:f7:be:cc:87:66:54:80:a6:a3:b8:
        f5:19:62:d5:d2:26:b1:98:26:ee:9a:cb:44:a7:45:5a:81:95:
        15:1a:f5:51

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http:\/\/www.usertrust.com, CN=UTN-USERFirst-Object
        Validity
            Not Before: Apr 27 00:00:00 2011 GMT
            Not After : May 30 10:48:38 2020 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Time Stamping CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:aa:82:f1:84:a9:5b:d8:71:b5:d2:5d:2b:ed:f4:
                    13:20:0c:f9:9b:e9:d1:8f:74:5e:6e:ee:eb:29:48:
                    d8:c8:be:2c:eb:0a:61:60:cc:bd:92:8d:7c:dd:74:
                    bb:0a:9e:68:4e:aa:75:24:73:27:ae:37:f3:1a:82:
                    a5:6d:b8:c8:09:46:4c:7e:a1:83:e9:e2:03:60:a4:
                    21:10:27:40:9a:59:e1:6d:af:3e:82:af:21:69:59:
                    6d:63:cc:ce:b1:f6:16:9a:79:83:97:3a:1d:0c:af:
                    c9:7d:d1:4e:d8:c3:46:a1:a5:98:aa:60:ce:55:d4:
                    12:11:f3:3b:0b:6c:c6:88:ba:95:2e:ef:a0:46:45:
                    39:7c:ac:e9:e3:ad:e8:57:97:5f:fe:fb:c2:09:8d:
                    fe:8e:9a:a5:3f:59:46:fc:c7:2d:5d:84:87:f0:6f:
                    58:26:c3:f0:42:fc:55:de:65:be:67:38:63:b3:11:
                    b1:a1:25:ed:a9:9b:be:48:df:4c:77:c0:aa:19:0b:
                    b6:fd:4a:8f:2c:79:55:b1:fe:59:5a:5a:6d:55:8b:
                    1c:43:f6:b1:55:72:29:89:4d:40:3f:be:7f:49:01:
                    5d:3c:9b:5c:08:fb:ca:e2:75:15:05:93:9d:08:62:
                    ff:ba:0d:db:aa:f8:b5:bf:10:32:ca:72:ea:08:26:
                    cd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8
            X509v3 Subject Key Identifier: 
                64:22:86:B6:4A:89:C9:04:0F:D0:04:58:92:2B:B3:6E:3D:1E:27:6C
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Extended Key Usage: 
                Time Stamping
            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl
            Authority Information Access: 
                CA Issuers - URI:http://crt.usertrust.com/UTNAddTrustObject_CA.crt
                OCSP - URI:http://ocsp.usertrust.com
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        11:c9:3d:e1:05:e8:3b:65:ac:c9:74:31:03:b7:da:83:38:c6:
        92:ba:fd:cd:f8:db:63:9b:7d:1e:90:a4:98:c8:d9:58:68:34:
        b5:f0:0b:21:53:9e:59:46:fd:63:85:df:fe:47:aa:70:e4:3f:
        5e:08:95:28:5f:14:f1:fd:22:ae:70:e4:b7:f1:b0:b6:56:9f:
        b1:67:b8:68:83:5e:a8:60:db:98:39:f6:dc:49:5e:13:a7:90:
        67:4b:e3:6e:e7:eb:f0:43:c7:d0:2f:7d:ff:96:5a:a7:03:d6:
        9b:54:a0:23:d3:a5:c2:a0:8e:f9:4f:d1:b2:06:21:fe:21:5d:
        27:8c:a0:af:d9:b0:52:ee:fc:c8:ed:b7:9c:f1:c9:26:38:d6:
        a5:32:ed:48:97:94:5e:3d:e0:3d:35:b4:b0:c9:58:af:c7:58:
        ff:62:74:16:92:64:41:da:ca:a8:eb:8b:03:bd:c1:4e:ae:1f:
        91:32:b8:e1:24:3b:7b:ed:14:68:09:86:96:28:c9:3b:c9:6c:
        28:c2:25:69:f5:4a:61:ad:e0:27:f8:53:a7:75:15:b0:51:31:
        b0:f1:41:ff:3e:5a:26:1e:60:7e:e2:e3:6a:39:9a:c4:ea:ee:
        3f:e6:b2:13:3f:55:03:04:4d:0b:90:72:d4:eb:fb:bc:87:90:
        51:b2:38:19

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Time Stamping CA
        Validity
            Not Before: May  2 00:00:00 2019 GMT
            Not After : May 30 10:48:38 2020 GMT
        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo SHA-1 Time Stamping Signer
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bf:52:36:82:3a:dc:74:37:0d:78:d5:7f:16:50:
                    19:66:ed:ba:1a:99:d1:63:38:9a:0c:66:b2:40:db:
                    a7:80:50:bf:69:2e:36:2f:0a:67:3f:40:a1:4a:8a:
                    63:35:9b:d0:19:cc:74:aa:17:19:91:2b:b5:55:20:
                    19:fb:c0:1a:3a:6d:ca:39:9b:82:f2:ba:95:a1:1a:
                    d8:34:c7:b8:89:7b:70:88:70:51:66:69:ec:77:fe:
                    c6:94:72:7a:cf:25:81:ed:34:82:9a:df:08:15:37:
                    31:b4:6d:ae:1c:bf:18:d5:0d:cf:fe:b5:e1:c4:fb:
                    b1:47:71:e9:fa:ee:63:91:ec:f1:ec:ce:59:04:11:
                    7c:ae:0b:60:53:ea:2a:f3:be:2f:02:0f:d0:4c:5d:
                    31:13:2f:1e:69:0f:85:9b:45:96:c2:8d:12:8b:67:
                    ae:1f:af:69:ab:06:96:81:00:df:91:7c:95:1c:e6:
                    9e:19:64:df:76:c8:60:44:2f:49:e3:8f:7f:60:6a:
                    45:39:13:44:21:a5:ba:fb:91:fa:41:40:ed:4d:02:
                    b4:4b:7f:df:e2:e0:3d:b8:aa:f3:1a:d8:41:83:8f:
                    7f:33:ed:41:06:e2:7d:9e:3f:53:84:8d:28:da:dd:
                    76:c6:bd:f7:8e:1e:38:cd:c0:cb:60:24:03:de:7a:
                    4c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                64:22:86:B6:4A:89:C9:04:0F:D0:04:58:92:2B:B3:6E:3D:1E:27:6C
            X509v3 Subject Key Identifier: 
                AE:EE:D9:60:BA:5E:F5:2C:01:12:FD:8E:8D:B2:55:72:35:46:6F:F1
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: critical
                Time Stamping
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.1.3.8
                  CPS: https://sectigo.com/CPS
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.sectigo.com/COMODOTimeStampingCA_2.crl
            Authority Information Access: 
                CA Issuers - URI:http://crt.sectigo.com/COMODOTimeStampingCA_2.crt
                OCSP - URI:http://ocsp.sectigo.com
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        7a:7f:a9:4a:d2:b0:a4:1c:1d:0d:9d:2d:5c:c6:ae:5a:dd:8f:
        45:1d:f0:9e:5c:90:f6:5e:ac:70:fe:d3:d9:cd:e4:19:a4:0a:
        43:75:60:6a:83:a4:c3:99:84:20:31:ba:d6:fe:4c:cf:13:f8:
        10:f7:54:09:7e:ea:dc:d2:2e:79:d7:07:4c:54:b7:b5:c9:9d:
        b2:f0:f2:1e:24:14:d0:9c:c7:c8:67:aa:0b:62:b7:b4:f1:06:
        e4:e7:e4:21:4b:19:32:99:34:b9:19:61:77:0a:33:90:67:6c:
        c0:88:4a:92:f5:a1:43:01:f3:ae:a2:6f:c9:95:bd:96:38:f7:
        83:f7:ad:7c:28:1f:f3:38:df:8e:21:c8:71:68:53:2d:cb:ae:
        aa:e2:30:17:83:22:29:18:b5:e1:8c:89:eb:6e:f8:7e:38:bb:
        90:4f:b9:5f:07:34:12:6b:97:d5:e6:3b:91:be:00:17:21:6e:
        e2:6d:fc:52:79:ef:81:25:ba:cf:13:d0:fb:dd:2b:cd:81:b6:
        57:89:4e:f0:dd:f3:0b:4a:34:ca:85:ff:08:b9:96:5f:eb:11:
        13:e0:e1:c5:03:ad:57:1c:e1:5d:92:06:be:1b:c8:3c:3f:a5:
        20:9f:69:d0:69:c1:c5:c2:c9:3e:e7:c5:72:f7:ea:1b:96:e2:
        94:af:86:2e

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

18 76 93 22 32 86 e5 69 10 44 dc e9 91 34 be d4 |.v."2..i.D...4..| 54 25 8a d4 |T%.. |

unnamed
- #0
  - 2
    - -133325963549965835838842932808302804560
    - RSA-SHA1-2: nil
    - CN: VHRGUMCPBKMFRGRSFG
    - 2019-08-08 16:56:06 UTC: 2039-12-31 23:59:59 UTC
    - CN: VHRGUMCPBKMFRGRSFG
    - #5
      - rsaEncryption: nil
      - C1:ED:EA:ED:26:28:DE:43:A0:2E:68:A3:AF:AF:16:0F:
        31:5A:95:B6:F9:04:1D:80:16:EA:1C:0C:52:94:4A:0E:
        1F:09:B9:BF:BA:4A:B7:D7:49:8A:17:7F:65:B4:17:F1:
        9E:0E:0B:FC:8C:14:BA:FC:E0:EC:44:A1:57:CB:3C:C8:
        63:9C:62:3E:8E:50:13:0C:81:0F:C1:F4:90:C7:22:A4:
        C7:58:36:3E:63:C0:86:D2:21:E6:29:8F:29:3D:CB:34:
        B2:93:C1:5E:9D:41:EE:36:72:0E:4A:83:20:58:24:DD:
        E4:A9:DC:E9:83:81:06:4F:B7:69:F5:5E:58:AD:94:0B: 0x010001
    - #6
      - extendedKeyUsage: codeSigning
      - 2.5.29.1
        4a d2 17 fe fc 47 db 17 62 f4 30 c5 e9 f8 e3 a1 |J....G..b.0.....|
        CN: VHRGUMCPBKMFRGRSFG
        9b b2 5a 7b 45 ac 9e a5 4b 9a c3 0a 6d 5e c1 b0 |..Z{E...K...m^..|
  - RSA-SHA1-2:
```
3c 7b 85 fa 91 1c d4 80  1e ba 01 c7 ee b5 8b 0a  |<{..............|
e3 c3 fe 2b 67 96 a3 d6  13 16 de 35 ba 51 40 e4  |...+g......5.Q@.|
ad 86 68 0a 54 89 f4 d1  e5 63 20 ae 76 7a 77 49  |..h.T....c .vzwI|
5f 6b 24 83 b8 cf 42 ce  6d 04 f3 2a 8c ca e8 1a  |_k$...B.m..*....|
8e 3c c1 f0 6e 95 8e 43  d9 01 85 57 83 11 2a 65  |.<..n..C...W..*e|
c2 a5 bb 25 26 5c 72 90  88 30 1c 70 43 b5 ea 54  |...%&\r..0.pC..T|
39 7a b5 60 38 a2 de 5b  46 32 68 f0 57 b5 0c 06  |9z.`8..[F2h.W...|
fe 82 14 6d 50 cd 08 92  27 19 ef e6 47 5f 94 0a  |...mP...'...G_..|
```
- Certificate #1
  - 2
    - 42:1A:F2:94:09:84:19:1F:52:0A:4B:C6:24:26:A7:4B
    - RSA-SHA1: nil
    - Issuer
      - C: SE
      - O: AddTrust AB
      - OU: AddTrust External TTP Network
      - CN: AddTrust External CA Root
    - 2005-06-07 08:09:10 UTC: 2020-05-30 10:48:38 UTC
    - Subject
      - C: US
      - ST: UT
      - L: Salt Lake City
      - O: The USERTRUST Network
      - OU: http://www.usertrust.com
      - CN: UTN-USERFirst-Object
    - #5
      - rsaEncryption: nil
      - CE:AA:81:3F:A3:A3:61:78:AA:31:00:55:95:11:9E:27:
        0F:1F:1C:DF:3A:9B:82:68:30:C0:4A:61:1D:F1:2F:0E:
        FA:BE:79:F7:A5:23:EF:55:51:96:84:CD:DB:E3:B9:6E:
        3E:31:D8:0A:20:67:C7:F4:D9:BF:94:EB:47:04:3E:02:
        CE:2A:A2:5D:87:04:09:F6:30:9D:18:8A:97:B2:AA:1C:
        FC:41:D2:A1:36:CB:FB:3D:91:BA:E7:D9:70:35:FA:E4:
        E7:90:C3:9B:A3:9B:D3:3C:F5:12:99:77:B1:B7:09:E0:
        68:E6:1C:B8:F3:94:63:88:6A:6A:FE:0B:76:C9:BE:F4:
        22:E4:67:B9:AB:1A:5E:77:C1:85:07:DD:0D:6C:BF:EE:
        06:C7:77:6A:41:9E:A7:0F:D7:FB:EE:94:17:B7:FC:85:
        BE:A4:AB:C4:1C:31:DD:D7:B6:D1:E4:F0:EF:DF:16:8F:
        B2:52:93:D7:A1:D4:89:A1:07:2E:BF:E1:01:12:42:1E:
        1A:E1:D8:95:34:DB:64:79:28:FF:BA:2E:11:C2:E5:E8:
        5B:92:48:FB:47:0B:C2:6C:DA:AD:32:83:41:F3:A5:E5:
        41:70:FD:65:90:6D:FA:FA:51:C4:F9:BD:96:2B:19:04:
        2C:D3:6D:A7:DC:F0:7F:6F:83:65:E2:6A:AB:87:86:75: 0x010001
    - #6
      - authorityKeyIdentifier:
        ad bd 98 7a 34 b4 26 f7 fa c4 26 54 ef 03 bd e0 |...z4.&...&T....| 24 cb 54 1a |$.T. |
      - subjectKeyIdentifier:
        da ed 64 74 14 9c 14 3c ab dd 99 a9 bd 5b 28 4d |..dt...<.....[(M| 8b 3c c9 d8 |.<.. |
      - keyUsage: true, 6
      - basicConstraints: true, true
      - certificatePolicies: anyPolicy
      - crlDistributionPoints: http://crl.usertrust.com/AddTrustExternalCARoot.crl
      - authorityInfoAccess
        OCSP: http://ocsp.usertrust.com
  - RSA-SHA1:
```
4d 42 2f a6 c1 8a eb 07  80 90 58 46 8c f8 19 39  |MB/.......XF...9|
66 2a 3c 5a 2c 6d cf d4  d9 87 55 8d 79 0b 12 88  |f*...|
63 1d 66 cb 5c 5f da 3e  f3 0f 0a 09 35 22 db db  |c.f.\_.>....5"..|
c0 3f 00 f9 e6 0d 5d 67  d1 fd a0 1e 03 2b d9 40  |.?....]g.....+.@|
f7 be cc 87 66 54 80 a6  a3 b8 f5 19 62 d5 d2 26  |....fT......b..&|
b1 98 26 ee 9a cb 44 a7  45 5a 81 95 15 1a f5 51  |..&...D.EZ.....Q|
```
- Certificate #2
  - 2
    - 62:5C:4D:90:8C:D5:42:FB:AB:2E:A5:73:3F:F1:54:19
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - ST: UT
      - L: Salt Lake City
      - O: The USERTRUST Network
      - OU: http://www.usertrust.com
      - CN: UTN-USERFirst-Object
    - 2011-04-27 00:00:00 UTC: 2020-05-30 10:48:38 UTC
    - Subject
      - C: GB
      - ST: Greater Manchester
      - L: Salford
      - O: COMODO CA Limited
      - CN: COMODO Time Stamping CA
    - #5
      - rsaEncryption: nil
      - AA:82:F1:84:A9:5B:D8:71:B5:D2:5D:2B:ED:F4:13:20:
        0C:F9:9B:E9:D1:8F:74:5E:6E:EE:EB:29:48:D8:C8:BE:
        2C:EB:0A:61:60:CC:BD:92:8D:7C:DD:74:BB:0A:9E:68:
        4E:AA:75:24:73:27:AE:37:F3:1A:82:A5:6D:B8:C8:09:
        46:4C:7E:A1:83:E9:E2:03:60:A4:21:10:27:40:9A:59:
        E1:6D:AF:3E:82:AF:21:69:59:6D:63:CC:CE:B1:F6:16:
        9A:79:83:97:3A:1D:0C:AF:C9:7D:D1:4E:D8:C3:46:A1:
        A5:98:AA:60:CE:55:D4:12:11:F3:3B:0B:6C:C6:88:BA:
        95:2E:EF:A0:46:45:39:7C:AC:E9:E3:AD:E8:57:97:5F:
        FE:FB:C2:09:8D:FE:8E:9A:A5:3F:59:46:FC:C7:2D:5D:
        84:87:F0:6F:58:26:C3:F0:42:FC:55:DE:65:BE:67:38:
        63:B3:11:B1:A1:25:ED:A9:9B:BE:48:DF:4C:77:C0:AA:
        19:0B:B6:FD:4A:8F:2C:79:55:B1:FE:59:5A:5A:6D:55:
        8B:1C:43:F6:B1:55:72:29:89:4D:40:3F:BE:7F:49:01:
        5D:3C:9B:5C:08:FB:CA:E2:75:15:05:93:9D:08:62:FF:
        BA:0D:DB:AA:F8:B5:BF:10:32:CA:72:EA:08:26:CD:19: 0x010001
    - #6
      - authorityKeyIdentifier:
        da ed 64 74 14 9c 14 3c ab dd 99 a9 bd 5b 28 4d |..dt...<.....[(M| 8b 3c c9 d8 |.<.. |
      - subjectKeyIdentifier:
        64 22 86 b6 4a 89 c9 04 0f d0 04 58 92 2b b3 6e |d"..J......X.+.n| 3d 1e 27 6c |=.'l |
      - keyUsage: true, 6
      - basicConstraints
        true
        true: 0
      - extendedKeyUsage: timeStamping
      - certificatePolicies: anyPolicy
      - crlDistributionPoints: http://crl.usertrust.com/UTN-USERFirst-Object.crl
      - authorityInfoAccess
        #0
        caIssuers: http://crt.usertrust.com/UTNAddTrustObject_CA.crt
        OCSP: http://ocsp.usertrust.com
  - RSA-SHA1:
```
11 c9 3d e1 05 e8 3b 65  ac c9 74 31 03 b7 da 83  |..=...;e..t1....|
38 c6 92 ba fd cd f8 db  63 9b 7d 1e 90 a4 98 c8  |8.......c.}.....|
d9 58 68 34 b5 f0 0b 21  53 9e 59 46 fd 63 85 df  |.Xh4...!S.YF.c..|
fe 47 aa 70 e4 3f 5e 08  95 28 5f 14 f1 fd 22 ae  |.G.p.?^..(_...".|
70 e4 b7 f1 b0 b6 56 9f  b1 67 b8 68 83 5e a8 60  |p.....V..g.h.^.`|
db 98 39 f6 dc 49 5e 13  a7 90 67 4b e3 6e e7 eb  |..9..I^...gK.n..|
f0 43 c7 d0 2f 7d ff 96  5a a7 03 d6 9b 54 a0 23  |.C../}..Z....T.#|
d3 a5 c2 a0 8e f9 4f d1  b2 06 21 fe 21 5d 27 8c  |......O...!.!]'.|
a0 af d9 b0 52 ee fc c8  ed b7 9c f1 c9 26 38 d6  |....R........&8.|
a5 32 ed 48 97 94 5e 3d  e0 3d 35 b4 b0 c9 58 af  |.2.H..^=.=5...X.|
c7 58 ff 62 74 16 92 64  41 da ca a8 eb 8b 03 bd  |.X.bt..dA.......|
c1 4e ae 1f 91 32 b8 e1  24 3b 7b ed 14 68 09 86  |.N...2..$;{..h..|
96 28 c9 3b c9 6c 28 c2  25 69 f5 4a 61 ad e0 27  |.(.;.l(.%i.Ja..'|
f8 53 a7 75 15 b0 51 31  b0 f1 41 ff 3e 5a 26 1e  |.S.u..Q1..A.>Z&.|
60 7e e2 e3 6a 39 9a c4  ea ee 3f e6 b2 13 3f 55  |`~..j9....?...?U|
03 04 4d 0b 90 72 d4 eb  fb bc 87 90 51 b2 38 19  |..M..r......Q.8.|
```
- Certificate #3
  - 2
    - 2B:73:DB:74:63:11:4C:5A:5B:32:4A:F2:30:57:72:49
    - RSA-SHA1: nil
    - Issuer
      - C: GB
      - ST: Greater Manchester
      - L: Salford
      - O: COMODO CA Limited
      - CN: COMODO Time Stamping CA
    - 2019-05-02 00:00:00 UTC: 2020-05-30 10:48:38 UTC
    - Subject
      - C: GB
      - ST: Greater Manchester
      - L: Salford
      - O: Sectigo Limited
      - CN: Sectigo SHA-1 Time Stamping Signer
    - #5
      - rsaEncryption: nil
      - BF:52:36:82:3A:DC:74:37:0D:78:D5:7F:16:50:19:66:
        ED:BA:1A:99:D1:63:38:9A:0C:66:B2:40:DB:A7:80:50:
        BF:69:2E:36:2F:0A:67:3F:40:A1:4A:8A:63:35:9B:D0:
        19:CC:74:AA:17:19:91:2B:B5:55:20:19:FB:C0:1A:3A:
        6D:CA:39:9B:82:F2:BA:95:A1:1A:D8:34:C7:B8:89:7B:
        70:88:70:51:66:69:EC:77:FE:C6:94:72:7A:CF:25:81:
        ED:34:82:9A:DF:08:15:37:31:B4:6D:AE:1C:BF:18:D5:
        0D:CF:FE:B5:E1:C4:FB:B1:47:71:E9:FA:EE:63:91:EC:
        F1:EC:CE:59:04:11:7C:AE:0B:60:53:EA:2A:F3:BE:2F:
        02:0F:D0:4C:5D:31:13:2F:1E:69:0F:85:9B:45:96:C2:
        8D:12:8B:67:AE:1F:AF:69:AB:06:96:81:00:DF:91:7C:
        95:1C:E6:9E:19:64:DF:76:C8:60:44:2F:49:E3:8F:7F:
        60:6A:45:39:13:44:21:A5:BA:FB:91:FA:41:40:ED:4D:
        02:B4:4B:7F:DF:E2:E0:3D:B8:AA:F3:1A:D8:41:83:8F:
        7F:33:ED:41:06:E2:7D:9E:3F:53:84:8D:28:DA:DD:76:
        C6:BD:F7:8E:1E:38:CD:C0:CB:60:24:03:DE:7A:4C:AB: 0x010001
    - #6
      - authorityKeyIdentifier:
        64 22 86 b6 4a 89 c9 04 0f d0 04 58 92 2b b3 6e |d"..J......X.+.n| 3d 1e 27 6c |=.'l |
      - subjectKeyIdentifier:
        ae ee d9 60 ba 5e f5 2c 01 12 fd 8e 8d b2 55 72 |...`.^.,......Ur| 35 46 6f f1 |5Fo. |
      - keyUsage: true, 0xc0
      - basicConstraints
        true
        nil
      - extendedKeyUsage: true, timeStamping
      - certificatePolicies
        1.3.6.1.4.1.6449.1.2.1.3.8
        id-qt-cps: https://sectigo.com/CPS
      - crlDistributionPoints: http://crl.sectigo.com/COMODOTimeStampingCA_2.crl
      - authorityInfoAccess
        #0
        caIssuers: http://crt.sectigo.com/COMODOTimeStampingCA_2.crt
        OCSP: http://ocsp.sectigo.com
  - RSA-SHA1:
```
7a 7f a9 4a d2 b0 a4 1c  1d 0d 9d 2d 5c c6 ae 5a  |z..J.......-\..Z|
dd 8f 45 1d f0 9e 5c 90  f6 5e ac 70 fe d3 d9 cd  |..E...\..^.p....|
e4 19 a4 0a 43 75 60 6a  83 a4 c3 99 84 20 31 ba  |....Cu`j..... 1.|
d6 fe 4c cf 13 f8 10 f7  54 09 7e ea dc d2 2e 79  |..L.....T.~....y|
d7 07 4c 54 b7 b5 c9 9d  b2 f0 f2 1e 24 14 d0 9c  |..LT........$...|
c7 c8 67 aa 0b 62 b7 b4  f1 06 e4 e7 e4 21 4b 19  |..g..b.......!K.|
32 99 34 b9 19 61 77 0a  33 90 67 6c c0 88 4a 92  |2.4..aw.3.gl..J.|
f5 a1 43 01 f3 ae a2 6f  c9 95 bd 96 38 f7 83 f7  |..C....o....8...|
ad 7c 28 1f f3 38 df 8e  21 c8 71 68 53 2d cb ae  |.|(..8..!.qhS-..|
aa e2 30 17 83 22 29 18  b5 e1 8c 89 eb 6e f8 7e  |..0..")......n.~|
38 bb 90 4f b9 5f 07 34  12 6b 97 d5 e6 3b 91 be  |8..O._.4.k...;..|
00 17 21 6e e2 6d fc 52  79 ef 81 25 ba cf 13 d0  |..!n.m.Ry..%....|
fb dd 2b cd 81 b6 57 89  4e f0 dd f3 0b 4a 34 ca  |..+...W.N....J4.|
85 ff 08 b9 96 5f eb 11  13 e0 e1 c5 03 ad 57 1c  |....._........W.|
e1 5d 92 06 be 1b c8 3c  3f a5 20 9f 69 d0 69 c1  |.].......r.........|
```

#0
- CN: VHRGUMCPBKMFRGRSFG
- -133325963549965835838842932808302804560
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

c4 c5 20 19 96 43 f5 83  b4 b6 31 50 65 57 0a 74  |.. ..C....1PeW.t|
65 48 86 4e                                       |eH.N            |

rsaEncryption:

9a ac 68 95 45 1f b7 66  11 5c be 9c 4a b4 81 15  |..h.E..f.\..J...|
a1 12 9f 20 80 6d e6 4e  f4 b7 29 a4 1b f8 fc 1b  |... .m.N..).....|
e4 4a fe ff 3d 66 37 23  b5 83 2a 7d c8 38 37 2e  |.J..=f7#..*}.87.|
3c 97 b2 f0 b6 2b 39 bc  01 6c d7 a5 07 ce 87 5a  |<....+9..l.....Z|
c8 bf a7 04 24 c4 eb e4  a2 80 fc ac 77 99 70 d7  |....$.......w.p.|
c8 d4 d7 68 82 81 93 71  a1 8b cb b2 dd 78 8b 1e  |...h...q.....x..|
c3 b9 1a e1 16 04 64 7a  9f 90 10 0f dd e5 11 57  |......dz.......W|
1b c7 50 cd 6a 9d 51 9e  ce 8c 2c 08 dc 7c bb cf  |..P.j.Q...,..|..|

countersignature

unnamed
- #0
  - C: GB
  - ST: Greater Manchester
  - L: Salford
  - O: COMODO CA Limited
  - CN: COMODO Time Stamping CA
- 2B:73:DB:74:63:11:4C:5A:5B:32:4A:F2:30:57:72:49
SHA1: nil

contentType: pkcs7-data
signingTime: 2019-08-21 00:52:34 UTC

messageDigest:

ea bf 68 25 a9 75 b4 5d  ba 70 bb c5 1d 4e 51 86  |..h%.u.].p...NQ.|
c0 aa 17 06                                       |....            |

rsaEncryption:

5c 21 db 0b 94 fa 77 65  4c b9 8f 8c 92 4e 98 af  |\!....weL....N..|
b4 ce 23 51 d8 f3 f5 b7  c1 aa 90 f4 6f 84 88 50  |..#Q........o..P|
02 9a e1 18 30 23 24 4f  31 bc 63 50 38 81 be 75  |....0#$O1.cP8..u|
1e 2b 86 1b 8f e5 11 f5  c7 c5 49 12 85 5a d4 f5  |.+........I..Z..|
7c ff a4 92 a2 f9 e2 37  d6 a7 c0 bc cd dd 7d aa  ||......7......}.|
4d 8d 9d d3 de f4 e5 b3  d8 9e 5b db 8f 51 b8 1a  |M.........[..Q..|
1a 64 e7 f6 9a 4c db b6  ef 40 bb 2f d5 de bf d2  |.d...L...@./....|
a9 c5 0c 45 9b 66 8c 7e  05 8f 7a b1 3b f7 89 79  |...E.f.~..z.;..y|
d6 e8 ca d7 13 58 9f 5f  cc 13 57 86 02 58 82 08  |.....X._..W..X..|
6f f8 78 e1 7d 00 b6 3c  c8 64 cb 1e f8 ed 8c 1e  |o.x.}..<.d......|
6f 4f 6f 45 5c 76 55 24  e0 14 4e 02 c0 c9 08 e4  |oOoE\vU$..N.....|
46 c4 b0 6b 7a df d0 24  dc 24 8c 55 2d 9e e6 61  |F..kz..$.$.U-..a|
cb 8b c8 5d b6 d3 a2 3e  df 97 ec 0e df 3a a4 4a  |...]...>.....:.J|
d1 53 2f 1d f7 4f cd 06  9c 08 32 8d 87 1c 48 bd  |.S/..O....2...H.|
22 2a 4b ff 56 cd 3e 43  bb 60 47 c9 08 67 55 61  |"*K.V.>C.`G..gUa|
fa 80 9c 52 14 27 c5 27  51 a7 9c f6 68 3f 91 26  |...R.'.'Q...h?.&|

show previews

offset	size	type	comment
0	953856	EXE	08/21/2019 00:51:08	#
15c1	15	HTM		#
e8e00	5296	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK