| filename | W10DigitalActivation.exe | |
|---|---|---|
| size | 1431072 (0x15d620) | |
| md5 | d235ba8691c9d5b6667f4f0b69af58af | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x80 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX Modified >> *$igBy Ahmed18 This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x351000 | 0 | RWX UDATA | |
| UPX1 | 0x352000 | 0x14b000 | 0x14a800 | RWX IDATA | |
| .rsrc | 0x49d000 | 0x12000 | 0x11400 | RW- IDATA |
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0x4ade70 | 0x510 | |
| RESOURCE | 0x49d000 | 0x10e70 | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0x15be00 | 0x1820 | |
| BASERELOC | 0 | 0 | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0 | 0 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0 | 0 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| ADVAPI32.DLL | IsValidSid | ||
| COMCTL32.DLL | ImageList_Add | ||
| GDI32.DLL | BitBlt | ||
| gdiplus.dll | GdipFree | ||
| ICMP.DLL | IcmpSendEcho | ||
| IMAGEHLP.DLL | MakeSureDirectoryPathExists | ||
| IPHLPAPI.DLL | GetAdaptersInfo | ||
| KERNEL32.DLL | LoadLibraryA | ||
| KERNEL32.DLL | ExitProcess | ||
| KERNEL32.DLL | GetProcAddress | ||
| KERNEL32.DLL | VirtualProtect | ||
| MSI.DLL | MsiEnumProductsW | ||
| MSVCRT.dll | pow | ||
| NETAPI32.DLL | NetUserDel | ||
| OLE32.DLL | CoInitialize | ||
| OLEAUT32.DLL | SafeArrayGetDim | ||
| SETUPAPI.DLL | SetupIterateCabinetW | ||
| SHELL32.DLL | IsNetDrive | ||
| URLMON.DLL | URLDownloadToFileW | ||
| USER32.DLL | GetDC | ||
| USERENV.DLL | GetDefaultUserProfileDirectoryW | ||
| WININET.DLL | InternetOpenW | ||
| WINMM.DLL | timeBeginPeriod | ||
| WINSPOOL.DRV | SetPrinterW | ||
| WSOCK32.DLL | bind |
StringTable 000004b0
| CompanyName | Ratiborus |
| FileDescription | W10 Digital Activation Program + KMS38 |
VS_FIXEDFILEINFO
| FileVersion | 1.3.7.0 |
| ProductVersion | 1.3.7.0 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0 |
| FileFlags | 0 |
| FileOS | 0 |
| FileType | 0 |
| FileSubtype | 0 |
Signers (1)
issuer: /CN=WZTeam
serial: -753E5CEFECB63D75B2CC6B83032F899E
Certificates (2)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Signature Algorithm: sha1WithRSA
Issuer: CN=WZTeam
Validity
Not Before: Nov 2 18:47:06 2016 GMT
Not After : Dec 31 23:59:59 2039 GMT
Subject: CN=WZTeam
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ad:2f:8a:a9:39:c3:eb:40:d1:d6:de:05:09:b9:
f4:e7:eb:f8:47:5b:98:c4:9e:9f:b4:ad:55:6d:40:
8e:9b:84:e8:0d:01:40:78:d6:5b:e3:51:e8:a5:d8:
4c:e2:e9:2e:84:50:4f:82:e0:9d:fa:6c:83:10:b5:
89:55:52:7c:ec:28:43:03:93:28:b5:18:91:f2:a0:
9f:70:fd:7e:13:48:66:8a:0a:f7:80:f7:41:a3:02:
54:39:7e:91:35:22:0d:44:27:04:c2:39:58:10:a0:
a6:5b:6b:4e:c5:45:58:e2:6c:46:8c:60:87:fd:3b:
b1:a1:de:84:14:ad:e6:8a:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
Code Signing
2.5.29.1:
09...j.M.......)8.....0.1.0
..U....WZTeam.......I..M3.|..vb
Signature Algorithm: sha1WithRSA
Signature Value:
60:1d:9e:41:07:be:cc:43:52:d0:22:81:ec:07:64:b2:86:5e:
4e:d6:0e:e5:82:28:b7:37:5d:70:77:30:de:de:14:8e:9e:d4:
1c:e0:51:c4:4d:4e:15:d0:41:cf:8c:60:1a:05:4c:a1:4b:4a:
48:4f:7d:ba:ab:40:9e:1d:75:ce:be:6f:8f:a1:71:e9:7e:16:
ea:e9:4b:67:57:da:5c:61:b0:b6:f8:5c:e2:fe:a3:1f:50:d6:
64:cc:5b:c1:a4:04:76:a4:4e:dd:d5:39:03:57:bc:0d:44:c3:
7b:49:69:b5:e4:e9:23:fe:e7:72:af:d4:64:3b:21:ba:91:8d:
40:a8
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http:\/\/www.usertrust.com, CN=UTN-USERFirst-Object
Validity
Not Before: Dec 31 00:00:00 2015 GMT
Not After : Jul 9 18:40:36 2019 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO SHA-1 Time Stamping Signer
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e9:e9:3d:df:d7:37:08:c9:1e:38:b2:52:53:42:
6d:22:f1:b1:c4:06:04:6b:9e:fd:82:74:50:43:7d:
c6:a0:bb:1f:4e:f9:02:71:26:b1:ef:43:d8:83:8c:
48:fc:e7:0f:97:7a:9a:eb:9c:de:a6:a3:0e:3b:1c:
44:18:75:8e:78:a5:17:69:fe:49:18:a4:e2:bb:5c:
4e:fe:8e:2a:54:7a:50:f0:d5:f6:cc:91:e7:99:79:
d7:de:79:94:d7:96:33:fe:0e:83:be:22:bf:63:16:
2c:a3:dd:28:1b:af:3d:ab:ea:97:d2:f1:bf:04:10:
e7:3d:48:45:fd:1f:68:65:c1:7f:59:99:69:c0:22:
31:0c:62:6e:a7:5c:65:01:21:b0:63:c4:22:18:27:
ee:e6:fc:d2:00:3d:47:2e:a8:b8:86:56:5d:04:dc:
13:17:25:6e:1c:df:44:0f:15:cd:b7:db:a5:57:76:
42:6f:00:68:82:99:d2:e3:c1:de:f0:8b:94:57:4c:
ec:08:90:22:21:ce:22:2b:98:0c:42:e6:42:93:94:
98:93:ef:fd:06:d9:3f:bc:5b:9b:54:3c:20:b1:ee:
6a:d6:47:7a:c5:ab:80:e9:30:9a:de:f1:a4:3f:55:
4d:0a:09:34:8a:75:29:d2:69:ad:97:0f:50:bf:f8:
ca:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8
X509v3 Subject Key Identifier:
8E:6B:2D:33:6B:F4:33:A7:93:B3:13:9A:A5:E0:0A:F7:12:35:6A:88
X509v3 Key Usage: critical
Digital Signature, Non Repudiation
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage: critical
Time Stamping
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl
Authority Information Access:
OCSP - URI:http://ocsp.usertrust.com
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
ba:33:24:40:40:8c:7c:db:58:9f:b3:60:98:b2:f5:c0:31:fe:
eb:1f:6e:50:f6:0a:e0:e4:e6:81:ad:26:87:a2:df:fd:b3:da:
f4:73:f3:00:fb:29:1b:89:1b:15:3e:db:6b:52:93:2b:c4:ac:
39:81:d7:3c:67:57:9a:39:36:e0:28:08:9a:e3:39:4f:9b:89:
09:7f:7b:c5:61:7f:59:89:32:25:0a:6a:ae:1a:3e:f0:a2:27:
a8:b6:c3:b8:87:f7:16:04:48:41:3d:5c:d8:ec:9f:4d:20:31:
04:d9:65:a1:ed:cd:69:07:53:16:3d:dd:36:02:0a:88:eb:40:
e5:06:30:0b:b8:16:4b:dc:ef:bc:55:09:ff:c6:3e:12:2e:76:
b3:dc:ce:42:ef:f9:76:57:e1:b7:0a:05:40:98:58:9a:5d:71:
16:93:71:8c:65:81:ea:6f:f3:89:f7:fb:73:ad:b4:e7:bf:d9:
8e:6f:aa:0b:4f:25:f3:b8:e1:d5:dd:75:98:68:81:f8:aa:c0:
d1:80:c2:c4:c4:39:89:c1:f6:c9:9e:6c:d7:74:f9:d9:97:f8:
4f:c2:9a:0a:cd:5e:8f:f8:19:e9:e0:a5:9f:c4:f0:92:21:e6:
2d:79:25:c9:22:f9:c3:f0:3a:84:57:ad:3a:16:f4:63:94:10:
1d:5d:d0:c6
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
- SHA1
38 87 35 e4 02 29 32 11 a0 79 90 2f d6 83 4f 5b |8.5..)2..y./..O[| fe 37 2e b7 |.7.. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- unnamed
- #0
- 2
- -155843482902537470358085606074993314206
- RSA-SHA1-2: nil
- CN: WZTeam
- 2016-11-02 18:47:06 UTC: 2039-12-31 23:59:59 UTC
- CN: WZTeam
- #5
- rsaEncryption: nil
- AD:2F:8A:A9:39:C3:EB:40:D1:D6:DE:05:09:B9:F4:E7:
EB:F8:47:5B:98:C4:9E:9F:B4:AD:55:6D:40:8E:9B:84:
E8:0D:01:40:78:D6:5B:E3:51:E8:A5:D8:4C:E2:E9:2E:
84:50:4F:82:E0:9D:FA:6C:83:10:B5:89:55:52:7C:EC:
28:43:03:93:28:B5:18:91:F2:A0:9F:70:FD:7E:13:48:
66:8A:0A:F7:80:F7:41:A3:02:54:39:7E:91:35:22:0D:
44:27:04:C2:39:58:10:A0:A6:5B:6B:4E:C5:45:58:E2:
6C:46:8C:60:87:FD:3B:B1:A1:DE:84:14:AD:E6:8A:AF: 0x010001
- #6
- extendedKeyUsage: codeSigning
- 2.5.29.1
10 6a c1 4d 8c b5 80 f7 87 e6 8a 29 38 ab 9b f3 |.j.M.......)8...|
- CN: WZTeam
8a c1 a3 10 13 49 c2 8a 4d 33 94 7c fc d0 76 62 |.....I..M3.|..vb|
- RSA-SHA1-2:
60 1d 9e 41 07 be cc 43 52 d0 22 81 ec 07 64 b2 |`..A...CR."...d.| 86 5e 4e d6 0e e5 82 28 b7 37 5d 70 77 30 de de |.^N....(.7]pw0..| 14 8e 9e d4 1c e0 51 c4 4d 4e 15 d0 41 cf 8c 60 |......Q.MN..A..`| 1a 05 4c a1 4b 4a 48 4f 7d ba ab 40 9e 1d 75 ce |..L.KJHO}..@..u.| be 6f 8f a1 71 e9 7e 16 ea e9 4b 67 57 da 5c 61 |.o..q.~...KgW.\a| b0 b6 f8 5c e2 fe a3 1f 50 d6 64 cc 5b c1 a4 04 |...\....P.d.[...| 76 a4 4e dd d5 39 03 57 bc 0d 44 c3 7b 49 69 b5 |v.N..9.W..D.{Ii.| e4 e9 23 fe e7 72 af d4 64 3b 21 ba 91 8d 40 a8 |..#..r..d;!...@.|
- 2
- Certificate #1
- 2
- 16:88:F0:39:25:5E:63:8E:69:14:39:07:E6:33:0B
- RSA-SHA1: nil
- Issuer
- C: US
- ST: UT
- L: Salt Lake City
- O: The USERTRUST Network
- OU: http://www.usertrust.com
- CN: UTN-USERFirst-Object
- 2015-12-31 00:00:00 UTC: 2019-07-09 18:40:36 UTC
- Subject
- C: GB
- ST: Greater Manchester
- L: Salford
- O: COMODO CA Limited
- CN: COMODO SHA-1 Time Stamping Signer
- #5
- rsaEncryption: nil
- E9:E9:3D:DF:D7:37:08:C9:1E:38:B2:52:53:42:6D:22:
F1:B1:C4:06:04:6B:9E:FD:82:74:50:43:7D:C6:A0:BB:
1F:4E:F9:02:71:26:B1:EF:43:D8:83:8C:48:FC:E7:0F:
97:7A:9A:EB:9C:DE:A6:A3:0E:3B:1C:44:18:75:8E:78:
A5:17:69:FE:49:18:A4:E2:BB:5C:4E:FE:8E:2A:54:7A:
50:F0:D5:F6:CC:91:E7:99:79:D7:DE:79:94:D7:96:33:
FE:0E:83:BE:22:BF:63:16:2C:A3:DD:28:1B:AF:3D:AB:
EA:97:D2:F1:BF:04:10:E7:3D:48:45:FD:1F:68:65:C1:
7F:59:99:69:C0:22:31:0C:62:6E:A7:5C:65:01:21:B0:
63:C4:22:18:27:EE:E6:FC:D2:00:3D:47:2E:A8:B8:86:
56:5D:04:DC:13:17:25:6E:1C:DF:44:0F:15:CD:B7:DB:
A5:57:76:42:6F:00:68:82:99:D2:E3:C1:DE:F0:8B:94:
57:4C:EC:08:90:22:21:CE:22:2B:98:0C:42:E6:42:93:
94:98:93:EF:FD:06:D9:3F:BC:5B:9B:54:3C:20:B1:EE:
6A:D6:47:7A:C5:AB:80:E9:30:9A:DE:F1:A4:3F:55:4D:
0A:09:34:8A:75:29:D2:69:AD:97:0F:50:BF:F8:CA:09: 0x010001
- #6
- authorityKeyIdentifier:
da ed 64 74 14 9c 14 3c ab dd 99 a9 bd 5b 28 4d |..dt...<.....[(M| 8b 3c c9 d8 |.<.. |
- subjectKeyIdentifier:
8e 6b 2d 33 6b f4 33 a7 93 b3 13 9a a5 e0 0a f7 |.k-3k.3.........| 12 35 6a 88 |.5j. |
- keyUsage: true, 0xc0
- basicConstraints
- true
- nil
- extendedKeyUsage: true, timeStamping
- crlDistributionPoints: http://crl.usertrust.com/UTN-USERFirst-Object.crl
- authorityInfoAccess
- OCSP: http://ocsp.usertrust.com
- authorityKeyIdentifier:
- RSA-SHA1:
ba 33 24 40 40 8c 7c db 58 9f b3 60 98 b2 f5 c0 |.3$@@.|.X..`....| 31 fe eb 1f 6e 50 f6 0a e0 e4 e6 81 ad 26 87 a2 |1...nP.......&..| df fd b3 da f4 73 f3 00 fb 29 1b 89 1b 15 3e db |.....s...)....>.| 6b 52 93 2b c4 ac 39 81 d7 3c 67 57 9a 39 36 e0 |kR.+..9..
- 2
- #0
- 1
- #0
- CN: WZTeam
- -155843482902537470358085606074993314206
- SHA1: nil
- #2
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
41 59 ca fc 05 37 ab d5 62 98 5e 0f a7 d5 3d 06 |AY...7..b.^...=.| c2 69 cf 85 |.i.. |
- 1.3.6.1.4.1.311.2.1.12
00 57 00 31 00 30 00 44 00 69 00 67 00 69 00 74 |.W.1.0.D.i.g.i.t| 00 61 00 6c 00 41 00 63 00 74 00 69 00 76 00 61 |.a.l.A.c.t.i.v.a| 00 74 00 69 00 6f 00 6e 00 20 00 28 00 52 00 61 |.t.i.o.n. .(.R.a| 00 74 00 69 00 62 00 6f 00 72 00 75 00 73 00 2c |.t.i.b.o.r.u.s.,| 00 20 00 4d 00 53 00 46 00 72 00 65 00 65 00 20 |. .M.S.F.r.e.e. | 00 49 00 6e 00 63 00 2e 00 29 |.I.n.c...) |
: http://forum.ru-board.com/topic.cgi?forum=2&topic=5559&start=0
- rsaEncryption:
24 47 2f c5 e5 32 c3 ef ef ac 19 48 c7 de 1b 64 |$G/..2.....H...d| 20 45 75 ca 04 21 c8 51 0a c3 65 8a de 49 33 d7 | Eu..!.Q..e..I3.| f9 59 6c e1 b2 c9 49 2a 9e 5d 25 75 3a 4d 34 c9 |.Yl...I*.]%u:M4.| 81 da 2d dd 6f be dc 3e 49 9b 5f 89 67 ae ea e0 |..-.o..>I._.g...| 94 79 0e 4a 65 ae a4 53 e6 0f f9 6e ee 56 1b c0 |.y.Je..S...n.V..| da 80 22 7b a8 8b 92 b5 2c 98 75 c4 86 6c 41 c5 |.."{....,.u..lA.| 07 cf a6 15 1a 1c e8 d9 ee c3 c9 52 e8 e3 9b 94 |...........R....| b8 4f b4 c3 fd 62 5b c7 f5 3a 05 05 6a 6b 3e 7a |.O...b[..:..jk>z| - #4
- countersignature
- 1
- unnamed
- #0
- C: US
- ST: UT
- L: Salt Lake City
- O: The USERTRUST Network
- OU: http://www.usertrust.com
- CN: UTN-USERFirst-Object
- 16:88:F0:39:25:5E:63:8E:69:14:39:07:E6:33:0B
- #0
- SHA1: nil
- #2
- contentType: pkcs7-data
- signingTime: 2018-11-30 14:49:41 UTC
- messageDigest:
81 62 96 5b 46 a9 25 e9 8f b0 72 41 b7 e6 30 d5 |.b.[F.%...rA..0.| 2c e9 ad d8 |,... |
- rsaEncryption:
97 42 62 c7 1e c5 a8 b8 78 04 fd ae 44 d6 e2 d8 |.Bb.....x...D...| 41 71 e5 d5 52 12 41 2f 9c 88 a4 5c 75 d3 ec 3c |Aq..R.A/...\u..<| 6d 1e 7d 62 5b 93 cd 03 95 1a c9 90 b7 ad 54 e6 |m.}b[.........T.| e9 f4 71 a6 d1 1c cd cf e6 54 5d 4c 6a 17 f7 86 |..q......T]Lj...| b5 cc 2c e0 f0 35 9c 59 4c f6 9c fa b4 17 2d 89 |..,..5.YL.....-.| d5 4b c3 5e b5 fd 1b d0 49 b5 52 37 84 b0 44 1f |.K.^....I.R7..D.| 9b 7f ef d8 71 c9 93 dc 3e c1 5a a5 9b 50 d5 8b |....q...>.Z..P..| a2 a5 d3 c4 6f 75 9e 09 53 cd c4 01 76 12 ea 28 |....ou..S...v..(| 1d 61 2f 71 4f 6a d6 09 e0 75 b7 44 b3 ce b4 0a |.a/qOj...u.D....| 07 49 8f 32 a1 f3 7f 88 6a bc 31 84 5f 5f 46 e1 |.I.2....j.1.__F.| d2 ae 72 82 ca 0a 22 a6 e5 b3 e0 d7 43 72 a5 39 |..r...".....Cr.9| fb dd 43 31 06 c1 37 fd 51 d6 26 c4 5e 4e fd c4 |..C1..7.Q.&.^N..| cd a7 f9 b1 4e 9b 99 83 df cd 24 d7 1f cd 45 9e |....N.....$...E.| 81 e2 2e c1 7c 13 fe 57 43 d2 9c ce 30 39 e9 fb |....|..WC...09..| ae 3c 21 54 33 2b 2f 59 cc 62 6f 46 f7 86 ac e7 |.
- unnamed
- 1
- 1.3.6.1.4.1.311.2.4.1
- pkcs7-signedData
- 1
- SHA256: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
- SHA256
55 93 34 d4 1b 37 7d 9c 2f d1 54 24 b8 ee 42 fe |U.4..7}./.T$..B.| 98 eb 73 9b 33 69 06 8d ae d6 d2 a0 bb eb 39 9d |..s.3i........9.|
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- -155843482902537470358085606074993314206
- RSA-SHA1-2: nil
- CN: WZTeam
- 2016-11-02 18:47:06 UTC: 2039-12-31 23:59:59 UTC
- CN: WZTeam
- #5
- rsaEncryption: nil
- AD:2F:8A:A9:39:C3:EB:40:D1:D6:DE:05:09:B9:F4:E7:
EB:F8:47:5B:98:C4:9E:9F:B4:AD:55:6D:40:8E:9B:84:
E8:0D:01:40:78:D6:5B:E3:51:E8:A5:D8:4C:E2:E9:2E:
84:50:4F:82:E0:9D:FA:6C:83:10:B5:89:55:52:7C:EC:
28:43:03:93:28:B5:18:91:F2:A0:9F:70:FD:7E:13:48:
66:8A:0A:F7:80:F7:41:A3:02:54:39:7E:91:35:22:0D:
44:27:04:C2:39:58:10:A0:A6:5B:6B:4E:C5:45:58:E2:
6C:46:8C:60:87:FD:3B:B1:A1:DE:84:14:AD:E6:8A:AF: 0x010001
- #6
- extendedKeyUsage: codeSigning
- 2.5.29.1
10 6a c1 4d 8c b5 80 f7 87 e6 8a 29 38 ab 9b f3 |.j.M.......)8...|
- CN: WZTeam
8a c1 a3 10 13 49 c2 8a 4d 33 94 7c fc d0 76 62 |.....I..M3.|..vb|
- RSA-SHA1-2:
60 1d 9e 41 07 be cc 43 52 d0 22 81 ec 07 64 b2 |`..A...CR."...d.| 86 5e 4e d6 0e e5 82 28 b7 37 5d 70 77 30 de de |.^N....(.7]pw0..| 14 8e 9e d4 1c e0 51 c4 4d 4e 15 d0 41 cf 8c 60 |......Q.MN..A..`| 1a 05 4c a1 4b 4a 48 4f 7d ba ab 40 9e 1d 75 ce |..L.KJHO}..@..u.| be 6f 8f a1 71 e9 7e 16 ea e9 4b 67 57 da 5c 61 |.o..q.~...KgW.\a| b0 b6 f8 5c e2 fe a3 1f 50 d6 64 cc 5b c1 a4 04 |...\....P.d.[...| 76 a4 4e dd d5 39 03 57 bc 0d 44 c3 7b 49 69 b5 |v.N..9.W..D.{Ii.| e4 e9 23 fe e7 72 af d4 64 3b 21 ba 91 8d 40 a8 |..#..r..d;!...@.|
- 2
- 1
- #0
- CN: WZTeam
- -155843482902537470358085606074993314206
- SHA256: nil
- #2
- 1.2.840.113549.1.9.25.4: 1
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
92 16 7b ce ec 6e 37 03 05 7f 54 7a 3a 02 c4 8f |..{..n7...Tz:...| 92 13 44 41 e4 f7 5f 00 05 1f eb 13 6e 98 7c 32 |..DA.._.....n.|2| - 1.3.6.1.4.1.311.2.1.12:
00 57 00 31 00 30 00 44 00 69 00 67 00 69 00 74 |.W.1.0.D.i.g.i.t| 00 61 00 6c 00 41 00 63 00 74 00 69 00 76 00 61 |.a.l.A.c.t.i.v.a| 00 74 00 69 00 6f 00 6e 00 20 00 28 00 52 00 61 |.t.i.o.n. .(.R.a| 00 74 00 69 00 62 00 6f 00 72 00 75 00 73 00 2c |.t.i.b.o.r.u.s.,| 00 20 00 4d 00 53 00 46 00 72 00 65 00 65 00 20 |. .M.S.F.r.e.e. | 00 49 00 6e 00 63 00 2e 00 29 |.I.n.c...) |
- rsaEncryption:
71 1e 52 b0 ad 2b 2b e1 95 95 51 76 71 b7 c8 6a |q.R..++...Qvq..j| 48 bc 7c ef d1 72 05 65 b0 0e 10 c2 4c e8 24 07 |H.|..r.e....L.$.| 0f e7 d4 23 63 4a eb ea a7 92 ad 20 97 c7 39 1f |...#cJ..... ..9.| 9d b2 48 29 40 eb 4e e4 4a 51 b8 cf 86 e0 6e 4a |..H)@.N.JQ....nJ| e5 d6 74 3c ce 6d 1d db 00 07 51 22 47 cf 44 42 |..t<.m....Q"G.DB| 8d bb fa 64 65 2b a8 f9 57 e1 8f ec ec f2 f2 f0 |...de+..W.......| 9d 8b f4 e6 24 4c 8a 86 73 7f b1 a7 0a 6a ca 0a |....$L..s....j..| 9a 7f 2d f4 3e 24 98 b1 b1 84 4b d0 de 1f 22 1a |..-.>$....K...".|
- 1.3.6.1.4.1.311.3.3.1
- pkcs7-signedData
- 3
- SHA256: nil
- id-smime-ct-TSTInfo
- 1
- 1.3.6.1.4.1.6449.2.1.1
- SHA256
6f 74 19 9d 3b 09 da ea 60 cd 6d 8b 9c 6c a9 e2 |ot..;...`.m..l..| 33 63 2f 13 9d 3f 0f fd 0d 16 43 7b 58 d1 e1 be |3c/..?....C{X...|
- 6A:AA:6A:61:19:ED:87:FB:37:E5:80:4A:EE:3B:0F:10:
5D:6F:10:93 - 2018-11-30 14:49:44 UTC
- Subject
- C: GB
- ST: Greater Manchester
- L: Salford
- O: COMODO CA Limited
- CN: COMODO SHA-256 Time Stamping Signer
- 1
- Certificate #2
- 2
- 4E:B0:87:8F:CC:24:35:36:B2:D8:C9:F7:BF:39:55:77
- RSA-SHA256: nil
- Issuer
- C: US
- ST: UT
- L: Salt Lake City
- O: The USERTRUST Network
- OU: http://www.usertrust.com
- CN: UTN-USERFirst-Object
- 2015-12-31 00:00:00 UTC: 2019-07-09 18:40:36 UTC
- Subject
- C: GB
- ST: Greater Manchester
- L: Salford
- O: COMODO CA Limited
- CN: COMODO SHA-256 Time Stamping Signer
- #5
- rsaEncryption: nil
- CE:BC:74:B7:70:80:4F:5E:F3:3F:98:AA:2E:CB:D4:12:
01:23:35:69:0B:22:BC:E6:FD:09:6C:28:E4:13:12:AC:
BB:BA:2D:E5:D5:DD:22:EE:73:B6:2C:F8:D2:A4:71:E7:
49:25:78:AB:25:B7:90:10:A0:9B:8B:77:26:DD:40:EA:
41:A3:FD:88:CD:72:A6:89:3B:50:57:1C:7A:25:24:22:
02:51:40:35:67:8A:31:69:0D:E5:39:73:49:39:9B:95:
01:85:52:F2:2B:14:89:9A:4E:04:A4:BC:40:AE:39:A6:
DD:40:02:E0:3A:75:FE:3D:7D:55:94:5B:F1:4E:24:7C:
C8:B8:58:19:CA:C0:DA:BE:58:13:9A:E6:1C:E7:D1:C1:
3B:F0:5D:8F:49:08:21:9E:D0:F3:BE:D6:D4:66:4F:5C:
72:36:7B:C3:82:D3:98:08:94:AF:AB:44:4F:18:C7:14:
DA:16:B1:1E:32:0E:12:38:C0:B5:3C:76:EC:75:50:00:
20:04:11:19:ED:C6:FF:DF:4E:FE:08:81:27:31:4F:71:
74:6E:03:0C:70:27:81:55:6A:9A:43:92:A4:7F:DB:FD:
3F:C5:17:1E:41:BB:CE:E8:A7:7F:8C:95:F9:FD:7F:F8:
61:88:89:00:3E:FF:0B:01:DB:FD:D5:B5:A4:E4:91:11: 0x010001
- #6
- authorityKeyIdentifier:
da ed 64 74 14 9c 14 3c ab dd 99 a9 bd 5b 28 4d |..dt...<.....[(M| 8b 3c c9 d8 |.<.. |
- subjectKeyIdentifier:
7d bf 91 d7 a7 6c 5a 47 66 44 7b 90 d4 8e 90 72 |}....lZGfD{....r| 41 8f 17 c2 |A... | - keyUsage: true, 0xc0
- basicConstraints
- true
- nil
- extendedKeyUsage: true, timeStamping
- crlDistributionPoints: http://crl.usertrust.com/UTN-USERFirst-Object.crl
- authorityInfoAccess
- OCSP: http://ocsp.usertrust.com
- authorityKeyIdentifier:
- RSA-SHA256:
50 b0 f5 df 5f ad 33 dc c3 53 58 58 bc c2 13 75 |P..._.3..SXX...u| 7b 20 1d 54 ca ba 3f 50 3f ba 8a f4 6b 09 63 c0 |{ .T..?P?...k.c.| 5b 5d 8b d6 75 1a 73 bd 8b ff 47 f1 15 dc 51 16 |[]..u.s...G...Q.| 23 19 32 e6 6e 92 4d d1 c6 2e 5a 1e 88 42 14 c9 |#.2.n.M...Z..B..| 72 e5 d7 08 50 8a 6a f5 64 40 56 ae 24 e3 61 97 |r...P.j.d@V.$.a.| 15 42 f0 2c 48 ae 83 e6 35 3c 8b 5b c2 8f ae 8e |.B.,H...5<.[....| cc 34 52 34 e0 fb fe ca fd b1 24 68 d1 a4 11 23 |.4R4......$h...#| 10 06 fd b2 c2 24 27 c7 d7 e9 4a 1c 8f 3f 3e cf |.....$'...J..?>.| ed eb 75 79 6c 8e 5f f7 21 b6 50 e6 25 a1 cd 66 |..uyl._.!.P.%..f| 94 12 6c bf db b3 ae 87 d8 68 03 72 20 02 c2 7e |..l......h.r ..~| da 94 f3 72 07 3c 57 e8 55 24 e7 05 a0 1d c4 81 |...r.
- 2
- 1
- unnamed
- #0
- C: US
- ST: UT
- L: Salt Lake City
- O: The USERTRUST Network
- OU: http://www.usertrust.com
- CN: UTN-USERFirst-Object
- 4E:B0:87:8F:CC:24:35:36:B2:D8:C9:F7:BF:39:55:77
- #0
- SHA256: nil
- #2
- contentType: id-smime-ct-TSTInfo
- signingTime: 2018-11-30 14:49:44 UTC
- id-smime-aa-signingCertificate:
36 52 7d 4f a2 6a 68 f9 eb 45 96 f1 d9 9a bb 2c |6R}O.jh..E.....,| 0e a7 6d fa |..m. |
- messageDigest:
2a c3 bf cf 40 88 03 4b 8c 87 e5 8a 83 df d1 7c |*...@..K.......|| da 06 61 26 96 f3 1e 9b 87 a8 d0 24 a2 9d 05 8d |..a&.......$....|
- rsaEncryption:
1b d6 af 8c f9 aa 71 98 a8 6c 48 9e f6 18 07 52 |......q..lH....R| dd 4f bd 6c bf 26 ce b9 c1 a1 a0 85 a6 8d 5b 56 |.O.l.&........[V| e9 9b 21 52 f3 f5 42 70 f6 0f a7 35 9a db 12 61 |..!R..Bp...5...a| 2c 6a aa 2f f9 66 7c da d5 a3 73 73 da 93 8f e3 |,j./.f|...ss....| 2f 25 18 4d 64 ba f6 89 f4 98 0d ce 7d 88 f2 05 |/%.Md.......}...| 77 a6 67 54 8e 38 44 a7 47 db ab 1d 67 df 37 7f |w.gT.8D.G...g.7.| b4 0a 9c aa 82 79 2c 59 f8 5a f8 d3 5a 50 48 c5 |.....y,Y.Z..ZPH.| 30 42 f0 e8 62 bc ff 38 ce 5e 2f c0 07 38 82 71 |0B..b..8.^/..8.q| de c4 3b 86 72 2c 01 61 aa 05 60 67 23 2e fc 18 |..;.r,.a..`g#...| 48 e8 de e0 9d 84 e2 41 23 59 30 f3 6e d4 ea 28 |H......A#Y0.n..(| a5 85 18 86 14 4d 0f 60 79 3f 2b 6f ba 38 1c 12 |.....M.`y?+o.8..| c8 20 b0 ec 75 d0 e5 17 9e 19 52 d8 31 72 c4 60 |. ..u.....R.1r.`| de a4 a4 fc 19 7c ef ec 33 d3 a8 87 5a 59 ba 2c |.....|..3...ZY.,| 25 a4 db 16 f2 3a a4 e7 e6 17 ce 92 8a 83 ec 96 |%....:..........| a9 90 93 cc 2b 15 f6 4f 85 50 19 bb 3f 0d bb 1b |....+..O.P..?...| ed ea c9 71 2c 5c 57 04 d1 ff 68 88 18 a7 d3 5a |...q,\W...h....Z|
- unnamed
- 3
- pkcs7-signedData
- #0
- 1
- pkcs7-signedData
- countersignature
- #0
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 1424896 | EXE | 11/30/2018 14:46:18 | # |
| 15c1 | 15 | HTM | # | |
| 15be00 | 6176 | PKCS7 | Authenticode Signature | # |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK