2ab854c6c1cba48fa63fdfe48839477a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2ab854c6c1cba48fa63fdfe48839477a_JaffaCakes118
Size

1.0MB
MD5

2ab854c6c1cba48fa63fdfe48839477a
SHA1

fe1c529841e4410d6b537dc2527aa1b0ad2a7855
SHA256

eeba22c117e029096c4c80a84c72777ef6a0f41fac4333c1145316732b8429b0
SHA512

cdfaad141e21a09bc3bf24f5f24837ed680b4c073e84db0af980dd869a082f996c33a2a73191592e6f38d07a65c45d8d382a4566b4a771d862de03a9d03db82d
SSDEEP

24576:7r+c5XYj4LGv3cLvdYcNPtiMzpy8V7omYWHlk9U44QoC+8Q:/+c5XYvv6YUlvzM6YjGCFQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

2ab854c6c1cba48fa63fdfe48839477a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

4d:80:67:32:3f:ed:a6:c2:e9:85:c0:a4:b1:95:1c:d3
Certificate

Issuer

CN=StartCom Class 3 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Not Before

19/01/2016, 05:07

Not After

19/01/2019, 05:07

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,L=Chandler,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

16/12/2015, 01:00

Not After

16/12/2030, 01:00

Subject

CN=StartCom Class 3 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:5b:45:69:ca:0d:81:83:ef:16:9c:b3:50:75:b9:e6:ae:07:e0:51
Signer

Actual PE Digest

6b:5b:45:69:ca:0d:81:83:ef:16:9c:b3:50:75:b9:e6:ae:07:e0:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Repair.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
ReadMe.txt
Register.txt
ToDoList.exe
.exe windows:5 windows x86 arch:x86

35cef85291fb13cf2d386f46ce713f19

Code Sign

4d:80:67:32:3f:ed:a6:c2:e9:85:c0:a4:b1:95:1c:d3
Certificate

Issuer

CN=StartCom Class 3 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Not Before

19/01/2016, 05:07

Not After

19/01/2019, 05:07

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,L=Chandler,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

16/12/2015, 01:00

Not After

16/12/2030, 01:00

Subject

CN=StartCom Class 3 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c6:35:61:ac:ad:7e:8f:5f:57:ad:e6:c6:f6:74:1e:64:c5:fc:98:19
Signer

Actual PE Digest

c6:35:61:ac:ad:7e:8f:5f:57:ad:e6:c6:f6:74:1e:64:c5:fc:98:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

PropertySheetA
ImageList_Add
InitCommonControlsEx
ImageList_DragShowNolock
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

winmm

PlaySoundA

wininet

InternetAutodialHangup
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetConnectA
FtpPutFileA
FtpCreateDirectoryA

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetProfileStringA
LockResource
LoadResource
SizeofResource
FindClose
GetModuleHandleA
FindResourceA
DeleteFileA
FindFirstFileA
FindNextFileA
LocalAlloc
GetModuleFileNameW
SetErrorMode
lstrcmpA
GetProfileIntA
GetTimeZoneInformation
GetStringTypeW
HeapReAlloc
DeleteFileW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
HeapAlloc
HeapFree
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetACP
ExitProcess
GetModuleHandleExW
Sleep
ResumeThread
ExitThread
CreateThread
HeapSize
SetEnvironmentVariableA
ReadFile
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
FlushConsoleInputBuffer
GlobalMemoryStatus
GetTickCount
WriteFile
GetFileType
GetStdHandle
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
GetVersionExA
OutputDebugStringA
FindFirstFileExA
ExpandEnvironmentStringsA
CreateProcessA
LCMapStringW
FormatMessageA
LocalFree
GetSystemTime
LoadLibraryA
CreateMutexA
GetLastError
GetProcAddress
FreeLibrary
GetLocaleInfoA
GetModuleFileNameA
MulDiv
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
CopyFileA
CreateFileA
GetTempFileNameA
GetTempPathA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
GetFileSize
GetLocalTime
GetWindowsDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
CreateFileW
WriteConsoleW
SetEndOfFile
DecodePointer
RaiseException
CompareStringW
FreeLibraryAndExitThread

user32

GetMenu
SetTimer
RegisterClipboardFormatA
IsZoomed
RegisterWindowMessageA
ScreenToClient
ReleaseCapture
GetCursorPos
GetWindowThreadProcessId
GetForegroundWindow
AttachThreadInput
IsDialogMessageA
LoadCursorA
InvalidateRect
SetForegroundWindow
LoadImageA
PeekMessageA
GetSystemMenu
SetScrollInfo
LoadBitmapA
CheckDlgButton
SystemParametersInfoA
TranslateAcceleratorA
LoadAcceleratorsA
KillTimer
CreateDialogParamA
IsWindowVisible
OpenIcon
IsWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
ClientToScreen
SetCursor
GetClientRect
TrackPopupMenu
GetSubMenu
EnableMenuItem
DestroyMenu
SetMenu
LoadMenuA
EnableWindow
SetCapture
GetKeyState
CallWindowProcA
FindWindowA
GetWindowRect
GetSysColor
RedrawWindow
MapDialogRect
ReleaseDC
GetDC
SendDlgItemMessageA
DestroyWindow
GetDlgItemTextA
ShowWindow
GetDesktopWindow
DeleteMenu
AppendMenuA
GetMenuItemCount
CheckMenuItem
DrawMenuBar
SetDlgItemTextA
SetWindowTextA
EndPaint
BeginPaint
GetSystemMetrics
IsIconic
MoveWindow
DrawEdge
LoadStringA
GetWindowTextA
GetFocus
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetParent
SetFocus
GetDlgItem
EndDialog
DialogBoxParamA
PostMessageA
SendMessageA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
SetWindowLongA

gdi32

Rectangle
TextOutA
SetROP2
SetTextColor
SetBkMode
SelectObject
CreateFontA
GetObjectA
GetDeviceCaps
DeleteObject
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
SetAbortProc
ExtCreatePen
MoveToEx
CreateSolidBrush
SetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreatePen
DeleteDC
GetDIBits
LineTo
PatBlt
StretchDIBits
StartDocA
EndDoc
StartPage
SetTextAlign
EndPage

winspool.drv

DeviceCapabilitiesA
ClosePrinter
EnumPrintersA
DocumentPropertiesA
OpenPrinterA

comdlg32

CommDlgExtendedError
ChooseFontA
GetSaveFileNameA
ChooseColorA
GetOpenFileNameA

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
SHChangeNotify
Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain

Sections

.text
Size: 665KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
smtpsend.dll
.dll windows:5 windows x86 arch:x86

0478c78a044a30ab08697003d65c419c

Code Sign

4d:80:67:32:3f:ed:a6:c2:e9:85:c0:a4:b1:95:1c:d3
Certificate

Issuer

CN=StartCom Class 3 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Not Before

19/01/2016, 05:07

Not After

19/01/2019, 05:07

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,L=Chandler,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

16/12/2015, 01:00

Not After

16/12/2030, 01:00

Subject

CN=StartCom Class 3 Object CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:e8:b4:db:ca:cb:d8:8b:e9:64:3d:ce:51:17:b2:79:24:f1:6f:d7
Signer

Actual PE Digest

58:e8:b4:db:ca:cb:d8:8b:e9:64:3d:ce:51:17:b2:79:24:f1:6f:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Data\Code\smtpsend\Release\smtpsend.pdb

Imports

ws2_32

WSASetLastError
htonl
accept
bind
getsockopt
setsockopt
WSAGetLastError
WSACleanup
WSAStartup
getservbyname
gethostname
gethostbyname
socket
send
listen
ntohl
shutdown
ntohs
select
recv
inet_ntoa
inet_addr
htons
getpeername
ioctlsocket
connect
closesocket
__WSAFDIsSet

kernel32

CreateThread
OutputDebugStringW
SetEndOfFile
WriteConsoleW
HeapSize
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
OutputDebugStringA
LocalFree
GetLastError
GetSystemTime
GetLocalTime
FormatMessageA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
GetComputerNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SystemTimeToFileTime
GetStdHandle
GetFileType
WriteFile
GetModuleHandleA
FindClose
FindFirstFileA
FindNextFileA
GlobalMemoryStatus
FlushConsoleInputBuffer
RaiseException
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
HeapAlloc
HeapFree
HeapReAlloc
SetConsoleCtrlHandler
CreateFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetCurrentThread
GetACP
ReadConsoleW
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
ReleaseDC
GetDC

shell32

SHGetSpecialFolderPathA

gdi32

GetObjectA
GetDIBits
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

Exports

Exports

send_mail

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
todolist.chm
.chm

Sharing

General

Malware Config

Signatures

Files

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

4d:80:67:32:3f:ed:a6:c2:e9:85:c0:a4:b1:95:1c:d3Certificate

Extended Key Usages

Key Usages

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86Certificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

6b:5b:45:69:ca:0d:81:83:ef:16:9c:b3:50:75:b9:e6:ae:07:e0:51Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 8KB - Virtual size: 7KB

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

35cef85291fb13cf2d386f46ce713f19

Code Sign

4d:80:67:32:3f:ed:a6:c2:e9:85:c0:a4:b1:95:1c:d3Certificate

Extended Key Usages

Key Usages

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86Certificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

c6:35:61:ac:ad:7e:8f:5f:57:ad:e6:c6:f6:74:1e:64:c5:fc:98:19Signer

4d:80:67:32:3f:ed:a6:c2:e9:85:c0:a4:b1:95:1c:d3
Certificate

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

6b:5b:45:69:ca:0d:81:83:ef:16:9c:b3:50:75:b9:e6:ae:07:e0:51
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

4d:80:67:32:3f:ed:a6:c2:e9:85:c0:a4:b1:95:1c:d3
Certificate

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

c6:35:61:ac:ad:7e:8f:5f:57:ad:e6:c6:f6:74:1e:64:c5:fc:98:19
Signer

.text
Size: 665KB - Virtual size: 664KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 8KB - Virtual size: 27KB

.gfids
Size: 512B - Virtual size: 188B

.rsrc
Size: 115KB - Virtual size: 115KB

.reloc
Size: 40KB - Virtual size: 40KB

4d:80:67:32:3f:ed:a6:c2:e9:85:c0:a4:b1:95:1c:d3
Certificate

78:22:43:a1:53:df:28:0a:1f:fa:e1:5c:d0:28:4c:86
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

58:e8:b4:db:ca:cb:d8:8b:e9:64:3d:ce:51:17:b2:79:24:f1:6f:d7
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 327KB - Virtual size: 326KB

.data
Size: 41KB - Virtual size: 55KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 63KB - Virtual size: 62KB