f06d44a5b6edca13eb8df4be0a09ea67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f06d44a5b6edca13eb8df4be0a09ea67_JaffaCakes118
Size

1.4MB
MD5

f06d44a5b6edca13eb8df4be0a09ea67
SHA1

99228be3f1d6a58ba46f0edde27a555aa1b5e060
SHA256

af0664ff55cf32d601c7753dd80cd5fe7f0f2b4939083d097de99aaf38f9f3a2
SHA512

e9e07f7894e76e7a8dbdb301a5af238fd2f2aa3fdcf76babe9a3bfd4d15d04bd8c1847ee7f149cf1cf76dd9919b17f89a3f0cbc9247f5dcfccaa383a339822bc
SSDEEP

24576:/PeC1DdpBjiBGXkfsrHdrcQ2ScWP2nzFBU1Obv/PGPl+UL+PRDyHRlqecf4aWypi:OCVdDcGXkfiHRcTL9nkq/u4ULKRm+e2o

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/CCTVLive/CCTVPlayer.ocx	acprotect
static1/unpack001/CCTVLive/CCTVUpdateInstall.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/CCTVLive/CCTVPlayer.dll	upx
static1/unpack001/CCTVLive/CCTVPlayer.ocx	upx
static1/unpack001/CCTVLive/CCTVUpdateInstall.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack003/out.upx
unpack004/out.upx
unpack001/CCTVLive/CCTVlive.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/CCTVLive/CCTVlive.exe	nsis_installer_1
static1/unpack001/CCTVLive/CCTVlive.exe	nsis_installer_2

Files

f06d44a5b6edca13eb8df4be0a09ea67_JaffaCakes118
.rar
CCTVLive/CCTVOlympicsLive_LenovoLogo.swf
CCTVLive/CCTVPlayer.dll
.exe windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d8:6e:d0:58:dc:2b:a8:b8:10:75:e6:ca:a2:80:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/01/2009, 00:00

Not After

07/01/2010, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d2:d9:cb:c7:5c:22:47:ea:dc:38:76:c2:ef:c3:1f:d5:36:9f:23:a3
Signer

Actual PE Digest

d2:d9:cb:c7:5c:22:47:ea:dc:38:76:c2:ef:c3:1f:d5:36:9f:23:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CCTVLive/CCTVPlayer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:d5:31:54:58:c8:49:97:ba:70:a1:b7:00:b7:f1:7a:cd:8b:c5:85
Signer

Actual PE Digest

63:d5:31:54:58:c8:49:97:ba:70:a1:b7:00:b7:f1:7a:cd:8b:c5:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 271KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CCTVLive/CCTVUpdateInstall.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1d
Signer

Actual PE Digest

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CCTVLive/CCTVlive.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CCTVLive/Reli_CCTV.dll
.dll regsvr32 windows:4 windows x86 arch:x86

37dc6ee6ed85bb5b6e28ca7742e94622

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:10:03:e8:7c:2a:16:9e:1d:80:86:a8:32:b9:90:15:d3:1b:ea:0e
Signer

Actual PE Digest

3f:10:03:e8:7c:2a:16:9e:1d:80:86:a8:32:b9:90:15:d3:1b:ea:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dev4\hjoost\builds\cctv\bin\lite_release\Reli_CCTV_dll.pdb

Imports

gdiplus

GdipSetStringFormatAlign
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCloneImage
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipSetStringFormatLineAlign
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateFromHDC
GdipGetDC
GdipReleaseDC
GdipDrawImageRectI
GdipDrawString
GdipSetClipRegion
GdipDrawImageI
GdipCreateBitmapFromGdiDib
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipCloneBrush
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipIsVisibleRegionRectI
GdipFillRectangleI
GdipCreateHBITMAPFromBitmap
GdipImageRotateFlip
GdipCreateRegion
GdipGraphicsClear
GdipCreateFromHWND
GdipCreateBitmapFromGraphics
GdipSetEmpty
GdipDeleteRegion
GdipCreateBitmapFromFile
GdiplusShutdown
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteFont
GdipCombineRegionRectI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateLineBrushFromRectI
GdipDrawRectangleI
GdipCreateTexture
GdiplusStartup
GdipBitmapUnlockBits
GdipCombineRegionRegion

wininet

InternetReadFile
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW
HttpSendRequestW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetOpenUrlW
InternetOpenW
CommitUrlCacheEntryW
InternetQueryDataAvailable
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

kernel32

LoadResource
GetLastError
FindResourceW
LoadLibraryExW
EnterCriticalSection
MoveFileExW
SetEvent
GetTempPathW
WideCharToMultiByte
GetTempFileNameW
CreateThread
LockResource
FindFirstFileW
CreateMutexW
FindClose
CreateEventW
CopyFileW
CreateFileW
CloseHandle
WriteFile
Sleep
CreateDirectoryW
WaitForSingleObject
DeleteFileW
GetCurrentThreadId
GetTickCount
FindNextFileW
TerminateProcess
CreateToolhelp32Snapshot
UnmapViewOfFile
Module32FirstW
Module32NextW
GetCurrentProcessId
Process32FirstW
Process32NextW
MulDiv
GetCurrentProcess
FlushInstructionCache
MapViewOfFile
LocalAlloc
SetLastError
LocalFree
GetLongPathNameW
OpenProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedCompareExchange
GetProcessHeap
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
ReadFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
SetFilePointerEx
QueueUserWorkItem
SystemTimeToFileTime
GetUserDefaultLangID
GetThreadPriority
CreateSemaphoreW
ReleaseSemaphore
lstrcpynW
WaitForMultipleObjects
lstrcmpW
FindResourceExW
CreateFileMappingW
DuplicateHandle
ResetEvent
TryEnterCriticalSection
CreateProcessW
GetCurrentDirectoryW
lstrcmpiW
GetSystemDirectoryW
QueryPerformanceFrequency
SetThreadPriority
SetThreadExecutionState
LoadLibraryW
GetLocalTime
GetVersionExW
TerminateThread
InitializeCriticalSection
FreeLibrary
LeaveCriticalSection
GetThreadLocale
DeleteCriticalSection
RaiseException
HeapCreate
SetThreadLocale
HeapDestroy
HeapAlloc
MultiByteToWideChar
GetModuleHandleW
HeapFree
GetModuleFileNameW
InterlockedIncrement
SizeofResource
SetCurrentDirectoryW
InterlockedDecrement
lstrlenW

user32

GetWindowThreadProcessId
CopyRect
IsRectEmpty
DrawTextW
BringWindowToTop
GetQueueStatus
RegisterWindowMessageW
SetWindowRgn
CallWindowProcW
OffsetRect
LoadCursorW
UnionRect
GetFocus
GetClassInfoExW
PtInRect
RegisterClassExW
IsChild
EndPaint
EqualRect
BeginPaint
GetKeyboardState
FindWindowW
WaitForInputIdle
SetForegroundWindow
SetRect
SetCapture
IntersectRect
SetFocus
DialogBoxParamW
GetDlgItem
GetCursorPos
GetWindow
SystemParametersInfoW
DestroyWindow
GetWindowRect
MapWindowPoints
SetWindowPos
InvalidateRect
GetWindowLongW
UpdateWindow
SetWindowLongW
GetParent
ShowWindow
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
MoveWindow
SetParent
FillRect
EnumDisplaySettingsW
GetDC
InflateRect
ShowCursor
ReleaseCapture
SetCursor
CloseWindow
CharNextW
KillTimer
PostQuitMessage
DefWindowProcW
SendMessageW
UnregisterClassA
FrameRect
RegisterClassW
CreateWindowExW
SetTimer
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
IsWindow
EndDialog
GetKeyState
GetClientRect
GetActiveWindow
ReleaseDC

gdi32

SelectObject
SetBkMode
DeleteObject
CreateFontIndirectW
GetStockObject
SetTextColor
CreateDIBSection
IntersectClipRect
SelectClipRgn
SetBkColor
CreateSolidBrush
CreateDIBPatternBrush
CreateCompatibleDC
SetViewportOrgEx
DeleteDC
CreateDCW
SaveDC
CreateRectRgnIndirect
LPtoDP
SetMapMode
SetWindowOrgEx
RestoreDC
GetDeviceCaps

advapi32

RegOpenKeyExW
RegOpenKeyW
RegQueryValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoInitialize
GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
CoGetMalloc
CoFreeUnusedLibraries
ReadClassStm
OleRegGetUserType
CreateOleAdviseHolder
WriteClassStm
OleRegEnumVerbs
OleRegGetMiscStatus
OleSaveToStream
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString

oleaut32

OleCreatePropertyFrame
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantChangeType
SysStringLen
GetErrorInfo
RegisterTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy

winmm

timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod

msimg32

TransparentBlt

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

Exports

Exports

CheckOccupy
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HelperEntry

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CCTVLive/default.kss
.zip
channelbar.bmp
playerskin.bmp
scrollbar.bmp

Sharing

General

Malware Config

Signatures

Files

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

69:d8:6e:d0:58:dc:2b:a8:b8:10:75:e6:ca:a2:80:d1Certificate

Extended Key Usages

Key Usages

d2:d9:cb:c7:5c:22:47:ea:dc:38:76:c2:ef:c3:1f:d5:36:9f:23:a3Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 324KB

UPX1 Size: 188KB - Virtual size: 188KB

.rsrc Size: 21KB - Virtual size: 24KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25Certificate

Extended Key Usages

Key Usages

63:d5:31:54:58:c8:49:97:ba:70:a1:b7:00:b7:f1:7a:cd:8b:c5:85Signer

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 496KB

UPX1 Size: 271KB - Virtual size: 272KB

.rsrc Size: 32KB - Virtual size: 36KB

Headers

File Characteristics

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 132KB - Virtual size: 130KB

.data Size: 40KB - Virtual size: 72KB

.rsrc Size: 56KB - Virtual size: 54KB

.reloc Size: 40KB - Virtual size: 38KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25Certificate

Extended Key Usages

Key Usages

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1dSigner

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 29KB - Virtual size: 32KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

69:d8:6e:d0:58:dc:2b:a8:b8:10:75:e6:ca:a2:80:d1
Certificate

d2:d9:cb:c7:5c:22:47:ea:dc:38:76:c2:ef:c3:1f:d5:36:9f:23:a3
Signer

UPX0
Size: - Virtual size: 324KB

UPX1
Size: 188KB - Virtual size: 188KB

.rsrc
Size: 21KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

63:d5:31:54:58:c8:49:97:ba:70:a1:b7:00:b7:f1:7a:cd:8b:c5:85
Signer

UPX0
Size: - Virtual size: 496KB

UPX1
Size: 271KB - Virtual size: 272KB

.rsrc
Size: 32KB - Virtual size: 36KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 132KB - Virtual size: 130KB

.data
Size: 40KB - Virtual size: 72KB

.rsrc
Size: 56KB - Virtual size: 54KB

.reloc
Size: 40KB - Virtual size: 38KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1d
Signer

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 19KB - Virtual size: 18KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

3f:10:03:e8:7c:2a:16:9e:1d:80:86:a8:32:b9:90:15:d3:1b:ea:0e
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

_TEXT64
Size: 4KB - Virtual size: 1KB

.rdata
Size: 388KB - Virtual size: 384KB

.data
Size: 44KB - Virtual size: 2.2MB