f169db9660dc3d02d980a6ef65200fb2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f169db9660dc3d02d980a6ef65200fb2_JaffaCakes118
Size

581KB
MD5

f169db9660dc3d02d980a6ef65200fb2
SHA1

8b1c739755bcc5aa5a4b37e972d205c2689c6f5b
SHA256

e30e71571f49f2bdc2e7ba7b9e4471a903e96933412790a45bd9bb9119f9c582
SHA512

6caf281e20e0ae8febcadbf137d7495b533cca78d2bb9ce03536b7a1b8a7de2f8423c9f176ea9519e4efb81f0e1f28eb36e0746741e9787d26a7ce32f00a7a6f
SSDEEP

12288:Rdqoh6zqYsR0+eR9DYjFUKDU4btk6fnYWu0T500R8o:Rdq/rIwYuKDUDenYYNv

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/htmlview.dll

Files

f169db9660dc3d02d980a6ef65200fb2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f40af6c51f6ff16f3d02b357d588ce4

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2007, 00:00

Not After

21/06/2010, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$0/Resources/BrowserSearch/alot_search_defend.html
.js
$0/Resources/BrowserSearch/images/favicon.ico
$0/Resources/Button_0/images/alot_logo_button.bmp
$0/Resources/Button_0/images/alot_logo_button.png
.png
$0/Resources/Button_1/images/alot_search_button.bmp
$0/Resources/Button_1/images/alot_search_button.png
.png
$0/Resources/Button_2/images/2384_icon.png
.png
$0/Resources/Button_3/images/default_1475_alot_qui_personality.bmp
$0/Resources/Button_3/images/default_1475_alot_qui_personality.png
.png
$0/Resources/Button_4/images/default_1476_alot_qui_trivia.bmp
$0/Resources/Button_4/images/default_1476_alot_qui_trivia.png
.png
$0/Resources/Button_5/images/default_1103_alot_lottery_dollar.bmp
$0/Resources/Button_5/images/default_1103_alot_lottery_dollar.png
.png
$0/Resources/Button_6/images/default_1477_alot_qui_entertainment.bmp
$0/Resources/Button_6/images/default_1477_alot_qui_entertainment.png
.png
$0/Resources/Button_7/images/default_1478_alot_qui_lifestyle.bmp
$0/Resources/Button_7/images/default_1478_alot_qui_lifestyle.png
.png
$0/Resources/Button_8/images/default_2071_alot_mus_mymusic.bmp
$0/Resources/Button_8/images/default_2071_alot_mus_mymusic.png
.png
$0/Resources/Button_9/images/default_1795_default_1795_alot_configure.bmp
$0/Resources/Button_9/images/default_1795_default_1795_alot_configure.png
.png
$0/Resources/Shared/domains.dat
$0/Resources/Shared/images/$PROGRAMFILES/alot/alotUninst.exe.nsis
$0/Resources/Shared/images/alot_brand.png
.png
$0/Resources/Shared/images/alot_splitter.png
.png
$0/Resources/Shared/images/discover.png
.png
$0/Resources/Shared/images/spinner.bmp
$0/Resources/Shared/images/widget_bottom.bmp
$0/Resources/Shared/images/widget_btnclose0.bmp
$0/Resources/Shared/images/widget_btnclose1.bmp
$0/Resources/Shared/images/widget_caption.bmp
$0/Resources/Shared/images/widget_error_bg.bmp
$0/Resources/Shared/images/widget_error_close.bmp
$0/Resources/Shared/images/widget_error_icon.bmp
$0/Resources/contextMenu/images/alot_icon.bmp
$0/Resources/contextMenu/images/alot_icon.png
.png
$0/Resources/contextMenu/images/alot_logo_button.bmp
$0/Resources/contextMenu/images/alot_logo_button.png
.png
$0/toolbar.xml
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

7458f96eb10904198d988c72ce690084

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteObject
GetDIBits
GetObjectA
SelectObject
SetTextColor

kernel32

GetCurrentDirectoryA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
SetCurrentDirectoryA
WritePrivateProfileStringA
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

user32

CallWindowProcA
CharNextA
CloseClipboard
CreateDialogParamA
CreateWindowExA
DestroyIcon
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
EnableMenuItem
EnableWindow
GetClientRect
GetClipboardData
GetDlgCtrlID
GetDlgItem
GetMessageA
GetSystemMenu
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapWindowPoints
MessageBoxA
OpenClipboard
PostMessageA
PtInRect
SendMessageA
SetCursor
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextA
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/closeie.ini
$PLUGINSDIR/eula.html
$PLUGINSDIR/eula.ini
$PLUGINSDIR/htmlview.dll
.dll windows:4 windows x86 arch:x86

43a433dc8e6b2212d99a5cc9852b3c09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\testapps\htmlview\Release\htmlview.pdb

Imports

wininet

DeleteUrlCacheEntry

kernel32

InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
GetLastError
MulDiv
FlushInstructionCache
GetCurrentProcess
HeapAlloc
lstrcmpA
WideCharToMultiByte
GetModuleFileNameA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
IsBadReadPtr
LoadLibraryA
GetStringTypeW
GetStringTypeA
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LeaveCriticalSection
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetCommandLineA
HeapReAlloc
VirtualQuery
GetSystemInfo
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsBadCodePtr
GetStartupInfoA
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess

user32

wsprintfA
CreateWindowExA
CreateAcceleratorTableA
CharNextA
SetWindowLongA
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
IsWindow
GetDlgItem
SetFocus
GetParent
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetSysColor
CallWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
UnregisterClassA
SendMessageA
GetWindowLongA
GetFocus

gdi32

GetDeviceCaps
CreateSolidBrush
GetStockObject
GetObjectA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject

ole32

CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathIsURLA
UrlCreateFromPathA
UrlGetPartA

Exports

Exports

Create
Destroy
Display

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PROGRAMFILES/alot/bin/ALOTSettings.exe
.exe windows:4 windows x86 arch:x86

1deb43505ccdb40fa5f250cc096d99a5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2007, 00:00

Not After

21/06/2010, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\alot\broker\Release\support\ALOTSettings.pdb

Imports

kernel32

InitializeCriticalSection
OpenProcess
WideCharToMultiByte
VirtualFreeEx
GetVersionExW
GetACP
lstrlenW
InterlockedExchange
GetLastError
GetThreadLocale
GetProcAddress
VirtualAllocEx
GetModuleHandleA
CreateRemoteThread
CloseHandle
WriteProcessMemory
GetProcessHeap
HeapAlloc
MultiByteToWideChar
HeapFree
HeapReAlloc
lstrcmpW
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
IsBadReadPtr
SetUnhandledExceptionFilter
WaitForSingleObject
DeleteCriticalSection
GetLocaleInfoA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
HeapSize
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
GetOEMCP
LoadLibraryA
IsBadCodePtr

advapi32

RegCreateKeyExW
RegSetValueExW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/alot/bin/alot.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8e5317608eaf6313011f3f46db0f59dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2007, 00:00

Not After

21/06/2010, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Alot\build\alot\bin\support\band.pdb

Imports

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetTickCount
MulDiv
LoadLibraryA
GlobalUnlock
GlobalLock
CopyFileW
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpW
GetTempFileNameW
DeleteFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
FindClose
FindFirstFileW
GetFileSize
SetFilePointer
ReadFile
WriteFile
CreateFileW
SetEndOfFile
SetFileAttributesW
GetVersionExA
GetSystemDefaultLangID
ResumeThread
ResetEvent
TerminateThread
GetExitCodeThread
SetCurrentDirectoryW
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
GetModuleFileNameA
GetFileAttributesExW
GetLongPathNameW
lstrlenA
GetCurrentDirectoryW
FindNextFileW
CreateDirectoryW
TerminateProcess
GetExitCodeProcess
CreateProcessW
HeapReAlloc
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
lstrcpynW
VirtualQuery
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SuspendThread
OpenThread
VirtualAlloc
GetSystemInfo
ExitThread
CreateThread
RtlUnwind
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
ExitProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
HeapSize
SetUnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
QueryPerformanceCounter
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
LoadLibraryExW
lstrcmpiW
HeapFree
lstrcpyW
CreateMutexW
WaitForMultipleObjects
ReleaseMutex
CreateEventW
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
SetEvent
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CloseHandle
FreeLibrary
GetCurrentThreadId
Sleep
GetCurrentProcessId
InterlockedIncrement
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
InterlockedDecrement
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
VirtualProtect
GetModuleHandleA

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue

user32

SetWindowsHookExW
CallNextHookEx
FindWindowExW
EnumWindows
GetAncestor
EnumChildWindows
GetCapture
WaitForInputIdle
CharUpperW
CharLowerW
CreateDialogIndirectParamW
DialogBoxIndirectParamW
SetMenuItemBitmaps
GetSubMenu
LoadMenuW
SendNotifyMessageW
GetSystemMetrics
GetWindowDC
SetWindowRgn
GetMenuItemInfoW
GetMenuItemID
DeleteMenu
GetMenuItemRect
EqualRect
ReplyMessage
InSendMessage
WaitMessage
GetDlgItemTextW
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
GetClassNameW
IsWindowVisible
GetComboBoxInfo
BeginPaint
GetSysColorBrush
UnhookWindowsHookEx
GetWindowTextLengthW
SetFocus
MoveWindow
DrawTextW
SetMenuItemInfoW
ClientToScreen
GetMenuItemCount
RedrawWindow
InvalidateRect
InsertMenuW
AppendMenuW
FillRect
CopyImage
GetDC
ReleaseDC
TrackPopupMenu
DestroyMenu
CreatePopupMenu
GetDlgItem
SendMessageW
PostMessageW
CharNextW
GetWindowPlacement
SetForegroundWindow
CallWindowProcW
DefWindowProcW
CreateWindowExW
BroadcastSystemMessageW
LoadImageW
KillTimer
SetTimer
EndDialog
GetSystemMenu
ModifyMenuW
RegisterClipboardFormatW
IsDlgButtonChecked
SetCursorPos
GetActiveWindow
GetClassInfoExW
RegisterClassExW
LoadStringW
wsprintfW
UnregisterClassW
IsIconic
GetCursorPos
GetCursor
PtInRect
DestroyCursor
DispatchMessageW
TranslateMessage
GetMessageW
DestroyIcon
SetCursor
OffsetRect
MessageBoxW
ScreenToClient
SendMessageTimeoutW
CreateAcceleratorTableW
DestroyAcceleratorTable
IsChild
GetDesktopWindow
InvalidateRgn
SetCapture
ReleaseCapture
GetSysColor
RegisterWindowMessageW
DrawTextExW
SendDlgItemMessageW
EndPaint
PeekMessageW
GetWindowThreadProcessId
IsWindow
GetFocus
SetWindowTextW
GetWindowTextW
GetKeyState
PostThreadMessageW
DestroyWindow
DispatchMessageA
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjects
SetWindowLongW
GetWindowLongW
ShowWindow
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
EnableWindow
SetActiveWindow
LoadCursorW
GetParent
GetWindow
CopyRect

gdi32

CreateDIBSection
SetDIBColorTable
GetStockObject
GetTextMetricsW
GetDeviceCaps
SetBkMode
SetTextColor
GetDIBColorTable
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
SetDIBitsToDevice
CreateCompatibleDC
SelectObject
GetObjectW
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteObject
DeleteDC
CreateDIBitmap
StretchBlt
StretchDIBits
PatBlt
CreatePatternBrush
ExtTextOutW
CombineRgn
CreateRectRgnIndirect
Ellipse
GetPixel
CreateFontW
CreateRectRgn

shell32

ord92
SHGetSpecialFolderPathW
SHFileOperationA
ShellExecuteW
SHFileOperationW
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteExW
ord165
SHGetMalloc

oleacc

ObjectFromLresult

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

ws2_32

getpeername
gethostbyname
WSACleanup
closesocket
inet_ntoa
gethostname
WSAStartup
ntohl
htons
WSAIoctl
bind
inet_addr
socket
recvfrom
ntohs
getsockname
WSAGetLastError

ole32

CoUninitialize
CoTaskMemAlloc
DoDragDrop
CoTaskMemFree
CoTaskMemRealloc
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
StringFromCLSID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
OleDuplicateData
OleSetContainedObject
OleCreate
CoInitializeEx

oleaut32

VariantChangeType
VariantCopyInd
VarUI4FromStr
SysStringLen
SysAllocString
SysAllocStringLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantCopy
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayGetVartype
SafeArrayCopy
VarBstrCmp
DispCallFunc
VariantClear
VariantInit
GetErrorInfo

shlwapi

UrlIsW
SHDeleteValueW
PathFileExistsW
PathAppendW
SHRegCreateUSKeyW
SHRegWriteUSValueW
SHGetValueW
PathCreateFromUrlW
PathIsRelativeW
PathFindFileNameW
UrlCanonicalizeW
SHDeleteKeyW
UrlUnescapeW
StrRetToStrW
SHCopyKeyW
UrlGetPartW
PathIsURLW

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HttpSendRequestHook
InternetReadFileHook
MyHttpSendRequestA
MyHttpSendRequestW
MyInternetReadFile
_GetSystemOptionsDirectory@8
_GetUserOptionsDirectory@8
_LaunchIEInProtectedMode@4
_createActionButton@4
_createBrowserSearch@4
_createCommunicator@4
_createConfigurator@4
_createContextMenu@4
_createErrorSearch@4
_createRssTicker@4
_createSiteMetrics@4
_createTimerManager@4
_createToolbarContextMenu@4
_createToolbarSearch@4
_createUpdater@4
_createWidget@4
myrecv
mysend
recvHook
sendHook

Sections

.text
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f40af6c51f6ff16f3d02b357d588ce4

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 224B

.bss Size: - Virtual size: 107KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 48KB

.rsrc Size: 27KB - Virtual size: 27KB

7458f96eb10904198d988c72ce690084

Headers

File Characteristics

Imports

comdlg32

gdi32

kernel32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 800B

.bss Size: - Virtual size: 16KB

.edata Size: 512B - Virtual size: 112B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 144B

.reloc Size: 1024B - Virtual size: 892B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

43a433dc8e6b2212d99a5cc9852b3c09

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 224B

.bss
Size: - Virtual size: 107KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 48KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 800B

.bss
Size: - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 112B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 144B

.reloc
Size: 1024B - Virtual size: 892B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate