f25eda0f788d18e44bafef13f48b6333_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f25eda0f788d18e44bafef13f48b6333_JaffaCakes118
Size

1.2MB
MD5

f25eda0f788d18e44bafef13f48b6333
SHA1

07014838357c8b579f4d550c2f1c1417ec339403
SHA256

6b0094c85a9aff550d4f1f8dca8c02300a509b761a73f7596499140127b8ca67
SHA512

d8de8a813fa721999724d76d4e6828b0ae49a80e5f416450416ea7a7c8fca5e135d548ca79292df79809e1efd9f2f854daa6d47e1d72a8596434b875112ddd00
SSDEEP

24576:9ZATRIxmcbVQuqWTMpIgFEKPv0Ix1oX+zp4EeqoCOrTIOub:2RIUcbK1OMR/nhrzp4E/lOrTa

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ANSYS_KEYGEN.exe
unpack001/WinHostId.exe
unpack001/cryptlic.exe
unpack001/lmgr326b.dll
unpack001/lmgr327a.dll

Files

f25eda0f788d18e44bafef13f48b6333_JaffaCakes118
.rar
ANSYS_KEYGEN.exe
.exe windows:4 windows x86 arch:x86

b95ecc3a612f3eef4e2010c112a980d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lmgr326b

ord52
ord59
ord97

kernel32

GetEnvironmentStringsW
LCMapStringW
LCMapStringA
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetLastError
ReadFile
DebugBreak
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetFileAttributesA
CloseHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
SetFilePointer
SetConsoleCtrlHandler
HeapAlloc
HeapReAlloc
VirtualAlloc
FlushFileBuffers
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetStdHandle
CreateFileA
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReCrypt.bat
WinHostId.exe
.exe windows:4 windows x86 arch:x86

e4c053339432475b3abab14b1a7a3cfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
TerminateProcess
ExitThread
CreateThread
HeapSize
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetEnvironmentVariableW
SetStdHandle
ResetEvent
Sleep
GetWindowsDirectoryA
GetDriveTypeA
ReleaseMutex
CreateMutexA
GetCommandLineW
FindFirstFileW
FindNextFileW
FindNextFileA
DeviceIoControl
GetProcessTimes
CreateFileW
GetDriveTypeW
MoveFileW
GetFileAttributesW
DeleteFileW
CreateProcessA
SetEnvironmentVariableW
GetFullPathNameW
CreatePipe
GetCurrentDirectoryW
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
RtlUnwind
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenA
GetOEMCP
GetCPInfo
SetErrorMode
GlobalFlags
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FreeResource
CreateEventA
SetEvent
WaitForSingleObject
ResumeThread
CloseHandle
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
SetHandleInformation
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
InterlockedDecrement
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentDirectoryA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
wsprintfA
UnregisterClassA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
WinHelpA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
BeginPaint
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetLastActivePopup
SetCursor
PostQuitMessage
PostMessageA
IsWindow
GetWindowTextA
GetFocus
GetParent
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
EndPaint
GetSysColorBrush
DialogBoxIndirectParamA
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetWindowLongA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemTextW
GetDlgItem
UnhookWindowsHookEx
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
EnableWindow
LoadIconA
GetClientRect
IsIconic
SendMessageA
DrawIcon
CharUpperA
LoadCursorA
MessageBeep
CallNextHookEx
DestroyMenu
RedrawWindow
MapWindowPoints

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
GetUserNameW
GetUserNameA
RegSetValueExW
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA

gdi32

SetMapMode
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

comctl32

ord17

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oleaut32

VariantInit
VariantChangeType
VariantClear

netapi32

Netbios

ws2_32

closesocket
gethostname

Sections

.text
Size: 732KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cryptlic.exe
.exe windows:4 windows x86 arch:x86

a8ef3623e02ef477cd3f13ee06169a9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lmgr327a

ord213
ord80
ord61
ord52
ord59

kernel32

GetEnvironmentStrings
GetEnvironmentStringsW
CompareStringW
CompareStringA
SetEnvironmentVariableA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetLastError
MoveFileA
HeapFree
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
CloseHandle
ReadFile
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetCurrentDirectoryA
GetTimeZoneInformation
RtlUnwind
FlushFileBuffers
MultiByteToWideChar
SetFilePointer
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
SetEndOfFile
LCMapStringA
LCMapStringW
DeleteFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetFileAttributesA
GetCurrentProcessId
GetFullPathNameA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lmgr326b.dll
.dll windows:4 windows x86 arch:x86

5bd990b862f5d6adb885eb686bdfb726

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetThreadPriority
ReadFile
WriteFile
ReleaseSemaphore
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
SetErrorMode
GetVolumeInformationA
GetDriveTypeA
GlobalFree
GlobalAlloc
GetLastError
GetModuleHandleA
HeapAlloc
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
ResumeThread
CreateThread
TlsSetValue
ExitThread
HeapReAlloc
GetCommandLineA
MultiByteToWideChar
GetCurrentProcessId
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindNextFileA
OpenSemaphoreA
GetCurrentThread
GetStringTypeW
GetFullPathNameA
GetCurrentDirectoryA
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
LCMapStringA
LCMapStringW
GetWindowsDirectoryA
GetFileType
GetStdHandle
GetStartupInfoA
SetFilePointer
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA
HeapSize
SetStdHandle
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
SetEndOfFile
CreateFileA
FindClose
CreateSemaphoreA
GetProcAddress
LoadLibraryA
WideCharToMultiByte
CreateEventA
FindFirstFileA
SetEvent
FreeLibrary
WaitForSingleObject
ResetEvent
GetProcessTimes
CloseHandle
GetCurrentProcess
Sleep
GetVersion
GetTickCount
VirtualAlloc
GetStringTypeA
SetHandleCount
GetPrivateProfileIntA
GetPrivateProfileStringA

user32

DestroyWindow
WinHelpA
GetDlgItemTextA
CreateDialogParamA
SetDlgItemTextA
PostMessageA
ShowWindow
GetParent
SendMessageA
MessageBeep
GetFocus
GetDlgItem
wsprintfA
MessageBoxA

advapi32

GetUserNameA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
QueryServiceStatus
OpenServiceA
CloseServiceHandle
RegQueryValueA
RegOpenKeyA
OpenSCManagerA

netapi32

Netbios

comctl32

PropertySheetA
ord17

comdlg32

GetOpenFileNameA

Exports

Exports

COM_LC_CRYPTSTR
COM_LC_HOSTID
LC_CRYPTSTR
LC_HOSTID
LP_CHECKIN
LP_CHECKOUT
LP_ERRSTRING
LP_HEARTBEAT
LP_SETUP
LSEnumProviders
LSFreeHandle
LSGetMessage
LSQuery
LSRelease
LSRequest
LSUpdate
LibMain
l__WSACleanup
l__WSAFDIsSet
l__WSAGetLastError
l__WSASetLastError
l__WSAStartup
l____WSAFDIsSet
l__accept
l__bind
l__closesocket
l__connect
l__gethostbyname
l__gethostname
l__getservbyname
l__getsockname
l__htonl
l__htons
l__ioctlsocket
l__listen
l__ntohl
l__ntohs
l__recv
l__recvfrom
l__select
l__send
l__sendto
l__setsockopt
l__shutdown
l__socket
l_addr_to_inet
l_any_set
l_asc_date
l_asc_hostid
l_asc_hostid_len
l_asc_id_one
l_baddate
l_basic_conn
l_bin_date
l_check
l_check_fmt_ver
l_cksum
l_cksum_ok
l_clear_error
l_compare_version
l_conn_msg
l_connect
l_connect_endpoint
l_connect_host_or_list
l_cur_dlist
l_date
l_decimal_format
l_decode_int
l_decode_long
l_decode_long_hex
l_encode_int
l_encode_long
l_encode_long_hex
l_err_info_cp
l_extract_date
l_file_checkout
l_files_in_dir
l_finder_port
l_flush_config
l_free_conf
l_free_daemon_list
l_free_server
l_get_cksum
l_get_date
l_get_dlist
l_get_endpoint
l_get_id
l_get_port
l_getattr
l_getexp
l_gethostid
l_getid_type
l_good_bin_date
l_host
l_hostid_cmp
l_hostid_cmp_exact
l_hostid_cmp_one
l_id_types_match
l_inet_cmp
l_inet_to_addr
l_init_file
l_int_month
l_ipaddr
l_keyword_eq
l_lfclose
l_lfgets
l_lmgrds
l_lookup
l_lowercase
l_malloc
l_master_list_from_job
l_master_list_lfp
l_midnight
l_modify
l_msg_cksum
l_msg_size
l_new_hostid
l_next_conf_or_marker
l_onebyte
l_open_file
l_parse_daemon
l_parse_decimal
l_parse_feature_line
l_parse_package
l_parse_server_line
l_platform_name
l_print_config
l_putenv
l_rcvmsg
l_rcvmsg_timeout
l_read_sernum
l_read_timeout
l_redundant
l_rerd
l_select
l_select_one
l_set_error
l_set_license_path
l_set_user_init3
l_shutdown
l_shutdown_one
l_shutdown_vendor
l_sndmsg
l_start_ok
l_str_crypt
l_str_dcrypt
l_sum
l_text
l_timer_add
l_upgrade_feat
l_uppercase
l_valid_version
l_validdate
l_write_sernum
l_zcp
la_parse_daemon
la_reread
lc_LogSystemError
lc_auth_data
lc_baddate
lc_check_key
lc_checkin
lc_checkout
lc_chk_conf
lc_ck_feats
lc_cleanup
lc_convert
lc_copy_hostid
lc_crypt
lc_cryptstr
lc_daemon
lc_disconn
lc_display
lc_err_info
lc_errstring
lc_errtext
lc_expire_days
lc_feat_list
lc_feat_set
lc_first_job
lc_free_hostid
lc_free_job
lc_free_lmgrd_stat
lc_free_mem
lc_get_attr
lc_get_config
lc_get_errno
lc_get_feats
lc_get_redir
lc_gethostid
lc_getid_type
lc_heartbeat
lc_hostid
lc_hostname
lc_hosttype
lc_idle
lc_init
lc_isadmin
lc_lic_where
lc_log
lc_master_list
lc_next_conf
lc_next_job
lc_perror
lc_remove
lc_removeh
lc_set_attr
lc_set_errno
lc_set_registry
lc_shutdown
lc_sleep
lc_status
lc_test_conf
lc_timer
lc_userlist
lc_username
lc_vsend
lc_xstrcmp
lp_checkin
lp_checkout
lp_errstring
lp_heartbeat
lp_perror
lp_pwarn
lp_warning
timer_proc

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lmgr327a.dll
.dll windows:4 windows x86 arch:x86

3fa095e46b3aa1df31f50ea239dd34dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
CreateFileA
GetProcAddress
FindNextFileA
LoadLibraryA
OpenSemaphoreA
CreateSemaphoreA
GetCurrentThread
ReleaseSemaphore
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
SetErrorMode
GetVolumeInformationA
GetDriveTypeA
GlobalFree
GlobalAlloc
GetModuleHandleA
VirtualAlloc
VirtualFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
MultiByteToWideChar
ResumeThread
CreateThread
TlsSetValue
ExitThread
CreateDirectoryA
GetFileAttributesA
DeleteFileA
GetCurrentProcessId
GetCurrentDirectoryA
WaitForSingleObject
FindFirstFileA
WideCharToMultiByte
GetStringTypeW
GetCurrentThreadId
TlsAlloc
TlsFree
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryA
GetFileType
GetStdHandle
GetStartupInfoA
RtlUnwind
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
SetFilePointer
FlushFileBuffers
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA
UnhandledExceptionFilter
HeapSize
SetStdHandle
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
SetEndOfFile
SetEvent
CreateEventA
ResetEvent
FreeLibrary
CloseHandle
GetVersionExA
SetLastError
GetCurrentProcess
GetProcessTimes
GetVersion
GetLastError
GetTickCount
Sleep
GetStringTypeA
GetFullPathNameA
SetHandleCount
GetPrivateProfileStringA
GetPrivateProfileIntA

user32

SetWindowTextA
SetDlgItemTextA
GetDlgItemTextA
wsprintfA
GetClientRect
EndDialog
MessageBeep
MoveWindow
GetFocus
GetWindowRect
ShowWindow
GetParent
GetWindowLongA
SendMessageA
EnableWindow
MessageBoxA
ScreenToClient
GetDlgItem
DialogBoxIndirectParamA
CreateDialogIndirectParamA

advapi32

GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
RegQueryValueA
RegOpenKeyA

netapi32

Netbios

comctl32

ord17

comdlg32

GetOpenFileNameA

Exports

Exports

COM_LC_CRYPTSTR
COM_LC_HOSTID
LC_CRYPTSTR
LC_HOSTID
LP_CHECKIN
LP_CHECKOUT
LP_ERRSTRING
LP_HEARTBEAT
LP_SETUP
LSEnumProviders
LSFreeHandle
LSGetMessage
LSQuery
LSRelease
LSRequest
LSUpdate
LibMain
l__WSACleanup
l__WSAFDIsSet
l__WSAGetLastError
l__WSASetLastError
l__WSAStartup
l____WSAFDIsSet
l__accept
l__bind
l__closesocket
l__connect
l__gethostbyname
l__gethostname
l__getservbyname
l__getsockname
l__htonl
l__htons
l__ioctlsocket
l__listen
l__ntohl
l__ntohs
l__recv
l__recvfrom
l__select
l__send
l__sendto
l__setsockopt
l__shutdown
l__socket
l_addr_to_inet
l_any_set
l_asc_date
l_asc_hostid
l_asc_hostid_len
l_asc_id_one
l_baddate
l_basic_conn
l_bin_date
l_check
l_check_fmt_ver
l_cksum
l_cksum_ok
l_clear_error
l_compare_version
l_conn_msg
l_connect
l_connect_endpoint
l_connect_host_or_list
l_cur_dlist
l_date
l_decimal_format
l_decode_int
l_decode_long
l_decode_long_hex
l_encode_int
l_encode_long
l_encode_long_hex
l_err_info_cp
l_extract_date
l_file_checkout
l_files_in_dir
l_finder_port
l_flush_config
l_free_conf
l_free_daemon_list
l_free_server
l_get_cksum
l_get_date
l_get_dlist
l_get_endpoint
l_get_id
l_get_port
l_getattr
l_getexp
l_gethostid
l_getid_type
l_good_bin_date
l_host
l_hostid_cmp
l_hostid_cmp_exact
l_hostid_cmp_one
l_id_types_match
l_inet_cmp
l_inet_to_addr
l_init_file
l_int_month
l_ipaddr
l_keyword_eq
l_lfclose
l_lfgets
l_lmgrds
l_lookup
l_lowercase
l_malloc
l_master_list_from_job
l_master_list_lfp
l_midnight
l_modify
l_msg_cksum
l_msg_size
l_new_hostid
l_next_conf_or_marker
l_onebyte
l_open_file
l_parse_daemon
l_parse_decimal
l_parse_feature_line
l_parse_package
l_parse_server_line
l_platform_name
l_print_config
l_putenv
l_rcvmsg
l_rcvmsg_timeout
l_read_sernum
l_read_timeout
l_rerd
l_select
l_select_one
l_set_error
l_set_license_path
l_set_user_init3
l_shutdown
l_shutdown_one
l_shutdown_vendor
l_sndmsg
l_start_ok
l_str_crypt
l_str_dcrypt
l_sum
l_text
l_timer_add
l_upgrade_feat
l_uppercase
l_valid_version
l_validdate
l_write_sernum
l_zcp
la_parse_daemon
la_reread
lc_LogSystemError
lc_auth_data
lc_baddate
lc_check_key
lc_checkin
lc_checkout
lc_chk_conf
lc_ck_feats
lc_cleanup
lc_convert
lc_copy_hostid
lc_crypt
lc_cryptstr
lc_daemon
lc_disconn
lc_display
lc_err_info
lc_errstring
lc_errtext
lc_expire_days
lc_feat_list
lc_feat_set
lc_first_job
lc_free_hostid
lc_free_job
lc_free_lmgrd_stat
lc_free_mem
lc_get_attr
lc_get_config
lc_get_errno
lc_get_feats
lc_get_redir
lc_gethostid
lc_getid_type
lc_heartbeat
lc_hostid
lc_hostname
lc_hosttype
lc_idle
lc_init
lc_isadmin
lc_lic_where
lc_log
lc_master_list
lc_next_conf
lc_next_job
lc_perror
lc_remove
lc_removeh
lc_set_attr
lc_set_errno
lc_set_registry
lc_shutdown
lc_sleep
lc_status
lc_test_conf
lc_timer
lc_userlist
lc_username
lc_vsend
lc_xstrcmp
lp_checkin
lp_checkout
lp_errstring
lp_heartbeat
lp_perror
lp_pwarn
lp_warning
timer_proc

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lmtools_x64_n6.exe
.exe windows:4 windows x64 arch:x64

a06a81452a2baf09bc989f3618e5f078

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:66:2a:26:09:bd:43:1d:09:6e:e5:c3:96:de:9c:a2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/03/2008, 00:00

Not After

18/03/2011, 23:59

Subject

CN=Acresso Software Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Acresso Software Inc.,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:58:ff:19:57:91:c4:d8:c2:72:e8:56:47:02:f6:53:57:45:53:ee
Signer

Actual PE Digest

28:58:ff:19:57:91:c4:d8:c2:72:e8:56:47:02:f6:53:57:45:53:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\home\nightly\Integrated\11.6.1.0\tier1\dev\flexnet\lmtools\build\_release-Windows-ipv4.NT4-x86_64-main\lmtools.exe.pdb

Imports

kernel32

RtlCaptureContext
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
ExitProcess
HeapSetInformation
HeapCreate
Sleep
HeapSize
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
SetHandleCount
DeleteCriticalSection
CreateFileA
CreateFileW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
SetUnhandledExceptionFilter
IsValidCodePage
LoadLibraryA
GetLocaleInfoA
FreeLibrary
InitializeCriticalSection
HeapReAlloc
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnhandledExceptionFilter
FlsAlloc
TlsSetValue
GetCurrentThreadId
SetLastError
FlsFree
TlsFree
FlsSetValue
TlsAlloc
FlsGetValue
GetProcAddress
GetStartupInfoA
CreatePipe
GetFullPathNameW
GetCurrentDirectoryA
GetFullPathNameA
SetEnvironmentVariableW
DuplicateHandle
GetProcessHeap
GetVersionExA
GetCommandLineA
RtlPcToFileHeader
RaiseException
SetFilePointer
ReadFile
MultiByteToWideChar
CloseHandle
GetFileAttributesA
GetLocalTime
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapFree
HeapAlloc
RtlUnwindEx
RtlLookupFunctionEntry
GetLastError
CreateProcessA
GetVersion
GetModuleHandleA
GetWindowsDirectoryA
GetOEMCP
DeleteFileW
DeleteFileA
GetFileAttributesW
MoveFileW
MoveFileA
GetDriveTypeW
CreateThread
ResumeThread
ExitThread
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
SearchPathA
GetFileSize
FileTimeToSystemTime
GetSystemTime
SystemTimeToFileTime
TlsGetValue
LocalAlloc
DeviceIoControl
GetProcessTimes
FindClose
FindNextFileA
FindNextFileW
LocalFree
FormatMessageA
GetShortPathNameA
GetEnvironmentVariableA
GetCommandLineW
GetEnvironmentVariableW
WaitForSingleObject
ResetEvent
CreateEventA
SetEvent
SetErrorMode
SetHandleInformation
ReleaseMutex
CreateMutexA
GetVolumeInformationA
GetDriveTypeA
FindFirstFileW
FindFirstFileA

user32

SetMenuItemInfoA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
ShowWindow
ShowCursor
SetCursor
LoadCursorA
GetCursor
CheckRadioButton
SendMessageA
DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetClientRect
GetFocus
GetParent
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
GetSystemMetrics
GetActiveWindow
GetWindowTextLengthA
IsDialogMessageA
EndDialog
CreateDialogParamA
EnableWindow
MessageBeep
GetWindowTextA
SetWindowTextA
SetFocus
GetWindowLongA
RedrawWindow
PostMessageA
DestroyWindow
InvalidateRect
SetForegroundWindow
IsWindowEnabled
IsWindowVisible
SetTimer
KillTimer
DrawStateA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
ReleaseDC
GetDC
MoveWindow
ScreenToClient
GetWindowRect
CallWindowProcA
SetWindowLongA
LoadBitmapA
FrameRect
GetSysColor
CopyRect
DrawTextA
wsprintfA

advapi32

ChangeServiceConfigA
GetUserNameW
GetUserNameA
RegSetValueExW
ControlService
StartServiceA
RegDeleteKeyA
DeleteService
RegDeleteValueA
QueryServiceConfigA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
RegQueryValueExW
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA

comctl32

ImageList_Add
ord17
ImageList_Create
ImageList_GetImageCount

gdi32

CreateFontIndirectA
GetStockObject
GetTextMetricsA
SelectObject
DeleteObject
CreateSolidBrush

shell32

ShellExecuteA

wsock32

__WSAFDIsSet
select
connect
socket
htons
getprotobyname
ioctlsocket
WSAGetLastError
closesocket
recv
send
inet_ntoa
setsockopt
ntohl
htonl
gethostname
gethostbyname
gethostbyaddr
inet_addr
WSACleanup
WSAStartup
getsockname
getsockopt
ntohs

netapi32

Netbios

comdlg32

GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 827KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fnp_dir
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b95ecc3a612f3eef4e2010c112a980d0

Headers

File Characteristics

Imports

lmgr326b

kernel32

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 23KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

e4c053339432475b3abab14b1a7a3cfa

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

comdlg32

comctl32

winspool.drv

shlwapi

oleaut32

netapi32

ws2_32

Sections

.text Size: 732KB - Virtual size: 728KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 52KB - Virtual size: 96KB

_TEXT_HA Size: 68KB - Virtual size: 66KB

.rsrc Size: 28KB - Virtual size: 24KB

a8ef3623e02ef477cd3f13ee06169a9d

Headers

File Characteristics

Imports

lmgr327a

kernel32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 10KB

5bd990b862f5d6adb885eb686bdfb726

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 213KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 25KB - Virtual size: 36KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 11KB - Virtual size: 10KB

3fa095e46b3aa1df31f50ea239dd34dc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

comctl32

comdlg32

Exports

Exports

Sections

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 23KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 732KB - Virtual size: 728KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 52KB - Virtual size: 96KB

_TEXT_HA
Size: 68KB - Virtual size: 66KB

.rsrc
Size: 28KB - Virtual size: 24KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 10KB

.text
Size: 213KB - Virtual size: 213KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 25KB - Virtual size: 36KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 34KB - Virtual size: 45KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

78:66:2a:26:09:bd:43:1d:09:6e:e5:c3:96:de:9c:a2
Certificate

28:58:ff:19:57:91:c4:d8:c2:72:e8:56:47:02:f6:53:57:45:53:ee
Signer

.text
Size: 663KB - Virtual size: 663KB

.textidx
Size: 827KB - Virtual size: 826KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 152KB - Virtual size: 390KB

.pdata
Size: 55KB - Virtual size: 54KB

.fnp_dir
Size: 512B - Virtual size: 120B

.fnp_mar
Size: 512B - Virtual size: 1B

.rsrc
Size: 103KB - Virtual size: 103KB