0543e7ac313b3445d749bec7aa96325d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0543e7ac313b3445d749bec7aa96325d_JaffaCakes118
Size

561KB
MD5

0543e7ac313b3445d749bec7aa96325d
SHA1

034ad5993fbfeecac3e1668dcba6a839b7249b86
SHA256

d11ecfdc1f5d350ff4ff2d1aa08d4e72b0eb424203aee450d39a63c21e489146
SHA512

378449930dae4b69bd8b08d68d30e89ff50b71fca404f12fcafcb7a5a2a0f2a81fb31620233c5125d02ba0f9098f830776951d4d02a6ea5161c25c7b39c64ba0
SSDEEP

12288:NxBQrt3Cy7V0h1QWmojX+7oRwm2hRo0sf/bmHr8u8CfiLs08aQNn:N7ct3Cx1mdowmgNsnbmL8u8CfiLs08n

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$TEMP/InstallUtil.exe
unpack001/unutil.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

0543e7ac313b3445d749bec7aa96325d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:2d:7b:2c:d0:e4:30:4f:2f:de:d6:54:d7:91:6b:93
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-10-2013 00:00

Not After

16-12-2015 23:59

Subject

CN=betwikx,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=betwikx,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:e1:98:67:46:78:ae:39:be:ee:d0:1b:0c:ac:ff:9a:00:25:7d:84
Signer

Actual PE Digest

b9:e1:98:67:46:78:ae:39:be:ee:d0:1b:0c:ac:ff:9a:00:25:7d:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2274cc1534607459cdd304a928601ef9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GlobalAlloc
lstrlenA
lstrcpynA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
LoadLibraryA
FreeLibrary
GetLastError
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
Sleep
GetCurrentProcessId
CreateThread
GetCommandLineA
OpenProcess
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
SetLastError
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA

user32

SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
GetWindowThreadProcessId
MessageBoxA
SetWindowLongA
LoadImageA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EndDialog

advapi32

RegCloseKey
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
GetShellFolderPath
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R3/[email protected]
.zip
chrome.manifest
chrome/content/boater.xul
.xml
chrome/content/browserevents.js
.js
chrome/content/configuration.js
.js
chrome/content/consts.js
.js
chrome/content/diagnostics.js
.js
chrome/content/format.js
.js
chrome/content/jquery-1.4.4.min.js
.js
chrome/content/main.js
.js
chrome/content/request.js
.js
chrome/content/script.js
.js
chrome/content/stats.js
.js
chrome/content/storage.js
.js
chrome/skin/boater_16x16.png
.png
chrome/skin/boater_24x24.png
.png
chrome/skin/boater_24x24_off.png
.png
chrome/skin/toolbar-button.css
install.rdf
.xml
$TEMP/InstallUtil.exe
.exe windows:5 windows x86 arch:x86

738b4dc23d4a3da2f4b17172527291e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\managed\root\VTG_Jigsaw\Main\WebRelease\Installer\InstallUtil.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
OutputDebugStringW
LocalFree
FormatMessageW
GetLastError
RaiseException
WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
DeleteFileW
CreateDirectoryW
GetTempPathW
CopyFileW
GetModuleFileNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
TerminateProcess
WaitForSingleObject
OpenProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
CompareStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
Sleep
GetCurrentProcess
IsDebuggerPresent
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwind
EncodePointer
DecodePointer
GetProcAddress
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapCreate
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers

user32

EnumWindows
MessageBoxW
GetWindowThreadProcessId
PostMessageW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
CreateWindowExW
TranslateAcceleratorW

shell32

SHFileOperationW
SHGetFolderPathW

shlwapi

PathFileExistsW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/glupgrade/appprepend.js
.js
$TEMP/glupgrade/background.html
.html
$TEMP/glupgrade/browserevents.js
.js
$TEMP/glupgrade/configuration.js
.js
$TEMP/glupgrade/consts.js
.js
$TEMP/glupgrade/diagnostics.js
.js
$TEMP/glupgrade/format.js
.js
$TEMP/glupgrade/framenotifier.js
.js
$TEMP/glupgrade/jigsawapi.js
.js
$TEMP/glupgrade/jquery-1.4.4.min.js
.js
$TEMP/glupgrade/main.js
.js
$TEMP/glupgrade/manifest.json
$TEMP/glupgrade/request.js
.js
$TEMP/glupgrade/script.js
.js
$TEMP/glupgrade/stats.js
.js
$TEMP/glupgrade/storage.js
.js
PricePeepUpdater.exe
.exe windows:5 windows x86 arch:x86

bfbaefd15b1ef0348ab2c442673ac0c9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:2d:7b:2c:d0:e4:30:4f:2f:de:d6:54:d7:91:6b:93
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-10-2013 00:00

Not After

16-12-2015 23:59

Subject

CN=betwikx,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=betwikx,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:b1:50:cf:e8:af:d0:25:ff:ea:7a:1b:60:e8:7d:df:e3:c2:ed:a7
Signer

Actual PE Digest

65:b1:50:cf:e8:af:d0:25:ff:ea:7a:1b:60:e8:7d:df:e3:c2:ed:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\managed\root\VTG_ClientApplications\BrandedUpdater\Release\BrandedUpdater.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

CreateToolhelp32Snapshot
Process32FirstW
lstrlenW
Process32NextW
OpenProcess
TerminateProcess
ExpandEnvironmentStringsW
CreateFileW
GetFileSize
ReadFile
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GetExitCodeThread
Sleep
TerminateThread
SetUnhandledExceptionFilter
GetTickCount
LoadLibraryW
FreeLibrary
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
SizeofResource
VirtualAlloc
InterlockedPopEntrySList
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
CompareStringW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
FlushFileBuffers
LockResource
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
GetExitCodeProcess
CreateProcessW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
WaitForSingleObject
CreateThread
GetModuleFileNameW
CloseHandle
WideCharToMultiByte
GetSystemInfo
GetModuleHandleW
GetProcAddress
GetVersionExW
MultiByteToWideChar
OutputDebugStringW
LocalFree
FormatMessageW
InitializeCriticalSectionAndSpinCount
GetLastError
SetEvent
FlushInstructionCache
GetCurrentProcess
VirtualFree

user32

SetTimer
GetCursorPos
CreatePopupMenu
InsertMenuW
TrackPopupMenu
SendMessageA
FindWindowW
LoadStringW
IsWindow
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
UnregisterClassA
RegisterWindowMessageW
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetDlgItem
GetWindowTextLengthW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
AdjustWindowRectEx
GetMenu
SetWindowPos
PostQuitMessage
DestroyWindow
SendMessageW
LoadIconW
DefWindowProcW
MoveWindow
GetClientRect
GetWindowRect
ShowWindow
AttachThreadInput
GetForegroundWindow
SetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
EnumWindows
PostMessageW
GetSystemMetrics
SetWindowLongW
PostThreadMessageW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DispatchMessageW
TranslateMessage
GetMessageW

gdi32

CreateCompatibleDC
GetObjectW
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject

advapi32

RegQueryInfoKeyW
CryptAcquireContextW
CryptGetKeyParam
CryptEncrypt
CryptDestroyKey
ImpersonateLoggedOnUser
DuplicateTokenEx
OpenProcessToken
RevertToSelf
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
CryptReleaseContext
RegEnumValueW
RegSetValueExW
RegQueryValueExW

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CoAddRefServerProcess
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoReleaseServerProcess

oleaut32

DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
VarBstrCat
SysStringLen
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SysFreeString

wininet

HttpSendRequestA
HttpAddRequestHeadersA
InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
HttpSendRequestW
InternetOpenW
InternetCrackUrlW
InternetConnectW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

shlwapi

PathAppendW
PathFileExistsW
PathRemoveArgsW
PathQuoteSpacesW
PathRemoveExtensionW
PathStripPathW
PathAddExtensionW

urlmon

URLDownloadToFileW

gdiplus

GdiplusShutdown

crypt32

CryptDecodeObject
CryptImportPublicKeyInfo

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installer.ico
pp.crx
.zip
appprepend.js
.js
background.html
.html
browserevents.js
.js
configuration.js
.js
consts.js
.js
diagnostics.js
.js
format.js
.js
framenotifier.js
.js
jigsawapi.js
.js
jquery-1.4.4.min.js
.js
main.js
.js
manifest.json
request.js
.js
script.js
.js
stats.js
.js
storage.js
.js
pricepeep.dll
.dll regsvr32 windows:5 windows x86 arch:x86

58e4ba9f513b53d5f920892929e1623a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:2d:7b:2c:d0:e4:30:4f:2f:de:d6:54:d7:91:6b:93
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-10-2013 00:00

Not After

16-12-2015 23:59

Subject

CN=betwikx,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=betwikx,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a9:fa:84:49:7d:35:47:b9:c0:9f:a5:51:c1:06:47:a4:ff:cb:c0:b5
Signer

Actual PE Digest

a9:fa:84:49:7d:35:47:b9:c0:9f:a5:51:c1:06:47:a4:ff:cb:c0:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpSendRequestW
HttpSendRequestA
InternetCloseHandle
InternetCrackUrlW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
SetEvent
TerminateThread
CloseHandle
Sleep
CreateThread
CreateEventW
RaiseException
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
LoadLibraryExW
SetThreadLocale
GetThreadLocale
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
GetCurrentProcess
lstrlenA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetLastError
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
GetVersionExW
LoadLibraryW
FlushFileBuffers
WriteFile
SetFilePointer
CreateFileW
LocalFree
LocalAlloc
GetOEMCP
GetACP
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
CompareStringW
GetStartupInfoW
GetFileType
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetHandleCount
GetLocaleInfoW
IsValidCodePage

user32

UnregisterClassA
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DefWindowProcW
SetTimer
CallWindowProcW
GetWindowLongW
SetWindowLongW
CharNextW

advapi32

RegCreateKeyExW
RegDeleteKeyW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysReAllocStringLen
VarBstrCat
DispCallFunc
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VarBstrCmp

shlwapi

SHSetValueW
SHGetValueW
StrToIntExA

urlmon

ObtainUserAgentString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
unutil.exe
.exe windows:5 windows x86 arch:x86

738b4dc23d4a3da2f4b17172527291e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\managed\root\VTG_Jigsaw\Main\WebRelease\Installer\InstallUtil.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
OutputDebugStringW
LocalFree
FormatMessageW
GetLastError
RaiseException
WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
DeleteFileW
CreateDirectoryW
GetTempPathW
CopyFileW
GetModuleFileNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
TerminateProcess
WaitForSingleObject
OpenProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
CompareStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
Sleep
GetCurrentProcess
IsDebuggerPresent
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwind
EncodePointer
DecodePointer
GetProcAddress
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapCreate
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers

user32

EnumWindows
MessageBoxW
GetWindowThreadProcessId
PostMessageW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
CreateWindowExW
TranslateAcceleratorW

shell32

SHFileOperationW
SHGetFolderPathW

shlwapi

PathFileExistsW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7c:2d:7b:2c:d0:e4:30:4f:2f:de:d6:54:d7:91:6b:93Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b9:e1:98:67:46:78:ae:39:be:ee:d0:1b:0c:ac:ff:9a:00:25:7d:84Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 24KB - Virtual size: 24KB

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

2274cc1534607459cdd304a928601ef9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7c:2d:7b:2c:d0:e4:30:4f:2f:de:d6:54:d7:91:6b:93
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b9:e1:98:67:46:78:ae:39:be:ee:d0:1b:0c:ac:ff:9a:00:25:7d:84
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 8KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7c:2d:7b:2c:d0:e4:30:4f:2f:de:d6:54:d7:91:6b:93
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

65:b1:50:cf:e8:af:d0:25:ff:ea:7a:1b:60:e8:7d:df:e3:c2:ed:a7
Signer

.text
Size: 196KB - Virtual size: 195KB