0794842956f851ab676696765c48d57f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0794842956f851ab676696765c48d57f_JaffaCakes118
Size

9.8MB
MD5

0794842956f851ab676696765c48d57f
SHA1

f6568a9c340b1a154945b3a699e42f835026a4ee
SHA256

7f559724156b3b3838afe9b309709bc3c17fe9c911dd638742b34ca164ba8993
SHA512

451cf64c125147e68cd5005bdf4ecca434094d642640bc8d0eee65b002e1e490a05dcfd313b11345645cf132631ba1f05c41280964a933849ca5d12fee13b033
SSDEEP

196608:gVZLiRcFRZQrXyqw8/ac6jJOomRSNhcUP9uA:gHLiRcFRZ+XaHJfmRSNhcUPEA

Score

1^/10

Malware Config

Signatures

Files

0794842956f851ab676696765c48d57f_JaffaCakes118
.dll windows:6 windows x64 arch:x64

947d07eadaab8214a0b61f66686996db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

73:99:f0:6f:7c:ab:e5:0a:5c:ec:17:e5:e2:8f:dc:74
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

16/04/2019, 00:00

Not After

14/06/2022, 23:59

Subject

CN=pdfforge GmbH,OU=pdfforge GmbH,O=pdfforge GmbH,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:99:f0:6f:7c:ab:e5:0a:5c:ec:17:e5:e2:8f:dc:74
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

16/04/2019, 00:00

Not After

14/06/2022, 23:59

Subject

CN=pdfforge GmbH,OU=pdfforge GmbH,O=pdfforge GmbH,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:63:49:32:51:68:ba:e2:f8:d5:cf:e6:4e:62:9b:1d:b7:17:9e:99:0a:d8:58:7d:7d:a9:f4:ad:c1:bc:88:dd
Signer

Actual PE Digest

25:63:49:32:51:68:ba:e2:f8:d5:cf:e6:4e:62:9b:1d:b7:17:9e:99:0a:d8:58:7d:7d:a9:f4:ad:c1:bc:88:dd

Digest Algorithm

sha256

PE Digest Matches

true

ab:b1:7d:df:79:f4:6f:4f:af:7a:3f:31:28:6e:b3:f5:0b:cc:ea:8e
Signer

Actual PE Digest

ab:b1:7d:df:79:f4:6f:4f:af:7a:3f:31:28:6e:b3:f5:0b:cc:ea:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\LULU\TempBuilds\TemporaryBuilds\default-pool-agent-1\2\s\_bin\x64\Release\pdfcore.pdb

Imports

kernel32

FormatMessageW
DeleteFileW
SetFilePointerEx
LocalFree
CopyFileW
GetFileTime
FlushFileBuffers
TryEnterCriticalSection
GetCurrentThreadId
GetStringTypeW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateDirectoryW
FindClose
GetFileAttributesW
GetFileAttributesExW
AreFileApisANSI
SetLastError
DeviceIoControl
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
FormatMessageA
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
OutputDebugStringW
CreateFileW
Sleep
SignalObjectAndWait
SetEndOfFile
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
SetConsoleCtrlHandler
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetTimeZoneInformation
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
HeapSize
SetStdHandle
WriteConsoleW
DeleteFiber
ConvertFiberToThread
GlobalMemoryStatus
LoadLibraryA
ReadConsoleA
SetConsoleMode
WriteFile
GetFileSizeEx
ReadFile
WideCharToMultiByte
MultiByteToWideChar
UnmapViewOfFile
CreateThread
InitializeCriticalSection
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
CreateEventA
CloseHandle
SetEvent
LeaveCriticalSection
GetEnvironmentVariableW
RtlUnwind
OpenEventA
GetThreadLocale
CreateFileA
CreateFileMappingA
MapViewOfFile
GetLocaleInfoA
EnterCriticalSection

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

dwrite

DWriteCreateFactory

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext

advapi32

CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
SetSecurityDescriptorDacl
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
InitializeSecurityDescriptor

Exports

Exports

PDActionAcquire
PDActionCopy
PDActionCreate
PDActionFieldsDataAcquire
PDActionFieldsDataAddField
PDActionFieldsDataGetField
PDActionFieldsDataGetNumFields
PDActionFieldsDataRelease
PDActionGetNext
PDActionGetNextLength
PDActionGetType
PDActionGoToEGetDest
PDActionGoToEGetFileName
PDActionGoToEGetFileSpec
PDActionGoToEGetNewWindow
PDActionGoToESetDest
PDActionGoToESetFileName
PDActionGoToESetFileSpec
PDActionGoToESetNewWindow
PDActionGoToGetDest
PDActionGoToRGetDest
PDActionGoToRGetFileSpec
PDActionGoToRGetNewWindow
PDActionGoToRSetDest
PDActionGoToRSetFileSpec
PDActionGoToRSetNewWindow
PDActionGoToSetDest
PDActionHideAddItemAnnot
PDActionHideAddItemFieldName
PDActionHideGetItemAnnot
PDActionHideGetItemFieldName
PDActionHideGetItemType
PDActionHideGetNumItems
PDActionHideIsHiding
PDActionHideRemoveItem
PDActionHideSetHiding
PDActionImportDataGetFileSpec
PDActionImportDataSetFileSpec
PDActionJavaScriptGetScript
PDActionJavaScriptSetScript
PDActionLaunchGetFileSpec
PDActionLaunchGetNewWindow
PDActionLaunchSetFileSpec
PDActionLaunchSetNewWindow
PDActionNamedGetName
PDActionNamedSetName
PDActionRelease
PDActionResetFormGetFieldsData
PDActionResetFormGetFlags
PDActionResetFormSetFieldsData
PDActionResetFormSetFlags
PDActionSetNext
PDActionSetNextArray
PDActionSetOCGStateGetPreserveRB
PDActionSetOCGStateGetSize
PDActionSetOCGStateGetStateItem
PDActionSubmitFormGetFieldsData
PDActionSubmitFormGetFlags
PDActionSubmitFormGetServerURL
PDActionSubmitFormSetFieldsData
PDActionSubmitFormSetFlags
PDActionSubmitFormSetServerURL
PDActionURIGetIsMap
PDActionURIGetURI
PDActionURISetIsMap
PDActionURISetURI
PDAnnotAcquire
PDAnnotCreate
PDAnnotEqual
PDAnnotGetAppearance
PDAnnotGetAppearanceState
PDAnnotGetBlendMode
PDAnnotGetBorder
PDAnnotGetColor
PDAnnotGetContents
PDAnnotGetFillOpacity
PDAnnotGetFlags
PDAnnotGetModDate
PDAnnotGetName
PDAnnotGetOCMD
PDAnnotGetRect
PDAnnotGetStrokeOpacity
PDAnnotGetSubtype
PDAnnotGetVisible
PDAnnotHasAppearance
PDAnnotIsMarkupAnnot
PDAnnotRelease
PDAnnotSetAppearance
PDAnnotSetAppearanceState
PDAnnotSetBlendMode
PDAnnotSetBorder
PDAnnotSetColor
PDAnnotSetContents
PDAnnotSetFillOpacity
PDAnnotSetFlags
PDAnnotSetModDate
PDAnnotSetName
PDAnnotSetOCMD
PDAnnotSetRect
PDAnnotSetStrokeOpacity
PDAnnotSetVisible
PDAtomGetString
PDAtomPutString
PDBookmarkAcquire
PDBookmarkCollapse
PDBookmarkCreateChild
PDBookmarkCreateNext
PDBookmarkCreateRoot
PDBookmarkEqual
PDBookmarkExpand
PDBookmarkGetActions
PDBookmarkGetDest
PDBookmarkGetFirstChild
PDBookmarkGetLastChild
PDBookmarkGetNext
PDBookmarkGetParent
PDBookmarkGetPrev
PDBookmarkGetRoot
PDBookmarkGetTextColor
PDBookmarkGetTextStyle
PDBookmarkGetTitle
PDBookmarkGetVisibleChildrenCount
PDBookmarkInsertChild
PDBookmarkInsertNext
PDBookmarkIsExpanded
PDBookmarkRelease
PDBookmarkRemove
PDBookmarkSetActions
PDBookmarkSetDest
PDBookmarkSetTextColor
PDBookmarkSetTextStyle
PDBookmarkSetTitle
PDButtonWidgetAnnotGetAction
PDButtonWidgetAnnotGetCaption
PDButtonWidgetAnnotGetDownCaption
PDButtonWidgetAnnotGetDownIcon
PDButtonWidgetAnnotGetIcon
PDButtonWidgetAnnotGetIconFit
PDButtonWidgetAnnotGetOnStateName
PDButtonWidgetAnnotGetRolloverCaption
PDButtonWidgetAnnotGetRolloverIcon
PDButtonWidgetAnnotGetTextPosition
PDButtonWidgetAnnotSetAction
PDButtonWidgetAnnotSetCaption
PDButtonWidgetAnnotSetDownCaption
PDButtonWidgetAnnotSetDownIcon
PDButtonWidgetAnnotSetIcon
PDButtonWidgetAnnotSetIconFit
PDButtonWidgetAnnotSetOnStateName
PDButtonWidgetAnnotSetRolloverCaption
PDButtonWidgetAnnotSetRolloverIcon
PDButtonWidgetAnnotSetTextPosition
PDButtonWidgetAnnotToggle
PDCalculationOrderGetField
PDCalculationOrderGetNumFields
PDCalculationOrderInsertField
PDCalculationOrderRemoveField
PDChoiceFieldFindOptionByExportValue
PDChoiceFieldFindOptionByValue
PDChoiceFieldGetNumOptions
PDChoiceFieldGetOptionExportValue
PDChoiceFieldGetOptionValue
PDChoiceFieldGetQuadding
PDChoiceFieldInsertOption
PDChoiceFieldRemoveAllOptions
PDChoiceFieldRemoveOption
PDChoiceFieldSetQuadding
PDChoiceWidgetAnnotGetCharQuad
PDChoiceWidgetAnnotGetNumLines
PDChoiceWidgetAnnotGetNumOptions
PDChoiceWidgetAnnotGetNumVisibleLines
PDChoiceWidgetAnnotGetSelection
PDChoiceWidgetAnnotGetText
PDChoiceWidgetAnnotGetTopLine
PDChoiceWidgetAnnotHitTestChar
PDChoiceWidgetAnnotHitTestOption
PDChoiceWidgetAnnotKeystroke
PDChoiceWidgetAnnotSetGlobalSelectionColor
PDChoiceWidgetAnnotSetSelection
PDChoiceWidgetAnnotSetText
PDChoiceWidgetAnnotSetTopLine
PDCollectionAcquire
PDCollectionAddSchemaFieldRecord
PDCollectionGetInitialDocument
PDCollectionGetSortRecord
PDCollectionGetViewMode
PDCollectionRelease
PDCollectionRemoveSchemaFieldRecord
PDCollectionSetInitialDocument
PDCollectionSetSortRecord
PDCollectionSetViewMode
PDCreateActionFieldsData
PDCreateButtonField
PDCreateButtonWidgetAnnot
PDCreateChoiceField
PDCreateChoiceWidgetAnnot
PDCreateSecurityHandlerAuthData
PDCreateSignField
PDCreateSignWidgetAnnot
PDCreateTextField
PDCreateTextWidgetAnnot
PDDecryptData
PDDestAcquire
PDDestCopy
PDDestCreate
PDDestGetPageIndex
PDDestGetParams
PDDestGetType
PDDestRelease
PDDocAcquirePage
PDDocAddAttachment
PDDocAppendField
PDDocAttachAnnotChangedCallback
PDDocAttachAnnotWillChangeCallback
PDDocAttachAttachmentChangedCallback
PDDocAttachBookmarksChangedCallback
PDDocAttachFieldChangedCallback
PDDocAttachOCConfigChangedCallback
PDDocAttachPageContentChangedCallback
PDDocAttachPageLoadedCallback
PDDocAttachPagesChangedCallback
PDDocAttachmentNameByIndex
PDDocClose
PDDocCreate
PDDocCreateArrayObject
PDDocCreateBoolObject
PDDocCreateCollection
PDDocCreateDictObject
PDDocCreateEmbeddedFile
PDDocCreateIntObject
PDDocCreateNameObject
PDDocCreatePage
PDDocCreatePageFromIcon
PDDocCreatePages
PDDocCreateRealObject
PDDocCreateStreamObject
PDDocCreateStringObject
PDDocCreateStringObjectFromUnicode
PDDocDeletePages
PDDocDetachAnnotChangedCallback
PDDocDetachAnnotWillChangeCallback
PDDocDetachAttachmentChangedCallback
PDDocDetachBookmarksChangedCallback
PDDocDetachFieldChangedCallback
PDDocDetachOCConfigChangedCallback
PDDocDetachPageContentChangedCallback
PDDocDetachPageLoadedCallback
PDDocDetachPagesChangedCallback
PDDocEncryptionIsModified
PDDocEnumAttachments
PDDocEnumDocLevelJSActions
PDDocEnumFonts
PDDocExportFormFDF
PDDocFindField
PDDocFindPageIndexForLabel
PDDocGetAttachment
PDDocGetAttachmentCreateDate
PDDocGetAttachmentFileSize
PDDocGetAttachmentModDate
PDDocGetAttachmentThumbnail
PDDocGetCollection
PDDocGetCreationDate
PDDocGetDefaultCMYKColorSpace
PDDocGetDefaultGrayColorSpace
PDDocGetDefaultRGBColorSpace
PDDocGetDocLevelJSAction
PDDocGetEncryptedPayload
PDDocGetField
PDDocGetFile
PDDocGetFilePath
PDDocGetFileSize
PDDocGetID
PDDocGetInfoString
PDDocGetLabelForPageIndex
PDDocGetModDate
PDDocGetNewSecurityData
PDDocGetNewSecurityHandlerName
PDDocGetNumAttachments
PDDocGetNumFields
PDDocGetNumPages
PDDocGetOCConfig
PDDocGetObjectByID
PDDocGetOpenAction
PDDocGetOpenDestination
PDDocGetPageDirection
PDDocGetPageLayout
PDDocGetPageMode
PDDocGetSecurityData
PDDocGetSecurityHandlerName
PDDocGetVersion
PDDocHasURPerms
PDDocImportFormFDF
PDDocImportIcon
PDDocInsertPage
PDDocInsertPages
PDDocIsCompressed
PDDocIsModified
PDDocIsSigned
PDDocMovePages
PDDocNeedsExtendedFontsPack
PDDocNewAttachmentFromFile
PDDocNotifyAnnotChanged
PDDocNotifyAnnotWillChange
PDDocNotifyAttachmentChanged
PDDocNotifyBookmarksChanged
PDDocNotifyFieldChanged
PDDocNotifyOCConfigChanged
PDDocNotifyPageContentChanged
PDDocNotifyPagesChanged
PDDocOpen
PDDocPermRequest
PDDocPermRequestAuthDataCallback
PDDocPurgeCaches
PDDocRemoveAttachment
PDDocRemoveEncryptedPayload
PDDocRemoveField
PDDocResetForm
PDDocSave
PDDocSaveAttachmentToFile
PDDocSetAttachmentThumbnail
PDDocSetCreationDate
PDDocSetEncryptedPayload
PDDocSetInfoString
PDDocSetModDate
PDDocSetModified
PDDocSetNewSecurityHandler
PDDocSetOpenAction
PDDocSetOpenDestination
PDDocSetPageLayout
PDDocSetPageMode
PDDocUpdateAttachmentFromFile
PDDone
PDEClipAcquire
PDEClipCopy
PDEClipEqual
PDEClipGetBBox
PDEClipGetElement
PDEClipGetNumElements
PDEClipInsertElement
PDEClipRelease
PDEClipRemoveElement
PDEColorAcquire
PDEColorGetColorSpace
PDEColorGetComponent
PDEColorGetComponents
PDEColorGetNumComponents
PDEColorGetPattern
PDEColorRelease
PDEColorSpaceAcquire
PDEColorSpaceDoesProduceOutput
PDEColorSpaceGetComponentRange
PDEColorSpaceGetFamily
PDEColorSpaceGetNumComponents
PDEColorSpacePackColor
PDEColorSpaceRelease
PDEColorSpaceTransformImageDataToRGB
PDEColorSpaceTransformToRGB
PDEColorSpaceUnpackColor
PDEColorToRGB
PDEContainerGetContent
PDEContainerGetDict
PDEContainerGetOCMD
PDEContainerGetTag
PDEContainerSetDict
PDEContainerSetTag
PDEContentAcquire
PDEContentGetElement
PDEContentGetNumElements
PDEContentInsertElement
PDEContentRelease
PDEContentRemoveElement
PDECreateClip
PDECreateColor
PDECreateColorFromValue
PDECreateColorGray
PDECreateColorRGB
PDECreateColorSpace
PDECreateContainer
PDECreateContent
PDECreateFontInDoc
PDECreateFormXObject
PDECreateGState
PDECreateImageXObject
PDECreateImageXObjectCrop
PDECreateInlineImage
PDECreateInlineImageCrop
PDECreatePath
PDECreatePatternShading
PDECreatePatternTiling
PDECreateShadingAxial
PDECreateShadingElement
PDECreateShadingFunctionBased
PDECreateShadingRadial
PDECreateSoftMask
PDECreateText
PDECreateTextItem
PDECreateTextItemEmptyCopy
PDECreateTextState
PDECreateXGroup
PDECreateXObjectElement
PDECreateXObjectElementCrop
PDEElementAcquire
PDEElementCopy
PDEElementEqual
PDEElementGetBBox
PDEElementGetClip
PDEElementGetGState
PDEElementGetMatrix
PDEElementGetQuad
PDEElementGetType
PDEElementHitTest
PDEElementRelease
PDEElementSetClip
PDEElementSetGState
PDEElementSetMatrix
PDEFontAcquire
PDEFontCharToUnicode
PDEFontEnumCharOutline
PDEFontGetCharProc
PDEFontGetCharVertMetric
PDEFontGetCharWidth
PDEFontGetEncodingName
PDEFontGetFauxFontInfo
PDEFontGetFontBBox
PDEFontGetFontInfo
PDEFontGetFontMatrix
PDEFontGetMetrics
PDEFontGetName
PDEFontGetStyle
PDEFontGetSubtype
PDEFontGetWritingMode
PDEFontIsEmbedded
PDEFontIsFauxed
PDEFontOpenFontFileStream
PDEFontRelease
PDEFontUnicodeToChar
PDEFormXObjectBuildTextLayout
PDEFormXObjectCopy
PDEFormXObjectGetBBox
PDEFormXObjectGetContent
PDEFormXObjectGetMatrix
PDEFormXObjectGetOCMD
PDEFormXObjectGetXGroup
PDEFormXObjectSetADBECompoundType
PDEFormXObjectSetBBox
PDEFormXObjectSetContent
PDEFormXObjectSetMatrix
PDEFormXObjectSetOCMD
PDEFormXObjectSetXGroup
PDEFunctionAcquire
PDEFunctionExec
PDEFunctionGetNumInputs
PDEFunctionGetNumOutputs
PDEFunctionRelease
PDEGStateAcquire
PDEGStateCopy
PDEGStateGetAlphaIsShape
PDEGStateGetBlendMode
PDEGStateGetDash
PDEGStateGetFillAlpha
PDEGStateGetFillColor
PDEGStateGetFillOverprint
PDEGStateGetFlags
PDEGStateGetFlatness
PDEGStateGetIntent
PDEGStateGetLineCap
PDEGStateGetLineJoin
PDEGStateGetLineWidth
PDEGStateGetMiterLimit
PDEGStateGetOverprintMode
PDEGStateGetSmoothness
PDEGStateGetSoftMask
PDEGStateGetSoftMaskMatrix
PDEGStateGetStrokeAdjustment
PDEGStateGetStrokeAlpha
PDEGStateGetStrokeColor
PDEGStateGetStrokeOverprint
PDEGStateRelease
PDEGStateSetAlphaIsShape
PDEGStateSetBlendMode
PDEGStateSetDash
PDEGStateSetFillAlpha
PDEGStateSetFillColor
PDEGStateSetFillOverprint
PDEGStateSetFlatness
PDEGStateSetIntent
PDEGStateSetLineCap
PDEGStateSetLineJoin
PDEGStateSetLineWidth
PDEGStateSetMiterLimit
PDEGStateSetOverprintMode
PDEGStateSetSmoothness
PDEGStateSetSoftMask
PDEGStateSetSoftMaskMatrix
PDEGStateSetStrokeAdjustment
PDEGStateSetStrokeAlpha
PDEGStateSetStrokeColor
PDEGStateSetStrokeOverprint
PDEGetXObjectFromPDObject
PDEImageGetCompressionFilter

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

947d07eadaab8214a0b61f66686996db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

73:99:f0:6f:7c:ab:e5:0a:5c:ec:17:e5:e2:8f:dc:74Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

73:99:f0:6f:7c:ab:e5:0a:5c:ec:17:e5:e2:8f:dc:74Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

25:63:49:32:51:68:ba:e2:f8:d5:cf:e6:4e:62:9b:1d:b7:17:9e:99:0a:d8:58:7d:7d:a9:f4:ad:c1:bc:88:ddSigner

ab:b1:7d:df:79:f4:6f:4f:af:7a:3f:31:28:6e:b3:f5:0b:cc:ea:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

dwrite

crypt32

advapi32

Exports

Exports

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.data Size: 163KB - Virtual size: 339KB

.pdata Size: 262KB - Virtual size: 262KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 49KB - Virtual size: 48KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

73:99:f0:6f:7c:ab:e5:0a:5c:ec:17:e5:e2:8f:dc:74
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

73:99:f0:6f:7c:ab:e5:0a:5c:ec:17:e5:e2:8f:dc:74
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

25:63:49:32:51:68:ba:e2:f8:d5:cf:e6:4e:62:9b:1d:b7:17:9e:99:0a:d8:58:7d:7d:a9:f4:ad:c1:bc:88:dd
Signer

ab:b1:7d:df:79:f4:6f:4f:af:7a:3f:31:28:6e:b3:f5:0b:cc:ea:8e
Signer

.text
Size: 5.8MB - Virtual size: 5.8MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 163KB - Virtual size: 339KB

.pdata
Size: 262KB - Virtual size: 262KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 49KB - Virtual size: 48KB