0c315caf661aaa065d8417a63d3ff7ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c315caf661aaa065d8417a63d3ff7ef_JaffaCakes118
Size

782KB
MD5

0c315caf661aaa065d8417a63d3ff7ef
SHA1

06e671077a40eab3ba2e0048b8cde3749b8aaac0
SHA256

8fc0a3160e68a3798cf8d242187f89e969a2e83bdbbc847881b434f0a753252e
SHA512

f99fda37fc96241926b774a38b52256d633e8dc55a911ed691f6aa9cd0107b67450cd433afa251babe53df80daa4cfeea8f2f9e833807a3638eeed2487064269
SSDEEP

24576:/39WIOP4FUnPAFyAub5rb8kUdASFKoOdHX/i1BR/K:/1OwFUWyjrb8kUPIzd36/R/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iteSql.dll

Files

0c315caf661aaa065d8417a63d3ff7ef_JaffaCakes118
.zip
Language/Arabic.lng
Language/English.lng
Language/French.lng
Language/German.lng
Language/Greek.lng
Language/Italian.lng
Language/Japanese.lng
Language/Macedonian.lng
Language/Polish.lng
Language/Portuguese.lng
Language/Russian.lng
Language/Simplified_Chinese.lng
Language/Slovenian.lng
Language/Spanish.lng
Language/Translate.lng
License Agreement.txt
MailPasswords.exe
.exe windows:4 windows x86 arch:x86

b8ce929c2eaa1567e8ba865cd23db36f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e1:a0:5c:e6:a4:36:18:87:45:8a:b7:c3:52:1b:10:1e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/03/2018, 00:00

Not After

14/03/2019, 23:59

Subject

CN=Aco Sterjov,O=Aco Sterjov,POSTALCODE=2000,STREET=5-ti Kongres 22,L=Stip,ST=Macedonia,C=MK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:12:0a:e6:dd:1b:9a:d4:48:33:6d:60:65:b7:72:8e:19:a9:b9:a1
Signer

Actual PE Digest

54:12:0a:e6:dd:1b:9a:d4:48:33:6d:60:65:b7:72:8e:19:a9:b9:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
ord696
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
__vbaFpCDblR8
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord666
__vbaAryDestruct
ord591
__vbaVarIndexLoadRefLock
__vbaForEachCollObj
__vbaVarForInit
__vbaExitProc
ord300
__vbaObjSet
__vbaOnError
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord306
ord520
__vbaForEachCollVar
__vbaVarTstLt
__vbaBoolVarNull
__vbaRefVarAry
__vbaFpR8
_CIsin
__vbaErase
ord631
__vbaVarCmpGt
__vbaVargVarMove
__vbaNextEachCollObj
ord525
__vbaVarZero
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
__vbaR4Str
ord560
ord561
__vbaObjVar
__vbaNextEachCollVar
__vbaI2I4
__vbaPrintObj
DllFunctionCall
ord563
__vbaVarOr
ord564
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
ord601
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
ord710
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord714
ord607
ord608
ord716
__vbaFPException
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaI2Var
ord537
ord644
ord645
_CIlog
ord646
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord573
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaForEachAry
__vbaVarCmpEq
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
__vbaVarSetObjAddref
ord617
_CIatan
ord618
__vbaStrMove
__vbaCastObj
__vbaUI1Str
__vbaAryCopy
__vbaForEachVar
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
comctl32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9f4eeeed94bcb87f80c399b50c3933cf

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:9d:55:50:f4:a4:8c:f5:c0:2d:82:95:57:18:39:1d:aa:eb:6d:ce
Signer

Actual PE Digest

6c:9d:55:50:f4:a4:8c:f5:c0:2d:82:95:57:18:39:1d:aa:eb:6d:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
ord16
ord17
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_Remove

kernel32

lstrcmpA
GetProcAddress
GlobalSize
CloseHandle
GetFileSize
ReadFile
lstrcmpiA
IsDBCSLeadByte
lstrcmpiW
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
GetLastError
GetLocaleInfoA
OpenFile
MultiByteToWideChar
lstrcatA
DisableThreadLibraryCalls
GetVersion
GetProcessHeap
GetDateFormatA
GetLocalTime
GetTimeFormatA
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryA
GlobalUnlock
GlobalAlloc
GlobalLock
CompareStringA
GlobalFree
GetVersionExA
lstrlenA
lstrcpyA
IsBadReadPtr
HeapReAlloc
lstrcpynA
IsBadWritePtr
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
InterlockedIncrement
HeapAlloc
lstrlenW
LeaveCriticalSection
EnterCriticalSection

user32

IsWindowVisible
EndPaint
BeginPaint
MoveWindow
ScrollWindowEx
CharUpperA
IntersectRect
MessageBeep
SetCursor
EndDialog
RedrawWindow
GetMessagePos
CreateAcceleratorTableA
VkKeyScanA
PeekMessageA
PeekMessageW
SetWindowRgn
RegisterWindowMessageA
RegisterClipboardFormatA
SetCursorPos
OffsetRect
EqualRect
IsChild
GetWindowTextA
SetCapture
GetCursorPos
ScreenToClient
PostMessageA
DrawEdge
GetSysColor
wsprintfA
FillRect
InflateRect
DrawTextA
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetParent
GetAsyncKeyState
SetWindowLongA
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetActiveWindow
CreateDialogIndirectParamA
IsDialogMessageA
GetNextDlgTabItem
GetWindow
CharNextA
SetParent
InvalidateRect
UpdateWindow
UnregisterClassA
MessageBoxA
SetWindowsHookExA
SetTimer
KillTimer
CheckRadioButton
CallNextHookEx
SetActiveWindow
DestroyIcon
SetFocus
DrawIcon
UnionRect
DialogBoxParamA
PtInRect
LoadCursorA
GetWindowDC
SetRect
IsRectEmpty
GetDC
ReleaseDC
GetClipboardFormatNameA
ClientToScreen
PostMessageW
FrameRect
GetClientRect
CallWindowProcA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
LoadIconA
GetSystemMetrics
CopyImage
MapDialogRect
GetWindowLongA
SetWindowPos
GetFocus
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
LoadStringA
DefWindowProcA
SendMessageA
ShowWindow
WinHelpA
UnhookWindowsHookEx

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CreateOleAdviseHolder
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
DoDragDrop
ReleaseStgMedium
OleLoadFromStream
OleSaveToStream

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayRedim
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
VariantCopy
GetErrorInfo
OleCreateFontIndirect
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
LoadRegTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreatePictureIndirect
VariantCopyInd
OleTranslateColor
VariantChangeType
SysFreeString
SysStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

GetNearestColor
CreatePalette
LPtoDP
GetWindowExtEx
GetBitmapBits
TextOutA
CreateDIBitmap
RealizePalette
GetViewportExtEx
SelectPalette
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
CreateICA
CopyMetaFileA
StretchBlt
Rectangle
GetObjectA
SetBkColor
CreateDCA
CreateRectRgn
SetViewportOrgEx
SetWindowOrgEx
DeleteObject
SetWindowExtEx
SetMapMode
SetViewportExtEx
CreateSolidBrush
GetDeviceCaps
SelectObject
ExcludeClipRect
GetClipRgn
SelectClipRgn
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
PatBlt
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateBitmap
GetStockObject
GetTextExtentPoint32A

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iteSql.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ite__bind_blob
ite__bind_double
ite__bind_int
ite__bind_text
ite__changes
ite__close
ite__column_blob
ite__column_bytes
ite__column_count
ite__column_decltype
ite__column_double
ite__column_int
ite__column_name
ite__column_text
ite__column_type
ite__data_count
ite__errcode
ite__errmsg
ite__exec
ite__finalize
ite__free_table
ite__get_data
ite__get_table
ite__last_insert_rowid
ite__libversion
ite__open
ite__prepare
ite__reset
ite__step
ite__total_changes

Sections

CODE
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
resources.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fb251c24262a8ced6d830dfdfd26b0fc

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/12/2016, 00:00

Not After

21/12/2017, 23:59

Subject

CN=Aco Sterjov,O=Aco Sterjov,POSTALCODE=2000,STREET=5-ti Kongres 22,L=Stip,ST=MK,C=MK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:0c:75:73:ab:82:2a:72:ec:cf:a5:9c:d0:d4:cc:f0:c4:51:5b:a3
Signer

Actual PE Digest

ef:0c:75:73:ab:82:2a:72:ec:cf:a5:9c:d0:d4:cc:f0:c4:51:5b:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
_CIatan
_allmul
_CItan
_CIexp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8ce929c2eaa1567e8ba865cd23db36f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

e1:a0:5c:e6:a4:36:18:87:45:8a:b7:c3:52:1b:10:1eCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

54:12:0a:e6:dd:1b:9a:d4:48:33:6d:60:65:b7:72:8e:19:a9:b9:a1Signer

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 288KB - Virtual size: 286KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 33KB

9f4eeeed94bcb87f80c399b50c3933cf

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

6c:9d:55:50:f4:a4:8c:f5:c0:2d:82:95:57:18:39:1d:aa:eb:6d:ceSigner

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 329KB - Virtual size: 328KB

.data Size: 7KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 12B

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 25KB - Virtual size: 25KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 265KB - Virtual size: 264KB

DATA Size: 31KB - Virtual size: 30KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 1024B - Virtual size: 808B

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 3KB

fb251c24262a8ced6d830dfdfd26b0fc

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2bCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

e1:a0:5c:e6:a4:36:18:87:45:8a:b7:c3:52:1b:10:1e
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

54:12:0a:e6:dd:1b:9a:d4:48:33:6d:60:65:b7:72:8e:19:a9:b9:a1
Signer

.text
Size: 288KB - Virtual size: 286KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 33KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

6c:9d:55:50:f4:a4:8c:f5:c0:2d:82:95:57:18:39:1d:aa:eb:6d:ce
Signer

.text
Size: 329KB - Virtual size: 328KB

.data
Size: 7KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 12B

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 25KB - Virtual size: 25KB

CODE
Size: 265KB - Virtual size: 264KB

DATA
Size: 31KB - Virtual size: 30KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 808B

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 3KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

ef:0c:75:73:ab:82:2a:72:ec:cf:a5:9c:d0:d4:cc:f0:c4:51:5b:a3
Signer

.text
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 776B

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 270B