0d87c4ea23ddb5b011daf2f117a60ae5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d87c4ea23ddb5b011daf2f117a60ae5_JaffaCakes118
Size

3.3MB
MD5

0d87c4ea23ddb5b011daf2f117a60ae5
SHA1

b7d69a7558166982a9262afe1a0faeaec1c40ce7
SHA256

d95984e92d81460b4a4cc66bbb7edf42c4f56bbd6585fcbd379f718103fdd5e9
SHA512

da2bafcc7a7b71dae886291082edfffd861111c9e8d4b01e74f48d6b852662c488ec7f037936615f84317ad0e6a2883989df8875aa706ac681ef72708f7c5b8d
SSDEEP

49152:AX/Ki0yUN3giqAvoewK+U3E8J1bSNT25OlH7Zx6V48KGGxzvf8avw8q11WeZkYtH:Ay/yUb7vFeU0auScyLKZvf89PzkYt6Ne

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TakLoL/TakLoL.exe
unpack001/TakLoL/Update.exe

Files

0d87c4ea23ddb5b011daf2f117a60ae5_JaffaCakes118
.zip
TakLoL/LData.cfg
TakLoL/TakLoL.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TakLoL/Update.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TakLoL/libraries/pfier/Helper64.exe
.exe windows:5 windows x64 arch:x64

097bec7dac3d9aac7ec8bc389c193ee6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/04/2016, 00:00

Not After

07/04/2019, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/03/2016, 00:00

Not After

28/03/2018, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ea:3a:09:94:df:44:9f:78:d5:8a:8e:82:68:d4:19:95:05:81:77:c9:e2:16:98:f6:ec:73:a2:d9:83:50:1e:21
Signer

Actual PE Digest

ea:3a:09:94:df:44:9f:78:d5:8a:8e:82:68:d4:19:95:05:81:77:c9:e2:16:98:f6:ec:73:a2:d9:83:50:1e:21

Digest Algorithm

sha256

PE Digest Matches

true

99:d1:6d:5b:c6:4a:7b:48:29:bd:f6:40:47:f0:72:90:ae:54:a2:34
Signer

Actual PE Digest

99:d1:6d:5b:c6:4a:7b:48:29:bd:f6:40:47:f0:72:90:ae:54:a2:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\Proxifier\Program\Repo\ProxifierWin\Helper64\x64\Release\Helper64.pdb

Imports

kernel32

GetModuleFileNameW
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
OpenProcess
OpenSemaphoreW
CloseHandle
ReleaseSemaphore
WaitForMultipleObjects
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetStringTypeW
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
HeapAlloc
HeapReAlloc
HeapSize
LCMapStringW
CreateFileW

user32

RegisterWindowMessageW
UnhookWindowsHookEx
wsprintfW
MessageBoxW
PostMessageW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TakLoL/libraries/pfier/Profiles/Default.ppx
.xml
TakLoL/libraries/pfier/PrxDrvPE.dll
.dll windows:5 windows x86 arch:x86

6b89b93a5fa9d82b32c720118938764d

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:e5:2a:30:8e:0b:0e:a6:76:87:7e:bc
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20/09/2016, 15:44

Not After

21/09/2019, 15:44

Subject

SERIALNUMBER=1089847274439,CN=Initeks\, OOO,O=Initeks\, OOO,STREET=Komendantskiy 51-1-300,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:46:1e:88:90:e0:1b:6c:b1:8d:0e:8a:f7:d0:9e:e8:42:fe:13:64:54:23:53:be:7c:70:c4:63:03:16:e0:d2
Signer

Actual PE Digest

12:46:1e:88:90:e0:1b:6c:b1:8d:0e:8a:f7:d0:9e:e8:42:fe:13:64:54:23:53:be:7c:70:c4:63:03:16:e0:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\Projects\Proxifier\Program\Repo\ProxifierWin\PrxDrvPE\Release\PrxDrvPE.pdb

Imports

kernel32

GetVersionExW
GetProcAddress
ExpandEnvironmentStringsW
FreeLibrary
CreateToolhelp32Snapshot
GetCurrentProcessId
Module32FirstW
Module32NextW
CloseHandle
VirtualProtect
GetModuleFileNameW
GetCurrentThread
VirtualAlloc
GetCurrentProcess
CallNamedPipeW
OpenMutexW
HeapCreate
HeapAlloc
HeapFree
WriteConsoleW
DecodePointer
LoadLibraryW
InterlockedIncrement
InitializeCriticalSection
LeaveCriticalSection
GetLastError
EnterCriticalSection
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
CreateFileW

user32

SetWindowsHookExW
wsprintfW
MessageBoxW
CallNextHookEx

advapi32

GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
CopySid

ws2_32

WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSAIoctl
WSASendTo
WSCGetProviderPath
getsockname
connect
WSAConnect
closesocket
WSASocketW
htons
WSCEnumProtocols
WSAStartup
WSASetLastError
WSAGetLastError
ntohs
getpeername

Exports

Exports

InitFilter3

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TakLoL/libraries/pfier/PrxDrvPE64.dll
.dll windows:5 windows x64 arch:x64

d8d4778d2f98e1c9e53b53e7b3936d14

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:e5:2a:30:8e:0b:0e:a6:76:87:7e:bc
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20/09/2016, 15:44

Not After

21/09/2019, 15:44

Subject

SERIALNUMBER=1089847274439,CN=Initeks\, OOO,O=Initeks\, OOO,STREET=Komendantskiy 51-1-300,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:4a:06:58:eb:fe:bb:a1:e0:46:1b:e0:bd:6f:e6:6d:5c:25:d0:ca:66:f6:2d:60:03:2b:bc:43:ad:44:f7:92
Signer

Actual PE Digest

10:4a:06:58:eb:fe:bb:a1:e0:46:1b:e0:bd:6f:e6:6d:5c:25:d0:ca:66:f6:2d:60:03:2b:bc:43:ad:44:f7:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\Projects\Proxifier\Program\Repo\ProxifierWin\PrxDrvPE\x64\Release\PrxDrvPE64.pdb

Imports

kernel32

GetProcAddress
ExpandEnvironmentStringsW
FreeLibrary
CreateToolhelp32Snapshot
GetCurrentProcessId
Module32FirstW
Module32NextW
CloseHandle
VirtualProtect
GetModuleFileNameW
GetCurrentThread
GetLastError
GetVersionExW
CallNamedPipeW
OpenMutexW
HeapCreate
HeapAlloc
HeapFree
WriteConsoleW
FlushFileBuffers
VirtualAlloc
LoadLibraryW
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
CreateFileW

user32

SetWindowsHookExW
wsprintfW
MessageBoxW
CallNextHookEx

advapi32

GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
CopySid

ws2_32

WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSAIoctl
WSASendTo
WSCGetProviderPath
getsockname
connect
WSAConnect
closesocket
WSASocketW
htons
WSCEnumProtocols
WSAStartup
WSASetLastError
WSAGetLastError
ntohs
getpeername

Exports

Exports

InitFilter3

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TakLoL/libraries/pfier/Settings.ini
TakLoL/libraries/pfier/pfier.exe
.exe windows:5 windows x86 arch:x86

1ccaf58ee2f6fbe052f00657d7c24f93

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:e5:2a:30:8e:0b:0e:a6:76:87:7e:bc
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20/09/2016, 15:44

Not After

21/09/2019, 15:44

Subject

SERIALNUMBER=1089847274439,CN=Initeks\, OOO,O=Initeks\, OOO,STREET=Komendantskiy 51-1-300,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:bf:7b:64:d8:2e:f2:86:36:15:77:31:e5:4c:a9:b0:2f:23:3d:4d:28:76:9c:d7:2f:1c:0d:59:7e:7e:56:ba
Signer

Actual PE Digest

05:bf:7b:64:d8:2e:f2:86:36:15:77:31:e5:4c:a9:b0:2f:23:3d:4d:28:76:9c:d7:2f:1c:0d:59:7e:7e:56:ba

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\Projects\Proxifier\Program\Repo\ProxifierWin\Proxifier\Portable Release\Proxifier.pdb

Imports

kernel32

SetFilePointerEx
ReadConsoleW
GetDriveTypeW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
VirtualQuery
GetSystemInfo
FindFirstFileExW
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
LCMapStringW
QueryPerformanceFrequency
SwitchToThread
GetStringTypeW
TryEnterCriticalSection
OutputDebugStringW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualFree
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
GetWindowsDirectoryW
FindResourceExW
SetErrorMode
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExW
SearchPathW
GetProfileIntW
VirtualProtect
GetUserDefaultUILanguage
SetEnvironmentVariableA
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
VerifyVersionInfoW
VerSetConditionMask
GlobalReAlloc
GetCurrentDirectoryW
GlobalGetAtomNameW
LocalAlloc
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFileTime
GetDiskFreeSpaceW
GetThreadLocale
GetStringTypeExW
MoveFileW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
DeleteFileW
lstrcmpiW
WritePrivateProfileStringW
GetPrivateProfileIntW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
lstrcpyW
CompareStringA
lstrcmpA
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
SetThreadPriority
GetTickCount
FreeResource
CopyFileW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
FormatMessageW
TerminateProcess
GetSystemTime
GetComputerNameW
GetCurrentThread
GetTempPathW
SetUnhandledExceptionFilter
ReleaseSemaphore
WaitForMultipleObjects
CreateProcessW
CreateSemaphoreW
LoadLibraryW
GetPrivateProfileStringW
GetComputerNameA
SetLastError
ExpandEnvironmentStringsW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
CreateDirectoryW
GetPrivateProfileSectionW
OpenProcess
SuspendThread
GetFileAttributesW
CreateMutexW
GetCurrentProcessId
GetExitCodeProcess
OpenMutexW
SetEvent
ResetEvent
GetCurrentProcess
GetVersionExW
GetModuleFileNameW
CreateEventW
InitializeCriticalSection
ConnectNamedPipe
CreateNamedPipeW
WaitForSingleObject
CreateFileW
ResumeThread
LocalFree
GetModuleHandleW
FlushFileBuffers
WriteFile
ReadFile
Sleep
CloseHandle
GetCurrentThreadId
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
VirtualAlloc

user32

EndDialog
CreateDialogIndirectParamW
MonitorFromPoint
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
GetWindowThreadProcessId
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
SystemParametersInfoW
IsZoomed
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
EqualRect
CopyImage
GetIconInfo
UpdateLayeredWindow
EnableScrollBar
UnregisterClassW
PostMessageW
DefWindowProcW
LoadIconW
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
CharUpperW
GetAsyncKeyState
SetWindowRgn
SetCursor
IntersectRect
NotifyWinEvent
SetParent
GetMenuDefaultItem
ShowOwnedPopups
CountClipboardFormats
IsClipboardFormatAvailable
SetRect
InSendMessage
BringWindowToTop
GetUpdateRect
LockWindowUpdate
UnionRect
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsMenu
DrawTextW
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
GetSysColorBrush
SetClassLongW
CreatePopupMenu
GetKeyNameTextW
MapVirtualKeyW
DestroyAcceleratorTable
TranslateAcceleratorW
UnpackDDElParam
DrawTextExW
LoadCursorW
FindWindowW
SendMessageW
IsIconic
GetLastActivePopup
SetForegroundWindow
UpdateWindow
MessageBoxW
SetMenuItemInfoW
InsertMenuItemW
wsprintfW
UnhookWindowsHookEx
RegisterWindowMessageW
EnableWindow
SetRectEmpty
InvalidateRect
ClientToScreen
GetCursorPos
ScreenToClient
GetSysColor
DestroyIcon
GetParent
GetClientRect
GetDC
LoadMenuW
GetSubMenu
SetTimer
LoadImageW
GetSystemMetrics
ReleaseDC
CreateIconIndirect
RedrawWindow
GetWindowRect
GetDesktopWindow
DeleteMenu
AppendMenuW
SetMenuDefaultItem
GetFocus
FillRect
InflateRect
IsWindowVisible
PtInRect
IsChild
HideCaret
MessageBeep
GetSystemMenu
EnableMenuItem
KillTimer
OffsetRect
SetCapture
WindowFromPoint
ReleaseCapture
DrawFrameControl
IsRectEmpty
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
GetClassInfoW
LoadAcceleratorsW
DestroyMenu
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetActiveWindow
DrawIconEx
OpenClipboard
CloseClipboard
InvertRect
SetClipboardData
GetKeyState
ValidateRect
SetWindowsHookExW
CallNextHookEx
GetMessagePos
GetNextDlgTabItem
GrayStringW
TabbedTextOutW
GetWindowDC
PostThreadMessageW
WaitMessage
IsWindow
TrackMouseEvent
ReuseDDElParam
EmptyClipboard
DrawStateW
DrawEdge
DrawFocusRect
ModifyMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SendDlgItemMessageA
SendNotifyMessageW
CopyAcceleratorTableW
RealChildWindowFromPoint
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
EnumChildWindows
GetTabbedTextExtentW
CharNextW
InvalidateRgn
GetNextDlgGroupItem
CharUpperBuffW
SetCursorPos
CopyIcon
FrameRect
CreateMenu
SubtractRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
GetDoubleClickTime
DestroyCursor
DrawIcon
IsCharLowerW
MapVirtualKeyExW
GetWindowRgn
GetMenuItemInfoW

gdi32

ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
StartDocW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRoundRectRgn
DPtoLP
CreateRectRgnIndirect
PatBlt
CreateDIBSection
CombineRgn
GetDIBits
RealizePalette
StretchBlt
SelectClipRgn
CreateEllipticRgn
Ellipse
GetBkColor
CreatePolygonRgn
Polygon
Polyline
RoundRect
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetRgnBox
OffsetRgn
GetCharWidthW
GetWindowOrgEx
CreatePalette
GetPaletteEntries
GetViewportOrgEx
LPtoDP
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
GetTextAlign
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetNearestPaletteIndex
GetSystemPaletteEntries
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextFaceW
SetPixelV
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
SetTextColor
SetBkColor
CreateBitmap
CreateDCW
CopyMetaFileW
DeleteDC
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
Rectangle
GetTextMetricsW
GetTextColor
GetTextExtentPoint32W
GetStockObject
CreateFontW
GetObjectW
CreateFontIndirectW
CreatePen
SetDIBColorTable
OffsetWindowOrgEx
SetPixel

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
GetJobW
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
FreeSid
RegCreateKeyExW
RegSetValueExW
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegEnumValueW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueW
EqualSid

shell32

SHGetPathFromIDListW
DragAcceptFiles
ShellExecuteW
SHGetSpecialFolderPathW
ExtractIconExW
Shell_NotifyIconW
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHAddToRecentDocs
ExtractIconW

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Draw
ImageList_AddMasked
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag

shlwapi

SHCreateStreamOnFileW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetThemeSysColor
DrawThemeParentBackground
IsAppThemed
DrawThemeText
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetWindowTheme
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor

ole32

RegisterDragDrop
OleSave
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
CreateGenericComposite
GetHGlobalFromILockBytes
WriteClassStm
OleGetClipboard
DoDragDrop
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoGetClassObject
OleLockRunning
OleSetMenuDescriptor
CoInitializeEx
CreateStreamOnHGlobal
OleIsRunning
OleRun
GetRunningObjectTable
CreateItemMoniker
CoLockObjectExternal
CreateFileMoniker
CreateILockBytesOnHGlobal
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleRegEnumVerbs
OleRegGetMiscStatus
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSaveToStream
RevokeDragDrop
OleSetContainedObject

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
OleCreateFontIndirect
VarBstrFromDate
LoadTypeLi

oledlg

OleUIBusyW
OleUIObjectPropertiesW
OleUIEditLinksW
OleUIPasteSpecialW
OleUIInsertObjectW
OleUIAddVerbMenuW

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette

secur32

QuerySecurityPackageInfoA
FreeContextBuffer
InitializeSecurityContextA
CompleteAuthToken
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext

crypt32

CryptUnprotectData
CryptProtectData

iphlpapi

NotifyAddrChange

xmllite

CreateXmlWriter
CreateXmlReader

ws2_32

ntohs
getservbyport
gethostbyname
inet_addr
getservbyname
htons
ntohl
WSACreateEvent
closesocket
send
recv
socket
bind
listen
WSAGetLastError
WSAStartup
inet_ntoa
WSAStringToAddressW
select
WSAEnumProtocolsW
WSASocketW
setsockopt
getsockopt
getsockname
connect
WSAAccept
recvfrom
sendto
__WSAFDIsSet
ioctlsocket
gethostbyaddr
WSASetLastError
htonl
accept
WSAAddressToStringW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

HttpQueryInfoW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetQueryOptionW

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 540KB - Virtual size: 539KB

.rsrc Size: 184KB - Virtual size: 184KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 49KB - Virtual size: 49KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

097bec7dac3d9aac7ec8bc389c193ee6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78Certificate

Extended Key Usages

Key Usages

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

ea:3a:09:94:df:44:9f:78:d5:8a:8e:82:68:d4:19:95:05:81:77:c9:e2:16:98:f6:ec:73:a2:d9:83:50:1e:21Signer

99:d1:6d:5b:c6:4a:7b:48:29:bd:f6:40:47:f0:72:90:ae:54:a2:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

6b89b93a5fa9d82b32c720118938764d

Code Sign

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

74:e5:2a:30:8e:0b:0e:a6:76:87:7e:bcCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

.text
Size: 540KB - Virtual size: 539KB

.rsrc
Size: 184KB - Virtual size: 184KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

ea:3a:09:94:df:44:9f:78:d5:8a:8e:82:68:d4:19:95:05:81:77:c9:e2:16:98:f6:ec:73:a2:d9:83:50:1e:21
Signer

99:d1:6d:5b:c6:4a:7b:48:29:bd:f6:40:47:f0:72:90:ae:54:a2:34
Signer

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

74:e5:2a:30:8e:0b:0e:a6:76:87:7e:bc
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

12:46:1e:88:90:e0:1b:6c:b1:8d:0e:8a:f7:d0:9e:e8:42:fe:13:64:54:23:53:be:7c:70:c4:63:03:16:e0:d2
Signer

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

74:e5:2a:30:8e:0b:0e:a6:76:87:7e:bc
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

10:4a:06:58:eb:fe:bb:a1:e0:46:1b:e0:bd:6f:e6:6d:5c:25:d0:ca:66:f6:2d:60:03:2b:bc:43:ad:44:f7:92
Signer

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

74:e5:2a:30:8e:0b:0e:a6:76:87:7e:bc
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate