12507582c4bf32f68833d03125cdc48f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

12507582c4bf32f68833d03125cdc48f_JaffaCakes118
Size

4.8MB
MD5

12507582c4bf32f68833d03125cdc48f
SHA1

3caaf5f8f67565442b660ce67c96f5265394572d
SHA256

397d3cb5840a3957173abf022ffd472472df4e44f1d76fef1bda7b9ff1eb555c
SHA512

e771cce6e84b58b00935379a3036c23ebd57466336a36d3251287f9da6272f4a4146d77d350b9d4a9ea48bf96cb058b2009717b07367d0daaac6e30d03da2fc3
SSDEEP

98304:h1CieYBZjK/rSQd2ACjNU4pEeGClB+fQx9t/NSJ3kWrwLjqtgC:LCiaHer+IJwJ3DrwLjqN

Score

1^/10

Malware Config

Signatures

Files

12507582c4bf32f68833d03125cdc48f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6d8e0e2b5948560b2900cadf219e03c0

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:22:c7:d2:88:3e:f6:4e:e1:41:a3:21:18:64:83:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/11/2016, 00:00

Not After

09/11/2017, 23:59

Subject

CN=Shenzhen Shan Xiang Network Technology Co.\, Ltd,O=Shenzhen Shan Xiang Network Technology Co.\, Ltd,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:11:19:de:1e:a0:19:a7:c9:c7:7e:b5:03:5f:53:db
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/11/2016, 00:00

Not After

09/11/2017, 23:59

Subject

CN=Shenzhen Shan Xiang Network Technology Co.\, Ltd,O=Shenzhen Shan Xiang Network Technology Co.\, Ltd,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:73:4e:db:d5:38:18:0f:c8:03:ab:6b:26:b7:52:97:bb:77:5f:5b:36:ff:3e:ef:c2:4b:ec:ec:58:1c:95:76
Signer

Actual PE Digest

80:73:4e:db:d5:38:18:0f:c8:03:ab:6b:26:b7:52:97:bb:77:5f:5b:36:ff:3e:ef:c2:4b:ec:ec:58:1c:95:76

Digest Algorithm

sha256

PE Digest Matches

true

6a:7f:8f:1b:1e:26:e6:73:9a:92:f3:a0:5f:bb:ed:4a:bf:ff:92:df
Signer

Actual PE Digest

6a:7f:8f:1b:1e:26:e6:73:9a:92:f3:a0:5f:bb:ed:4a:bf:ff:92:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Project\KaijiaWeishiShezhi\bin\KJCommonSet.pdb

Imports

amlog

Info
InitLog

kernel32

GetConsoleMode
SetConsoleCtrlHandler
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
GetFileInformationByHandle
PeekNamedPipe
SetCurrentDirectoryW
GetTimeZoneInformation
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
CreateFileA
GetFullPathNameA
SetEnvironmentVariableA
GetCurrentThreadId
GetConsoleCP
TryEnterCriticalSection
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GetComputerNameW
GetVersionExA
SetEnvironmentVariableW
GetEnvironmentVariableW
FindNextFileW
ExpandEnvironmentStringsW
GetLongPathNameW
RemoveDirectoryW
MoveFileExW
InterlockedCompareExchange
SizeofResource
LockResource
LoadResource
FindResourceW
FatalAppExitA
IsProcessorFeaturePresent
TerminateProcess
SetHandleCount
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
CloseHandle
Process32NextW
lstrcmpW
HeapDestroy
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
Sleep
GetDriveTypeW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
MultiByteToWideChar
InterlockedDecrement
WaitForSingleObject
TerminateThread
lstrlenW
GetModuleFileNameA
CreateThread
GetLastError
CreateMutexW
MulDiv
LoadLibraryW
GetProcAddress
FreeLibrary
GetFileAttributesW
OutputDebugStringW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
GetVersionExW
GetSystemDefaultLangID
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetLocalTime
lstrlenA
GlobalFree
FreeResource
GetModuleHandleW
SetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
HeapReAlloc
ExitThread
HeapAlloc
FindFirstFileExW
EncodePointer
DecodePointer
ExitProcess
HeapFree
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineW
LocalLock
LocalUnlock
FindResourceExW
GetDiskFreeSpaceW
ResumeThread
InterlockedIncrement
DuplicateHandle
ReplaceFileW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetFileAttributesW
GetFileAttributesExW
SetErrorMode
GlobalFlags
lstrcpyW
GetSystemDirectoryW
FileTimeToSystemTime
GetAtomNameW
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileW
DeleteFileW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
CompareStringW
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
SuspendThread
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
ActivateActCtx
DeactivateActCtx
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
CopyFileW
GlobalSize
FormatMessageW
LocalFree
SetLastError
SetFileTime
WriteFile
CreateDirectoryW
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
SetFilePointer
GetFileType
CreateFileW
GetCurrentProcess
HeapCreate

user32

RegisterClipboardFormatW
GetIconInfo
EnableScrollBar
InvertRect
GetMenuDefaultItem
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
SetCursorPos
LoadAcceleratorsW
GetKeyboardState
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
GetSystemMenu
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
CreatePopupMenu
DestroyAcceleratorTable
SetParent
UnregisterClassW
GetDialogBaseUnits
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableW
CharNextW
CopyImage
DestroyMenu
GetMenuItemInfoW
WaitMessage
KillTimer
SetTimer
RealChildWindowFromPoint
EnumDisplayMonitors
DeleteMenu
GetSysColorBrush
LoadMenuW
CharUpperW
InflateRect
WindowFromPoint
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
RemovePropW
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
DefFrameProcW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
GetClassInfoW
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CopyRect
GetLastActivePopup
MessageBoxW
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
ScrollWindowEx
IsWindowEnabled
GetDlgCtrlID
SetWindowTextW
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
IsMenu
InSendMessage
CreateMenu
PostThreadMessageW
SetMenuDefaultItem
IsClipboardFormatAvailable
SendNotifyMessageW
FrameRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
CopyIcon
GetMenuItemCount
GetSubMenu
RemoveMenu
GetMenu
AdjustWindowRectEx
GetPropW
SetPropW
CallWindowProcW
GetClassInfoExW
RegisterClassW
LoadImageW
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
DrawIcon
DestroyCursor
WindowFromDC
EnumChildWindows
GetTabbedTextExtentW
GetMessagePos
CharLowerBuffW
PostMessageW
DestroyCaret
GetCaretPos
GetFocus
SetWindowPos
GetDC
ReleaseDC
CreateCaret
ShowCaret
HideCaret
SetCaretPos
SetCursor
ScreenToClient
ClientToScreen
GetDCEx
GetSysColor
PtInRect
GetKeyState
GetWindowLongW
SendMessageW
InvalidateRect
GetKeyboardLayout
TranslateMessage
DispatchMessageW
IntersectRect
IsRectEmpty
SetRectEmpty
UnionRect
LoadCursorW
GetWindowRect
OffsetRect
IsWindow
DestroyIcon
RegisterWindowMessageW
SystemParametersInfoW
GetClientRect
SetWindowLongW
SetRect
IsIconic
GetUpdateRect
GetCursorPos
IsZoomed
SetLayeredWindowAttributes
SetWindowRgn
ShowOwnedPopups
UpdateWindow
GetSystemMetrics
SetCapture
ReleaseCapture
EnableWindow
SendMessageTimeoutW
LoadIconW
UpdateLayeredWindow
GetParent
DefWindowProcW
RegisterClassExW
CreateWindowExW
ShowWindow
DestroyWindow
MoveWindow
GetWindowRgn
FillRect
InvalidateRgn
CreateAcceleratorTableW
BeginPaint
EndPaint
GetWindow
GetMessageW
SetFocus
PostQuitMessage

gdi32

ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
SetStretchBltMode
SetWorldTransform
PatBlt
DPtoLP
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextExtentPoint32W
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthW
StretchDIBits
GetCurrentObject
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
RoundRect
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
SetPixelV
GetMapMode
SetGraphicsMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
CreateBitmap
CreateDCW
CopyMetaFileW
CreateFontW
PtInRegion
DeleteDC
SelectObject
CreateDIBSection
GetDIBits
CombineRgn
CreateRectRgn
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CreateFontIndirectW
GetStockObject
GetObjectW
SetRectRgn
GetDeviceCaps

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

GetJobW
OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

GetFileSecurityW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
SetFileSecurityW
RegCloseKey

shell32

SHAppBarMessage
SHBrowseForFolderW
ShellExecuteW
DragQueryFileW
DragAcceptFiles
ShellExecuteExW
Shell_NotifyIconW
ExtractAssociatedIconW
SHGetFileInfoW
SHAddToRecentDocs
ExtractIconW
DragFinish
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Destroy
_TrackMouseEvent

shlwapi

PathCombineA
PathRemoveFileSpecA
StrToIntW
StrChrW
PathIsDirectoryW
PathCanonicalizeW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW

ole32

StringFromGUID2
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
StgCreateDocfile
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleSetMenuDescriptor
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
PropVariantCopy
OleSave
WriteClassStm
OleSaveToStream
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleRegGetMiscStatus
OleGetClipboard
RegisterDragDrop
CoDisconnectObject
CoInitializeEx
CoCreateGuid
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
CoLockObjectExternal
RevokeDragDrop
OleQueryCreateFromData
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
ReleaseStgMedium

oleaut32

VariantInit
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
VariantClear
SysStringByteLen
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
OleCreateFontIndirect
VariantCopy
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
SafeArrayLock
CreateErrorInfo
VariantChangeType
GetErrorInfo
SetErrorInfo
SafeArrayPutElement

oledlg

OleUIBusyW

iphlpapi

GetAdaptersInfo

kjoperation

DllSetTermOperation
DllSetImmediatelySend

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipFillEllipseI
GdipSetSmoothingMode
GdipFillRectangle
GdipCreateTexture
GdipDrawImageI
GdipSetPenWidth
GdipSetPenColor
GdipDrawLineI
GdipSetSolidFillColor
GdipFillRectangleI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetFontHeightGivenDPI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFontSize
GdipAddPathString
GdipGetFamily
GdipDeletePath
GdipCreatePath
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateHICONFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDrawRectanglesI
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipSetTextRenderingHint
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipDrawString
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipDrawRectangle
GdiplusShutdown
GdiplusStartup

imm32

ImmGetContext
ImmReleaseContext
ImmIsIME
ImmSetCompositionWindow
ImmGetOpenStatus
ImmGetDescriptionW

winmm

timeKillEvent
timeGetDevCaps
timeBeginPeriod
PlaySoundW
timeEndPeriod
timeSetEvent

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d8e0e2b5948560b2900cadf219e03c0

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

23:22:c7:d2:88:3e:f6:4e:e1:41:a3:21:18:64:83:c4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

28:11:19:de:1e:a0:19:a7:c9:c7:7e:b5:03:5f:53:dbCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

80:73:4e:db:d5:38:18:0f:c8:03:ab:6b:26:b7:52:97:bb:77:5f:5b:36:ff:3e:ef:c2:4b:ec:ec:58:1c:95:76Signer

6a:7f:8f:1b:1e:26:e6:73:9a:92:f3:a0:5f:bb:ed:4a:bf:ff:92:dfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

amlog

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

iphlpapi

kjoperation

gdiplus

imm32

winmm

oleacc

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 714KB - Virtual size: 714KB

.data Size: 48KB - Virtual size: 79KB

.rsrc Size: 461KB - Virtual size: 461KB

.reloc Size: 241KB - Virtual size: 240KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

23:22:c7:d2:88:3e:f6:4e:e1:41:a3:21:18:64:83:c4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

28:11:19:de:1e:a0:19:a7:c9:c7:7e:b5:03:5f:53:db
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

80:73:4e:db:d5:38:18:0f:c8:03:ab:6b:26:b7:52:97:bb:77:5f:5b:36:ff:3e:ef:c2:4b:ec:ec:58:1c:95:76
Signer

6a:7f:8f:1b:1e:26:e6:73:9a:92:f3:a0:5f:bb:ed:4a:bf:ff:92:df
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 714KB - Virtual size: 714KB

.data
Size: 48KB - Virtual size: 79KB

.rsrc
Size: 461KB - Virtual size: 461KB

.reloc
Size: 241KB - Virtual size: 240KB