147013ee85803afc53cb52090eeb47fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

147013ee85803afc53cb52090eeb47fe_JaffaCakes118
Size

667KB
MD5

147013ee85803afc53cb52090eeb47fe
SHA1

1af547cbef57c8aae861d7262b1c04dd95121030
SHA256

04f54fdbc72008337054a59a3ec92b273605b3fea40e5cef4fbc3da1ab665ffe
SHA512

758a362a544c6f5e7e9b6f7d833fc9ef43bf2dabdb29d87ea23a35909a99b21ed03caef73c0730a9889cc088cde656257c5b844a658a8d6ca5da47096c501f98
SSDEEP

12288:gEpEdToMVff/R2Z/+S9Dg1g3zH+9ePpdGs4WcyZTh/z9R+yqxG+PP9rc3U65ud:gKEdTB552R+S9D0D9cw3Gh/zfMHn9AE3

Score

1^/10

Malware Config

Signatures

Files

147013ee85803afc53cb52090eeb47fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

23/04/2015, 23:59

Subject

CN=Perion Network Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Perion Network Ltd.,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:05:5a:2b:59:e7:d7:71:34:63:f6:88:cf:78:55:79:12:c4:03:2a
Signer

Actual PE Digest

f8:05:5a:2b:59:e7:d7:71:34:63:f6:88:cf:78:55:79:12:c4:03:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$_177_/ProxyInstaller.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2014, 00:00

Not After

05/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:f6:fb:c0:69:06:54:1d:cf:9b:d5:5f:0f:e5:a2:b7:a0:f1:5b:3f
Signer

Actual PE Digest

9c:f6:fb:c0:69:06:54:1d:cf:9b:d5:5f:0f:e5:a2:b7:a0:f1:5b:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DM_loader.gif
.gif
$PLUGINSDIR/DownloadACC.dll
.dll windows:5 windows x86 arch:x86

9932d4997f9d1e1b63885bd9643fb5bc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2014, 00:00

Not After

05/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:1a:f4:ca:1b:6f:b4:1a:59:0b:6d:67:a4:0c:0c:80:f2:27:a1:b9
Signer

Actual PE Digest

44:1a:f4:ca:1b:6f:b4:1a:59:0b:6d:67:a4:0c:0c:80:f2:27:a1:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCreateUrlA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
InternetGetCookieA
HttpOpenRequestA
InternetWriteFile
HttpSendRequestExA
HttpEndRequestA
InternetGetLastResponseInfoA
FtpSetCurrentDirectoryA
InternetQueryOptionA
FtpFindFirstFileA
FtpCommandA
InternetSetOptionA
InternetReadFile
InternetConnectA

ws2_32

bind
htons
socket
gethostname
send
connect
accept
listen
closesocket
recv
WSAGetLastError
gethostbyname
WSAStartup

user32

PeekMessageA
TranslateMessage
DispatchMessageA
CharLowerA
MessageBoxA

ole32

OleRun
CoUninitialize
CoInitialize
CoCreateInstance

kernel32

IsDebuggerPresent
lstrcmpiA
GetProcessHeap
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
lstrcpynW
GlobalFree
GlobalAlloc
Sleep
GetCurrentDirectoryA
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
CloseHandle
LeaveCriticalSection
SetFileTime
lstrcatA
InterlockedDecrement
WriteFile
CreateThread
InterlockedIncrement
SetEndOfFile
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
GetFileTime
CreateFileW
GetFileAttributesW
GetLastError
SetFileAttributesW
SetFilePointer
DeleteFileW
MoveFileW
SetLastError
GetExitCodeThread
TerminateThread
WaitForSingleObject
FreeLibrary
GetCurrentThreadId
CompareStringA
GetModuleFileNameA
CreateDirectoryW
ReadFile
SystemTimeToFileTime
GetTickCount
CreateMutexA
ReleaseMutex
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetCommandLineA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
SetStdHandle

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

Download
Load

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Failed.htm
.js
$PLUGINSDIR/FirefoxHandler.dll
.dll windows:5 windows x86 arch:x86

0b0bd9a74b81c20dd1ca10dffb1e2ff5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2014, 00:00

Not After

05/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:2a:54:eb:f4:12:cf:73:ea:8d:70:b3:3d:76:36:5a:c9:3e:80:5c
Signer

Actual PE Digest

66:2a:54:eb:f4:12:cf:73:ea:8d:70:b3:3d:76:36:5a:c9:3e:80:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SmartBar\DevelopmentTools\FF\FirefoxHandler\Release\FirefoxHandler.pdb

Imports

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses

kernel32

CopyFileW
CreateFileW
GetFileSize
CloseHandle
GetDiskFreeSpaceExW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
OpenProcess
DeleteFileW
TerminateProcess
Sleep
CreateProcessW
LoadLibraryA
GetProcAddress
GetVersionExW
GetTempPathW
lstrcpynW
GlobalAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
UnhandledExceptionFilter
EncodePointer

user32

GetWindowThreadProcessId
FindWindowW
CharUpperW
wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
DuplicateTokenEx
OpenProcessToken
RegQueryValueExW

shlwapi

PathFileExistsW

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
memset
memcpy
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
memmove
_wfsopen
fwrite
fflush
fclose
??_V@YAXPAX@Z
fseek
ftell
rewind
fread
malloc
realloc
free
_wtoi
calloc
iswspace
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook

Exports

Exports

DllIsFireFoxRunning
DllRestoreFF
DllTerminateFF

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NoneSilentSuccess.htm
.js
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

6e63471b3d7c59cf9b8572bf93e2cf35

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2014, 00:00

Not After

05/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:f0:36:8c:6d:35:c4:1e:87:a5:59:a6:5d:04:90:19:22:7a:2a:47
Signer

Actual PE Digest

4d:f0:36:8c:6d:35:c4:1e:87:a5:59:a6:5d:04:90:19:22:7a:2a:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_snprintf
swscanf
_snwprintf
rand
srand
time
_wcsicmp
??2@YAPAXI@Z
wcsncpy
??3@YAXPAX@Z
wcschr
_beginthreadex
memset

shlwapi

ord176

kernel32

LeaveCriticalSection
lstrcpynW
GlobalFree
MultiByteToWideChar
EnterCriticalSection
GetProcAddress
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
DeleteCriticalSection
GetCommandLineW
GetVersionExW
WaitForSingleObject
CloseHandle
Sleep
CreateEventW
GetTickCount
FreeLibrary
LoadLibraryW
GetModuleHandleW
TerminateThread
GlobalAlloc

user32

MessageBoxA
LoadStringW
MessageBoxW
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Exports

Exports

DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWait
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetMinutes
GetParameter
InvokeShellVerb
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
Time
TrimStr
TrimStrLeft
TrimStrRight
WaitForProc

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Success.htm
.js
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2014, 00:00

Not After

05/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13
Signer

Actual PE Digest

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/icon.png
.png
$PLUGINSDIR/webapphost.dll
.dll windows:5 windows x86 arch:x86

d8e05698633b5c3c783c39b35381ad9e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2014, 00:00

Not After

05/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:52:c7:41:0e:22:65:a1:ce:6c:fe:b4:93:49:a7:ef:60:8e:af:0e
Signer

Actual PE Digest

31:52:c7:41:0e:22:65:a1:ce:6c:fe:b4:93:49:a7:ef:60:8e:af:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFlags
GetFileSizeEx
GetFileTime
WritePrivateProfileStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
ExitThread
GetCommandLineA
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
HeapSize
SetStdHandle
HeapCreate
HeapDestroy
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetFileAttributesA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
CreateProcessA
CreateFileA
SetEnvironmentVariableA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
InterlockedIncrement
SuspendThread
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GetModuleHandleA
FormatMessageW
SetLastError
GetProcessHeap
HeapFree
OpenProcess
lstrcatW
lstrcmpiW
ReadFile
PeekNamedPipe
FlushFileBuffers
lstrlenW
CreateProcessW
DuplicateHandle
CreatePipe
GetModuleHandleW
lstrcpyW
lstrcpynW
CopyFileW
CreateDirectoryW
ExpandEnvironmentStringsW
GetCurrentThreadId
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
LoadLibraryW
FreeLibrary
OpenEventW
WideCharToMultiByte
TerminateThread
GetExitCodeThread
GetUserDefaultLangID
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
GetFileAttributesW
GetCurrentProcess
LoadLibraryA
GetProcAddress
FileTimeToSystemTime
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
lstrlenA
ResetEvent
GetSystemTime
GetExitCodeProcess
FindClose
FindFirstFileW
LocalFree
LocalAlloc
InterlockedDecrement
DeleteFileW
GetVersionExW
GetCurrentProcessId
GetTickCount
CloseHandle
WriteFile
CreateFileW
SetEvent
Sleep
CreateThread
CreateEventW
WaitForSingleObject
ReleaseMutex
CreateMutexW
WriteConsoleW
GetStdHandle
AllocConsole
GetACP
GetLastError
InterlockedCompareExchange

user32

SetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextW
GetFocus
GetParent
IsWindowEnabled
ShowWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
GetWindowLongW
IsDialogMessageW
GetKeyState
GetWindow
LoadImageW
GetClassNameW
DispatchMessageW
TranslateMessage
PeekMessageW
MessageBoxW
AllowSetForegroundWindow
SystemParametersInfoW
GetForegroundWindow
SetForegroundWindow
BringWindowToTop
SetActiveWindow
AttachThreadInput
GetWindowThreadProcessId
UpdateWindow
IsWindowVisible
EnableScrollBar
SetCursor
PtInRect
ScreenToClient
GetCursorPos
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
LoadCursorW
LoadIconW
CopyRect
GetSysColor
FillRect
ReleaseDC
GetDC
SetRect
EnableWindow
InvalidateRect
IsWindow
PostMessageW
MoveWindow
GetClientRect
GetDesktopWindow
DialogBoxParamW
EndDialog
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetLastActivePopup
RemovePropW
GetPropW
SendDlgItemMessageW
RegisterClipboardFormatW
GetMessageW
PostThreadMessageW
GetWindowRect
wsprintfW
GetDlgItem
SendMessageW
SetWindowPos
SetFocus
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
GetSysColorBrush
UnregisterClassW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharNextW
ValidateRect
DestroyMenu
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
CharUpperW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
SetPropW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
ModifyMenuW

gdi32

GetObjectW
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
GetDeviceCaps
SelectObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegDeleteValueW
CryptDestroyKey
CryptAcquireContextW
CryptImportKey
CryptCreateHash
CryptSetHashParam
CryptHashData
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyW
RegEnumValueW
RegEnumKeyExW
GetUserNameW
CryptDestroyHash
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptReleaseContext
CryptGetHashParam

shell32

SHGetFolderPathW
ShellExecuteExW
SHCreateDirectoryExW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW

shlwapi

ord2
PathAddBackslashW
PathAddExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitializeEx
OleInitialize
CoTaskMemFree
OleUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitialize
CoTaskMemAlloc

oleaut32

VariantInit
OleLoadPicture
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocString
SysFreeString
GetErrorInfo
VariantChangeType
VariantCopy
OleCreateFontIndirect
LoadTypeLi
SafeArrayAccessData
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
SafeArrayUnaccessData

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptQueryObject
CertGetNameStringW

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetCanonicalizeUrlW
FtpOpenFileW
InternetReadFile
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

oleacc

CreateStdAccessibleObject
LresultFromObject

Exports

Exports

AddDynamicAttributesToVector
BuildClientXML
CallJSMethod
CallJSMethodWithParams
CreateCommLayer
CreateWebInstallerBrowser
DeleteMasterPuidFromReg
DisableWindow
DownloadFileHttp
DownloadUninstaller
EnableCurrentWindow
EnableProxyConsoleLog
ExecWait
FillDMData
FinishUninstaller
ForceInnerRegistryCHecker
GetBunndleParams
GetCustomCheckerNum
GetCustomCheckerOfferId
GetCustomCheckerParams
GetCustomOfferCheckResult
GetDONumAvailable
GetDONumToPresent
GetDOParam
GetDmFlowType
GetDoBroswerRestart
GetDynamicAttributesFromVector
GetDynamicHideModeState
GetDynamicIsExternal
GetDynamicOfferId
GetDynamicOffersCount
GetEngineDuration
GetGeneralParams
GetGlobalUIParams
GetInitToInitCompleteDuration
GetInstallOffersSync
GetIsSkipAllParams
GetLCONavigationStatus
GetMOPosition
GetMachineID
GetMainOfferCMD
GetMainSoftwareInnerVersion
GetMainTotalSteps
GetMrsParams
GetNavigateError
GetNextAntiOfferId
GetOfferParam
GetOfferSuccessCodes
GetPixelFireNumUrls
GetPixelFireParams
GetPixelFireUrl
GetProductParams
GetPublisherReportingParams
GetShouldInstallOffer
GetSouldRunUninstaller
GetToolbarParams
GetUIParams
GetUserLanguage
GetVectorAndRuleId
GetWelcomePageParams
Hide
HideBrowser
HmacEncryptQueryString
InitToInitComplete_MeasureAdd
InitToInitComplete_MeasureStart
IsBrowserCompletedNavigation
Load
LoadNavigate
MeasureEndEngine
MeasureStartEngine
Navigate
NavigateAsync
NavigateAsyncMO
NotifyStubOnDMFinishInit
ParseEngineXML
PhaseDuration_MeasureGet
PhaseDuration_MeasureStart
PreLoad
PrepareLCO
ReplaceCommadLine
ReportBI_DownloadComplete
ReportBI_DownloadStart
ReportBI_EndOfSession
ReportBI_Init
ReportBI_InitComplete
ReportBI_InstallStatus
ReportBI_OfferPresented
ReportBI_OfferSuggested
ReportBI_Technical_GlobalPage
ReportBI_Technical_Language
ReportBI_Technical_RegistryCheckEnded
ReportBI_Technical_ReportToPublisher
ReportTechnicalFromNsis
RunCustomOfferFile
RunUninstaller
SearchInFile
SearchInFileExtended
SearchInFileExtendedChrome
SearchInText
SearchNumberInText
SendClientXML
SetBIAttempt
SetBIIsSilent
SetCustomOffersNum
SetDOParam
SetDownloadBrowserForWelcomePage
SetDynamicParsedParamsInBI
SetOfferFlag
SetOfferParam
SetPhase
SetUserAgent
SetUserProfile
SetUserSelectedSkipAll
SetUserSession
Show
ShowBrowser
ShowCertificate
ShowFileOnNonSilent
ShowLoadingScreen
StartOffersLoop
UnLoad1
UrlDecode
WaitAndInstallDynamics
WaitForAsyncExternalShowFinish
WaitForDocComplete
WaitForFinishModal
WaitForUserLanguage
WebAppHostExec
WebAppHostExecProcess
WebAppHostExecProcessWait
WebAppHostExecWait

Sections

.text
Size: 694KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f8:05:5a:2b:59:e7:d7:71:34:63:f6:88:cf:78:55:79:12:c4:03:2aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 7.8MB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 3KB

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

9c:f6:fb:c0:69:06:54:1d:cf:9b:d5:5f:0f:e5:a2:b7:a0:f1:5b:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 3.6MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

9932d4997f9d1e1b63885bd9643fb5bc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:f8:76:94:fe:8d:19:84:71:97:96:ae:c8:03:1d:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f8:05:5a:2b:59:e7:d7:71:34:63:f6:88:cf:78:55:79:12:c4:03:2a
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 7.8MB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9c:f6:fb:c0:69:06:54:1d:cf:9b:d5:5f:0f:e5:a2:b7:a0:f1:5b:3f
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 3.6MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:1a:f4:ca:1b:6f:b4:1a:59:0b:6d:67:a4:0c:0c:80:f2:27:a1:b9
Signer

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

66:2a:54:eb:f4:12:cf:73:ea:8d:70:b3:3d:76:36:5a:c9:3e:80:5c
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate