32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118
Size

21.2MB
MD5

32cce6545af187d0efe96c7e40c71c8d
SHA1

76f8360e00280e434af26c1aa890f2003f4bd0dd
SHA256

d50a2c2bfcdf4cf8a908cd9b6d091afdea152be6e2b0770173d9fb4380acabb4
SHA512

cb1ce69252e274432b90e360c90519eb59591625bc7174ee1c9410ef12258498328d5dda926b689b8daa679c09a8d9230670c97ce05d2ffbd5b83cbcdaecfb96
SSDEEP

393216:eoXHqXZ6bGw6u6xJHcjOY9lWjQum1UEKFOl7NfpqVrVSvxvbJ4jRh4jx69W:hHqDwIboTXwvEUEKi7NBSx6hF4NL9W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

Files

32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25-03-2015 00:00

Not After

25-03-2016 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\,Ltd.,OU=Baidu security,O=Baidu Online Network Technology (Beijing) Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:a1:c9:34:23:c3:ae:0b:f0:85:09:7c:e5:b5:06:17:b5:8f:a1:6e
Signer

Actual PE Digest

02:a1:c9:34:23:c3:ae:0b:f0:85:09:7c:e5:b5:06:17:b5:8f:a1:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 628KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallUtility.dll
.dll windows:5 windows x86 arch:x86

ee8f889571f603697f1ffd57de797f37

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03-02-2015 00:00

Not After

03-03-2026 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25-03-2015 00:00

Not After

25-03-2016 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\,Ltd.,OU=Baidu security,O=Baidu Online Network Technology (Beijing) Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:dd:04:66:1b:38:5d:c1:fc:39:a9:95:0c:64:e5:77:64:06:64:94
Signer

Actual PE Digest

e4:dd:04:66:1b:38:5d:c1:fc:39:a9:95:0c:64:e5:77:64:06:64:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\newns.jenkins.slave\workspace\bav_5.2_workspace\BavOutput\Pdb\Release\InstallUtility.pdb

Imports

wininet

InternetCreateUrlW

wtsapi32

WTSCloseServer
WTSEnumerateSessionsW
WTSFreeMemory
WTSOpenServerW
WTSEnumerateProcessesW
WTSQueryUserToken

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleInformation

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetAdaptersAddresses

kernel32

GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleA
GetModuleFileNameA
ResumeThread
CompareStringA
GlobalGetAtomNameA
lstrcmpA
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
FlushFileBuffers
DuplicateHandle
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
TlsGetValue
ExitThread
CreateThread
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
MoveFileW
GetCommandLineA
RtlUnwind
HeapReAlloc
VirtualQuery
HeapSize
ExitProcess
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
GetStdHandle
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringW
LCMapStringA
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
lstrcpyW
lstrcpynW
GetPrivateProfileSectionNamesW
GetVersion
GlobalAlloc
GlobalFree
CreateFileMappingA
GetProcessHeap
HeapFree
LocalAlloc
SetEndOfFile
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
ReadProcessMemory
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
HeapAlloc
GlobalUnlock
VirtualProtect
GetFileSize
CreateFileA
GetCurrentDirectoryW
SetFileTime
SystemTimeToFileTime
lstrcmpiW
SetLastError
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
DeleteCriticalSection
SetFilePointer
OpenEventW
ReadFile
GetNativeSystemInfo
LocalFree
GetPrivateProfileSectionW
ReleaseMutex
GetCurrentThreadId
FindNextFileW
OpenFileMappingW
WaitForMultipleObjects
SetCurrentDirectoryW
GetExitCodeThread
ProcessIdToSessionId
FindClose
EnterCriticalSection
GetTempPathW
TerminateProcess
LeaveCriticalSection
CopyFileW
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
GetWindowsDirectoryW
GetLocalTime
WriteFile
ExpandEnvironmentStringsW
SetFileAttributesW
GetCurrentProcessId
DeleteFileW
GetDiskFreeSpaceExW
OutputDebugStringA
CreateToolhelp32Snapshot
Process32NextW
QueryDosDeviceW
CreateEventW
Process32FirstW
OpenMutexW
GlobalMemoryStatusEx
GlobalReAlloc
GetFileSizeEx
InterlockedExchange
VerifyVersionInfoW
GetPrivateProfileIntW
RaiseException
WritePrivateProfileStringW
GetStartupInfoW
SetThreadPriority
lstrlenW
MultiByteToWideChar
GetTimeZoneInformation
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
Sleep
WideCharToMultiByte
GetSystemDirectoryW
OpenProcess
InitializeCriticalSection
GetUserDefaultLangID
GetPrivateProfileStringW
GetCurrentThread
OutputDebugStringW
SetEvent
InterlockedCompareExchange
CreateDirectoryW
GetLogicalDriveStringsW
GetCurrentProcess
MoveFileExW
VerSetConditionMask
CreateProcessW
GetDriveTypeW
CopyFileExW
lstrlenA
SetPriorityClass
CreateMutexW
GetCommandLineW
GetTickCount
DeviceIoControl
GetLastError
CreateFileW
CloseHandle
WTSGetActiveConsoleSessionId
GetSystemInfo
RemoveDirectoryW
LockResource
VirtualAlloc
GetProcAddress
GetExitCodeProcess
SizeofResource
LoadLibraryW
VirtualFree
GetModuleHandleW
WaitForSingleObject
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
HeapCreate
GlobalLock
VirtualProtectEx
CreateProcessA
lstrcatA
GetThreadContext
lstrcpyA
SetErrorMode

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
SetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
LoadCursorA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
UnregisterClassA
GetMenuState
GetMenuItemID
GetSubMenu
SendMessageA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnhookWindowsHookEx
CloseDesktop
ClientToScreen
GetWindowRect
PostQuitMessage
CharNextW
GetParent
GetClientRect
PtInRect
GetDC
GetMenuItemCount
IsWindow
MapWindowPoints
DestroyMenu
GetWindow
SendMessageW
SetForegroundWindow
GetForegroundWindow
SetWindowPos
ShowWindow
GetWindowThreadProcessId
wsprintfW
DestroyWindow
PostMessageW
ExitWindowsEx
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
GetFocus

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetStockObject
SelectObject
DeleteObject
CreateBitmap
DeleteDC
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
ExtTextOutA
SaveDC
RestoreDC
SetMapMode
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyW
RegOpenUserClassesRoot
ImpersonateLoggedOnUser
RegOpenCurrentUser
GetLengthSid
GetKernelObjectSecurity
QueryServiceConfigW
IsValidSid
RevertToSelf
RegQueryValueExW
RegDeleteKeyW
StartServiceW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
CreateServiceW
OpenProcessToken
DeleteService
RegCreateKeyW
GetTokenInformation
RegCreateKeyExW
RegOpenKeyW
SetNamedSecurityInfoW
DuplicateTokenEx
GetNamedSecurityInfoW
ChangeServiceConfigW
SetEntriesInAclW
FreeSid
RegEnumKeyExW
RegSetValueExW
CreateWellKnownSid
LookupPrivilegeValueW
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
GetSecurityDescriptorDacl
RegQueryInfoKeyW
CreateProcessAsUserW
SetTokenInformation
ConvertSidToStringSidW
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ControlService
QueryServiceStatus
AllocateAndInitializeSid
EqualSid
RegEnumValueW
OpenServiceW
GetUserNameW
OpenSCManagerW

shell32

SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
ord680
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemRealloc

oleaut32

VariantChangeType
VariantInit
SysAllocString
VariantClear
SysFreeString
VarUI4FromStr

shlwapi

PathRemoveArgsW
PathIsDirectoryW
PathRemoveFileSpecW
PathAddBackslashW
PathIsRelativeW
PathFindFileNameW
PathRemoveBlanksW
PathFileExistsW
PathAppendW
PathUnquoteSpacesW
PathRemoveBackslashW
SHGetValueW
SHSetValueW
PathRemoveExtensionW
StrStrIW
SHDeleteKeyW
PathRenameExtensionW
PathCombineW
PathAddExtensionW

winhttp

WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpWriteData
WinHttpSetOption

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

ws2_32

htonl

oleacc

CreateStdAccessibleObject
LresultFromObject

Exports

Exports

GetFileProgress
Install
Uninstall

Sections

.text
Size: 778KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

02:a1:c9:34:23:c3:ae:0b:f0:85:09:7c:e5:b5:06:17:b5:8f:a1:6eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 628KB

.rsrc Size: 146KB - Virtual size: 146KB

.reloc Size: 4KB - Virtual size: 4KB

ee8f889571f603697f1ffd57de797f37

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e4:dd:04:66:1b:38:5d:c1:fc:39:a9:95:0c:64:e5:77:64:06:64:94Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

wtsapi32

psapi

version

iphlpapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

userenv

rpcrt4

ws2_32

oleacc

Exports

Exports

Sections

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

02:a1:c9:34:23:c3:ae:0b:f0:85:09:7c:e5:b5:06:17:b5:8f:a1:6e
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 628KB

.rsrc
Size: 146KB - Virtual size: 146KB

.reloc
Size: 4KB - Virtual size: 4KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

5f:ae:e9:e8:3f:32:94:8f:3b:20:40:ac:6d:f0:14:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e4:dd:04:66:1b:38:5d:c1:fc:39:a9:95:0c:64:e5:77:64:06:64:94
Signer

.text
Size: 778KB - Virtual size: 778KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 31KB - Virtual size: 60KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 69KB - Virtual size: 68KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B