358235434e9a50a503cf8554e44aeb6d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

358235434e9a50a503cf8554e44aeb6d_JaffaCakes118
Size

2.0MB
MD5

358235434e9a50a503cf8554e44aeb6d
SHA1

9759b0ca26dc12794b2f8a2c10cc0a1532d20369
SHA256

507b539bb8d8d8e9a829246d7a66c3a9d7577bab9d221d759bf4ecf01e10405e
SHA512

c1dee37f2d0ffb2c6956fd3f7d122c91d085f9b931a81ec6526f2fa8d961846bc4e69bb2f8f08a3c4a2a4dc63d4537ea17b96a6602d673725a1565f8d501e65a
SSDEEP

49152:H8ulp8JQPIFz41BR3bbpePvcdNKEBOZ8VcjbDhYRtWaETOZ8DMuL:H8ulp8JQPC41BR3MsNKEcZ8VOscaq

Score

1^/10

Malware Config

Signatures

Files

358235434e9a50a503cf8554e44aeb6d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12-02-2015 00:59

Not After

12-02-2017 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Src/_btn_close.png
.png
$PLUGINSDIR/Src/bg.png
.png
$PLUGINSDIR/Src/bg_animation.png
.png
$PLUGINSDIR/Src/bg_complete.png
.png
$PLUGINSDIR/Src/bg_install.png
.png
$PLUGINSDIR/Src/bg_uninstall.png
.png
$PLUGINSDIR/Src/bg_uninstall_ac.png
.png
$PLUGINSDIR/Src/bg_uninstall_acc.png
.png
$PLUGINSDIR/Src/bg_uninstall_logo.png
.png
$PLUGINSDIR/Src/btn_blue_180_50.png
.png
$PLUGINSDIR/Src/btn_blue_90_30.png
.png
$PLUGINSDIR/Src/btn_gray_70_30.png
.png
$PLUGINSDIR/Src/btn_login_close.png
.png
$PLUGINSDIR/Src/btn_login_min.png
.png
$PLUGINSDIR/Src/btn_white_90_30.png
.png
$PLUGINSDIR/Src/checkbox_blue.png
.png
$PLUGINSDIR/Src/checkbox_white.png
.png
$PLUGINSDIR/Src/dot_down.png
.png
$PLUGINSDIR/Src/dot_up.png
.png
$PLUGINSDIR/Src/frameborder.png
.png
$PLUGINSDIR/Src/ic_info_46.png
.png
$PLUGINSDIR/Src/menu_bk.png
.png
$PLUGINSDIR/Src/menu_select_bkg.png
.png
$PLUGINSDIR/Src/menu_seperator.png
.png
$PLUGINSDIR/Src/messagebox.png
.png
$PLUGINSDIR/Src/messageboxLogo1.png
.png
$PLUGINSDIR/Src/prograssbar_gray.png
.png
$PLUGINSDIR/Src/prograssbar_white.png
.png
$PLUGINSDIR/Src/triangle.png
.png
$PLUGINSDIR/Src/tu1.png
.png
$PLUGINSDIR/Src/tu2.png
.png
$PLUGINSDIR/Src/tu3.png
.png
$PLUGINSDIR/Src/tu4.png
.png
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27-02-2012 00:00

Not After

26-02-2015 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13
Signer

Actual PE Digest

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/insthelper.dll
.dll windows:5 windows x86 arch:x86

d5e7215a478e7104adc0718c6756befa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12-02-2015 00:59

Not After

12-02-2017 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\clientci\workspace\ime_compile_3.3.2.1010_patch\Basic\Outputs\Release\insthelper.pdb

Imports

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

kernel32

MulDiv
GlobalReAlloc
SizeofResource
LockResource
FreeResource
LoadResource
FindResourceW
SetEnvironmentVariableA
ReadConsoleW
SetEndOfFile
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetFileType
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GlobalUnlock
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
CreateDirectoryW
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
LoadLibraryExW
ExitThread
CreateThread
HeapReAlloc
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetStringTypeW
EncodePointer
DeviceIoControl
GetSystemDirectoryW
WaitForMultipleObjects
DuplicateHandle
HeapAlloc
InterlockedIncrement
GetProcessHeap
HeapFree
InterlockedDecrement
FindClose
FindFirstFileW
WriteFile
CopyFileW
Sleep
ResetEvent
SystemTimeToFileTime
GetSystemTime
GetTempPathW
RemoveDirectoryW
MoveFileExW
QueryPerformanceCounter
GetFileAttributesW
GlobalLock
ReadFile
GetFileSize
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
SetLastError
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetTickCount
GetModuleHandleW
GetModuleFileNameA
MultiByteToWideChar
GetCurrentThreadId
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
GetModuleFileNameW
GetVersionExW
Process32NextW
TerminateProcess
OpenProcess
GetCurrentProcessId
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetLastError
CloseHandle
CreateProcessW
ExpandEnvironmentStringsW
lstrcpynW
GlobalAlloc
GetDiskFreeSpaceExW
OutputDebugStringW
GlobalFree
lstrcpyW
SetEvent
FileTimeToSystemTime
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteFileW
DecodePointer
CreateEventW

user32

GetCapture
IsWindow
SendMessageW
ShowWindow
UpdateWindow
SetRect
LoadImageW
GetSystemMetrics
PostMessageW
GetDlgItemTextW
SetDlgItemTextW
PostQuitMessage
DestroyWindow
GetWindowRect
MoveWindow
CallWindowProcW
SetWindowPos
SetWindowTextW
SetWindowLongW
ExitWindowsEx
LoadCursorW
FindWindowExW
GetDlgItem
GetWindowTextW
FindWindowA
SendMessageTimeoutW
GetWindowLongW
CallNextHookEx
GetClassInfoW
SetWindowsHookExW
CreateWindowExW
UnhookWindowsHookEx
DefWindowProcW
RegisterClassExW
RegisterWindowMessageW
GetClientRect
SetTimer
KillTimer
UnionRect
IntersectRect
InvalidateRect
IsRectEmpty
BeginPaint
GetDC
UpdateLayeredWindow
ReleaseDC
IsWindowVisible
EndPaint
CreateCaret
ShowCaret
HideCaret
SetCaretPos
SetCursor
SetFocus
ClientToScreen
WindowFromPoint
TrackMouseEvent
ScreenToClient
GetCursorPos
GetFocus
GetClassNameW
GetClassInfoExW
DrawIconEx
GetMenuState
GetSystemMenu
SetWindowPlacement
PtInRect
GetActiveWindow
OffsetRect
SetWindowRgn
IsZoomed
SystemParametersInfoW
GetMessageW
TranslateMessage
DrawTextW
GetCaretPos
GetSysColor
MapWindowPoints
GetWindow
GetParent
InflateRect
GetKeyState
GetDesktopWindow
ReleaseCapture
SetCapture
FillRect
EnableWindow
GetAncestor
DispatchMessageW

gdi32

SelectClipRgn
ExtSelectClipRgn
GetClipRgn
GetTextExtentPoint32W
GetObjectA
GetDeviceCaps
CombineRgn
ExtCreateRegion
StretchBlt
GetObjectW
Rectangle
GetTextMetricsW
SetBkColor
SetTextColor
CreatePen
CreateSolidBrush
GetStockObject
CreateRectRgn
SetBkMode
ExcludeClipRect
CreateDIBSection
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CreateFontIndirectW

advapi32

RegQueryValueExA
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ord165
ord171
SHCreateDirectoryExW

ole32

CreateStreamOnHGlobal
CLSIDFromString

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipGetImageWidth
GdipGetImageHeight
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipDisposeImage
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetWorldTransform
GdipGraphicsClear
GdipDrawImageRectI
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetSmoothingMode
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipCloneImage
GdipDrawImageRectRectI

msimg32

AlphaBlend

imm32

ImmUnlockIMC
ImmLockIMC
ImmGetDefaultIMEWnd
ImmAssociateContext
ImmGetContext
ImmReleaseContext

netapi32

Netbios

Exports

Exports

AbortInstall
CreateInstallWnd
DirLeave
ExitWork
GetCheckBoxStatus
GetTNFromPackageName
HideWindow
KillProcess
NewNsisWndProc
NotifyHostSetupStatus
UninstallWebAdapter
WriteMustRebootTag

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/reportsetup.dll
.dll windows:5 windows x86 arch:x86

6b40f801eb0752570519ea3605a7e15a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12-02-2015 00:59

Not After

12-02-2017 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\clientci\workspace\ime_compile_3.3.2.1010_patch\Basic\Outputs\Release\reportsetup.pdb

Imports

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenProcess
GetCurrentProcess
LocalFree
ExpandEnvironmentStringsW
LoadLibraryExW
GetVolumeInformationA
DeviceIoControl
WriteFile
GetFileAttributesW
ReadFile
FindClose
GetLocalTime
FindNextFileW
GetCurrentThreadId
SetEndOfFile
ReadConsoleW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
GetStdHandle
GetSystemDirectoryW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
AreFileApisANSI
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
SetLastError
GetModuleHandleExW
InterlockedExchange
GetCurrentProcessId
GetModuleHandleW
InitializeCriticalSection
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
CreateFileW
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
DeleteFileW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
GlobalAlloc
GlobalFree
lstrcpyW
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
HeapReAlloc
LockResource
SizeofResource
WritePrivateProfileStringW
GetPrivateProfileStringW
MultiByteToWideChar
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
SetErrorMode
CloseHandle
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
OutputDebugStringW
HeapFree
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetFileAttributesExW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetTickCount
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
EncodePointer
GetStringTypeW
IsDebuggerPresent
HeapAlloc

user32

SendMessageTimeoutW
FindWindowA
MessageBoxW
LoadImageW
IsWindow
DestroyWindow
DefWindowProcW
LoadCursorW
RegisterClassW
CreateWindowExW

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyExW
GetFileSecurityW
DuplicateToken
AccessCheck
MapGenericMask
RegEnumKeyExA
RegOpenKeyExA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegCloseKey
RegQueryValueExW

shell32

Shell_NotifyIconW
SHGetFolderPathW
ord165

ole32

CLSIDFromString
CoTaskMemFree

oleaut32

VariantClear

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW

winhttp

WinHttpWriteData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect

iphlpapi

GetAdaptersInfo

Exports

Exports

CheckPathValid
CheckSetupAccess
GetEnvironmentTN
Is_Win8_or_Later
NotifyMsg
RemoveFiles
RevertPendingDeletion
SetupActiveC
SetupSucC
TestSetupPCSuit
URLEncode
UnSetupActiveC
UnSetupSucC

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 1.1MB

.rsrc Size: 142KB - Virtual size: 142KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

d5e7215a478e7104adc0718c6756befa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 1.1MB

.rsrc
Size: 142KB - Virtual size: 142KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

.text
Size: 374KB - Virtual size: 374KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 13KB - Virtual size: 24KB

.rsrc
Size: 272KB - Virtual size: 272KB

.reloc
Size: 23KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

.text
Size: 225KB - Virtual size: 224KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 7KB - Virtual size: 16KB

.reloc
Size: 10KB - Virtual size: 10KB