378f6231a3861c64f645f4c70f19ae56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

378f6231a3861c64f645f4c70f19ae56_JaffaCakes118
Size

738KB
MD5

378f6231a3861c64f645f4c70f19ae56
SHA1

d3f8ebd5caed27594427ad63271ea444b6322fa0
SHA256

0ed1bd3025767409a676e53f1bc0582ce34ec34d5a55ed229511dbebf8da8bfb
SHA512

34b7f22a469ea1e02603c7a8615f5e9e1a195d924ddf1ddb8285e2ca5e9d57a73c627ee621f586fdf93433fec6c5793cfe134f4e2fb327c551b2821c93990421
SSDEEP

12288:JMeANxp9pUZB9WIz6jb4FUcDgPs/FyArqbP0ErbcZfcuJdYK1pr5TuFKgoB2Jx59:eY39WIOP4FUnPAFyAub5rb8kUdYSFKo8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iteSql.dll

Files

378f6231a3861c64f645f4c70f19ae56_JaffaCakes118
.zip
ChromeHistory.exe
.exe windows:4 windows x86 arch:x86

6859b19dd8c26afee15b1a41b43bae6b

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/12/2016, 00:00

Not After

21/12/2017, 23:59

Subject

CN=Aco Sterjov,O=Aco Sterjov,POSTALCODE=2000,STREET=5-ti Kongres 22,L=Stip,ST=MK,C=MK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:70:fc:36:64:81:49:f1:6a:d8:7b:a5:18:18:7c:03:f2:72:79:5e
Signer

Actual PE Digest

ee:70:fc:36:64:81:49:f1:6a:d8:7b:a5:18:18:7c:03:f2:72:79:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFpCDblR8
__vbaRaiseEvent
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaStrDate
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaLenBstrB
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
ord300
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord306
ord520
__vbaVarTstLt
__vbaFpR8
_CIsin
ord631
__vbaErase
ord525
__vbaVarZero
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
ord561
__vbaObjVar
__vbaI2I4
__vbaPrintObj
DllFunctionCall
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
ord601
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
ord710
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
ord644
ord537
ord645
ord538
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaVar2Vec
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaForEachAry
__vbaVarAdd
__vbaAryLock
__vbaLateMemCall
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
ord616
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaRecDestructAnsi
ord617
__vbaLateMemCallLd
_CIatan
ord618
__vbaUI1Str
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
License Agreement.txt
comctl32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9f4eeeed94bcb87f80c399b50c3933cf

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:9d:55:50:f4:a4:8c:f5:c0:2d:82:95:57:18:39:1d:aa:eb:6d:ce
Signer

Actual PE Digest

6c:9d:55:50:f4:a4:8c:f5:c0:2d:82:95:57:18:39:1d:aa:eb:6d:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
ord16
ord17
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_Remove

kernel32

lstrcmpA
GetProcAddress
GlobalSize
CloseHandle
GetFileSize
ReadFile
lstrcmpiA
IsDBCSLeadByte
lstrcmpiW
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
GetLastError
GetLocaleInfoA
OpenFile
MultiByteToWideChar
lstrcatA
DisableThreadLibraryCalls
GetVersion
GetProcessHeap
GetDateFormatA
GetLocalTime
GetTimeFormatA
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryA
GlobalUnlock
GlobalAlloc
GlobalLock
CompareStringA
GlobalFree
GetVersionExA
lstrlenA
lstrcpyA
IsBadReadPtr
HeapReAlloc
lstrcpynA
IsBadWritePtr
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
InterlockedIncrement
HeapAlloc
lstrlenW
LeaveCriticalSection
EnterCriticalSection

user32

IsWindowVisible
EndPaint
BeginPaint
MoveWindow
ScrollWindowEx
CharUpperA
IntersectRect
MessageBeep
SetCursor
EndDialog
RedrawWindow
GetMessagePos
CreateAcceleratorTableA
VkKeyScanA
PeekMessageA
PeekMessageW
SetWindowRgn
RegisterWindowMessageA
RegisterClipboardFormatA
SetCursorPos
OffsetRect
EqualRect
IsChild
GetWindowTextA
SetCapture
GetCursorPos
ScreenToClient
PostMessageA
DrawEdge
GetSysColor
wsprintfA
FillRect
InflateRect
DrawTextA
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetParent
GetAsyncKeyState
SetWindowLongA
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetActiveWindow
CreateDialogIndirectParamA
IsDialogMessageA
GetNextDlgTabItem
GetWindow
CharNextA
SetParent
InvalidateRect
UpdateWindow
UnregisterClassA
MessageBoxA
SetWindowsHookExA
SetTimer
KillTimer
CheckRadioButton
CallNextHookEx
SetActiveWindow
DestroyIcon
SetFocus
DrawIcon
UnionRect
DialogBoxParamA
PtInRect
LoadCursorA
GetWindowDC
SetRect
IsRectEmpty
GetDC
ReleaseDC
GetClipboardFormatNameA
ClientToScreen
PostMessageW
FrameRect
GetClientRect
CallWindowProcA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
LoadIconA
GetSystemMetrics
CopyImage
MapDialogRect
GetWindowLongA
SetWindowPos
GetFocus
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
LoadStringA
DefWindowProcA
SendMessageA
ShowWindow
WinHelpA
UnhookWindowsHookEx

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CreateOleAdviseHolder
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
DoDragDrop
ReleaseStgMedium
OleLoadFromStream
OleSaveToStream

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayRedim
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
VariantCopy
GetErrorInfo
OleCreateFontIndirect
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
LoadRegTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreatePictureIndirect
VariantCopyInd
OleTranslateColor
VariantChangeType
SysFreeString
SysStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

GetNearestColor
CreatePalette
LPtoDP
GetWindowExtEx
GetBitmapBits
TextOutA
CreateDIBitmap
RealizePalette
GetViewportExtEx
SelectPalette
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
CreateICA
CopyMetaFileA
StretchBlt
Rectangle
GetObjectA
SetBkColor
CreateDCA
CreateRectRgn
SetViewportOrgEx
SetWindowOrgEx
DeleteObject
SetWindowExtEx
SetMapMode
SetViewportExtEx
CreateSolidBrush
GetDeviceCaps
SelectObject
ExcludeClipRect
GetClipRgn
SelectClipRgn
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
PatBlt
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateBitmap
GetStockObject
GetTextExtentPoint32A

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iteSql.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ite__bind_blob
ite__bind_double
ite__bind_int
ite__bind_text
ite__changes
ite__close
ite__column_blob
ite__column_bytes
ite__column_count
ite__column_decltype
ite__column_double
ite__column_int
ite__column_name
ite__column_text
ite__column_type
ite__data_count
ite__errcode
ite__errmsg
ite__exec
ite__finalize
ite__free_table
ite__get_data
ite__get_table
ite__last_insert_rowid
ite__libversion
ite__open
ite__prepare
ite__reset
ite__step
ite__total_changes

Sections

CODE
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
resources.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fb251c24262a8ced6d830dfdfd26b0fc

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/12/2016, 00:00

Not After

21/12/2017, 23:59

Subject

CN=Aco Sterjov,O=Aco Sterjov,POSTALCODE=2000,STREET=5-ti Kongres 22,L=Stip,ST=MK,C=MK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:4b:59:87:60:b6:8a:0f:3f:6d:fd:f5:41:18:f9:99:2c:ba:f0:b9
Signer

Actual PE Digest

df:4b:59:87:60:b6:8a:0f:3f:6d:fd:f5:41:18:f9:99:2c:ba:f0:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
_CIatan
_allmul
_CItan
_CIexp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6859b19dd8c26afee15b1a41b43bae6b

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2bCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

ee:70:fc:36:64:81:49:f1:6a:d8:7b:a5:18:18:7c:03:f2:72:79:5eSigner

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 180KB - Virtual size: 177KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 40KB - Virtual size: 38KB

9f4eeeed94bcb87f80c399b50c3933cf

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

6c:9d:55:50:f4:a4:8c:f5:c0:2d:82:95:57:18:39:1d:aa:eb:6d:ceSigner

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 329KB - Virtual size: 328KB

.data Size: 7KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 12B

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 25KB - Virtual size: 25KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 265KB - Virtual size: 264KB

DATA Size: 31KB - Virtual size: 30KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 1024B - Virtual size: 808B

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 3KB

fb251c24262a8ced6d830dfdfd26b0fc

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2bCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

ee:70:fc:36:64:81:49:f1:6a:d8:7b:a5:18:18:7c:03:f2:72:79:5e
Signer

.text
Size: 180KB - Virtual size: 177KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 40KB - Virtual size: 38KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

6c:9d:55:50:f4:a4:8c:f5:c0:2d:82:95:57:18:39:1d:aa:eb:6d:ce
Signer

.text
Size: 329KB - Virtual size: 328KB

.data
Size: 7KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 12B

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 25KB - Virtual size: 25KB

CODE
Size: 265KB - Virtual size: 264KB

DATA
Size: 31KB - Virtual size: 30KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 808B

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 3KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

e8:91:fe:fd:41:85:e4:81:26:06:ba:03:b4:17:5b:2b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

df:4b:59:87:60:b6:8a:0f:3f:6d:fd:f5:41:18:f9:99:2c:ba:f0:b9
Signer

.text
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 776B

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 270B