3f93cc89d7ab4878f472d28e747eea5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f93cc89d7ab4878f472d28e747eea5e_JaffaCakes118
Size

17.0MB
MD5

3f93cc89d7ab4878f472d28e747eea5e
SHA1

4964b531982576b3487bd9b11791b7c6c3e6196f
SHA256

6f2eda2192e09d173d2b39b3fb22a97b2e55fea6779132fc83ec2915d0308f60
SHA512

6d78262926bb96f2d26324e51b6b95e0e1214786a14aad328584e6085b3070d69322094f575996482ec208f1ddc3f1709c3a2a967f5e17ef856e9634bbdf6f5f
SSDEEP

393216:jGCz79E7BztsUDjFjYOfG2XbAOEAFIixO3gpcWNSSphwK4Ioy:jGCzhE7BRsUDj5Ycbb6AFnsgp7SSbh4q

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Itrade-Pro/MSJavaVM_3810.exe
unpack001/Itrade-Pro/iTradePro.exe
unpack002/$PLUGINSDIR/NSISArray.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/fpinstall.dll
unpack002/$PLUGINSDIR/nsExec.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/Itrade-Pro/install_flash_player_10_active_x.exe	nsis_installer_1

Files

3f93cc89d7ab4878f472d28e747eea5e_JaffaCakes118
.zip
Itrade-Pro/Itrade-Pro.lnk
.lnk
Itrade-Pro/MSJavaVM_3810.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Itrade-Pro/Settings.reg
Itrade-Pro/TVSI.ico
Itrade-Pro/Thumbs.db
Itrade-Pro/iTradePro.exe
.exe windows:4 windows x86 arch:x86

bc5ce990cf54f8d435a68eb97512f73e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Itrade-Pro/info.txt
Itrade-Pro/install_flash_player_10_active_x.exe
.exe windows:4 windows x86 arch:x86

8f26fcd857d64db1a0ee4f8bdb240223

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/11/2007, 00:00

Not After

10/12/2008, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:87:03:58:51:52:e3:ae:d4:40:3e:5c:30:f1:3f:34:2e:b0:29:89
Signer

Actual PE Digest

48:87:03:58:51:52:e3:ae:d4:40:3e:5c:30:f1:3f:34:2e:b0:29:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISArray.dll
.dll windows:4 windows x86 arch:x86

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
lstrcmpiA
lstrcmpA
lstrcatA
GlobalAlloc

user32

MessageBoxA
SendMessageA
wsprintfA
GetDlgItem
FindWindowExA
DialogBoxParamA
EnableWindow
SetWindowTextA
EndDialog
RedrawWindow
CharLowerA

Exports

Exports

ArrayCount
ArrayExists
Clear
Concat
Copy
Cut
Debug
Delete
ErrorStyle
Exists
ExistsI
FreeUnusedMem
Join
New
Pop
Push
Put
ReDim
Read
ReadToStack
Reverse
Search
SearchI
SetSize
Shift
SizeOf
Sort
Splice
Swap
Unload
Unshift
Write
WriteList
WriteListC

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/fpinstall.dll
.dll windows:4 windows x86 arch:x86

4bb7026bcfe942cdf23b6f661ad54f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
OpenProcess
GetVersionExA
FormatMessageA
GetLastError
SetFileAttributesA
GetFileAttributesA
GetCurrentProcess
TerminateProcess
CloseHandle
lstrlenA
lstrcpyA
GlobalAlloc
lstrcpynA
LoadLibraryA
GlobalFree

user32

MessageBoxA

advapi32

GetTokenInformation
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken

Exports

Exports

_ChangeRegKeyDACL
_FindProcess
_KillProcess
_ObjectExistsAndIsOwnedBySomeoneElse
_RecursiveRegLockUnlock
_Unload
_UnlockControl

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

238a16a49edf3ab59e2f8c89449c9af7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GlobalLock
DeleteFileA
TerminateProcess
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CloseHandle
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetCommandLineA
Sleep
lstrcmpiA
GetExitCodeProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flash10a.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

b96e6cdd3ac5ae1b1f74aaa2a517f3af

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/11/2007, 00:00

Not After

10/12/2008, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c3:96:c4:3e:d2:33:21:6d:68:6d:3e:9b:fa:03:ec:cd:ab:f9:dc:23
Signer

Actual PE Digest

c3:96:c4:3e:d2:33:21:6d:68:6d:3e:9b:fa:03:ec:cd:ab:f9:dc:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer10_DotReleases\platform\win32\obj\Flash5AX\Release\Flash.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winmm

waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInGetNumDevs
waveOutGetDevCapsA
waveOutUnprepareHeader
waveOutGetNumDevs
waveOutOpen
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveOutGetPosition
timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetTime
waveOutPrepareHeader
waveOutWrite
waveOutClose
waveOutReset
timeGetDevCaps
waveInGetDevCapsA
timeEndPeriod

wininet

HttpSendRequestA
InternetOpenA
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetCloseHandle

crypt32

CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore
CryptVerifyMessageSignature

rpcrt4

UuidToStringA
RpcStringFreeA

oleaut32

OleCreatePropertyFrame
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocStringLen
SysStringLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SafeArrayDestroy
VarBstrCat
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayLock
SafeArrayCreateVector

kernel32

LocalFree
LocalAlloc
SetFileAttributesA
GetFileAttributesA
CreateMutexA
FreeLibrary
GetModuleFileNameA
MulDiv
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetCurrentThreadId
OutputDebugStringA
SetLastError
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
SetErrorMode
GetTickCount
LCMapStringA
LCMapStringW
CreateProcessA
TlsAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
WaitForSingleObject
SetWaitableTimer
CreateThread
CreateWaitableTimerA
GetProcessTimes
GetCurrentProcessId
GlobalSize
GetTempFileNameW
GetSystemDefaultLangID
MoveFileA
DeleteFileA
GetSystemInfo
GetUserDefaultLangID
CreateFileA
ExitThread
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetCurrentProcess
FindResourceExA
FindResourceExW
GetFileAttributesW
SetUnhandledExceptionFilter
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
CreateDirectoryA
CreateFileW
GetCurrentDirectoryA
GetTempFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SetCurrentDirectoryA
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExA
RemoveDirectoryA
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
lstrcpyA
IsDBCSLeadByteEx
VirtualProtectEx
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
VirtualProtect
CreateSemaphoreA
ReleaseSemaphore
IsProcessorFeaturePresent
GetCommandLineA
UnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
IsDebuggerPresent
HeapCreate
LockResource
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
FlushInstructionCache
lstrcmpiA
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress
GlobalAlloc
GetLocaleInfoA
GetVersionExA
lstrlenW
lstrlenA
RaiseException
WideCharToMultiByte
GlobalFree
GetCurrentThread
SetThreadAffinityMask
VirtualQuery
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
ResetEvent
CreateEventA
CloseHandle
WaitForMultipleObjects
SetEvent
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
IsValidCodePage
GetOEMCP
RtlUnwind
HeapDestroy
HeapReAlloc
ExitProcess

user32

IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowThreadProcessId
PeekMessageA
WaitForInputIdle
GetForegroundWindow
TranslateMessage
DispatchMessageA
DialogBoxParamW
DialogBoxParamA
RedrawWindow
DialogBoxIndirectParamW
DialogBoxIndirectParamA
EndDialog
GetDesktopWindow
LoadIconA
SendMessageA
GetDlgItem
SetWindowTextA
GetMenuItemCount
InsertMenuItemW
GetClipboardFormatNameA
RegisterClipboardFormatA
GetParent
IsChild
PtInRect
BeginPaint
EndPaint
SystemParametersInfoA
GetMenuItemID
DeleteMenu
InsertMenuItemA
GetMenuItemInfoA
TrackPopupMenu
KillTimer
SetTimer
UpdateWindow
RegisterClassA
GetWindowRect
MapVirtualKeyA
GetKeyState
GetFocus
ReleaseCapture
GetSystemMetrics
EnumDisplaySettingsA
GetCapture
LoadMenuA
GetSubMenu
DestroyMenu
SetCursor
WindowFromPoint
GetCursorPos
ScreenToClient
GetClientRect
MessageBoxA
LoadStringA
SetCapture
IsWindow
DestroyWindow
EnableMenuItem
CheckMenuItem
SetFocus
GetWindowInfo
CopyRect
SendInput
GetKeyboardLayout
FillRect
UnregisterClassA
CreateWindowExA
RegisterClassExA
InvalidateRect
DefWindowProcA
UnionRect
CallWindowProcA
IntersectRect
EqualRect
SetWindowRgn
SetWindowPos
GetDC
ReleaseDC
GetClassInfoExA
ShowWindow
GetWindowLongA
SetWindowLongA
CharNextW
CharNextA
ClientToScreen
GetMonitorInfoA
OffsetRect
SetRect
MonitorFromWindow
GetTopWindow
GetDoubleClickTime
EnumWindows
PostMessageA
IsWindowEnabled
GetWindow
GetClassNameA
GetWindowTextW
GetWindowTextA
LoadCursorA

gdi32

CreateMetaFileA
GetObjectA
CreateDIBSection
DeleteObject
GetDIBits
CreateCompatibleBitmap
SetWindowOrgEx
SelectObject
SelectPalette
RealizePalette
ExtTextOutA
SetBkColor
CreateSolidBrush
StretchBlt
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
SetTextAlign
TextOutA
BitBlt
StartPage
SetStretchBltMode
GetStretchBltMode
Rectangle
GetStockObject
StretchDIBits
SetViewportOrgEx
EndPage
GetClipBox
GetSystemPaletteEntries
GetObjectType
GetICMProfileA
CreateDCA
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesA
SetBkMode
IntersectClipRect
SelectClipRgn
ExtTextOutW
SetTextColor
GetClipRgn
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
GetBkColor
CreateFontIndirectW
SetWorldTransform
SetGraphicsMode
GetWorldTransform
SetTextCharacterExtra
CreatePen
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
GetTextExtentPoint32A
CreatePalette
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
SetPolyFillMode
SaveDC
BeginPath
MoveToEx
EndPath
LineTo
PolyBezierTo
SelectClipPath
RestoreDC
GdiFlush
CreateCompatibleDC
DeleteDC
GetPixel
GetFontData
LPtoDP
EnumFontFamiliesExW
GetDeviceCaps

comdlg32

CommDlgExtendedError
GetSaveFileNameA
PrintDlgA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHAppBarMessage

ole32

OleRegGetMiscStatus
CreateDataAdviseHolder
CoCreateInstance
StringFromGUID2
OleLoadFromStream
OleRegGetUserType
OleSaveToStream
CoInitialize
ReleaseStgMedium
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
OleRegEnumVerbs
CreateOleAdviseHolder
CoTaskMemRealloc
CoTaskMemFree
WriteClassStm
CreateBindCtx
OleUninitialize
OleSetClipboard
CoUninitialize
CoRegisterMessageFilter
CoTaskMemAlloc
OleInitialize

shlwapi

SHDeleteKeyA

urlmon

HlinkSimpleNavigateToMoniker
RegisterBindStatusCallback
CreateURLMoniker
CopyStgMedium

mscms

DeleteColorTransform
CloseColorProfile
CreateColorTransformW
OpenColorProfileA
TranslateBitmapBits

ws2_32

getservbyname
htons
gethostbyaddr
getservbyport
WSASetLastError
setsockopt
connect
recvfrom
sendto
WSAAddressToStringA
gethostname
select
ioctlsocket
ntohl
htonl
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACleanup
closesocket
WSAGetLastError
WSAIoctl
WSAAsyncSelect
socket
WSASocketA
WSAStartup
recv
send
bind
ntohs
getsockname
inet_addr
inet_ntoa
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 514KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 961KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashUtil10a.exe
.exe windows:5 windows x86 arch:x86

9f1a0e4c5dd3045d038d3e28066881dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/11/2007, 00:00

Not After

10/12/2008, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d2:76:e3:7c:d3:5f:7d:8c:53:df:b6:23:06:d7:23:f3:4e:b2:b3:8f
Signer

Actual PE Digest

d2:76:e3:7c:d3:5f:7d:8c:53:df:b6:23:06:d7:23:f3:4e:b2:b3:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA

crypt32

CertFreeCertificateContext
CertCreateCertificateContext
CryptVerifyMessageSignature
CertCloseStore
CryptGetMessageCertificates
CertVerifySubjectCertificateContext
CertFindCertificateInStore

shlwapi

SHDeleteKeyA

kernel32

IsValidCodePage
GetOEMCP
GetLastError
CreateMutexA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetTempPathA
WriteFile
FormatMessageA
_lclose
_lread
OpenFile
GetSystemDirectoryA
SetThreadLocale
GetSystemDefaultLangID
LocalFree
LocalAlloc
GetCurrentProcess
CreateThread
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
GetTickCount
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetACP
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
CreateFileW
SetFilePointer
SetFileAttributesA
InterlockedIncrement
MapViewOfFile
CreateFileMappingA
CreateProcessA
FindClose
ExitProcess
GetCommandLineA
GetCPInfo
IsDebuggerPresent
TerminateProcess
HeapSize
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
HeapAlloc
HeapFree
GetStartupInfoA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InterlockedDecrement
RtlUnwind

user32

WaitForInputIdle
SystemParametersInfoA
GetForegroundWindow
LoadImageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
LoadCursorA
RegisterClassExA
DefWindowProcA
CreateDialogParamA
SetWindowTextA
CharNextA
CreateWindowExA
GetDlgItem
SetWindowLongA
MessageBoxA
LoadBitmapA
LoadStringA
DialogBoxParamA
EndDialog
GetParent
GetDesktopWindow
GetWindowRect
SetWindowPos
PostMessageA
ShowWindow
SendMessageA
DestroyWindow
PostQuitMessage
DdeInitializeA
DdeDisconnect
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
ScreenToClient
GetWindowLongA

gdi32

DeleteObject

advapi32

RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA

ole32

CoRegisterClassObject
CoUninitialize
CoInitialize
CoRevokeClassObject

oleaut32

DispGetIDsOfNames
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
SysAllocString
DispInvoke
SafeArrayDestroy

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall_activeX.exe.nsis
Itrade-Pro/setup.bat
Itrade-Pro/turn_off_sun.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

1494de9b53e05fc1f40cb92afbdd6ce4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 4.8MB - Virtual size: 4.8MB

bc5ce990cf54f8d435a68eb97512f73e

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

.text Size: 78KB - Virtual size: 80KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 16KB

8f26fcd857d64db1a0ee4f8bdb240223

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6dCertificate

Extended Key Usages

Key Usages

48:87:03:58:51:52:e3:ae:d4:40:3e:5c:30:f1:3f:34:2e:b0:29:89Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 114KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 43KB - Virtual size: 43KB

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 4.8MB - Virtual size: 4.8MB

.text
Size: 78KB - Virtual size: 80KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6d
Certificate

48:87:03:58:51:52:e3:ae:d4:40:3e:5c:30:f1:3f:34:2e:b0:29:89
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 114KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 43KB - Virtual size: 43KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 432B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 1024B - Virtual size: 573B

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 512B - Virtual size: 45B

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 466B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 362B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate