42f27ec6ce120717dfcaf3c65c478c0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42f27ec6ce120717dfcaf3c65c478c0d_JaffaCakes118
Size

3.9MB
MD5

42f27ec6ce120717dfcaf3c65c478c0d
SHA1

1b9317e95991b00a07d40f8419ca50969d127a4e
SHA256

1774f347a26e15fd4b46fae2ef1f9363d36e22a6ff5d32a5117ee4f0cba0cd11
SHA512

2ff38b7d754d4af9a6d1c4d387eb1026a9655dd5ec71091204269b10676e4a1323270f5a671d145b1f711a7251058b3d452547cbce1ea018d40abe783fa15bd4
SSDEEP

98304:fo1zwhqWEEsttfueazao092xGIqDriLFJutkXi:Q1zJxmtxGpQk

Score

1^/10

Malware Config

Signatures

Files

42f27ec6ce120717dfcaf3c65c478c0d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

500394908f77ab18783e9909d076b0c3

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:dc:1d:04:0c:11:b4:e8:c9:2f:86:24:1b:8b:8b:1f:ae:c5:e3:88
Signer

Actual PE Digest

48:dc:1d:04:0c:11:b4:e8:c9:2f:86:24:1b:8b:8b:1f:ae:c5:e3:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\OneKeyRoot\trunk\360MM\bin\Release\360Root.pdb

Imports

setupapi

CM_Reenumerate_DevNode
CM_Locate_DevNodeW
CM_Get_Child
CM_Get_Device_IDW
SetupDiGetDeviceInterfaceDetailW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupIterateCabinetW
CM_Get_Parent
CM_Get_Sibling
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CMP_WaitNoPendingInstallEvents

kernel32

GetVersionExW
TerminateThread
WaitForMultipleObjects
CreateFileA
GetTempPathW
ResetEvent
CreateProcessW
GetFileAttributesA
PeekNamedPipe
CreateProcessA
SetHandleInformation
CreatePipe
OutputDebugStringA
WinExec
SetCurrentDirectoryW
GetCurrentDirectoryW
MoveFileW
SetProcessWorkingSetSize
OpenProcess
GetSystemInfo
GetModuleHandleA
CreateThread
GetStartupInfoW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
GetFileSizeEx
LocalFree
MoveFileExW
CreateMutexW
lstrcpynA
HeapFree
HeapAlloc
GetProcessHeap
RemoveDirectoryW
lstrcmpiA
GlobalAlloc
GlobalFree
GetFileAttributesExW
GlobalLock
GlobalUnlock
SetFilePointer
GetNumberOfConsoleInputEvents
PeekConsoleInputA
SetConsoleMode
ReadConsoleInputA
SetFileAttributesA
AddAtomW
CreateEventW
CreateFiber
QueueUserWorkItem
ConvertThreadToFiber
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
GetEnvironmentStrings
FreeEnvironmentStringsA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetFileTime
FindNextFileA
GetFileInformationByHandle
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
CreateDirectoryA
GetOverlappedResult
GetThreadLocale
CreateSemaphoreW
ReleaseSemaphore
SetThreadPriority
DeleteFileA
AreFileApisANSI
GetTempPathA
GetVersionExA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LockFileEx
LockFile
UnlockFile
GetFullPathNameA
GlobalSize
InterlockedCompareExchange
TlsSetValue
TlsAlloc
GetExitCodeProcess
DeleteAtom
TlsFree
DuplicateHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
lstrcmpiW
SwitchToFiber
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
VirtualAlloc
VirtualFree
GetFileAttributesW
SetFileAttributesW
FindFirstFileW
GetFullPathNameW
SetLastError
FindClose
FindNextFileW
lstrcpyW
GetWindowsDirectoryW
CopyFileW
GetTickCount
DeleteFileW
ReleaseMutex
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetSystemDirectoryW
DeviceIoControl
lstrlenW
WideCharToMultiByte
CreateDirectoryW
Sleep
SetEvent
CreateEventA
WaitForSingleObject
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetFileSize
ReadFile
lstrlenA
MultiByteToWideChar
SetUnhandledExceptionFilter
ExitProcess
ExpandEnvironmentStringsW
GetLocalTime
GetModuleFileNameW
OutputDebugStringW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FreeResource
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
IsBadReadPtr
VirtualProtect
GetLastError
FreeLibrary
TlsGetValue
GetSystemTime
FormatMessageW
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
HeapSize
HeapReAlloc
HeapDestroy
WritePrivateProfileStringW
FindAtomW
WriteFile
VirtualQuery
FormatMessageA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
UnmapViewOfFile
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
CreateFileMappingW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
LCMapStringA
GetStdHandle
FatalAppExitA
HeapCreate
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetAtomNameW
GetCurrentThread
GetCPInfo
MoveFileA
ResumeThread
ExitThread
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetLongPathNameW
ConnectNamedPipe
CreateNamedPipeW
CancelIo
GetProcessId
Thread32Next
Thread32First
SuspendThread
CreateWaitableTimerW
SetWaitableTimer
MapViewOfFile
OpenThread

user32

FindWindowExW
SetTimer
KillTimer
wsprintfW
RegisterWindowMessageW
ReleaseDC
GetDC
MessageBoxA
ExitWindowsEx
SendMessageTimeoutW
MessageBoxW
ShowWindow
CreateWindowExW
PostMessageW
IsWindow
FindWindowW
GetActiveWindow
SetWindowLongW
SetWindowTextW
DestroyMenu
GetMenuDefaultItem
SetActiveWindow
GetWindowLongW
EnableWindow
GetMenuItemID
GetMenuStringW
GetMenuItemCount
CreatePopupMenu
GetDlgCtrlID
BeginPaint
EndPaint
SystemParametersInfoW
GetWindowRect
LoadIconW
MoveWindow
InvalidateRect
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
PostThreadMessageW
GetProcessWindowStation
FindWindowA
GetWindowDC
MsgWaitForMultipleObjects
PeekMessageW
GetDesktopWindow
GetSystemMetrics
GetIconInfo
LoadImageW
DestroyIcon
GetWindow
GetWindowTextW
GetClassNameW
IsWindowEnabled
GetParent
GetWindowThreadProcessId
EnumThreadWindows
GetGUIThreadInfo
OpenDesktopW
SwitchDesktop
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
CreateDesktopW
DefWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DestroyWindow
GetKeyState
IsWindowVisible
SetWindowRgn
SetWindowPos
GetCursorPos
SendMessageW
UpdateWindow
RedrawWindow
SetPropA
GetPropA
SetWindowTextA
ClientToScreen
ScreenToClient
SetForegroundWindow

gdi32

CreateDIBSection
CreateSolidBrush
SetGraphicsMode
SetWorldTransform
PatBlt
GetObjectW
EnumFontFamiliesExW
CreateCompatibleDC
CreateDCA
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject
GetStockObject
SetBkMode
StretchBlt
GetDeviceCaps
SelectPalette
RealizePalette
CreateDCW
SelectObject
GetDIBits
GetDIBColorTable
GetObjectA
SetBitmapBits
GetTextExtentPoint32W
SetStretchBltMode
GetBitmapBits

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

StartServiceW
ReportEventA
DeregisterEventSource
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
CryptDestroyKey
CryptGenRandom
CryptContextAddRef
CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDecrypt
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegSetValueExA
BuildExplicitAccessWithNameW
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ControlService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
RegisterEventSourceA
QueryServiceConfigW
ChangeServiceConfigW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumValueW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CreateProcessAsUserW
SetTokenInformation
GetLengthSid

shell32

SHParseDisplayName
ord680
SHGetSpecialFolderPathA
SHGetFolderPathA
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetMalloc
SHGetDesktopFolder
ord18
SHAddToRecentDocs
ord155
SHGetFileInfoW
ExtractIconW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
ord165
ShellExecuteA
ExtractIconExW
SHFileOperationW
SHGetFolderPathW
SHGetPathFromIDListW

ole32

CoInitializeEx
CoUninitialize
GetHGlobalFromStream
CoCreateInstance
CreateStreamOnHGlobal
CoInitialize
CoCreateGuid
CoTaskMemAlloc
CreateBindCtx

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysStringLen
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SystemTimeToVariantTime

shlwapi

PathFindExtensionW
StrRStrIW
StrChrW
StrStrW
StrCpyW
StrStrNIW
PathFindExtensionA
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathRemoveFileSpecA
SHGetValueW
PathAppendA
PathFileExistsW
PathCombineW
PathFileExistsA
PathFindFileNameA
SHSetValueW
PathIsDirectoryW
PathIsDirectoryA
StrStrIA
PathCombineA
SHGetValueA
StrCmpNA
StrRChrA
PathRemoveBackslashW
StrCmpNIW
StrCmpNW
PathQuoteSpacesW
PathAddBackslashW
ord176
PathIsRootW
StrStrIW
PathBuildRootW
PathGetDriveNumberW
StrCmpIW
PathRemoveExtensionW

ws2_32

send
getsockopt
WSAGetLastError
connect
bind
ntohs
inet_addr
htons
setsockopt
recv
socket
WSAAsyncSelect
ntohl
accept
listen
shutdown
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
closesocket
ioctlsocket
WSAStartup
WSACleanup
inet_ntoa
gethostbyname
gethostname
htonl

wininet

HttpEndRequestW
InternetOpenA
HttpSendRequestA
InternetCloseHandle
InternetAttemptConnect
HttpOpenRequestA
HttpQueryInfoW
InternetSetStatusCallbackW
InternetWriteFile
InternetReadFile
HttpAddRequestHeadersA
FtpOpenFileA
InternetConnectA
HttpSendRequestExA
InternetGetConnectedState
DeleteUrlCacheEntryW
InternetSetCookieA

gdiplus

GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHICON
GdipDrawImageRectRect
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCloneImage
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipAlloc
GdipDeleteMatrix
GdipDeleteBrush
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateMatrix
GdipCloneBrush
GdipDrawImageRectI
GdipFillRectangleI
GdipSetWorldTransform
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipTranslateMatrix
GdipRotateMatrix
GdipDeleteGraphics

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

iphlpapi

GetAdaptersInfo
GetExtendedTcpTable

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW
CreateURLMoniker
RegisterBindStatusCallback

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

dbghelp

MakeSureDirectoryPathExists

psapi

GetModuleFileNameExW
GetModuleFileNameExA
EnumProcesses
EnumProcessModules

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SAPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SA?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SA?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SA?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

500394908f77ab18783e9909d076b0c3

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

48:dc:1d:04:0c:11:b4:e8:c9:2f:86:24:1b:8b:8b:1f:ae:c5:e3:88Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wininet

gdiplus

version

iphlpapi

urlmon

userenv

dbghelp

psapi

wintrust

crypt32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 567KB - Virtual size: 567KB

.data Size: 47KB - Virtual size: 396KB

.rsrc Size: 178KB - Virtual size: 178KB

.reloc Size: 141KB - Virtual size: 141KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

48:dc:1d:04:0c:11:b4:e8:c9:2f:86:24:1b:8b:8b:1f:ae:c5:e3:88
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 567KB - Virtual size: 567KB

.data
Size: 47KB - Virtual size: 396KB

.rsrc
Size: 178KB - Virtual size: 178KB

.reloc
Size: 141KB - Virtual size: 141KB