4e7c092015cf7b37ef31343238a2f6df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4e7c092015cf7b37ef31343238a2f6df_JaffaCakes118
Size

5.0MB
MD5

4e7c092015cf7b37ef31343238a2f6df
SHA1

1ab257439dee807de7e0be0b97f498b83414e1e1
SHA256

36a399650ad76525ae514c0bd1e83f19627951604408f10aab7344dc58d312ea
SHA512

95d9e0738af016a3f100c203d3aa5729f233e50826a1a0a34e99624db7c124275751b3e81aaf493befbdb7a7165d3319f9a82d408f3647e259b22194195b892d
SSDEEP

98304:WgvFS0OPM3lQCv9YkXnf8DWFMr5k+FfuqUOHMgLOj9zb0GnCen0H/:WAslEyCvGkXf8DWWr5k+FfuQ/O4kw/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

Files

4e7c092015cf7b37ef31343238a2f6df_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2015, 00:00

Not After

11/05/2016, 23:59

Subject

CN=MEIXIAN XIE,OU=Individual Developer,O=No Organization Affiliation,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:ce:b4:75:dc:71:42:08:fa:3f:15:ac:e5:34:f0:6d:24:9a:7d:44
Signer

Actual PE Digest

43:ce:b4:75:dc:71:42:08:fa:3f:15:ac:e5:34:f0:6d:24:9a:7d:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 980KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/InstallHelper.exe
.exe windows:5 windows x64 arch:x64

5ef1052ad8cbd6377104ef5d9aa5c22c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2015, 00:00

Not After

11/05/2016, 23:59

Subject

CN=MEIXIAN XIE,OU=Individual Developer,O=No Organization Affiliation,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:8b:7f:47:35:fc:8d:cf:84:a7:f5:b0:30:0d:1b:f9:15:8c:43:1d
Signer

Actual PE Digest

d9:8b:7f:47:35:fc:8d:cf:84:a7:f5:b0:30:0d:1b:f9:15:8c:43:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\calendar1.3.1\Release\x64\InstallHelper.pdb

Imports

kernel32

FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
ExpandEnvironmentStringsW
WriteFile
ReadFile
GetFileSize
CreateFileW
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetTempPathW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
ReleaseMutex
GetNativeSystemInfo
GlobalFree
GetExitCodeThread
CreateThread
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetCurrentThreadId
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetLogicalDrives
CreateFileMappingW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetVolumeInformationW
InitializeCriticalSection
LeaveCriticalSection
RaiseException
EnterCriticalSection
IsDebuggerPresent
DeleteCriticalSection
SetEndOfFile
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ProcessIdToSessionId
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
GetLocalTime
GetUserDefaultLangID
LoadLibraryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
WTSGetActiveConsoleSessionId
GetDateFormatW
GetTimeFormatW
GetCommandLineW
CloseHandle
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
MoveFileW
ExitProcess
CreateDirectoryW
LocalFree
FreeLibrary
GetModuleHandleW
GetProcAddress
OpenProcess
Sleep
GetModuleFileNameW
GetVersionExW
WideCharToMultiByte
AreFileApisANSI
MultiByteToWideChar
CreateMutexW
GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
LoadLibraryA
IsValidLocale
AddVectoredExceptionHandler
CreateEventW
HeapCreate
GetPrivateProfileIntW
Module32FirstW
VirtualProtect
Module32NextW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
GetCurrentThread
SetLastError
FlsFree
FlsSetValue
FlsGetValue
TlsAlloc
DecodePointer
MoveFileExW
DeleteFileW
EncodePointer
HeapSetInformation
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
GetCPInfo
ExitThread
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
lstrlenA
lstrlenW
InitializeCriticalSectionAndSpinCount
CopyFileW
GetModuleHandleExW
RemoveDirectoryW
VirtualQueryEx
ReadProcessMemory
GetFileSizeEx
GetPrivateProfileStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SwitchToThread

user32

wsprintfW
MessageBoxExW
FindWindowW
SendMessageW

advapi32

CheckTokenMembership
RevertToSelf
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
GetTokenInformation
RegCreateKeyExW
RegSetValueExW
DeleteService
RegDeleteValueW
CreateProcessAsUserW
AllocateAndInitializeSid
FreeSid
ControlService
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SetTokenInformation
DuplicateTokenEx

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
ord165
CommandLineToArgvW

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoTaskMemFree
OleRun
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shlwapi

PathStripPathW
PathGetDriveNumberW
SHDeleteKeyW
PathFindExtensionW
PathIsDirectoryW
PathIsURLW
StrStrIW
PathCombineW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathQuoteSpacesW
PathIsRootW
PathRemoveExtensionW
StrChrW
PathRemoveBackslashW
PathMatchSpecW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleInformation

wintrust

WinVerifyTrust

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

imm32

ImmDisableIME

wininet

InternetCheckConnectionW

winhttp

WinHttpOpen
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 848KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CalendarEntry.dll
.dll windows:5 windows x64 arch:x64

7334146ac88a31badd05bf18d3175125

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2015, 00:00

Not After

11/05/2016, 23:59

Subject

CN=MEIXIAN XIE,OU=Individual Developer,O=No Organization Affiliation,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:7b:91:79:b3:24:72:fc:b4:69:d5:00:61:d8:0b:fd:32:94:39:f0
Signer

Actual PE Digest

ff:7b:91:79:b3:24:72:fc:b4:69:d5:00:61:d8:0b:fd:32:94:39:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\calendar1.3.1\Release\x64\CalendarEntry.pdb

Imports

kernel32

GetLastError
VerifyVersionInfoW
GetModuleFileNameW
GetVersionExW
InitializeCriticalSection
GetProcessHeap
GetCurrentThreadId
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
ExpandEnvironmentStringsW
GetModuleHandleW
GetModuleHandleExW
VerSetConditionMask
GetCommandLineW
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
HeapSize
HeapReAlloc
LCMapStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
CloseHandle
CreateFileW
Sleep
WritePrivateProfileStringW
SystemTimeToFileTime
GetLocalTime
WriteFile
ReadFile
GetFileSizeEx
CreateProcessW
GetCurrentProcess
WTSGetActiveConsoleSessionId
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnmapViewOfFile
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
MapViewOfFile
CreateFileMappingW
RaiseException
VirtualProtect
GetCurrentProcessId
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
SwitchToThread
SetEndOfFile
SetFilePointer
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapDestroy

user32

GetCursorPos
FindWindowExW
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowLongPtrW
GetClassNameW
CallWindowProcW
IsWindow
PostMessageW
ClientToScreen
RegisterWindowMessageW
GetDC
GetParent
TrackMouseEvent
CallNextHookEx
FindWindowW
GetClassInfoW

gdi32

GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RevertToSelf
RegSetValueExW

shell32

ord165
SHGetSpecialFolderPathW

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathCombineW
PathAppendW

version

VerQueryValueW

psapi

GetModuleFileNameExW
GetModuleInformation

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

Exports

Exports

?ResetHook@@YAHXZ
?SetHook@@YAHK@Z

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shared
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashReport64.exe
.exe windows:5 windows x64 arch:x64

9643fe412c56c3b88801e65ac0374323

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2015, 00:00

Not After

11/05/2016, 23:59

Subject

CN=MEIXIAN XIE,OU=Individual Developer,O=No Organization Affiliation,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:c2:66:07:72:d1:37:b1:82:e1:85:94:a4:1e:ac:49:2a:74:e8:0c
Signer

Actual PE Digest

b8:c2:66:07:72:d1:37:b1:82:e1:85:94:a4:1e:ac:49:2a:74:e8:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Works\Baidu\crashreport\crashreport\bavOutput\Pdb\Release\CrashReport64.pdb

Imports

psapi

GetProcessMemoryInfo
QueryWorkingSet
GetModuleFileNameExW
GetModuleInformation

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReadProcessMemory
VirtualQueryEx
OpenThread
GetLocalTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatus
SwitchToThread
WideCharToMultiByte
ExpandEnvironmentStringsW
Sleep
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
ReadFile
GetTempFileNameW
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
GetTempPathW
CreateFileMappingW
RemoveDirectoryW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetCurrentProcessId
GetVolumeInformationW
SystemTimeToFileTime
GetPrivateProfileStringW
GetFileSizeEx
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetPrivateProfileIntW
InitializeCriticalSectionAndSpinCount
Module32NextW
VirtualProtect
Module32FirstW
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
SetEndOfFile
GetConsoleCP
FindFirstFileW
lstrlenA
CreateFileW
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
GetCurrentThread
SetLastError
FlsFree
FlsSetValue
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
GetCPInfo
LCMapStringW
LCMapStringA
GetFileAttributesW
GetSystemTimeAsFileTime
GetStartupInfoW
CreateThread
ExitThread
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
LoadLibraryA
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
FatalAppExitA
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
QueryPerformanceCounter
GetTickCount
SetConsoleCtrlHandler
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
FindNextFileW
GetModuleFileNameA
WriteFile
GetConsoleOutputCP
WriteConsoleW
GetLastError
SetEvent
DeleteFileW
CreateProcessW
GetCommandLineW
LocalFree
GetNativeSystemInfo
IsWow64Process
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
ExitProcess
FlushInstructionCache
RaiseException
DeleteCriticalSection
GetCurrentThreadId
OpenProcess
LoadLibraryW
WaitForSingleObject
CloseHandle
FreeLibrary
GetProcAddress
FindResourceExW
GetVersionExW
MultiByteToWideChar
lstrlenW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
IsValidLocale
GetStdHandle
GetConsoleMode
EnumSystemLocalesA

user32

EnumWindows
GetWindowThreadProcessId
EnumChildWindows
GetClassNameW
GetWindowTextW
CharNextW
GetClassInfoExW
LoadImageW
RegisterClassExW
CreateWindowExW
ShowWindow
DestroyWindow
GetMessageW
TranslateMessage
LoadMenuW
LoadAcceleratorsW
SetTimer
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
LoadStringA
GetParent
GetWindow
MonitorFromWindow
MonitorFromPoint
GetMonitorInfoW
SetFocus
KillTimer
ReleaseDC
MapWindowPoints
GetClientRect
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
SetWindowTextW
GetWindowLongW
InvalidateRect
PeekMessageW
PtInRect
IsWindow
SendMessageW
LoadStringW
MessageBeep
SetWindowPos
DefWindowProcW
TranslateAcceleratorW
DestroyCursor
DrawTextW
GetWindowRect
GetWindowDC
UpdateLayeredWindow
GetCursorPos
ScreenToClient
SetCursor
TrackMouseEvent
GetFocus
PostMessageW
PostQuitMessage
LoadCursorW
DispatchMessageW
UnregisterClassA

gdi32

SelectObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
SaveDC
CreateCompatibleDC
SetBitmapBits
RestoreDC
DeleteObject
DeleteDC
CreateFontW
GetBitmapBits
CreateDIBSection

advapi32

RevertToSelf
DuplicateTokenEx
SetTokenInformation
RegEnumValueW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
QueryServiceStatus
DeleteService
ControlService
OpenServiceW
StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CreateProcessAsUserW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathAppendW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathGetDriveNumberW
PathStripPathW
SHDeleteKeyW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend
GradientFill

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

winhttp

WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpReadData
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryHeaders
WinHttpOpen

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

Sections

.text
Size: 738KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstallHelper.exe
.exe windows:5 windows x64 arch:x64

5ef1052ad8cbd6377104ef5d9aa5c22c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2015, 00:00

Not After

11/05/2016, 23:59

Subject

CN=MEIXIAN XIE,OU=Individual Developer,O=No Organization Affiliation,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:8b:7f:47:35:fc:8d:cf:84:a7:f5:b0:30:0d:1b:f9:15:8c:43:1d
Signer

Actual PE Digest

d9:8b:7f:47:35:fc:8d:cf:84:a7:f5:b0:30:0d:1b:f9:15:8c:43:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\calendar1.3.1\Release\x64\InstallHelper.pdb

Imports

kernel32

FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
ExpandEnvironmentStringsW
WriteFile
ReadFile
GetFileSize
CreateFileW
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetTempPathW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
ReleaseMutex
GetNativeSystemInfo
GlobalFree
GetExitCodeThread
CreateThread
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetCurrentThreadId
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetLogicalDrives
CreateFileMappingW
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetVolumeInformationW
InitializeCriticalSection
LeaveCriticalSection
RaiseException
EnterCriticalSection
IsDebuggerPresent
DeleteCriticalSection
SetEndOfFile
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ProcessIdToSessionId
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
GetLocalTime
GetUserDefaultLangID
LoadLibraryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
WTSGetActiveConsoleSessionId
GetDateFormatW
GetTimeFormatW
GetCommandLineW
CloseHandle
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
MoveFileW
ExitProcess
CreateDirectoryW
LocalFree
FreeLibrary
GetModuleHandleW
GetProcAddress
OpenProcess
Sleep
GetModuleFileNameW
GetVersionExW
WideCharToMultiByte
AreFileApisANSI
MultiByteToWideChar
CreateMutexW
GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
LoadLibraryA
IsValidLocale
AddVectoredExceptionHandler
CreateEventW
HeapCreate
GetPrivateProfileIntW
Module32FirstW
VirtualProtect
Module32NextW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
GetCurrentThread
SetLastError
FlsFree
FlsSetValue
FlsGetValue
TlsAlloc
DecodePointer
MoveFileExW
DeleteFileW
EncodePointer
HeapSetInformation
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
GetCPInfo
ExitThread
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
lstrlenA
lstrlenW
InitializeCriticalSectionAndSpinCount
CopyFileW
GetModuleHandleExW
RemoveDirectoryW
VirtualQueryEx
ReadProcessMemory
GetFileSizeEx
GetPrivateProfileStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SwitchToThread

user32

wsprintfW
MessageBoxExW
FindWindowW
SendMessageW

advapi32

CheckTokenMembership
RevertToSelf
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
GetTokenInformation
RegCreateKeyExW
RegSetValueExW
DeleteService
RegDeleteValueW
CreateProcessAsUserW
AllocateAndInitializeSid
FreeSid
ControlService
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SetTokenInformation
DuplicateTokenEx

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
ord165
CommandLineToArgvW

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoTaskMemFree
OleRun
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shlwapi

PathStripPathW
PathGetDriveNumberW
SHDeleteKeyW
PathFindExtensionW
PathIsDirectoryW
PathIsURLW
StrStrIW
PathCombineW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathQuoteSpacesW
PathIsRootW
PathRemoveExtensionW
StrChrW
PathRemoveBackslashW
PathMatchSpecW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleInformation

wintrust

WinVerifyTrust

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

imm32

ImmDisableIME

wininet

InternetCheckConnectionW

winhttp

WinHttpOpen
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 848KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
calendar.exe
.exe windows:5 windows x64 arch:x64

e3b37224e027bf0ce455703650eef520

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2015, 00:00

Not After

11/05/2016, 23:59

Subject

CN=MEIXIAN XIE,OU=Individual Developer,O=No Organization Affiliation,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:d3:65:ef:e5:50:3c:e4:ee:a3:23:49:ba:f4:ac:ec:87:cf:71:68
Signer

Actual PE Digest

95:d3:65:ef:e5:50:3c:e4:ee:a3:23:49:ba:f4:ac:ec:87:cf:71:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\calendar1.3.1\Release\x64\calendar.pdb

Imports

calendarentry

?ResetHook@@YAHXZ
?SetHook@@YAHK@Z

kernel32

GetLocalTime
GetSystemTime
GetTickCount
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathW
GetProcessId
GlobalFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
ExitThread
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
ReadProcessMemory
GetFileSizeEx
SystemTimeToFileTime
SwitchToThread
Process32FirstW
Process32NextW
WTSGetActiveConsoleSessionId
TerminateProcess
CreateProcessW
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
CreateEventW
HeapCreate
CreateToolhelp32Snapshot
VirtualProtect
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetLastError
FlushInstructionCache
GetCurrentProcess
OpenProcess
LoadLibraryW
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetModuleHandleW
FindNextFileW
FindFirstFileW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
RegisterWaitForSingleObject
UnregisterWaitEx
SetEvent
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
DeleteFileW
DeviceIoControl
ReadFile
CreateDirectoryW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
CreateFileW
IsDebuggerPresent
WideCharToMultiByte
AreFileApisANSI
MultiByteToWideChar
GetModuleHandleExW
GetModuleFileNameW
GetCommandLineW
CreateMutexW
Sleep
WaitForSingleObject
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LoadLibraryA
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetConsoleMode
GetCurrentProcessId
ProcessIdToSessionId
CreateThread
GetCurrentThreadId
CloseHandle
GetLastError
GetVersionExW
FindClose
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
DeleteCriticalSection
InitializeCriticalSection
GetConsoleCP

user32

GetSystemMetrics
MoveWindow
SetWindowTextW
SetWindowLongPtrW
SetTimer
GetRawInputData
GetCursorPos
GetWindowRect
RegisterRawInputDevices
UnregisterClassA
AllowSetForegroundWindow
FindWindowExW
SetForegroundWindow
SetWindowPos
PostMessageW
SystemParametersInfoW
DialogBoxParamW
GetActiveWindow
FindWindowW
GetWindowThreadProcessId
PtInRect
IsWindowVisible
wsprintfW
PostThreadMessageW
RegisterWindowMessageW
IsWindow
CallWindowProcW
GetClassInfoExW
RegisterClassExW
TrackMouseEvent
DestroyWindow
GetWindowLongW
SetWindowLongW
CreateWindowExW
LoadCursorW
ShowWindow
KillTimer
GetWindowLongPtrW
UpdateLayeredWindow
InflateRect
InvalidateRect
ReleaseCapture
SetCapture
SetCursor
EndPaint
BeginPaint
SetPropW
GetPropW
DefWindowProcW
ReleaseDC
GetDC
EndDialog
SendMessageW

gdi32

GetDeviceCaps
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
BitBlt
CreateDIBSection

advapi32

OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
CreateProcessAsUserW
RegEnumValueW
RegEnumKeyExW
RevertToSelf
SetTokenInformation
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ord165
ShellExecuteW
SHFileOperationW

ole32

CreateStreamOnHGlobal
CoCreateGuid

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shlwapi

PathFindFileNameW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrStrIW
PathAddBackslashW
PathCombineW
PathIsDirectoryW
PathRemoveExtensionW
PathFindExtensionW

gdiplus

GdipLoadImageFromStream
GdipScaleWorldTransform
GdipDrawPolygon
GdipFillPolygon
GdipDrawArc
GdipFillEllipse
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipMeasureString
GdipCreateFromHWND
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromFile
GdipDrawRectangle
GdipSetPenColor
GdipDeletePen
GdipCreatePen1
GdipFillRectangle
GdipSetSolidFillColor
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCloneImage
GdiplusStartup
GdipAlloc
GdipDisposeImage
GdipFree
GdipEndContainer
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSetClipRect
GdipBeginContainer2
GdipGraphicsClear
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusShutdown
GdipDrawImagePointRectI

comctl32

ord17
_TrackMouseEvent

imm32

ImmDisableIME

iphlpapi

GetAdaptersAddresses

winhttp

WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpOpen

version

VerQueryValueW

psapi

GetModuleFileNameExW
GetModuleInformation

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 601KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:eeCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

43:ce:b4:75:dc:71:42:08:fa:3f:15:ac:e5:34:f0:6d:24:9a:7d:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 980KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

5ef1052ad8cbd6377104ef5d9aa5c22c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:eeCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

d9:8b:7f:47:35:fc:8d:cf:84:a7:f5:b0:30:0d:1b:f9:15:8c:43:1dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

43:ce:b4:75:dc:71:42:08:fa:3f:15:ac:e5:34:f0:6d:24:9a:7d:44
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 980KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

d9:8b:7f:47:35:fc:8d:cf:84:a7:f5:b0:30:0d:1b:f9:15:8c:43:1d
Signer

.text
Size: 848KB - Virtual size: 847KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 11KB - Virtual size: 24KB

.pdata
Size: 63KB - Virtual size: 63KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

ff:7b:91:79:b3:24:72:fc:b4:69:d5:00:61:d8:0b:fd:32:94:39:f0
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 6KB - Virtual size: 18KB

.pdata
Size: 6KB - Virtual size: 5KB

Shared
Size: 512B - Virtual size: 20B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

67:26:02:0d:51:a8:62:5a:1f:9f:13:80:3b:1f:e9:ee
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

b8:c2:66:07:72:d1:37:b1:82:e1:85:94:a4:1e:ac:49:2a:74:e8:0c
Signer