4fc3139e0b455b20e7571982237f2472_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4fc3139e0b455b20e7571982237f2472_JaffaCakes118
Size

1.7MB
MD5

4fc3139e0b455b20e7571982237f2472
SHA1

e278ea3cfd30a5fbf5080483eefce5fdbf77e264
SHA256

9f3594ac7daf71feb54038b218c15207570558d5fc5cbe5b39eae801135bd8ac
SHA512

24825d111ca3f2bf6ee92ff9338c8b251af8257c0a069977158b1d23029a7f377b33fb4df72052211806aec4a861e79750f4f9389edb75072d07a03a3831839a
SSDEEP

49152:M5hwLHN+9Ah9TTNvybNmzoA0BwyN2nch5kWaj:MsLDh/CmzHEh2nchyF

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GUI win32/GUI-x86_Patch.exe
unpack001/GUI win32/dev32.dll
unpack001/GUI win64/GUI-x64_Patch.exe

Files

4fc3139e0b455b20e7571982237f2472_JaffaCakes118
.zip
GUI win32/GUI-x86_Patch.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 3.7MB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
GUI win32/dev32.dll
.dll windows:4 windows x86 arch:x86

f59a557c040d34a621bee141202e90a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
MessageBoxA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
ord37
ord36
ord35

Exports

Exports

FreeLibrary16
GetProcAddress16
LoadLibrary16

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 874B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GUI win32/dev9x.dll
GUI win32/deviohsc.txt
GUI win32/deviolog.txt
GUI win32/dmde.exe
.exe windows:4 windows x86 arch:x86

158c993b8520286bb9316ae305767ad6

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b2:cf:1d:23:40:00:25:b8:ff:58:61:9a:b3:d1:da:2e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/08/2011, 00:00

Not After

25/08/2012, 23:59

Subject

CN=Dmitry Sidorov,O=Dmitry Sidorov,POSTALCODE=630090,STREET=Tereshkovoy str.\, 40-31,L=Novosibirsk,ST=Novosibirsk,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:04:92:01:f4:ad:5a:1e:b8:12:b1:82:d5:e2:6e:b7:6a:09:c4:41
Signer

Actual PE Digest

36:04:92:01:f4:ad:5a:1e:b8:12:b1:82:d5:e2:6e:b7:6a:09:c4:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
FreeSid
AllocateAndInitializeSid

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExW
CreateWindowExA
WaitMessage
UpdateWindow
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorW
TranslateAcceleratorA
TrackPopupMenu
SystemParametersInfoA
ShowWindow
SetWindowTextW
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetScrollInfo
SetMenuItemInfoW
SetMenuItemInfoA
SetMenuDefaultItem
SetFocus
SetDlgItemTextW
SetDlgItemTextA
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendNotifyMessageA
SendMessageW
SendMessageA
ScreenToClient
ReleaseDC
ReleaseCapture
RegisterClassExW
RegisterClassExA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OemToCharBuffA
MsgWaitForMultipleObjects
MessageBoxA
MapDialogRect
LoadStringA
LoadMenuIndirectA
LoadImageA
LoadIconA
LoadCursorA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvertRect
InvalidateRgn
InvalidateRect
InsertMenuW
InsertMenuA
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowLongA
GetUpdateRect
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollInfo
GetParent
GetWindow
GetMessagePos
GetMessageW
GetMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyState
GetFocus
GetDlgItem
GetDesktopWindow
GetDC
GetClientRect
GetClassInfoExW
GetClassInfoExA
GetCaretBlinkTime
GetCapture
GetActiveWindow
FillRect
EndPaint
EndDialog
EndDeferWindowPos
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextA
DrawMenuBar
DrawFrameControl
DrawFocusRect
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DeferWindowPos
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcW
DefFrameProcA
CreatePopupMenu
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateAcceleratorTableA
CloseClipboard
ClipCursor
ClientToScreen
CheckMenuItem
BringWindowToTop
BeginPaint
BeginDeferWindowPos
CharNextA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
AdjustWindowRect

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQuery
VirtualFree
VirtualAlloc
SuspendThread
SetFileTime
SetFilePointer
SetFileAttributesW
SetFileAttributesA
SetEvent
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LocalFileTimeToFileTime
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetVolumeInformationA
GetVersionExA
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetOverlappedResult
GetOEMCP
GetModuleHandleA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryA
GetCPInfo
GetACP
FreeLibrary
FormatMessageW
FormatMessageA
FindNextFileA
FindFirstFileA
FindClose
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateProcessA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CreateDirectoryA
CompareStringW
CompareStringA
CloseHandle

gdi32

UnrealizeObject
TextOutA
SetTextColor
SetBrushOrgEx
SetBkMode
SetBkColor
SelectObject
RoundRect
Polyline
Polygon
PatBlt
GetTextMetricsA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextColor
GetStockObject
GetObjectA
GetDeviceCaps
GetBoundsRect
ExtTextOutA
EnumFontFamiliesExA
EnumFontFamiliesA
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
CreatePatternBrush
CreateICA
CreateFontIndirectA
CreateBitmapIndirect

comctl32

CreateStatusWindowA
CreateMappedBitmap
ImageList_Remove
ImageList_AddMasked
ImageList_Draw
ImageList_SetOverlayImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteA

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA

Sections

.text
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 82KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GUI win32/dmde.ini
GUI win32/dmde_en.chm
.chm
GUI win32/eula_en.txt
GUI win32/license.key
GUI win32/locals/cp437.tbl
GUI win32/locals/cp437u.tbl
GUI win32/locals/cp850.tbl
GUI win32/locals/cp852.tbl
GUI win32/locals/cp866.tbl
GUI win32/locals/cp866t.tbl
GUI win32/locals/cp866u.tbl
GUI win32/locals/dmde_pl.chm
.chm
GUI win32/locals/dmde_ru.chm
.chm
GUI win32/locals/en.ln~
GUI win32/locals/eula_ru.txt
GUI win32/locals/pl.lng
GUI win32/locals/readmeru.txt
GUI win32/locals/ru.lng
GUI win32/locals/win1250.tbl
GUI win32/locals/win1250t.tbl
GUI win32/locals/win1251.tbl
GUI win32/locals/win1251t.tbl
GUI win32/locals/win1251u.tbl
GUI win32/locals/win1252.tbl
GUI win32/locals/win1252t.tbl
GUI win32/locals/win1253.tbl
GUI win32/locals/win1253t.tbl
GUI win32/locals/win1254.tbl
GUI win32/locals/win1255.tbl
GUI win32/locals/win1256.tbl
GUI win32/locals/win1257.tbl
GUI win32/locals/win1258.tbl
GUI win32/readmeen.txt
GUI win32/versions.txt
GUI win64/GUI-x64_Patch.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 3.7MB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
GUI win64/deviohsc.txt
GUI win64/deviolog.txt
GUI win64/dmde.exe
.exe windows:4 windows x64 arch:x64

e74f43e538cc8a2f988ecb092178d049

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b2:cf:1d:23:40:00:25:b8:ff:58:61:9a:b3:d1:da:2e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/08/2011, 00:00

Not After

25/08/2012, 23:59

Subject

CN=Dmitry Sidorov,O=Dmitry Sidorov,POSTALCODE=630090,STREET=Tereshkovoy str.\, 40-31,L=Novosibirsk,ST=Novosibirsk,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:33:41:d0:63:f6:6e:dc:75:f4:71:d5:c6:85:ba:f7:8b:1a:73:b8
Signer

Actual PE Digest

25:33:41:d0:63:f6:6e:dc:75:f4:71:d5:c6:85:ba:f7:8b:1a:73:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
FreeSid
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

comctl32

CreateMappedBitmap
CreateStatusWindowA
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetOverlayImage
InitCommonControls

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW

gdi32

CreateBitmapIndirect
CreateFontIndirectA
CreateICA
CreatePatternBrush
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesA
EnumFontFamiliesExA
ExtTextOutA
GetBoundsRect
GetDeviceCaps
GetObjectA
GetStockObject
GetTextColor
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextMetricsA
PatBlt
Polygon
Polyline
RoundRect
SelectObject
SetBkColor
SetBkMode
SetBrushOrgEx
SetTextColor
TextOutA
UnrealizeObject

kernel32

AddVectoredExceptionHandler
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DosDateTimeToFileTime
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FindResourceExA
FormatMessageA
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetThreadLocale
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MulDiv
MultiByteToWideChar
ReadFile
ReadProcessMemory
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

shell32

ShellExecuteA

user32

AdjustWindowRect
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharToOemBuffA
CharUpperA
CharUpperBuffA
CharUpperBuffW
CheckMenuItem
ClientToScreen
ClipCursor
CloseClipboard
CreateAcceleratorTableA
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
DefWindowProcA
DefWindowProcW
DeferWindowPos
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextA
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
FillRect
GetActiveWindow
GetCapture
GetCaretBlinkTime
GetClassInfoExA
GetClassInfoExW
GetClientRect
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetKeyState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageW
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetWindow
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextW
GetWindowThreadProcessId
InsertMenuA
InsertMenuW
InvalidateRect
InvalidateRgn
InvertRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
LoadMenuIndirectA
MapDialogRect
MessageBoxA
MsgWaitForMultipleObjects
OemToCharBuffA
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterClassExA
RegisterClassExW
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SendMessageW
SendNotifyMessageA
SetActiveWindow
SetCapture
SetClassLongPtrA
SetClipboardData
SetCursor
SetDlgItemTextA
SetDlgItemTextW
SetFocus
SetMenuDefaultItem
SetMenuItemInfoA
SetMenuItemInfoW
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateAcceleratorA
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UpdateWindow
WaitMessage

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 94KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GUI win64/dmde.ini
GUI win64/dmde_en.chm
.chm
GUI win64/eula_en.txt
GUI win64/license.key
GUI win64/locals/cp437.tbl
GUI win64/locals/cp437u.tbl
GUI win64/locals/cp850.tbl
GUI win64/locals/cp852.tbl
GUI win64/locals/cp866.tbl
GUI win64/locals/cp866t.tbl
GUI win64/locals/cp866u.tbl
GUI win64/locals/dmde_pl.chm
.chm
GUI win64/locals/dmde_ru.chm
.chm
GUI win64/locals/en.ln~
GUI win64/locals/eula_ru.txt
GUI win64/locals/pl.lng
GUI win64/locals/readmeru.txt
GUI win64/locals/ru.lng
GUI win64/locals/win1250.tbl
GUI win64/locals/win1250t.tbl
GUI win64/locals/win1251.tbl
GUI win64/locals/win1251t.tbl
GUI win64/locals/win1251u.tbl
GUI win64/locals/win1252.tbl
GUI win64/locals/win1252t.tbl
GUI win64/locals/win1253.tbl
GUI win64/locals/win1253t.tbl
GUI win64/locals/win1254.tbl
GUI win64/locals/win1255.tbl
GUI win64/locals/win1256.tbl
GUI win64/locals/win1257.tbl
GUI win64/locals/win1258.tbl
GUI win64/readmeen.txt
GUI win64/versions.txt
profismart.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

LoadLi Size: 4KB - Virtual size: 1830.1MB

Size: 3.7MB - Virtual size: 4B

���� Size: - Virtual size:

f59a557c040d34a621bee141202e90a9

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.itext Size: 512B - Virtual size: 176B

.data Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 874B

.edata Size: 512B - Virtual size: 125B

.reloc Size: 1024B - Virtual size: 744B

.rsrc Size: 512B - Virtual size: 512B

158c993b8520286bb9316ae305767ad6

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

b2:cf:1d:23:40:00:25:b8:ff:58:61:9a:b3:d1:da:2eCertificate

Extended Key Usages

Key Usages

36:04:92:01:f4:ad:5a:1e:b8:12:b1:82:d5:e2:6e:b7:6a:09:c4:41Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

comctl32

shell32

comdlg32

Sections

.text Size: 831KB - Virtual size: 831KB

.itext Size: 1024B - Virtual size: 556B

.data Size: 27KB - Virtual size: 26KB

.bss Size: - Virtual size: 82KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 23KB - Virtual size: 22KB

.rsrc Size: 42KB - Virtual size: 42KB

Headers

File Characteristics

Sections

LoadLi Size: 4KB - Virtual size: 1830.1MB

Size: 3.7MB - Virtual size: 4B

���� Size: - Virtual size:

e74f43e538cc8a2f988ecb092178d049

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

.text
Size: 10KB - Virtual size: 10KB

.itext
Size: 512B - Virtual size: 176B

.data
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 874B

.edata
Size: 512B - Virtual size: 125B

.reloc
Size: 1024B - Virtual size: 744B

.rsrc
Size: 512B - Virtual size: 512B

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

b2:cf:1d:23:40:00:25:b8:ff:58:61:9a:b3:d1:da:2e
Certificate

36:04:92:01:f4:ad:5a:1e:b8:12:b1:82:d5:e2:6e:b7:6a:09:c4:41
Signer

.text
Size: 831KB - Virtual size: 831KB

.itext
Size: 1024B - Virtual size: 556B

.data
Size: 27KB - Virtual size: 26KB

.bss
Size: - Virtual size: 82KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 42KB - Virtual size: 42KB

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

b2:cf:1d:23:40:00:25:b8:ff:58:61:9a:b3:d1:da:2e
Certificate

25:33:41:d0:63:f6:6e:dc:75:f4:71:d5:c6:85:ba:f7:8b:1a:73:b8
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 134KB - Virtual size: 134KB

.bss
Size: - Virtual size: 94KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 37KB - Virtual size: 37KB