5143d7bddc9ab2fce5866b1ee254f15a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5143d7bddc9ab2fce5866b1ee254f15a_JaffaCakes118
Size

1008KB
MD5

5143d7bddc9ab2fce5866b1ee254f15a
SHA1

ec7c7cb3890e63c9bbc36be7ea2411e90c7de93f
SHA256

c6832f7f7512c4b39caf8fc5b5615d7eda0dce221f49bf9eee48cea8e574e19d
SHA512

7ef0baeb94c2539d13dc7d6f46af284d2d0a9173fba725f081621a96e7d7b3c581db6ca851b7ce8c729e8b1fe45c28d2de00515fd560ff2a9f6196f0309a48b0
SSDEEP

24576:LuXVeiKlJyhx8sPgKkpoXDbiy8C+aPCsGO+08y83miE3iNfr:iVeieo8mgK0y8k1+Lf3mLiNT

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
5143d7bddc9ab2fce5866b1ee254f15a_JaffaCakes118
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/C:/ProgramData/MicrosoftDLL/sysutilites.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

5143d7bddc9ab2fce5866b1ee254f15a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/ProgramData/MicrosoftDLL/SystemIDLE.exe
.exe windows:4 windows x64 arch:x64

41f3b66d56dbbfd174049e0cc5015c2e

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

79:28:37:0e:e5:cb:88:ed:5d:81:83:0f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/07/2016, 15:00

Not After

23/11/2018, 15:08

Subject

CN=H-BIT d.o.o.,O=H-BIT d.o.o.,L=Orehova vas,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d3:4d:88:24:82:3d:b5:24:92:93:c0:27:34:45:f5:60:c0:9c:8e:80:37:c0:e3:1b:22:29:18:b5:19:0f:f1:d9
Signer

Actual PE Digest

d3:4d:88:24:82:3d:b5:24:92:93:c0:27:34:45:f5:60:c0:9c:8e:80:37:c0:e3:1b:22:29:18:b5:19:0f:f1:d9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FillConsoleOutputCharacterA
FormatMessageA
FreeConsole
FreeLibrary
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
QueryPerformanceCounter
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetEvent
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile

msvcrt

__C_specific_handler
__argv
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_beginthreadex
_cexit
_close
_endthreadex
_errno
_exit
_fileno
_fmode
_fstat64
_ftime64
_getpid
_gmtime64
_initterm
_isatty
_localtime64
_lock
_lseeki64
_onexit
_open
_read
_setjmp
_snprintf
_snwprintf
_stat64
_strdup
_stricmp
_strnicmp
_sys_nerr
_time64
_unlock
_vscprintf
_vsnprintf
_vsnwprintf
_write
abort
atof
atoi
calloc
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fwprintf
fwrite
getenv
isalnum
isalpha
isgraph
islower
isprint
isspace
isupper
isxdigit
localeconv
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
putchar
qsort
raise
rand
realloc
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
toupper
vfprintf
wcscpy
wcsstr
wcstombs

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ShowWindow

wldap32

ber_free
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
C:/ProgramData/MicrosoftDLL/config.json
C:/ProgramData/MicrosoftDLL/start.bat
C:/ProgramData/MicrosoftDLL/sysutilites.exe
.exe windows:5 windows x64 arch:x64

1e639356dd901bb602ff9ef5b3730809

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleFileNameExW

shlwapi

PathQuoteSpacesW
PathUnquoteSpacesW
PathFindExtensionW

kernel32

Sleep
CopyFileW
FileTimeToSystemTime
CompareFileTime
SystemTimeToFileTime
GetFileInformationByHandle
ReadFile
FlushFileBuffers
SetHandleInformation
CreatePipe
GetCommandLineW
TlsAlloc
GetModuleFileNameW
GetCurrentThread
GetProcessTimes
OpenProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GenerateConsoleCtrlEvent
SetConsoleCtrlHandler
Process32NextW
Process32FirstW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
DeleteCriticalSection
UnregisterWait
SetWaitableTimer
ResumeThread
SetProcessAffinityMask
RegisterWaitForSingleObject
CreateWaitableTimerW
InitializeCriticalSection
SetConsoleOutputCP
GetConsoleOutputCP
SetFilePointer
MultiByteToWideChar
WriteConsoleW
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
SetStdHandle
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetACP
GetModuleFileNameA
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
FlsSetValue
FlsGetValue
GetSystemTime
MoveFileW
CreateFileW
SetFilePointerEx
SetEndOfFile
WriteFile
DuplicateHandle
FreeLibrary
GetProcAddress
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetExitCodeThread
WaitForSingleObject
GetSystemTimeAsFileTime
CloseHandle
GetExitCodeProcess
GetCurrentProcess
GetProcessAffinityMask
GetEnvironmentVariableW
FindResourceExW
LoadResource
GetModuleHandleW
LocalFree
TlsGetValue
LocalAlloc
TlsSetValue
GetUserDefaultLangID
FormatMessageW
CreateProcessW
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
AllocConsole
SetConsoleTitleW
GetStdHandle
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
GetConsoleWindow
GetCurrentProcessId
FreeConsole
GetComputerNameW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
CreateFileA
GetOEMCP
WideCharToMultiByte
DecodePointer
EncodePointer
ExitProcess
RtlLookupFunctionEntry
RtlUnwindEx
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
IsValidCodePage

user32

GetSystemMetrics
LoadImageW
SetWindowLongPtrW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
GetWindowLongPtrW
SetFocus
ShowWindow
CheckRadioButton
SetWindowPos
SetDlgItemInt
PostMessageW
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SendDlgItemMessageW
GetWindowRect
GetDesktopWindow
MoveWindow
GetDlgItem
EnableWindow
CreateDialogIndirectParamW
MessageBoxW
MessageBoxIndirectW
GetSystemMenu
EnableMenuItem
GetWindowThreadProcessId
PostThreadMessageW
EnumWindows
SendMessageW
GetMessageW

comdlg32

GetOpenFileNameW

advapi32

CreateServiceW
StartServiceW
ControlService
QueryServiceStatusEx
SetServiceStatus
DeleteService
QueryServiceConfig2W
ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
GetServiceKeyNameW
EnumServicesStatusW
OpenSCManagerW
QueryServiceStatus
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
OpenThreadToken
ImpersonateSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteValueW
IsTextUnicode
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetServiceDisplayNameW
CloseServiceHandle
LsaEnumerateAccountRights
LsaAddAccountRights
FreeSid
LsaLookupSids
LsaClose
LsaLookupNames
LsaFreeMemory
IsValidSid
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
LsaOpenPolicy
LsaNtStatusToWinError
RegisterServiceCtrlHandlerExW

shell32

ShellExecuteExW

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 3KB - Virtual size: 2KB

46f8b6973f33717335c0f6d8087de67b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 458B

41f3b66d56dbbfd174049e0cc5015c2e

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

79:28:37:0e:e5:cb:88:ed:5d:81:83:0fCertificate

Extended Key Usages

Key Usages

d3:4d:88:24:82:3d:b5:24:92:93:c0:27:34:45:f5:60:c0:9c:8e:80:37:c0:e3:1b:22:29:18:b5:19:0f:f1:d9Signer

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

wldap32

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 5KB - Virtual size: 4KB

.rdata Size: 344KB - Virtual size: 344KB

.pdata Size: 19KB - Virtual size: 18KB

.xdata Size: 21KB - Virtual size: 21KB

.bss Size: - Virtual size: 11KB

.idata Size: 9KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 31KB - Virtual size: 31KB

1e639356dd901bb602ff9ef5b3730809

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

kernel32

user32

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 458B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

79:28:37:0e:e5:cb:88:ed:5d:81:83:0f
Certificate

d3:4d:88:24:82:3d:b5:24:92:93:c0:27:34:45:f5:60:c0:9c:8e:80:37:c0:e3:1b:22:29:18:b5:19:0f:f1:d9
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 5KB - Virtual size: 4KB

.rdata
Size: 344KB - Virtual size: 344KB

.pdata
Size: 19KB - Virtual size: 18KB

.xdata
Size: 21KB - Virtual size: 21KB

.bss
Size: - Virtual size: 11KB

.idata
Size: 9KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 31KB - Virtual size: 31KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 208KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 158KB - Virtual size: 158KB