677172d4049941d4bbdf913606e27721_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

677172d4049941d4bbdf913606e27721_JaffaCakes118
Size

418KB
MD5

677172d4049941d4bbdf913606e27721
SHA1

8d9966f9ff16a12c830c761397fe67c68b1da02e
SHA256

107bef6186f2c7eba0916e6de2421504b1234fdf8bc1fab55de064858e77ed11
SHA512

a5c61f70f8fdd28581b94da35c2f28a6425925e8a26ba347fb68eb036e46173b2f7703648285f563e3d77654ed94e18c377efe41ba818d9b1cef7dae736574a0
SSDEEP

12288:aiulnTVnLxI1q6sJK442thE3YuZ1LLUeug9P:OlnTRLQq6sJKKE3eezt

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/skinnedbutton.dll

Files

677172d4049941d4bbdf913606e27721_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17b7d61bda0f7478e36d9ce3d4170680

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:1f:c8:0b:1c:57:ad:69:aa:6f:8d:65:d1:cf:90:cf
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2015, 00:00

Not After

21/01/2016, 12:00

Subject

CN=Software Association LLC,O=Software Association LLC,L=Dnepropetrovsk,ST=Dnipropetrovs'ka Oblast',C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:6c:12:f8:bc:bb:24:9f:ea:a4:cd:d0:4a:54:13:86:be:48:fb:1b
Signer

Actual PE Digest

0c:6c:12:f8:bc:bb:24:9f:ea:a4:cd:d0:4a:54:13:86:be:48:fb:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
SetFileAttributesW
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
GetCommandLineW
GetTempPathW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
MultiByteToWideChar
FindClose
MulDiv
ReadFile
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:5 windows x86 arch:x86

6b9d096578bad49648d82fb5a245a197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
GetTickCount
lstrcpyA
Sleep
WriteFile
CreateFileA
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
CreateThread
WaitForSingleObject
DeleteFileA
CloseHandle
IsProcessorFeaturePresent

user32

GetWindowLongW
CreateWindowExW
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
SendMessageW
GetDlgItem
FindWindowExW
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongW
RegisterWindowMessageW
EnableWindow
DestroyWindow
CallWindowProcW
wsprintfA
GetFocus

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ws2_32

inet_addr
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
closesocket
shutdown
ioctlsocket
htons
socket
WSACleanup
WSAStartup
gethostbyname

Exports

Exports

download
download_quiet

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll windows:5 windows x86 arch:x86

2c52aeb96d10773524db81a6cc37d108

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

96:8f:75:de:f1:4b:88:96:98:4d:3b:88:27:6a:fa:95
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/08/2014, 00:00

Not After

26/08/2015, 23:59

Subject

CN=OpenCandy,O=OpenCandy,POSTALCODE=92101,STREET=510 Market St #301,L=San Diego,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:3f:64:ab:87:64:86:c1:05:59:4b:1c:70:5d:49:42:77:ea:e8:c0
Signer

Actual PE Digest

7f:3f:64:ab:87:64:86:c1:05:59:4b:1c:70:5d:49:42:77:ea:e8:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetTickCount
WaitForSingleObject
DeleteFileW
ProcessIdToSessionId
HeapAlloc
GetProcessHeap
HeapFree
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
GetVersionExW
GetSystemInfo
WriteFile
CreateMutexW
OpenMutexW
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
OutputDebugStringW
GetLocaleInfoW
GetUserDefaultUILanguage
GetCurrentThread
GlobalFree
ResumeThread
FreeResource
ResetEvent
SystemTimeToFileTime
CreateProcessW
MoveFileExW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetModuleHandleA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitThread
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetNativeSystemInfo
CompareFileTime
GetFullPathNameW
InterlockedDecrement
InterlockedIncrement
GetTempFileNameW
GetTempPathW
SetFilePointer
FindResourceA
GetModuleFileNameW
ReadFile
FindClose
FindNextFileW
FindFirstFileW
GetEnvironmentVariableW
GetCurrentProcessId
GetFileSize
CreateFileW
GetFileAttributesW
SetErrorMode
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
SetEvent
GlobalUnlock
GlobalLock
GlobalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
CloseHandle
FreeLibrary
LoadLibraryW
CreateEventW
MulDiv
lstrlenW
lstrcpynW
SetLastError
RaiseException
Sleep
CreateThread
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache

psapi

GetProcessImageFileNameW
EnumProcesses

msimg32

AlphaBlend

user32

CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
NotifyWinEvent
DestroyCursor
SetActiveWindow
IntersectRect
MsgWaitForMultipleObjectsEx
DestroyWindow
LoadCursorW
GetMessageW
FindWindowW
IsWindow
GetDesktopWindow
PostQuitMessage
KillTimer
SetTimer
GetWindowTextLengthW
GetWindowTextW
EnumChildWindows
EnumWindows
PostMessageW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetSysColor
GetSysColorBrush
GetDC
SendMessageW
SetFocus
GetForegroundWindow
TrackMouseEvent
InvalidateRect
CharNextW
GetClientRect
BeginPaint
EndPaint
CreateDialogParamW
OffsetRect
GetUpdateRect
SetRect
GetWindow
MonitorFromWindow
SetCursor
GetCursor
DrawFocusRect
ReleaseCapture
MessageBoxW
MapWindowPoints
GetParent
GetSystemMetrics
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
SetWindowTextW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetDlgItem
ShowWindow
ReleaseDC
DrawTextW
FillRect
GetAsyncKeyState
CopyRect
GetMonitorInfoW
MonitorFromPoint
MoveWindow
GetWindowRect
GetAncestor
DrawFrameControl
PtInRect
ScreenToClient
GetCursorPos
UnregisterClassA

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
DeleteDC
DPtoLP
CreateFontIndirectW
CreateDIBSection
GdiFlush
GetStockObject
CreatePatternBrush
SetBkColor
ExtTextOutW
CreateSolidBrush
DeleteObject

advapi32

RegDeleteKeyW
RegEnumKeyExW
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptAcquireContextW
LookupAccountSidW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
RegQueryInfoKeyW
CreateProcessAsUserW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
LookupPrivilegeValueW

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoSetProxyBlanket
CLSIDFromProgID
CoInitializeSecurity
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoInitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance

oleaut32

LoadRegTypeLi
UnRegisterTypeLi
SysFreeString
RegisterTypeLi
SysAllocString
VariantClear
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
OleLoadPicture
LoadTypeLi

urlmon

URLDownloadToFileW

comctl32

InitCommonControlsEx

uxtheme

DrawThemeBackground
OpenThemeData
CloseThemeData

gdiplus

GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipCloneImage
GdipDrawImagePointRectI
GdiplusStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

shlwapi

PathMatchSpecW

Exports

Exports

RLID994RecLib1
RLID994RecLib10
RLID994RecLib11
RLID994RecLib12
RLID994RecLib13
RLID994RecLib14
RLID994RecLib15
RLID994RecLib16
RLID994RecLib17
RLID994RecLib19
RLID994RecLib20
RLID994RecLib22
RLID994RecLib29
RLID994RecLib31
RLID994RecLib32
RLID994RecLib33
RLID994RecLib34
RLID994RecLib35
RLID994RecLib36
RLID994RecLib37
RLID994RecLib38
RLID994RecLib39
RLID994RecLib40
RLID994RecLib41
RLID994RecLib42
RLID994RecLib44
RLID994RecLib45
RLID994RecLib46
RLID994RecLib47
RLID994RecLib48
RLID994RecLib49
RLID994RecLib5
RLID994RecLib50
RLID994RecLib51
RLID994RecLib52
RLID994RecLib53
RLID994RecLib54
RLID994RecLib55
RLID994RecLib56
RLID994RecLib57
RLID994RecLib58
RLID994RecLib59
RLID994RecLib6
RLID994RecLib60
RLID994RecLib61
RLID994RecLib62
RLID994RecLib63
RLID994RecLib64
RLID994RecLib65
RLID994RecLib66
RLID994RecLib67
RLID994RecLib68
RLID994RecLib69
RLID994RecLib7
RLID994RecLib70
RLID994RecLib71
RLID994RecLib8
RLID994RecLib9
_RLID994RecLib2@16
_RLID994RecLib3@16
_RLID994RecLib43@16
_RLID994RecLib4@16

Sections

.text
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/button.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ec5fddc407d2b4e0a16fc4d786afc555

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
GetPropW
CharPrevW
MapWindowPoints
DrawFocusRect
GetWindowLongW
GetClientRect
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
LoadCursorW
RemovePropW
DrawTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/skinnedbutton.dll
.dll windows:5 windows x86 arch:x86

474ef7d9696c266bdfa4dd5ce77c1747

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
LocalFree
lstrcmpiW
GlobalFree
GetLastError
lstrlenW
GetFileAttributesW
lstrcpynW
FormatMessageW
GlobalAlloc

user32

GetClassNameW
GetDlgItem
InvalidateRect
SetPropW
GetClassLongW
GetParent
DrawTextW
PostMessageW
LoadImageW
SetWindowLongW
EnumChildWindows
ShowWindow
FindWindowExW
GetDlgItemTextW
UpdateWindow
GetPropW
CallWindowProcW
GetWindowLongW

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
StretchBlt
DeleteDC
SetTextColor
BitBlt
SetStretchBltMode

Exports

Exports

setskin
skinit
unskinit

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/statistic.dll
.dll windows:5 windows x86 arch:x86

01b1d4bf69b68df6da63d30800d28df0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:74:71:e5:38:62:e2:f9:0a:b4:5e:d4:ac:b8:f4:c2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/01/2013, 00:00

Not After

22/02/2014, 23:59

Subject

CN=Sevas-S LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sevas-S LLC,L=Kyiv,ST=Kyivska oblast,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:3a:d0:20:6c:41:6e:e4:1c:6c:4f:4c:e6:72:c1:0b:e4:cd:70:38
Signer

Actual PE Digest

9d:3a:d0:20:6c:41:6e:e4:1c:6c:4f:4c:e6:72:c1:0b:e4:cd:70:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetSetOptionW
InternetReadFile
InternetOpenUrlW
InternetOpenW

kernel32

GlobalAlloc
lstrcpyW
GlobalFree
GetLastError
lstrcpynW

user32

wsprintfW

Exports

Exports

report

Sections

.text
Size: 512B - Virtual size: 417B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 711B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17b7d61bda0f7478e36d9ce3d4170680

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:1f:c8:0b:1c:57:ad:69:aa:6f:8d:65:d1:cf:90:cfCertificate

Extended Key Usages

Key Usages

0c:6c:12:f8:bc:bb:24:9f:ea:a4:cd:d0:4a:54:13:86:be:48:fb:1bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 172KB

.rsrc Size: 38KB - Virtual size: 38KB

6b9d096578bad49648d82fb5a245a197

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 24KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1024B - Virtual size: 890B

2c52aeb96d10773524db81a6cc37d108

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

96:8f:75:de:f1:4b:88:96:98:4d:3b:88:27:6a:fa:95Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7f:3f:64:ab:87:64:86:c1:05:59:4b:1c:70:5d:49:42:77:ea:e8:c0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

msimg32

user32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:1f:c8:0b:1c:57:ad:69:aa:6f:8d:65:d1:cf:90:cf
Certificate

0c:6c:12:f8:bc:bb:24:9f:ea:a4:cd:d0:4a:54:13:86:be:48:fb:1b
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 172KB

.rsrc
Size: 38KB - Virtual size: 38KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1024B - Virtual size: 890B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

96:8f:75:de:f1:4b:88:96:98:4d:3b:88:27:6a:fa:95
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7f:3f:64:ab:87:64:86:c1:05:59:4b:1c:70:5d:49:42:77:ea:e8:c0
Signer

.text
Size: 509KB - Virtual size: 508KB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 39KB - Virtual size: 38KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 576B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 626B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 108B

.reloc
Size: 512B - Virtual size: 390B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate