6b6bf28b618f590be8e4487266297e7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6b6bf28b618f590be8e4487266297e7d_JaffaCakes118
Size

2.8MB
MD5

6b6bf28b618f590be8e4487266297e7d
SHA1

0f0a8c78368e4bb76697f7661de9cb4931ae9e90
SHA256

763eb24bc5b2b04240e98fda553fa9385cb73bb101a4d3eff1c7e069779f30a4
SHA512

9018fe3366dcb3ebd515e696c62f2bd492de1154d22f4b4e96d23b2a441d461e9a06d20ea79998cc0424b44b581bcc3198f877d57e9e2e30feebadf153090fb7
SSDEEP

49152:qAqkj2AgbjEMr8PH3yInWgclaqEKMms43MGKJ/KRx8PktYyzfic4/lt5gh2:qFkaA2jEW8/BWD43l/KRx8mYOKc8lt82

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

6b6bf28b618f590be8e4487266297e7d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e221f4f7d36469d53810a4b5f9fc8966

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
SetFileAttributesW
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
GetCommandLineW
GetTempPathW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/license.rtf
.rtf
$PLUGINSDIR/logo.ico
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ec5fddc407d2b4e0a16fc4d786afc555

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
GetPropW
CharPrevW
MapWindowPoints
DrawFocusRect
GetWindowLongW
GetClientRect
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
LoadCursorW
RemovePropW
DrawTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Honeycam.exe
.exe windows:5 windows x64 arch:x64

25422367428cd9a96dffc8d8ddf18d0a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\devel\Honeycam\bin\Honeycam64.pdb

Imports

kernel32

GlobalFree
GetSystemDirectoryW
GetTempPathW
GetFileAttributesW
GetFileSizeEx
LocalFree
CreateDirectoryW
GetCurrentProcessId
TerminateProcess
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
LocalAlloc
FileTimeToLocalFileTime
lstrcmpW
MulDiv
GlobalLock
GetWindowsDirectoryW
GetDateFormatW
GetTimeFormatW
CompareFileTime
CreateEventW
SetEvent
GlobalUnlock
lstrlenA
FlushFileBuffers
SetUnhandledExceptionFilter
GlobalHandle
GetLocalTime
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
HeapSetInformation
GetModuleFileNameA
GetStdHandle
GetStartupInfoW
RtlUnwindEx
GlobalAlloc
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
ResumeThread
ExitProcess
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
InterlockedPushEntrySList
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CompareStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetLocaleInfoW
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CreateFileA
CompareStringA
SetEnvironmentVariableA
ReleaseSemaphore
CreateSemaphoreW
DeviceIoControl
FindClose
FindNextFileW
lstrcpyW
FindFirstFileW
lstrcpynW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
SetErrorMode
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetSystemInfo
WaitForSingleObject
HeapCreate
GetLastError
lstrlenW
CreateFileW
GetFileSize
WriteFile
SetFilePointer
ReadFile
GetTickCount
CloseHandle
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
LeaveCriticalSection
RtlCaptureContext
EnterCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IntersectRect
IsWindowVisible
GetPropW
SetPropW
KillTimer
GetMenuDefaultItem
TrackPopupMenu
CreatePopupMenu
RedrawWindow
GetWindowTextLengthW
GetSubMenu
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetMenuStringW
GetMenuItemCount
EnumChildWindows
SetWindowLongW
FindWindowExW
MapWindowPoints
GetDlgCtrlID
EndDialog
InvalidateRect
ShowWindow
GetSysColor
GetFocus
DestroyWindow
IsDialogMessageW
GetMessageW
EnableWindow
GetCapture
CreateDialogIndirectParamW
ReleaseDC
GetDC
SetRect
SetRectEmpty
GetKeyState
SetScrollPos
SetScrollRange
SetScrollInfo
GetWindowDC
InflateRect
UnionRect
TrackMouseEvent
LoadMenuW
DestroyMenu
TrackPopupMenuEx
RegisterClassW
SetCapture
GetAsyncKeyState
CheckMenuItem
DialogBoxParamW
DialogBoxIndirectParamW
UnregisterHotKey
GetActiveWindow
TranslateAcceleratorW
PostQuitMessage
LoadAcceleratorsW
GetDlgItemInt
GetClassNameW
IsRectEmpty
wsprintfW
SetWindowTextW
GetWindowTextW
DrawTextW
GetForegroundWindow
GetWindowPlacement
GetParent
IsWindow
SetDlgItemInt
MapDialogRect
SetWindowContextHelpId
GetDlgItemTextW
SetDlgItemTextW
IsChild
CreateAcceleratorTableW
InvalidateRgn
DestroyAcceleratorTable
GetDlgItem
GetWindow
MonitorFromWindow
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetCaretPos
IsWindowEnabled
ReleaseCapture
SetFocus
DispatchMessageW
TranslateMessage
ClientToScreen
ScreenToClient
SetWindowPos
GetWindowLongW
EqualRect
OffsetRect
MonitorFromPoint
CopyRect
GetMonitorInfoW
MonitorFromRect
SystemParametersInfoW
GetSystemMetrics
SendMessageW
FindWindowW
MessageBoxW
PeekMessageW
CharNextW
LoadIconW
RegisterHotKey
GetWindowRect
DrawIconEx
FillRect
GetIconInfo
GetCursorInfo
SetCursor
RegisterWindowMessageW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetRawInputData
PostMessageW
MoveWindow
PtInRect
GetDesktopWindow
WindowFromPoint
GetCursorPos
SetWindowRgn
EndPaint
GetClientRect
BeginPaint
SetTimer
RegisterRawInputDevices
DefWindowProcW
RemovePropW
UnregisterClassA

gdi32

SetWindowOrgEx
ExcludeClipRect
OffsetRgn
CreateCompatibleBitmap
LineTo
ExtCreateRegion
SetPixel
StretchBlt
CreateFontIndirectW
BitBlt
SetTextColor
SetBkMode
CreateFontW
GetDeviceCaps
ExtTextOutW
SetBkColor
GetTextMetricsW
GetTextExtentPoint32W
EnumFontFamiliesExW
DeleteDC
SelectObject
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
CreateDCW
GetObjectW
GetStockObject
DeleteObject
MoveToEx
CreateRectRgn
CombineRgn

comdlg32

GetOpenFileNameW
ChooseColorW

advapi32

RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ord21
ord190
SHGetFolderLocation
SHGetSpecialFolderPathW
DragFinish
DragQueryFileW
DragAcceptFiles
ord2
ord4
SHGetDataFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
SHFileOperationW
ord155
SHOpenFolderAndSelectItems
ShellExecuteW

ole32

OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleSetContainedObject
OleCreate
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

oleaut32

OleCreateFontIndirect
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysAllocString

shlwapi

StrStrW
StrFormatByteSizeW
PathIsDirectoryW

winmm

timeBeginPeriod
timeEndPeriod

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetCloseHandle
InternetCanonicalizeUrlW
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetReadFile

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xyz0
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xyz1
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VersionNo.ini
WebM64.dll
.dll windows:5 windows x64 arch:x64

45eac8cfc067818b170b6ff322e0115d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Honeycam\bin\WebM64.pdb

Imports

kernel32

SetFilePointer
WriteFile
GetSystemInfo
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetLastError
HeapFree
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
QueryPerformanceFrequency
ReleaseSemaphore
WaitForSingleObject
InitializeCriticalSection
CreateSemaphoreW
ExitThread
CreateThread

Exports

Exports

CreateWebMEnc

Sections

.text
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.ini
resource.h
skin.zip
.zip
btn_border.png
.png
btn_btnbg.png
.png
btn_check_off.png
.png
btn_check_on.png
.png
btn_close.png
.png
btn_delete.png
.png
btn_edit_1x.png
.png
btn_edit_1x_.png
.png
btn_edit_2x.png
.png
btn_edit_2x_.png
.png
btn_edit_pause.png
.png
btn_edit_play.png
.png
btn_import_add.png
.png
btn_key.png
.png
btn_logo.png
.png
btn_logo2.png
.png
btn_minimize.png
.png
btn_option.png
.png
btn_pin_off.png
.png
btn_pin_on.png
.png
btn_rec_start.png
.png
btn_rec_stop.png
.png
btn_rightpanel_hide.png
.png
btn_rightpanel_show.png
.png
btn_select.png
.png
btn_settime.png
.png
btn_size.png
.png
btn_tab_off.png
.png
btn_tab_on.png
.png
chkbox_off.png
.png
edit.xml
edit/slider_bkgnd_tile.png
.png
edit/slider_var_knob.png
.png
edit/tile.png
.png
groupbox.png
.png
import.xml
main.xml
progress_back.png
.png
progress_front.png
.png
radio_off.png
.png
radio_on.png
.png
save.xml
setting.xml
setting/setting_tab_0.png
.png
setting/setting_tab_1.png
.png
sf_computer.png
.png
sf_desktop.png
.png
sf_document.png
.png
sf_picture.png
.png
static_body_bg.png
.png
static_bullet.png
.png
static_chk_off.png
.png
static_chk_on.png
.png
static_main_bg_0.png
.png
static_main_bg_1.png
.png

Sharing

General

Malware Config

Signatures

Files

e221f4f7d36469d53810a4b5f9fc8966

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 128KB

.rsrc Size: 4KB - Virtual size: 3KB

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 835B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 578B

ec5fddc407d2b4e0a16fc4d786afc555

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 626B

25422367428cd9a96dffc8d8ddf18d0a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 128KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 578B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 626B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 321KB - Virtual size: 321KB

.data
Size: 31KB - Virtual size: 110KB

.pdata
Size: 74KB - Virtual size: 73KB

text
Size: 4KB - Virtual size: 3KB

data
Size: 16KB - Virtual size: 15KB

.xyz0
Size: 317KB - Virtual size: 316KB

.tls
Size: 512B - Virtual size: 48B

.xyz1
Size: 86KB - Virtual size: 86KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 93KB - Virtual size: 93KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 980KB - Virtual size: 979KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 7KB - Virtual size: 295KB

.pdata
Size: 21KB - Virtual size: 20KB