7ae3cf85cefd9b22bc615c579c64c78d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7ae3cf85cefd9b22bc615c579c64c78d_JaffaCakes118
Size

11.6MB
MD5

7ae3cf85cefd9b22bc615c579c64c78d
SHA1

d5c6605e0db98b82c8b68377be05cb93c0f75354
SHA256

30fe86f3dde314088c30c938ef11491bef15fa1093139f13add7d232af0e00ad
SHA512

a2c9b7fe5866c92f58d378103b8ed00dee9072a0921eb8ea684cd1b1b919c67b463b178fc9698a1d5e5f3fa5f712065128c18262790f107ac829a38781850cef
SSDEEP

196608:UxKdIWxARL4TE6Dx+B0JUgK8lKC1LrqN/Ajr84tnXydcBoMIB++HJbWtYH:UII0AOD+mlKCZrqNIj5tnacBoMIB+AJh

Score

1^/10

Malware Config

Signatures

Files

7ae3cf85cefd9b22bc615c579c64c78d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b0d3d44296f90567ab52659d00a774e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:9d:88:7d:8a:e3:b1:4a:b8:9e:9c:ad:d9:2e:f1:9c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/04/2016, 00:00

Not After

05/06/2019, 12:00

Subject

CN=PDFescape,O=PDFescape,L=Encinitas,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:9d:88:7d:8a:e3:b1:4a:b8:9e:9c:ad:d9:2e:f1:9c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/04/2016, 00:00

Not After

05/06/2019, 12:00

Subject

CN=PDFescape,O=PDFescape,L=Encinitas,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:35:c0:3e:f4:37:be:90:0b:9b:a0:f8:f4:8b:5a:d8:60:29:73:e2:f5:73:33:63:cd:f3:7b:d5:44:ed:d0:66
Signer

Actual PE Digest

06:35:c0:3e:f4:37:be:90:0b:9b:a0:f8:f4:8b:5a:d8:60:29:73:e2:f5:73:33:63:cd:f3:7b:d5:44:ed:d0:66

Digest Algorithm

sha256

PE Digest Matches

true

58:9f:a2:0f:d4:57:f2:b0:27:8d:9b:de:86:7f:0e:2a:fd:dd:31:30
Signer

Actual PE Digest

58:9f:a2:0f:d4:57:f2:b0:27:8d:9b:de:86:7f:0e:2a:fd:dd:31:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\LULU\TempBuilds\TemporaryBuilds\CAN_Installer_Builder_1\9\s\_bin\PDFescape\Win32\PDFescapeDesktopInstaller.pdb

Imports

wininet

InternetCombineUrlA
InternetOpenA
InternetConnectA
InternetSetOptionA
InternetGetLastResponseInfoA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetErrorDlg
InternetQueryOptionA
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW

wldap32

ord200
ord301
ord30
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143
ord35
ord79

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertGetNameStringW

kernel32

Sleep
ReleaseSemaphore
WaitForMultipleObjectsEx
CreateSemaphoreA
FreeLibrary
lstrcmpiW
LoadLibraryExW
ReleaseMutex
CreateMutexA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryW
GetUserDefaultLCID
OpenProcess
GetExitCodeProcess
GetModuleHandleA
IsWow64Process
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameA
VerSetConditionMask
InterlockedCompareExchange
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserAPC
WaitForMultipleObjects
DuplicateHandle
FormatMessageW
TlsGetValue
TlsSetValue
SetWaitableTimer
VerifyVersionInfoW
GetSystemInfo
lstrcpynW
FormatMessageA
SwitchToThread
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
CreateFileA
GlobalSize
LoadLibraryA
GetTempPathA
GetTempFileNameA
GetLocaleInfoA
FindResourceA
MulDiv
ExitThread
GetCPInfo
SetThreadLocale
GetNumberFormatW
GetCurrencyFormatW
GetFileAttributesW
GetThreadLocale
GetLocaleInfoW
GetTimeZoneInformation
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
GetSystemTime
GetDateFormatW
GetVersionExA
SetFilePointer
SetEndOfFile
FlushViewOfFile
MapViewOfFile
CompareStringW
GetCurrentThread
GetThreadTimes
DeleteFileW
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
GetStdHandle
PeekNamedPipe
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
OutputDebugStringA
GetWindowsDirectoryA
GetComputerNameA
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetModuleHandleExW
LoadLibraryW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
ReadConsoleA
ReadConsoleW
FindNextFileW
SetFileAttributesW
GetFullPathNameW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetTickCount
CreateFileW
OutputDebugStringW
GetModuleFileNameW
ReadFile
GetFileSize
SetUnhandledExceptionFilter
TerminateProcess
GetStringTypeA
LocalFileTimeToFileTime
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
FindFirstFileExW
CreatePipe
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetACP
WriteConsoleW
GetConsoleCP
SystemTimeToTzSpecificLocalTime
ExitProcess
VirtualAlloc
SetConsoleCtrlHandler
FreeLibraryAndExitThread
InterlockedPushEntrySList
RtlUnwind
CreateProcessA
GetTimeFormatW
FoldStringW
EnumSystemLocalesA
IsDBCSLeadByteEx
IsValidCodePage
GetStringTypeExA
LCMapStringA
GetStringTypeExW
AreFileApisANSI
DeviceIoControl
SetFilePointerEx
GetFileAttributesExW
CreateWaitableTimerA
ResumeThread
OpenEventA
LCMapStringW
EncodePointer
GetStringTypeW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
CreateMutexW
GetTempPathW
LoadLibraryExA
VirtualQuery
VirtualProtect
GetCurrentProcessId
GetModuleHandleW
CreateEventW
WaitForSingleObject
CreateThread
RaiseException
GetProcAddress
DecodePointer
GetCommandLineW
GetCurrentDirectoryW
FindFirstFileW
RemoveDirectoryW
CreateProcessW
FindClose
CopyFileW
WriteFile
SetConsoleMode
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
InitializeCriticalSection
WaitForSingleObjectEx
GetCurrentThreadId
GetDriveTypeW
GetCurrentProcess
LocalFree
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
CreateEventA
TlsFree
TlsAlloc
CloseHandle
SetEvent
GetLastError
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SleepEx

user32

SetTimer
KillTimer
IsWindowUnicode
MessageBeep
MessageBoxW
SendMessageW
SetWindowPos
GetDesktopWindow
GetParent
PostThreadMessageW
GetWindowRect
GetSystemMenu
EnableMenuItem
TrackPopupMenu
ScreenToClient
GetSysColorBrush
ReleaseCapture
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ScrollDC
ScrollWindowEx
SetScrollInfo
SetCapture
CreateCaret
DestroyCaret
SetCaretPos
SendMessageTimeoutA
AdjustWindowRectEx
CreateWindowExA
IsChild
GetSystemMetrics
GetWindowDC
DrawEdge
DrawFrameControl
CreateIconFromResourceEx
GetIconInfo
GetProcessWindowStation
InvertRect
DrawTextA
DrawTextW
GetCaretBlinkTime
LoadStringW
LoadStringA
IsWindow
ShowWindow
SetForegroundWindow
ReleaseDC
BeginPaint
EndPaint
PostMessageW
FindWindowW
GetWindowThreadProcessId
ExitWindowsEx
CharNextW
PostMessageA
IsIconic
InvalidateRect
GetCapture
GetAsyncKeyState
GetFocus
GetKeyboardLayout
SetFocus
UnregisterClassW
LoadIconW
CreateWindowExW
SystemParametersInfoW
GetClassInfoExW
RegisterClassExW
UpdateWindow
SetWindowLongW
GetWindowLongW
DefWindowProcW
DestroyWindow
IsZoomed
SetWindowTextW
RegisterWindowMessageW
CreatePopupMenu
AppendMenuW
GetCursorPos
DestroyMenu
SetParent
DialogBoxIndirectParamW
EndDialog
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
IntersectRect
SetWindowPlacement
SetCursor
ClientToScreen
GetActiveWindow
IsWindowEnabled
GetKeyState
GetWindowPlacement
InflateRect
PtInRect
SetWindowRgn
GetMessageA
WindowFromPoint
GetSysColor
FillRect
OffsetRect
GetWindowLongA
SetWindowLongA
GetClassLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetUserObjectInformationW
DrawIconEx
CharUpperW
DispatchMessageA
CallNextHookEx
PeekMessageA
SendMessageA
DefWindowProcA
GetDoubleClickTime
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetDC
RegisterClassExA
UnregisterClassA
MoveWindow
GetDlgCtrlID
RegisterClassW
RegisterClassA
RegisterWindowMessageA
NotifyWinEvent
SystemParametersInfoA
GetScrollInfo
DestroyIcon
CreateCursor
LoadCursorFromFileA
LoadCursorA

gdi32

SetPixel
PatBlt
GetCharacterPlacementW
CreateHatchBrush
GetFontLanguageInfo
GetWindowOrgEx
CreatePatternBrush
GetPixel
GetTextAlign
TextOutW
GetTextExtentPoint32W
RectVisible
GetTextExtentExPointW
GetClipBox
ExcludeClipRect
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateCompatibleDC
GetTextExtentPoint32A
BitBlt
DeleteObject
CombineRgn
CreateRectRgn
GetStockObject
GetViewportExtEx
GetWindowExtEx
RestoreDC
SaveDC
SelectObject
SetBkColor
SetMapMode
SetLayout
SetTextColor
GetObjectA
DPtoLP
LPtoDP
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
GetDeviceCaps
GdiFlush
GetTextMetricsA
SetBrushOrgEx
SetStretchBltMode
GetDIBits
CreateDIBPatternBrushPt
StretchDIBits
StretchBlt
CreateDIBSection
EnumFontFamiliesExA
AddFontMemResourceEx
CreateCompatibleBitmap
CreateRoundRectRgn
GetCurrentObject
GetGlyphOutlineW
GetKerningPairsA
CreateFontA
IntersectClipRect
SetTextAlign
CreateBitmap
Rectangle
CreatePen
SetBkMode
TextOutA
GetMapMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
DragQueryFileW
ord74
SHGetFileInfoW
SHChangeNotify

ole32

CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoGetClassObject
RegisterDragDrop
RevokeDragDrop
DoDragDrop
ReleaseStgMedium
CoCreateGuid
CoInitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
OleRun
CoCreateInstance
CoUninitialize

oleaut32

LoadRegTypeLi
SysAllocStringLen
SysFreeString
VariantInit
GetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msi

ord160
ord159
ord32
ord8
ord118
ord168
ord92
ord111
ord14
ord43
ord141
ord45
ord137
ord88
ord205
ord117
ord70

shlwapi

AssocQueryStringW
UrlEscapeA
PathFileExistsW

ws2_32

htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
setsockopt
WSAStartup
WSAIoctl
shutdown
ntohs
getnameinfo
ntohl
htonl
gethostname
ioctlsocket
listen
accept
sendto
WSACleanup
recvfrom
freeaddrinfo
getaddrinfo

dbghelp

MiniDumpWriteDump

winhttp

WinHttpGetIEProxyConfigForCurrentUser

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

oleacc

LresultFromObject
AccessibleObjectFromWindow

winmm

timeSetEvent
timeGetTime
PlaySoundA
timeGetDevCaps
timeKillEvent

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCandidateWindow
ImmIsIME

comctl32

ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetIconSize

urlmon

FindMimeFromData

Exports

Exports

??0?$oserializer@Vbinary_oarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@QAE@XZ
??0?$oserializer@Vbinary_oarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@QAE@XZ
??0?$singleton@V?$extended_type_info_typeid@UtagRECT@@@serialization@boost@@@serialization@boost@@QAE@XZ
??0?$singleton@V?$extended_type_info_typeid@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@serialization@boost@@@serialization@boost@@QAE@XZ
??1?$singleton@V?$extended_type_info_typeid@UtagRECT@@@serialization@boost@@@serialization@boost@@QAE@XZ
??1?$singleton@V?$extended_type_info_typeid@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@serialization@boost@@@serialization@boost@@QAE@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UtagRECT@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UtagRECT@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@UtagRECT@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@UtagRECT@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@3@XZ
?get_lock@singleton_module@serialization@boost@@CAAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@SA_NXZ
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@CAAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@SAXXZ
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?unlock@singleton_module@serialization@boost@@SAXXZ

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b0d3d44296f90567ab52659d00a774e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:9d:88:7d:8a:e3:b1:4a:b8:9e:9c:ad:d9:2e:f1:9cCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:9d:88:7d:8a:e3:b1:4a:b8:9e:9c:ad:d9:2e:f1:9cCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

06:35:c0:3e:f4:37:be:90:0b:9b:a0:f8:f4:8b:5a:d8:60:29:73:e2:f5:73:33:63:cd:f3:7b:d5:44:ed:d0:66Signer

58:9f:a2:0f:d4:57:f2:b0:27:8d:9b:de:86:7f:0e:2a:fd:dd:31:30Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

wldap32

crypt32

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

version

msi

shlwapi

ws2_32

dbghelp

winhttp

psapi

wintrust

oleacc

winmm

imm32

comctl32

urlmon

Exports

Exports

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 128KB - Virtual size: 223KB

.rsrc Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 311KB - Virtual size: 311KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:9d:88:7d:8a:e3:b1:4a:b8:9e:9c:ad:d9:2e:f1:9c
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:9d:88:7d:8a:e3:b1:4a:b8:9e:9c:ad:d9:2e:f1:9c
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

06:35:c0:3e:f4:37:be:90:0b:9b:a0:f8:f4:8b:5a:d8:60:29:73:e2:f5:73:33:63:cd:f3:7b:d5:44:ed:d0:66
Signer

58:9f:a2:0f:d4:57:f2:b0:27:8d:9b:de:86:7f:0e:2a:fd:dd:31:30
Signer

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 128KB - Virtual size: 223KB

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 311KB - Virtual size: 311KB