788311c8b12848d2181b62c737e06a55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

788311c8b12848d2181b62c737e06a55_JaffaCakes118
Size

2.4MB
MD5

788311c8b12848d2181b62c737e06a55
SHA1

2ed067a1fa05171e6be1042a21ef8c9a2080039a
SHA256

53b33bbed30f83baec3d02d663def69fb9ce7bd7b18fdb311dfa6e9acd7f896d
SHA512

cbfb69a10827e66ef333f50232ca4b441016f771060686a8ec576b9881ae2f66bd5df06e95adc1ac2414ce84504a020d33455add853bf0ada68f3d12bfb6487c
SSDEEP

49152:yad5vXyjydJirjejcb5CbxrKvZZuFrLF7vWvsdW+joNVmj30w+rKEuyyQ8Q5IAjg:yCQydJMjejcbAbxrKRwFrLFLWvsdW+j1

Score

1^/10

Malware Config

Signatures

Files

788311c8b12848d2181b62c737e06a55_JaffaCakes118
.dll windows:6 windows x86 arch:x86

cfe1988c880e4594bc88851be7f75f60

Code Sign

76:ba:94:23:dd:bc:e7:b1:45:a9:5f:01:ee:01:5f:17
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/10/2016, 00:00

Not After

19/01/2020, 23:59

Subject

CN=Avira Operations GmbH & Co. KG,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

11/07/2018, 11:33

Not After

11/07/2021, 11:33

Subject

SERIALNUMBER=HRA 722586,CN=Avira Operations GmbH & Co. KG,OU=Cloud\, Services and Infrastructure,O=Avira Operations GmbH & Co. KG,STREET=Kaplaneiweg 1,L=Tettnang,ST=Baden-Wuerttemberg,C=DE,1.2.840.113549.1.9.1=#0c0c63614061766972612e636f6d,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#1312426164656e2d577565727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:32:19:37:57:83:15:c1:5d:1b:05:70:2d:8a:91:da:59:76:69:8d:6f:22:c0:3d:5c:4f:cf:10:50:97:5b:07
Signer

Actual PE Digest

4d:32:19:37:57:83:15:c1:5d:1b:05:70:2d:8a:91:da:59:76:69:8d:6f:22:c0:3d:5c:4f:cf:10:50:97:5b:07

Digest Algorithm

sha256

PE Digest Matches

true

d8:0f:35:9e:ad:7f:e3:d0:10:7a:ed:ae:f9:e2:aa:61:cc:00:da:6f
Signer

Actual PE Digest

d8:0f:35:9e:ad:7f:e3:d0:10:7a:ed:ae:f9:e2:aa:61:cc:00:da:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\bamboo-build\WAVUI-WINAV-BARW\AV\BuildOutput\Bin\Release\ccdevprot.dll.pdb

Imports

ccwkrlib

GetComponentFactory

kernel32

GetModuleFileNameA
GetFileAttributesA
GetCurrentDirectoryA
CreateFileA
LoadLibraryA
VirtualQuery
VirtualProtect
OutputDebugStringW
QueryPerformanceCounter
DeviceIoControl
SetErrorMode
SetFilePointer
SetLastError
GetFileSize
GetComputerNameW
OpenProcess
GetStartupInfoW
SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetVolumeInformationW
VerifyVersionInfoW
GetSystemInfo
VerSetConditionMask
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LocalFree
LocalAlloc
GetVersionExW
GetCurrentThread
GetCurrentProcess
CreateMutexW
GetPrivateProfileIntW
lstrcpynW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocalTime
WideCharToMultiByte
FormatMessageW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetWindowsDirectoryW
GetSystemDirectoryW
ReadFile
GetFileAttributesExW
GetDriveTypeW
FindNextFileW
FindFirstFileW
FindClose
GetCurrentDirectoryW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
WritePrivateProfileStringW
GetModuleFileNameW
GetExitCodeProcess
Sleep
WriteFile
GetFileAttributesW
CreateFileW
LoadLibraryExW
GetNumberFormatW
GetLocaleInfoW
MulDiv
CopyFileW
DeleteFileW
FreeLibrary
MultiByteToWideChar
GetPrivateProfileStringW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
GetCPInfo
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
DecodePointer
FindNextChangeNotification
FindFirstChangeNotificationW
GetTimeZoneInformation
GetStdHandle
ExitProcess
SetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
EncodePointer
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GlobalSize
OutputDebugStringA
FreeResource
GetModuleHandleA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
lstrcmpA
FileTimeToSystemTime
lstrcpyW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
GlobalFlags
ResumeThread
GetTempPathW
FlushFileBuffers
GetFullPathNameW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
lstrcmpiW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
GetUserDefaultLCID
GetProfileIntW
SearchPathW
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
InterlockedPushEntrySList
InterlockedFlushSList
ExpandEnvironmentStringsA
LoadLibraryExA
RtlUnwind
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
ExitThread
GetModuleHandleExW

user32

SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
AdjustWindowRectEx
MessageBoxW
MapWindowPoints
PtInRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
CheckDlgButton
IsWindowEnabled
SetWindowTextW
IsDialogMessageW
CreateDialogIndirectParamW
EndDialog
GetActiveWindow
GetDesktopWindow
LoadMenuW
PostQuitMessage
GetWindowThreadProcessId
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
ClientToScreen
IntersectRect
GetKeyNameTextW
MapVirtualKeyW
SetLayeredWindowAttributes
GetSysColorBrush
EnumDisplayMonitors
SetTimer
KillTimer
GetCursorPos
WindowFromPoint
SetRect
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoW
CopyImage
GetMessageW
GetAsyncKeyState
ShowOwnedPopups
DeleteMenu
DrawEdge
DrawFrameControl
IsRectEmpty
ToUnicodeEx
GetKeyboardLayout
CharUpperW
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
IsZoomed
SetCapture
ReleaseCapture
GetSystemMenu
MessageBeep
NotifyWinEvent
SetCursorPos
SetParent
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
GetScrollRange
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetNextDlgGroupItem
EnableScrollBar
InvertRect
GetMenuDefaultItem
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CopyIcon
FrameRect
DrawIcon
MonitorFromPoint
UnionRect
GetDoubleClickTime
SetMenuDefaultItem
ModifyMenuW
IsCharLowerW
MapVirtualKeyExW
RegisterClipboardFormatW
CharUpperBuffW
UpdateLayeredWindow
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
WaitMessage
PostThreadMessageW
CreateMenu
GetComboBoxInfo
DestroyCursor
GetWindowRgn
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
SendMessageW
PostMessageW
UnregisterClassW
EnableWindow
RedrawWindow
GetSysColor
FillRect
CopyRect
GetDC
ReleaseDC
GetWindowRect
HideCaret
GetWindowLongW
GetWindow
LoadStringW
GetForegroundWindow
IsWindow
ShowScrollBar
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
SetClassLongW
CheckMenuItem
SetRectEmpty
SendDlgItemMessageA
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetActiveWindow
GetMenuState
GetMenuStringW
MapDialogRect
GetFocus
wsprintfW
GetWindowTextW
PeekMessageW
DispatchMessageW
TranslateMessage
SetWindowRgn
GetDlgCtrlID
IsWindowVisible
SetWindowPos
RegisterWindowMessageW
GetNextDlgTabItem
GetIconInfo
SystemParametersInfoW
LoadCursorW
EqualRect
OffsetRect
DrawFocusRect
SetCursor
TrackMouseEvent
GetClientRect
UpdateWindow
DrawIconEx
LoadImageW
DestroyIcon
LoadIconW
GetParent
InflateRect
ScreenToClient
InvalidateRect
DrawStateW
GetSystemMetrics

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetTextAlign
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
PatBlt
SetRectRgn
DPtoLP
CreateDIBitmap
SetROP2
SetPolyFillMode
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
StretchDIBits
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateRectRgn
CreateHatchBrush
SetTextColor
CreatePolygonRgn
CreateRoundRectRgn
SetBkColor
CreateBitmap
CreateDCW
CopyMetaFileW
CreatePalette
SetViewportExtEx
GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
SetPaletteEntries
ExtFloodFill
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
LPtoDP
SetDIBColorTable
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreateDIBSection
Polyline
Polygon
GetTextColor
Ellipse
CreateEllipticRgn
GetObjectW
GetCharWidthW
CreateFontW
GetBkColor
GetTextMetricsW
GetTextCharsetInfo
EnumFontFamiliesW
CreatePen
RoundRect
SetPixel
CreateSolidBrush
GetDeviceCaps
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel
GetTextExtentPoint32W
Rectangle
GetLayout
CreateFontIndirectW
CreateRectRgnIndirect
DeleteObject
FillRgn
GetStockObject
StretchBlt
CreatePatternBrush

advapi32

RegOpenKeyExA
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
CreateProcessAsUserW
GetSecurityDescriptorDacl
GetTokenInformation
LookupAccountSidW
GetUserNameW
SetEntriesInAclW
GetSecurityInfo
SetSecurityInfo
BuildExplicitAccessWithNameW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
TraceMessage

shell32

SHBrowseForFolderW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetSpecialFolderLocation
DragQueryFileW
DragFinish
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteW

ole32

IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CoInitialize
CoCreateInstance
CoDisconnectObject
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
OleTranslateAccelerator
CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

VarBstrFromDate
VariantCopy
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
LoadTypeLi

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent

shlwapi

PathIsRelativeA
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFileExistsW

uxtheme

DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeText
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme

gdiplus

GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Exports

Exports

execCCPluginCmdA
execCCPluginCmdW
getCCPlugin

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfe1988c880e4594bc88851be7f75f60

Code Sign

76:ba:94:23:dd:bc:e7:b1:45:a9:5f:01:ee:01:5f:17Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

2a:09:50:26:3e:06:49:6a:27:81:f5:50Certificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

4d:32:19:37:57:83:15:c1:5d:1b:05:70:2d:8a:91:da:59:76:69:8d:6f:22:c0:3d:5c:4f:cf:10:50:97:5b:07Signer

d8:0f:35:9e:ad:7f:e3:d0:10:7a:ed:ae:f9:e2:aa:61:cc:00:da:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ccwkrlib

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

uxtheme

gdiplus

oleacc

imm32

winmm

winspool.drv

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 373KB - Virtual size: 372KB

.data Size: 50KB - Virtual size: 73KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 165KB - Virtual size: 165KB

76:ba:94:23:dd:bc:e7:b1:45:a9:5f:01:ee:01:5f:17
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

4d:32:19:37:57:83:15:c1:5d:1b:05:70:2d:8a:91:da:59:76:69:8d:6f:22:c0:3d:5c:4f:cf:10:50:97:5b:07
Signer

d8:0f:35:9e:ad:7f:e3:d0:10:7a:ed:ae:f9:e2:aa:61:cc:00:da:6f
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 373KB - Virtual size: 372KB

.data
Size: 50KB - Virtual size: 73KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 165KB - Virtual size: 165KB