88694c5e30c355cc2c7eed7aca2bf08d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88694c5e30c355cc2c7eed7aca2bf08d_JaffaCakes118
Size

2.4MB
MD5

88694c5e30c355cc2c7eed7aca2bf08d
SHA1

945b30fc8a48c253a0bf5cfdd61e68e1e7b76657
SHA256

fd57a5a34b0fe88925113813e736856c16b492d3bf5c68961f2bc56ab5b960d9
SHA512

4a07de826e737c9aaebc6afdcec0300f622727aa715e3600bef1edeee60ca451868b2f5861567cf45690494490081be3cb212ba59c36d92ef76476f46ae7dcb0
SSDEEP

49152:hsDl+5UQR1/nbIGtTILS+neuIohA47f7VqzWG7S9P0/6Nh:GGR5buu+echb7zVGWG7Sx0/6L

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

88694c5e30c355cc2c7eed7aca2bf08d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

52:3e:b7:7a:07:98:03:06:0d:89:ec:18:31:2d:96:36
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

22/12/2015, 00:55

Not After

22/01/2017, 00:55

Subject

CN=上海欣烁网络科技有限公司,O=上海欣烁网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:eb:75:8c:0a:f4:a5:f9:23:ef:64:41:dc:d3:82:22:46:e5:f5:53
Signer

Actual PE Digest

f6:eb:75:8c:0a:f4:a5:f9:23:ef:64:41:dc:d3:82:22:46:e5:f5:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config.zip
.zip
config/1_d.png
.png
config/1_n.png
.png
config/1_o.png
.png
config/2_d.png
.png
config/2_n.png
.png
config/2_o.png
.png
config/3_d.png
.png
config/3_n.png
.png
config/3_o.png
.png
config/4_d.png
.png
config/4_n.png
.png
config/4_o.png
.png
config/6_d.png
.png
config/6_n.png
.png
config/6_o.png
.png
config/7_d.png
.png
config/7_n.png
.png
config/7_o.png
.png
config/cg.txt
config/downarrow.jpg
.png
config/logo.png
.png
config/main1.png
.png
config/style.png
.png
config/1_d.png
.png
config/1_n.png
.png
config/1_o.png
.png
config/2_d.png
.png
config/2_n.png
.png
config/2_o.png
.png
config/3_d.png
.png
config/3_n.png
.png
config/3_o.png
.png
config/4_d.png
.png
config/4_n.png
.png
config/4_o.png
.png
config/6_d.png
.png
config/6_n.png
.png
config/6_o.png
.png
config/7_d.png
.png
config/7_n.png
.png
config/7_o.png
.png
config/cg.txt
config/downarrow.jpg
.png
config/logo.png
.png
config/main1.png
.png
config/style.png
.png
uninst.exe.nsis
´.exe
.exe windows:5 windows x86 arch:x86

57aa7434681273dced5ab0263196963c

Code Sign

52:3e:b7:7a:07:98:03:06:0d:89:ec:18:31:2d:96:36
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

22/12/2015, 00:55

Not After

22/01/2017, 00:55

Subject

CN=上海欣烁网络科技有限公司,O=上海欣烁网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:b1:2e:0b:01:17:95:41:55:a8:ad:6e:5b:ac:dc:68:ff:98:46:ca
Signer

Actual PE Digest

00:b1:2e:0b:01:17:95:41:55:a8:ad:6e:5b:ac:dc:68:ff:98:46:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntry
HttpQueryInfoA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryOptionA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA
InternetCrackUrlA

kernel32

IsValidCodePage
GetConsoleCP
GetConsoleMode
MoveFileExW
GetTimeZoneInformation
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
GetProcessHeap
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetStartupInfoW
SetFilePointerEx
TerminateProcess
lstrlenA
GetProcAddress
InitializeCriticalSectionAndSpinCount
LoadLibraryA
FreeLibrary
LockResource
LocalFree
SetUnhandledExceptionFilter
LoadResource
SizeofResource
FormatMessageA
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
GetFileSize
MapViewOfFile
CreateFileMappingA
GetCurrentDirectoryA
CreateFileA
InterlockedIncrement
InterlockedDecrement
GetLastError
lstrcmpW
GetModuleFileNameA
CreateProcessA
GlobalReAlloc
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentProcess
GetFileType
WriteFile
ReadFile
SetFilePointer
SetFileTime
CloseHandle
DuplicateHandle
DosDateTimeToFileTime
CreateDirectoryA
UnhandledExceptionFilter
GetStdHandle
SetStdHandle
HeapQueryInformation
HeapSize
ExitThread
CreateThread
HeapReAlloc
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapAlloc
HeapFree
RtlUnwind
RaiseException
IsProcessorFeaturePresent
SetFileAttributesA
GetFileAttributesA
DeleteFileA
IsDebuggerPresent
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
Sleep
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
lstrcpyA
SetErrorMode
GetTickCount
GetWindowsDirectoryA
GetVolumeInformationA
lstrcmpiA
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FindFirstFileA
FindClose
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
GetACP
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetVersionExA
GetCurrentThread
ResumeThread
SetThreadPriority
WaitForSingleObject
LocalAlloc
FileTimeToLocalFileTime
GetThreadLocale
GetCurrentProcessId
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
GetCurrentThreadId
DeleteCriticalSection
DecodePointer
EncodePointer
CopyFileA
MulDiv
GlobalSize
FindResourceA
LoadLibraryW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
GetVersion
SetLastError
OutputDebugStringA
GetFileAttributesW

user32

LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
LoadMenuW
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
DrawFrameControl
LoadImageW
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
PostThreadMessageA
LockWindowUpdate
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
GetIconInfo
DrawIconEx
RegisterClipboardFormatA
GetMenuDefaultItem
SetParent
GetSystemMenu
UnionRect
MessageBeep
LoadCursorW
DeleteMenu
CharUpperA
IsRectEmpty
InvalidateRgn
CopyAcceleratorTableA
SetCapture
UnregisterClassA
CopyImage
GetMenuItemInfoA
GetSysColorBrush
RealChildWindowFromPoint
ReuseDDElParam
UnpackDDElParam
LoadImageA
DestroyIcon
InsertMenuItemA
DestroyMenu
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
SetRectEmpty
IsZoomed
MapVirtualKeyA
GetKeyNameTextA
WaitMessage
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
CharNextA
IntersectRect
InflateRect
GetWindowThreadProcessId
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
SendMessageA
EnableWindow
GetWindowLongA
SetWindowLongA
GetParent
GrayStringA
DrawTextExA
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
FrameRect
CharUpperBuffA
EndDialog
CreateDialogIndirectParamA
DestroyWindow
DrawFocusRect
GetSysColor
ModifyMenuA
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongA
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableA
ClientToScreen
GetCursorPos
ReleaseCapture
GetCapture
GetNextDlgGroupItem
PostMessageA
DrawEdge
EqualRect
KillTimer
SetTimer
IsWindow
LoadBitmapW
SetWindowRgn
SetWindowPos
GetDC
GetWindowRect
AdjustWindowRect
CopyRect
SystemParametersInfoA
MessageBoxA
RegisterHotKey
ShowWindow
IsWindowVisible
IsIconic
GetFocus
GetSystemMetrics
DrawIcon
DrawTextA
UpdateWindow
SetForegroundWindow
InvalidateRect
RedrawWindow
GetClientRect
SetCursor
ScreenToClient
FillRect
SetRect
OffsetRect
PtInRect
LoadCursorA
LoadIconA
LoadIconW
FlashWindowEx
GetKeyState
ReleaseDC
WindowFromPoint

gdi32

GetDeviceCaps
GetTextExtentPoint32A
SetPixel
CopyMetaFileA
CreateDCA
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
GetBitmapBits
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
EnumFontFamiliesA
GetTextCharsetInfo
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExA
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
CreateDIBitmap
CreateBitmapIndirect
SelectClipRgn
GetPixel
ExtCreateRegion
CreateRectRgn
CombineRgn
GetTextMetricsA
StretchBlt
GetStockObject
CreateFontIndirectA
GetObjectA
SetDIBColorTable
BitBlt
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
SetWindowOrgEx
CreateCompatibleBitmap
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
DragQueryFileA
DragFinish
SHGetFileInfoA
SHAppBarMessage
SHBrowseForFolderA
Shell_NotifyIconA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ImageList_Draw
ImageList_AddMasked
ord17
_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
UrlUnescapeA
PathRemoveFileSpecW

uxtheme

GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeText

ole32

StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
IsAccelerator
CoTaskMemAlloc
OleTranslateAccelerator
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoInitializeEx
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard

oleaut32

VariantInit
VariantClear
VariantCopy
SysAllocString
VariantChangeType
OleCreateFontIndirect
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SafeArrayDestroy
VarBstrFromDate
SysStringByteLen
SysFreeString
SysAllocStringLen

oledlg

ord8

wsock32

WSASetLastError
WSACleanup
WSAStartup

gdiplus

GdipCreateFromHDC
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImagePointsI
GdiplusShutdown
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdiplusStartup
GdipAlloc
GdipDrawImageRectI
GdipFree
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA
timeKillEvent
timeSetEvent

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

52:3e:b7:7a:07:98:03:06:0d:89:ec:18:31:2d:96:36Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

f6:eb:75:8c:0a:f4:a5:f9:23:ef:64:41:dc:d3:82:22:46:e5:f5:53Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 20KB - Virtual size: 19KB

57aa7434681273dced5ab0263196963c

Code Sign

52:3e:b7:7a:07:98:03:06:0d:89:ec:18:31:2d:96:36Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

00:b1:2e:0b:01:17:95:41:55:a8:ad:6e:5b:ac:dc:68:ff:98:46:caSigner

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

wsock32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 348KB - Virtual size: 348KB

.data Size: 32KB - Virtual size: 74KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 435KB - Virtual size: 435KB

52:3e:b7:7a:07:98:03:06:0d:89:ec:18:31:2d:96:36
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

f6:eb:75:8c:0a:f4:a5:f9:23:ef:64:41:dc:d3:82:22:46:e5:f5:53
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 20KB - Virtual size: 19KB

52:3e:b7:7a:07:98:03:06:0d:89:ec:18:31:2d:96:36
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

00:b1:2e:0b:01:17:95:41:55:a8:ad:6e:5b:ac:dc:68:ff:98:46:ca
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 348KB - Virtual size: 348KB

.data
Size: 32KB - Virtual size: 74KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 435KB - Virtual size: 435KB