96caa70a8d2a5f4195b80c53ba319c65_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

96caa70a8d2a5f4195b80c53ba319c65_JaffaCakes118
Size

496KB
MD5

96caa70a8d2a5f4195b80c53ba319c65
SHA1

376fddabb729af46ee7d44331be13c47d6f0d20d
SHA256

162ee39db47d422b8053d1e41ef4f986b96346bfd72eeebb1db5ae38b5aa6b36
SHA512

f9b910d66c273323c83bcde92fb458864795db7fb1ff66d40e83c73b0f50e3d97fef152f931a3f222bce1315f8cd105d02fdb86bc00969b1db2d664862cb4e63
SSDEEP

12288:8QCT0GpU8MoTWVE9ynTy2KIFhiQg+CNsLwn/zg6om+:9DGC8JwEInTvKyrg+sscn/zroZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisdl.dll
unpack001/$PLUGINSDIR/skinnedbutton.dll

Files

96caa70a8d2a5f4195b80c53ba319c65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17b7d61bda0f7478e36d9ce3d4170680

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:a9:1c:40:ea:e3:4e:72:cd:97:5b:0b:21:8a:e4:ba
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

19/09/2014, 00:00

Not After

19/09/2015, 23:59

Subject

CN=Innovative Systems LLC,O=Innovative Systems LLC,L=Dnepropetrovsk,ST=Dnepropetrovska,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

05:4f:60:99:47:a7:7e:28:dd:49:ef:db:c1:07:ef:30:4e:dd:38:55
Signer

Actual PE Digest

05:4f:60:99:47:a7:7e:28:dd:49:ef:db:c1:07:ef:30:4e:dd:38:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
SetFileAttributesW
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
GetCommandLineW
GetTempPathW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
MultiByteToWideChar
FindClose
MulDiv
ReadFile
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll windows:5 windows x86 arch:x86

2c52aeb96d10773524db81a6cc37d108

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

59:aa:ce:40:23:87:a7:6f:64:1a:eb:61:b7:8f:5e:5e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/08/2014, 00:00

Not After

26/08/2015, 23:59

Subject

CN=OpenCandy,O=OpenCandy,POSTALCODE=92101,STREET=510 Market St #301,L=San Diego,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:93:ad:d6:95:d6:37:12:4f:84:29:0e:18:31:cf:a3:07:a5:b3:60
Signer

Actual PE Digest

c7:93:ad:d6:95:d6:37:12:4f:84:29:0e:18:31:cf:a3:07:a5:b3:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetTickCount
WaitForSingleObject
DeleteFileW
ProcessIdToSessionId
HeapAlloc
GetProcessHeap
HeapFree
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
GetVersionExW
GetSystemInfo
WriteFile
CreateMutexW
OpenMutexW
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
OutputDebugStringW
GetLocaleInfoW
GetUserDefaultUILanguage
GetCurrentThread
GlobalFree
ResumeThread
FreeResource
ResetEvent
SystemTimeToFileTime
CreateProcessW
MoveFileExW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetModuleHandleA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitThread
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetNativeSystemInfo
CompareFileTime
GetFullPathNameW
InterlockedDecrement
InterlockedIncrement
GetTempFileNameW
GetTempPathW
SetFilePointer
FindResourceA
GetModuleFileNameW
ReadFile
FindClose
FindNextFileW
FindFirstFileW
GetEnvironmentVariableW
GetCurrentProcessId
GetFileSize
CreateFileW
GetFileAttributesW
SetErrorMode
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
SetEvent
GlobalUnlock
GlobalLock
GlobalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
CloseHandle
FreeLibrary
LoadLibraryW
CreateEventW
MulDiv
lstrlenW
lstrcpynW
SetLastError
RaiseException
Sleep
CreateThread
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache

psapi

GetProcessImageFileNameW
EnumProcesses

msimg32

AlphaBlend

user32

CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
NotifyWinEvent
DestroyCursor
SetActiveWindow
IntersectRect
MsgWaitForMultipleObjectsEx
DestroyWindow
LoadCursorW
GetMessageW
FindWindowW
IsWindow
GetDesktopWindow
PostQuitMessage
KillTimer
SetTimer
GetWindowTextLengthW
GetWindowTextW
EnumChildWindows
EnumWindows
PostMessageW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetSysColor
GetSysColorBrush
GetDC
SendMessageW
SetFocus
GetForegroundWindow
TrackMouseEvent
InvalidateRect
CharNextW
GetClientRect
BeginPaint
EndPaint
CreateDialogParamW
OffsetRect
GetUpdateRect
SetRect
GetWindow
MonitorFromWindow
SetCursor
GetCursor
DrawFocusRect
ReleaseCapture
MessageBoxW
MapWindowPoints
GetParent
GetSystemMetrics
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
SetWindowTextW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetDlgItem
ShowWindow
ReleaseDC
DrawTextW
FillRect
GetAsyncKeyState
CopyRect
GetMonitorInfoW
MonitorFromPoint
MoveWindow
GetWindowRect
GetAncestor
DrawFrameControl
PtInRect
ScreenToClient
GetCursorPos
UnregisterClassA

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
DeleteDC
DPtoLP
CreateFontIndirectW
CreateDIBSection
GdiFlush
GetStockObject
CreatePatternBrush
SetBkColor
ExtTextOutW
CreateSolidBrush
DeleteObject

advapi32

RegDeleteKeyW
RegEnumKeyExW
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptAcquireContextW
LookupAccountSidW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
RegQueryInfoKeyW
CreateProcessAsUserW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
LookupPrivilegeValueW

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoSetProxyBlanket
CLSIDFromProgID
CoInitializeSecurity
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoInitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance

oleaut32

LoadRegTypeLi
UnRegisterTypeLi
SysFreeString
RegisterTypeLi
SysAllocString
VariantClear
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
OleLoadPicture
LoadTypeLi

urlmon

URLDownloadToFileW

comctl32

InitCommonControlsEx

uxtheme

DrawThemeBackground
OpenThemeData
CloseThemeData

gdiplus

GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipCloneImage
GdipDrawImagePointRectI
GdiplusStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

shlwapi

PathMatchSpecW

Exports

Exports

RHPID994RHEng1
RHPID994RHEng10
RHPID994RHEng11
RHPID994RHEng12
RHPID994RHEng13
RHPID994RHEng14
RHPID994RHEng15
RHPID994RHEng16
RHPID994RHEng17
RHPID994RHEng19
RHPID994RHEng20
RHPID994RHEng22
RHPID994RHEng29
RHPID994RHEng31
RHPID994RHEng32
RHPID994RHEng33
RHPID994RHEng34
RHPID994RHEng35
RHPID994RHEng36
RHPID994RHEng37
RHPID994RHEng38
RHPID994RHEng39
RHPID994RHEng40
RHPID994RHEng41
RHPID994RHEng42
RHPID994RHEng44
RHPID994RHEng45
RHPID994RHEng46
RHPID994RHEng47
RHPID994RHEng48
RHPID994RHEng49
RHPID994RHEng5
RHPID994RHEng50
RHPID994RHEng51
RHPID994RHEng52
RHPID994RHEng53
RHPID994RHEng54
RHPID994RHEng55
RHPID994RHEng56
RHPID994RHEng57
RHPID994RHEng58
RHPID994RHEng59
RHPID994RHEng6
RHPID994RHEng60
RHPID994RHEng61
RHPID994RHEng62
RHPID994RHEng63
RHPID994RHEng64
RHPID994RHEng65
RHPID994RHEng66
RHPID994RHEng67
RHPID994RHEng68
RHPID994RHEng69
RHPID994RHEng7
RHPID994RHEng70
RHPID994RHEng71
RHPID994RHEng8
RHPID994RHEng9
_RHPID994RHEng2@16
_RHPID994RHEng3@16
_RHPID994RHEng43@16
_RHPID994RHEng4@16

Sections

.text
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/button.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ec5fddc407d2b4e0a16fc4d786afc555

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
GetPropW
CharPrevW
MapWindowPoints
DrawFocusRect
GetWindowLongW
GetClientRect
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
LoadCursorW
RemovePropW
DrawTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisdl.dll
.dll windows:4 windows x86 arch:x86

d09878220c1fdc2c2325ac1b89d388da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
WaitForSingleObject
CloseHandle
lstrlenA
GlobalAlloc
GlobalFree
MulDiv
lstrcatA
GetTickCount
Sleep
WriteFile
CreateFileW
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
lstrcpyA
lstrcmpiA
CreateThread

user32

SetWindowLongW
RegisterWindowMessageW
CallWindowProcW
DestroyWindow
EnableWindow
CharPrevA
GetWindowRect
CreateWindowExW
SetDlgItemTextA
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExW
wsprintfA
SetWindowTextA
SendMessageW
GetWindowLongW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

wsock32

__WSAFDIsSet
ioctlsocket
inet_ntoa
htons
socket
closesocket
shutdown
connect
gethostbyname
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/skinnedbutton.dll
.dll windows:5 windows x86 arch:x86

474ef7d9696c266bdfa4dd5ce77c1747

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
LocalFree
lstrcmpiW
GlobalFree
GetLastError
lstrlenW
GetFileAttributesW
lstrcpynW
FormatMessageW
GlobalAlloc

user32

GetClassNameW
GetDlgItem
InvalidateRect
SetPropW
GetClassLongW
GetParent
DrawTextW
PostMessageW
LoadImageW
SetWindowLongW
EnumChildWindows
ShowWindow
FindWindowExW
GetDlgItemTextW
UpdateWindow
GetPropW
CallWindowProcW
GetWindowLongW

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
StretchBlt
DeleteDC
SetTextColor
BitBlt
SetStretchBltMode

Exports

Exports

setskin
skinit
unskinit

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17b7d61bda0f7478e36d9ce3d4170680

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

09:a9:1c:40:ea:e3:4e:72:cd:97:5b:0b:21:8a:e4:baCertificate

Extended Key Usages

Key Usages

05:4f:60:99:47:a7:7e:28:dd:49:ef:db:c1:07:ef:30:4e:dd:38:55Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 3.6MB

.ndata Size: - Virtual size: 164KB

.rsrc Size: 38KB - Virtual size: 38KB

2c52aeb96d10773524db81a6cc37d108

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

59:aa:ce:40:23:87:a7:6f:64:1a:eb:61:b7:8f:5e:5eCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

c7:93:ad:d6:95:d6:37:12:4f:84:29:0e:18:31:cf:a3:07:a5:b3:60Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

msimg32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

comctl32

uxtheme

gdiplus

version

wininet

shlwapi

Exports

Exports

Sections

.text Size: 509KB - Virtual size: 508KB

.rdata Size: 229KB - Virtual size: 228KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

09:a9:1c:40:ea:e3:4e:72:cd:97:5b:0b:21:8a:e4:ba
Certificate

05:4f:60:99:47:a7:7e:28:dd:49:ef:db:c1:07:ef:30:4e:dd:38:55
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 164KB

.rsrc
Size: 38KB - Virtual size: 38KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

59:aa:ce:40:23:87:a7:6f:64:1a:eb:61:b7:8f:5e:5e
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

c7:93:ad:d6:95:d6:37:12:4f:84:29:0e:18:31:cf:a3:07:a5:b3:60
Signer

.text
Size: 509KB - Virtual size: 508KB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 39KB - Virtual size: 38KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 576B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 626B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 882B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 108B

.reloc
Size: 512B - Virtual size: 390B