9a44fb75fc23f0867c33fdd4bc0f23cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9a44fb75fc23f0867c33fdd4bc0f23cc_JaffaCakes118
Size

5.7MB
MD5

9a44fb75fc23f0867c33fdd4bc0f23cc
SHA1

c31bbf5e8a6a021a85b6fbdac6d8889d00553b45
SHA256

87c307b5199d3ede02b3739460b393d95d98310b49d1abc0710412e0427417aa
SHA512

5da95732534b6b9e0eaf2ff1b4632934f2a3f22edc59c0a9b3f0db57244bfcc5652599470e178c5d16796cd9f67a4ede9e492844ab7e22dfdf348e4b7351844f
SSDEEP

98304:9S0tva1x1bhu0tCsm0tFYXgtLx7Mmz9AhRsYLHRtk3rpBw8zkqNRwQ+57E6YQEeT:9OxtKYYwtLx79z9AgYLHRtCzwWkbv57L

Score

1^/10

Malware Config

Signatures

Files

9a44fb75fc23f0867c33fdd4bc0f23cc_JaffaCakes118
.zip
Analysis.swf
BlogSnapper.swf
Config/slide.jpg
.jpg
CreationNotifier.swf
FilepickerIOPhotoLoader.html
.html .js polyglot
FlvPlayerBase.swf
PhotoNotifier.swf
PreloadAnimation.swf
Preview.swf
PrintWizardLoader.html
.html .js polyglot
Smilebox.swf
SmileboxBrowserEngine.dll.new
.dll windows:4 windows x86 arch:x86

7d505e5b81874118b8934c0f846e6b6f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/02/2015, 00:00

Not After

20/03/2018, 23:59

Subject

CN=Smilebox\, Inc.,O=Smilebox\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:e3:cf:97:9a:9f:96:d8:8b:3b:4d:e4:df:6b:0d:dd:92:a2:5d:ca
Signer

Actual PE Digest

c5:e3:cf:97:9a:9f:96:d8:8b:3b:4d:e4:df:6b:0d:dd:92:a2:5d:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
lstrcmpW
GlobalUnlock
GlobalLock
SetLastError
GlobalAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
HeapSize
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
MulDiv
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers
EnterCriticalSection
GetModuleFileNameW
GetLastError
GetCurrentThreadId
LoadLibraryExW
RaiseException
FindResourceW
GetModuleHandleW
LoadResource
FreeLibrary
SizeofResource
InitializeCriticalSection
LeaveCriticalSection
lstrlenW
MultiByteToWideChar
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
Sleep
lstrcmpiW

user32

SetWindowLongW
LoadCursorW
RegisterWindowMessageW
GetClassNameW
GetWindowLongW
MoveWindow
DefWindowProcW
ScreenToClient
GetDesktopWindow
ClientToScreen
UnregisterClassA
GetWindow
GetWindowTextW
SetWindowTextW
GetWindowTextLengthW
SetWindowPos
InvalidateRect
GetWindowInfo
RedrawWindow
SendMessageW
CallWindowProcW
CreateAcceleratorTableW
EndPaint
IsWindow
InvalidateRgn
GetDlgItem
GetDC
GetParent
ReleaseDC
CharNextW
DestroyWindow
GetClassInfoExW
GetSysColor
BeginPaint
SetCapture
IsChild
ReleaseCapture
GetClientRect
GetFocus
RegisterClassExW
DestroyAcceleratorTable
SetFocus
FillRect
CreateWindowExW

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject

advapi32

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

StringFromGUID2
OleLockRunning
OleInitialize
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoGetClassObject
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantInit
SysStringByteLen
OleCreateFontIndirect
VarUI4FromStr

Exports

Exports

??0?$CAxWindowT@VCWindow@ATL@@@ATL@@QAE@PAUHWND__@@@Z
??0?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@QAE@ABV01@@Z
??0?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@QAE@XZ
??0?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAE@ABV01@@Z
??0?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAE@XZ
??0?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@QAE@ABV01@@Z
??0?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@QAE@XZ
??0?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAE@ABV01@@Z
??0?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAE@XZ
??0?$_IDispEventLocator@$0EF@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAE@ABV01@@Z
??0?$_IDispEventLocator@$0EF@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAE@XZ
??0CSmileboxBrowserView@@QAE@ABV0@@Z
??0CSmileboxBrowserView@@QAE@XZ
??1?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@UAE@XZ
??1?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@UAE@XZ
??1?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@UAE@XZ
??1CSmileboxBrowserView@@UAE@XZ
??4?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEAAV01@ABV01@@Z
??4?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEAAV01@PAUHWND__@@@Z
??4?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@QAEAAV01@ABV01@@Z
??4?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAEAAV01@ABV01@@Z
??4?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@QAEAAV01@ABV01@@Z
??4?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAEAAV01@ABV01@@Z
??4?$_IDispEventLocator@$0EF@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAEAAV01@ABV01@@Z
??4CSmileboxBrowserView@@QAEAAV0@ABV0@@Z
??_7CSmileboxBrowserView@@6B?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@@
??_7CSmileboxBrowserView@@6B?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@@
??_B?1??GetWndClassInfo@CSmileboxBrowserView@@SAAAU_ATL_WNDCLASSINFOW@ATL@@XZ@51
??_B?1??_GetSinkMap@CSmileboxBrowserView@@SAPBU?$_ATL_EVENT_ENTRY@VCSmileboxBrowserView@@@ATL@@XZ@51
??_F?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEXXZ
?AddRef@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@UAGKXZ
?AttachControl@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJPAUIUnknown@@PAPAU3@@Z
?Create@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEPAUHWND__@@PAU3@V_U_RECT@2@PB_WKKV_U_MENUorID@2@PAX@Z
?Create@?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@QAEPAUHWND__@@PAU3@V_U_RECT@2@PB_WKKV_U_MENUorID@2@PAX@Z
?Create@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAEPAUHWND__@@PAU3@V_U_RECT@2@PB_WKKV_U_MENUorID@2@GPAX@Z
?CreateControl@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJKPAUIStream@@PAPAUIUnknown@@@Z
?CreateControl@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJPB_WPAUIStream@@PAPAUIUnknown@@@Z
?CreateControlEx@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJKPAUIStream@@PAPAUIUnknown@@1ABU_GUID@@PAU4@@Z
?CreateControlEx@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJPB_WPAUIStream@@PAPAUIUnknown@@2ABU_GUID@@PAU4@@Z
?DefWindowProcW@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAEJIIJ@Z
?DefWindowProcW@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAEJXZ
?DefaultReflectionHandler@?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@SAHPAUHWND__@@IIJAAJ@Z
?DestroyWindow@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAEHXZ
?DispEventAdvise@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAEJPAUIUnknown@@@Z
?DispEventAdvise@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAEJPAUIUnknown@@PBU_GUID@@@Z
?DispEventUnadvise@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAEJPAUIUnknown@@@Z
?DispEventUnadvise@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAEJPAUIUnknown@@PBU_GUID@@@Z
?ForwardNotifications@?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@QAEJIIJAAH@Z
?GetCurrentMessage@?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@QBEPBU_ATL_MSG@2@XZ
?GetFuncInfoFromId@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@UAEJABU_GUID@@JKAAU_ATL_FUNC_INFO@2@@Z
?GetIDsOfNames@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@UAGJABU_GUID@@PAPA_WIKPAJ@Z
?GetTypeInfo@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@UAGJIKPAPAUITypeInfo@@@Z
?GetTypeInfoCount@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@UAGJPAI@Z
?GetWindowProc@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@UAEP6GJPAUHWND__@@IIJ@ZXZ
?GetWndCaption@?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@SAPB_WXZ
?GetWndClassInfo@?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@SAAAU_ATL_WNDCLASSINFOW@2@XZ
?GetWndClassInfo@CSmileboxBrowserView@@SAAAU_ATL_WNDCLASSINFOW@ATL@@XZ
?GetWndClassName@?$CAxWindowT@VCWindow@ATL@@@ATL@@SAPB_WXZ
?GetWndExStyle@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@SAKK@Z
?GetWndStyle@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@SAKK@Z
?Invoke@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z
?InvokeFromFuncInfo@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@QAEJP8CSmileboxBrowserView@@AGXXZAAU_ATL_FUNC_INFO@2@PAUtagDISPPARAMS@@PAUtagVARIANT@@@Z
?IsMsgHandled@?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@QBEHXZ
?OnCreate@CSmileboxBrowserView@@QAEJIIJAAH@Z
?OnDestroy@CSmileboxBrowserView@@QAEJIIJAAH@Z
?OnDocumentComplete@CSmileboxBrowserView@@UAGXPAUIDispatch@@PAUtagVARIANT@@@Z
?OnFinalMessage@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@UAEXPAUHWND__@@@Z
?OnSize@CSmileboxBrowserView@@QAEJIIJAAH@Z
?PreTranslateMessage@CSmileboxBrowserView@@QAEHPAUtagMSG@@@Z
?ProcessWindowMessage@CSmileboxBrowserView@@UAEHPAUHWND__@@IIJAAJK@Z
?QueryControl@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJABU_GUID@@PAPAX@Z
?QueryHost@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJABU_GUID@@PAPAX@Z
?ReflectNotifications@?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@QAEJIIJAAH@Z
?Release@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@UAGKXZ
?SetExternalDispatch@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJPAUIDispatch@@@Z
?SetExternalUIHandler@?$CAxWindowT@VCWindow@ATL@@@ATL@@QAEJPAUIDocHostUIHandlerDispatch@@@Z
?SetMsgHandled@?$CWindowImplRoot@V?$CAxWindowT@VCWindow@ATL@@@ATL@@@ATL@@QAEXH@Z
?StartWindowProc@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@SGJPAUHWND__@@IIJ@Z
?SubclassWindow@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAEHPAUHWND__@@@Z
?UnsubclassWindow@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@QAEPAUHWND__@@H@Z
?WindowProc@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@SGJPAUHWND__@@IIJ@Z
?_GetSinkMap@CSmileboxBrowserView@@SAPBU?$_ATL_EVENT_ENTRY@VCSmileboxBrowserView@@@ATL@@XZ
?_LocDEQueryInterface@?$IDispEventSimpleImpl@$0EF@VCSmileboxBrowserView@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@UAGJABU_GUID@@PAPAX@Z
?createBrowser@CSmileboxBrowserView@@AAEJXZ
?killBrowser@CSmileboxBrowserView@@AAEXXZ
?map@?1??_GetSinkMap@CSmileboxBrowserView@@SAPBU?$_ATL_EVENT_ENTRY@VCSmileboxBrowserView@@@ATL@@XZ@4QBU34@B
?setBrowserListener@CSmileboxBrowserView@@QAEXPAVISmileboxBrowserViewListener@@@Z
?setDimension@CSmileboxBrowserView@@QAEXHH@Z
?stealthilyNavToUrl@CSmileboxBrowserView@@QAEXABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?wc@?1??GetWndClassInfo@?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@SAAAU_ATL_WNDCLASSINFOW@3@XZ@4U43@A
?wc@?1??GetWndClassInfo@CSmileboxBrowserView@@SAAAU_ATL_WNDCLASSINFOW@ATL@@XZ@4U34@A

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmileboxClient.exe
.exe windows:4 windows x86 arch:x86

47f3af27bd30bdf87ea220eca8a6acaf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/02/2015, 00:00

Not After

20/03/2018, 23:59

Subject

CN=Smilebox\, Inc.,O=Smilebox\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f2:91:5c:ce:33:89:ee:e0:2f:21:fd:67:96:a7:c2:33:57:31:ba:cb
Signer

Actual PE Digest

f2:91:5c:ce:33:89:ee:e0:2f:21:fd:67:96:a7:c2:33:57:31:ba:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdiplus

GdipGetImageEncoders
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromGdiDib
GdipCloneImage
GdipDeleteGraphics
GdipLoadImageFromFileICM
GdipCloneBrush
GdipFillRectangleI
GdipCreateFromHDC
GdipCreateSolidFill
GdipSetSolidFillColor
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipGetImageThumbnail
GdipDrawImageRectI
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipGetImageBounds
GdipFree

wininet

InternetQueryDataAvailable
InternetGetConnectedState
InternetCrackUrlW
InternetReadFile
InternetCanonicalizeUrlW
InternetWriteFile
InternetCloseHandle
HttpQueryInfoW
InternetOpenW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
HttpSendRequestExW
HttpEndRequestW
InternetOpenUrlW

psapi

EnumProcesses
GetModuleBaseNameW

kernel32

DeleteFileA
MoveFileA
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
VirtualAlloc
GetFileAttributesA
GetSystemTimeAsFileTime
GetTimeZoneInformation
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
RaiseException
CompareFileTime
MultiByteToWideChar
DeleteFileW
FindNextFileW
FindClose
FindFirstFileW
GetFileAttributesExW
Sleep
CreateDirectoryW
MoveFileW
EnterCriticalSection
LeaveCriticalSection
GetLastError
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
MulDiv
SetLastError
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalFree
GlobalHandle
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
CloseHandle
WaitForSingleObject
CreateThread
CreateSemaphoreW
ReleaseSemaphore
GetCurrentProcessId
CopyFileW
GetTickCount
ResumeThread
LocalFree
FormatMessageW
GetVersionExW
WideCharToMultiByte
LCMapStringA
CreateFileW
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetTempPathW
SetCurrentDirectoryW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
TerminateThread
SetEndOfFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetProcAddress
ReleaseMutex
CreateMutexA
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
RemoveDirectoryW
SetFileAttributesW
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetSystemTime
GetFileSize
WriteFile
GetFileAttributesW
GetFileTime
GetFullPathNameW
GetTempFileNameW
CreateProcessW
FlushFileBuffers
CreateMutexW
TerminateProcess
OpenProcess
SystemTimeToFileTime
FileTimeToSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
GetStdHandle
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadFile

user32

DialogBoxIndirectParamW
SetRect
EnumDisplaySettingsW
EnableWindow
GetWindowPlacement
SetWindowPlacement
wsprintfA
FindWindowW
SetCursor
ShowScrollBar
EnumChildWindows
LoadMenuW
LoadAcceleratorsW
GetMessageW
SetForegroundWindow
LoadImageW
PtInRect
MessageBeep
TrackPopupMenuEx
GetMenuItemInfoW
GetMenuItemCount
AppendMenuW
DestroyMenu
LoadStringA
PostQuitMessage
LoadStringW
MonitorFromPoint
GetMonitorInfoW
RemoveMenu
CreatePopupMenu
MessageBoxW
BringWindowToTop
IsIconic
TranslateAcceleratorW
GetActiveWindow
DialogBoxParamW
PrintWindow
PeekMessageW
TranslateMessage
DispatchMessageW
LoadIconW
GetSystemMetrics
SystemParametersInfoW
IsDialogMessageW
KillTimer
UnregisterClassA
CreateAcceleratorTableW
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetParent
IsChild
SetCapture
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
CharNextW
GetSysColor
CreateDialogIndirectParamW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DefWindowProcW
MapWindowPoints
IsWindow
SetWindowContextHelpId
GetWindow
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRect
GetWindowRect
SetWindowPos
CreateWindowExW
GetWindowLongW
SetWindowLongW
MapDialogRect
DestroyWindow
SendMessageW
PostMessageW
EndDialog
GetDlgItem
SetTimer

gdi32

CreateDCW
CreateDIBSection
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
DeleteDC
SelectObject

comdlg32

GetOpenFileNameW

advapi32

OpenProcessToken
SetTokenInformation
GetLengthSid
CreateProcessAsUserW
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateTokenEx
ConvertStringSidToSidW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
CryptReleaseContext
CryptDestroyHash
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam

shell32

ShellExecuteW
SHGetFolderPathW
DragQueryFileW
DragQueryPoint
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetDesktopFolder

ole32

CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

DispCallFunc
VarBstrCat
GetErrorInfo
VarUI4FromStr
VariantCopy
SysAllocStringByteLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysFreeString
VariantInit
SysAllocStringLen
VariantClear
SysStringLen

shlwapi

StrRetToBufW
PathFileExistsW

comctl32

InitCommonControlsEx

Sections

.text
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SmileboxDvd.new
.exe windows:4 windows x86 arch:x86

7d183b06acab122a8c2c9e6814032a5e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/02/2015, 00:00

Not After

20/03/2018, 23:59

Subject

CN=Smilebox\, Inc.,O=Smilebox\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:be:e0:7a:11:0b:8c:cc:02:67:23:af:b0:6d:ae:78:2b:7b:bf:80
Signer

Actual PE Digest

9f:be:e0:7a:11:0b:8c:cc:02:67:23:af:b0:6d:ae:78:2b:7b:bf:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCanonicalizeUrlW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenUrlW
InternetReadFile

gdiplus

GdipCreateBitmapFromFile
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipGetImageGraphicsContext
GdipDisposeImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdiplusShutdown
GdiplusStartup

winmm

waveOutWrite
waveOutClose
waveOutOpen
timeGetTime
timeKillEvent

avifil32

AVIMakeCompressedStream
AVIFileInit
AVIFileOpenW
AVIFileRelease
AVIFileExit
AVIStreamRelease
AVIStreamSetFormat
AVIFileCreateStreamW
AVIStreamWrite

dbghelp

ImageNtHeader
ImageDirectoryEntryToData

shlwapi

PathFileExistsW

portaudio_x86

ord4
ord15
ord14
ord21
ord18
ord5
ord19
ord22
ord25

kernel32

TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
VirtualQuery
IsBadReadPtr
GetProcAddress
GetSystemInfo
VirtualProtect
GetModuleHandleW
MultiByteToWideChar
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetCurrentProcessId
GetModuleFileNameW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
CreateDirectoryW
GetTempPathW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpW
MulDiv
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
GetVersionExW
WideCharToMultiByte
ReadFile
CloseHandle
CreateFileW
FreeLibrary
OpenProcess
TlsSetValue
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
Sleep
CreateThread
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteTimerQueue
CreateTimerQueueTimer
CreateTimerQueue
ResumeThread
GetTimeFormatW
GetDateFormatW
GetLocalTime
lstrcmpiW
RemoveDirectoryW
GlobalFree
GlobalHandle
GetFileSize
WriteFile
SetFilePointer
SetFileAttributesW
GetTempFileNameW
LocalFree
FormatMessageW
FlushFileBuffers
CreateProcessW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TlsFree
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapCreate
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetStartupInfoW
GetTimeZoneInformation
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

SetMenuDefaultItem
LoadStringW
PostQuitMessage
LoadStringA
TrackPopupMenuEx
PtInRect
GetWindowInfo
GetTitleBarInfo
GetWindowPlacement
GetMessageW
LoadImageW
LoadAcceleratorsW
LoadMenuW
CreateDialogIndirectParamW
SetTimer
KillTimer
UnregisterClassA
ShowWindow
CreateAcceleratorTableW
CreateWindowExW
IsWindow
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
SetMenuItemInfoW
CharNextW
GetSysColor
DestroyWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CallWindowProcW
SetWindowTextW
DefWindowProcW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBeep
SetFocus
GetWindow
MonitorFromPoint
GetMonitorInfoW
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
OpenClipboard
GetDlgItem
GetParent
SetDlgItemTextW
GetWindowLongW
EndDialog
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
PostMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
DialogBoxParamW
SetWindowLongW
RegisterWindowMessageW
SetWindowContextHelpId
MoveWindow
MapDialogRect
SetRect

gdi32

SetBkMode
GetStockObject
CreateSolidBrush
GetDeviceCaps
BitBlt
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
GetObjectW

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetLengthSid
CreateProcessAsUserW
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW
ord4
ord2

ole32

StringFromGUID2
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeEx
OleUninitialize
OleLockRunning

oleaut32

VarBstrCat
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
VariantInit
VariantClear
DispCallFunc
SysStringByteLen

comctl32

InitCommonControlsEx

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SmileboxPhoto.new
.exe windows:4 windows x86 arch:x86

4e503025fac8bc4063103c29ed372ea0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/02/2015, 00:00

Not After

20/03/2018, 23:59

Subject

CN=Smilebox\, Inc.,O=Smilebox\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:37:38:e4:0b:e9:3c:55:34:5b:a8:70:4c:4a:b8:a2:96:43:dd:f4
Signer

Actual PE Digest

95:37:38:e4:0b:e9:3c:55:34:5b:a8:70:4c:4a:b8:a2:96:43:dd:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageBounds
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFileICM
GdipDeleteGraphics
GdipFree
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipBitmapUnlockBits
GdipAlloc
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageThumbnail
GdipCloneImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipGetImageEncoders

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
HttpQueryInfoW
InternetCanonicalizeUrlW

kernel32

FlushInstructionCache
GetCurrentProcess
ResumeThread
CreateThread
GetCurrentThreadId
SetLastError
CreateDirectoryW
MultiByteToWideChar
LocalFree
FormatMessageW
GetVersionExW
lstrlenW
WideCharToMultiByte
ReadFile
CreateFileW
GetLastError
GetTickCount
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
SetEvent
GetCommandLineW
lstrcmpW
MulDiv
GetModuleFileNameW
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
WriteConsoleA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
LeaveCriticalSection
GetOEMCP
GetCPInfo
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTimeZoneInformation
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
WaitForSingleObject
CreateProcessW
FlushFileBuffers
ReleaseMutex
CreateMutexW
GetTempFileNameW
GetFileTime
SetFilePointer
EnterCriticalSection
CloseHandle
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
IsValidCodePage
RaiseException
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteFile
GetFileSize
GetTempPathW
GetEnvironmentStringsW

user32

GetDlgItem
GetParent
SetWindowPos
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
SetFocus
MessageBeep
GetWindowTextW
GetWindowLongW
EndDialog
MapWindowPoints
LoadStringW
GetSystemMetrics
SetWindowPlacement
GetWindowPlacement
PostMessageW
LoadIconW
RegisterWindowMessageW
CreateAcceleratorTableW
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
CharNextW
GetSysColor
LoadMenuW
LoadAcceleratorsW
PostThreadMessageW
LoadImageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
RegisterClassExW
PeekMessageW
PtInRect
IsWindow
TrackPopupMenuEx
GetMenuItemCount
AppendMenuW
DestroyMenu
LoadStringA
PostQuitMessage
GetWindowTextLengthW
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromPoint
GetMonitorInfoW
RemoveMenu
CreatePopupMenu
DefWindowProcW
LoadCursorW
GetClassInfoExW
ShowWindow
BringWindowToTop
CallWindowProcW
InvalidateRect
DestroyWindow
TranslateAcceleratorW
GetActiveWindow
DialogBoxParamW
SetWindowTextW
SendMessageW
SetWindowLongW
UnregisterClassA

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject

advapi32

CryptDestroyHash
CryptHashData
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptGetHashParam

shell32

SHGetFolderPathW

ole32

CoCreateInstance
OleInitialize
OleUninitialize
CoRevokeClassObject
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

VarBstrCat
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
DispCallFunc
SysStringByteLen
SysFreeString
VariantClear
VariantInit
VariantCopy
SysAllocString
SysAllocStringByteLen

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SmileboxPhoto.swf
SmileboxPhotoLoader.html
.html .js polyglot
SmileboxStarter.new
.exe windows:4 windows x86 arch:x86

99f97dadd7097a00494fd23d4600b620

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/02/2015, 00:00

Not After

20/03/2018, 23:59

Subject

CN=Smilebox\, Inc.,O=Smilebox\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:d7:d7:0c:6b:4f:8e:58:fc:39:82:21:20:90:4b:2d:59:27:b0:c2
Signer

Actual PE Digest

49:d7:d7:0c:6b:4f:8e:58:fc:39:82:21:20:90:4b:2d:59:27:b0:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieW
InternetGetCookieExW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetGetConnectedState
InternetQueryDataAvailable
InternetWriteFile
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetAttemptConnect

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetSmoothingMode

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

kernel32

DeleteCriticalSection
GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
lstrcmpW
MulDiv
GetModuleFileNameW
SetLastError
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetTickCount
DeleteFileW
CopyFileW
CloseHandle
ResumeThread
CreateThread
CreateFileW
WriteFile
SetFilePointer
GetVersionExW
Sleep
CompareFileTime
GetFileAttributesW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSection
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
GetFileTime
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetStartupInfoW
ExitProcess
GetModuleHandleA
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetFullPathNameW
GetTempFileNameW
ReadFile
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
ReleaseSemaphore
CreateSemaphoreW
GetFileSize
FormatMessageW
LocalFree
GetTempPathW
CreateDirectoryW
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
RemoveDirectoryW
Process32FirstW
OutputDebugStringW
CreateToolhelp32Snapshot
CreateProcessW
WaitForSingleObject
FlushFileBuffers
CreateMutexW
ReleaseMutex
GetLocalTime
TerminateProcess
OpenProcess
FreeEnvironmentStringsW
SetFileTime
WideCharToMultiByte
FileTimeToSystemTime
SystemTimeToFileTime
Process32NextW

user32

IsChild
OpenClipboard
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
SetFocus
MessageBeep
CloseClipboard
SetClipboardData
EmptyClipboard
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
DefWindowProcW
CharNextW
DestroyWindow
GetSysColor
MoveWindow
ClientToScreen
EndDialog
SetWindowPos
GetClientRect
SetTimer
KillTimer
GetSystemMetrics
SetWindowLongW
UnregisterClassA
PostMessageW
GetWindowLongW
SetDlgItemTextW
GetParent
GetWindowPlacement
GetActiveWindow
IsCharAlphaNumericW
DialogBoxParamW
FindWindowW
SetForegroundWindow
ShowWindow
RegisterWindowMessageW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
ScreenToClient
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetDlgItem

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
SetBkMode

advapi32

ConvertStringSidToSidW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CreateProcessAsUserW
RegQueryValueExW
DuplicateTokenEx
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
SetTokenInformation
GetLengthSid

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

VarBstrCat
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi

smileboxbrowserengine

?setBrowserListener@CSmileboxBrowserView@@QAEXPAVISmileboxBrowserViewListener@@@Z
?Create@?$CWindowImpl@VCSmileboxBrowserView@@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@QAEPAUHWND__@@PAU3@V_U_RECT@2@PB_WKKV_U_MENUorID@2@PAX@Z
??0CSmileboxBrowserView@@QAE@XZ
??1CSmileboxBrowserView@@UAE@XZ
?OnDocumentComplete@CSmileboxBrowserView@@UAGXPAUIDispatch@@PAUtagVARIANT@@@Z
?OnFinalMessage@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@UAEXPAUHWND__@@@Z
?GetWindowProc@?$CWindowImplBaseT@V?$CAxWindowT@VCWindow@ATL@@@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@UAEP6GJPAUHWND__@@IIJ@ZXZ
?stealthilyNavToUrl@CSmileboxBrowserView@@QAEXABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?ProcessWindowMessage@CSmileboxBrowserView@@UAEHPAUHWND__@@IIJAAJK@Z

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

psapi

GetModuleBaseNameW
EnumProcesses

shell32

SHCreateDirectoryExW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SmileboxTray.new
.exe windows:4 windows x86 arch:x86

39447c56dee665f3b3564c2cef8cbf3e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/02/2015, 00:00

Not After

20/03/2018, 23:59

Subject

CN=Smilebox\, Inc.,O=Smilebox\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:c8:0a:1e:93:ba:3e:c6:19:5d:b3:ae:a4:66:4d:cf:e4:19:3e:af
Signer

Actual PE Digest

3a:c8:0a:1e:93:ba:3e:c6:19:5d:b3:ae:a4:66:4d:cf:e4:19:3e:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetCanonicalizeUrlW

gdiplus

GdiplusStartup
GdipFree
GdipDeleteGraphics
GdipLoadImageFromFileICM
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageBounds
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdipGetImageThumbnail
GdipCloneImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipAlloc

kernel32

InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
SetLastError
GetModuleHandleW
CreateDirectoryW
MultiByteToWideChar
LocalFree
FormatMessageW
CloseHandle
CreateMutexW
GetVersionExW
DeleteFileW
WideCharToMultiByte
GlobalFree
GlobalHandle
ReadFile
CreateFileW
SleepEx
FindClose
FindNextFileW
FindFirstFileW
CancelIo
ReadDirectoryChangesW
GetOverlappedResult
lstrcmpiW
FreeLibrary
LoadLibraryExW
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetModuleFileNameW
GetCPInfo
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTimeZoneInformation
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
ReleaseMutex
GetTempFileNameW
GetFullPathNameW
GetFileTime
GetFileAttributesW
CreateProcessW
SetFilePointer
GetFileSize
SystemTimeToFileTime
CompareFileTime
WriteFile
FlushFileBuffers
Sleep
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetTempPathW
MulDiv
lstrcmpW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
SizeofResource
GetCurrentProcess
FlushInstructionCache
GetLastError
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
LockResource
LeaveCriticalSection
EnterCriticalSection
FileTimeToSystemTime
GetTickCount
FindResourceExW
FindResourceW
LoadResource
GetOEMCP

user32

GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
SetWindowTextW
SendMessageW
GetWindowLongW
EndDialog
MapWindowPoints
MonitorFromWindow
LoadAcceleratorsW
GetMessageW
TranslateMessage
DispatchMessageW
AnimateWindow
SetRect
SetWindowRgn
SetWindowPos
UnregisterClassA
GetDlgItem
BringWindowToTop
CreateDialogIndirectParamW
LoadImageW
DestroyWindow
SetWindowLongW
CreateWindowExW
SetTimer
KillTimer
IsChild
IsDialogMessageW
IsWindow
GetSystemMetrics
InsertMenuItemW
GetActiveWindow
SetForegroundWindow
GetCursorPos
TrackPopupMenuEx
GetSubMenu
LoadMenuW
TrackPopupMenu
PeekMessageW
PtInRect
MessageBeep
LoadStringA
PostQuitMessage
LoadStringW
GetMenuItemInfoW
RemoveMenu
AppendMenuW
MonitorFromPoint
GetMonitorInfoW
CreatePopupMenu
SetMenuDefaultItem
GetMenuItemID
DialogBoxParamW
MessageBoxW
DestroyMenu
SetMenuItemInfoW
GetMenuItemCount
CheckMenuItem
TranslateAcceleratorW
GetLastInputInfo
UnregisterDeviceNotification
RegisterDeviceNotificationW
PostMessageW
CreateAcceleratorTableW
LoadIconW
SetWindowContextHelpId
IsWindowVisible
ShowWindow
MapDialogRect
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
CharNextW
GetSysColor
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
GetFocus

gdi32

GetClipBox
PatBlt
GetObjectW
CreateSolidBrush
GetDeviceCaps
CreateRoundRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
BitBlt
GetStockObject

advapi32

RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptDestroyHash

shell32

SHAppBarMessage
ShellExecuteExW
ord2
SHGetSpecialFolderLocation
ord4
Shell_NotifyIconW
SHGetFolderPathW

ole32

CoInitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
VariantCopy
SysAllocStringByteLen
VarUI4FromStr
VarBstrCat
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

Sections

.text
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SmileboxUpdater.exe
.exe windows:4 windows x86 arch:x86

54a65c8f691c4dc51ac00c290c4d8f8e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/02/2015, 00:00

Not After

20/03/2018, 23:59

Subject

CN=Smilebox\, Inc.,O=Smilebox\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:64:47:2c:e4:4d:34:1a:3d:56:a2:f7:42:d9:23:21:25:eb:fd:48
Signer

Actual PE Digest

24:64:47:2c:e4:4d:34:1a:3d:56:a2:f7:42:d9:23:21:25:eb:fd:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses
GetModuleBaseNameW

kernel32

GetFileSize
CreateFileW
MoveFileExW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
GetTickCount
TerminateProcess
GetLastError
OpenProcess
GetCurrentProcess
LocalFree
CreateProcessW
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WriteFile
SetFilePointer
ReadFile
CreateDirectoryW
FormatMessageW
GetVersionExW
WideCharToMultiByte
CreateFileA
WriteConsoleW
GetConsoleOutputCP
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
CreateMutexW
WaitForSingleObject
CloseHandle
Sleep
GetStringTypeW
FlushFileBuffers
WriteConsoleA
SetStdHandle
GetStringTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleMode
GetConsoleCP
LoadLibraryA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RtlUnwind
GetStartupInfoW
GetTimeZoneInformation
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo

user32

FindWindowW
PostMessageW
UnregisterClassA

advapi32

CreateProcessAsUserW
GetLengthSid
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW

shell32

SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

PathFileExistsW

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Snapper.swf
VideoWizard.swf
VideoWizardCapture.swf
WebSmileboxPhotoLoader.html
.html .js polyglot
club_smilebox.swf
swfmacmousewheel2.js
.js
swfobject.js
.js
swfobject2_2.js
.js
update.xml

Sharing

General

Malware Config

Signatures

Files

7d505e5b81874118b8934c0f846e6b6f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

c5:e3:cf:97:9a:9f:96:d8:8b:3b:4d:e4:df:6b:0d:dd:92:a2:5d:caSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 10KB

47f3af27bd30bdf87ea220eca8a6acaf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

f2:91:5c:ce:33:89:ee:e0:2f:21:fd:67:96:a7:c2:33:57:31:ba:cbSigner

Headers

File Characteristics

Imports

ws2_32

version

gdiplus

wininet

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 708KB - Virtual size: 706KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 44KB - Virtual size: 55KB

.rsrc Size: 20KB - Virtual size: 16KB

7d183b06acab122a8c2c9e6814032a5e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

c5:e3:cf:97:9a:9f:96:d8:8b:3b:4d:e4:df:6b:0d:dd:92:a2:5d:ca
Signer

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

f2:91:5c:ce:33:89:ee:e0:2f:21:fd:67:96:a7:c2:33:57:31:ba:cb
Signer

.text
Size: 708KB - Virtual size: 706KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 44KB - Virtual size: 55KB

.rsrc
Size: 20KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

9f:be:e0:7a:11:0b:8c:cc:02:67:23:af:b0:6d:ae:78:2b:7b:bf:80
Signer

.text
Size: 240KB - Virtual size: 238KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

49:ae:19:36:91:72:27:98:3c:d7:ab:11:c5:1e:3f:1b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

95:37:38:e4:0b:e9:3c:55:34:5b:a8:70:4c:4a:b8:a2:96:43:dd:f4
Signer

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 16KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate