9c0f7b8fc769c1f00ce157d6bd29d4d0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9c0f7b8fc769c1f00ce157d6bd29d4d0_JaffaCakes118
Size

934KB
MD5

9c0f7b8fc769c1f00ce157d6bd29d4d0
SHA1

ea60f3d90a9a0076e8e294b6535edb0ce0b1d90c
SHA256

a039587cb37f33112286a89e8f41eae183a91b376cec771162c6e0a5b517730c
SHA512

1146bb0fe62f4adae05995a524707acde0245a4cff063dd58df725ba4bbddd5c682f9aff3bf89eeb09f0e0da028980ec7cb097ad3c7b4358dd1992fa2415fd1e
SSDEEP

12288:vkVUTaD9/+I9qY3s5F0HUQ+0HNXT0N14Ge5kSFwAGzRuFmvQTIWYi26wSSq:4C0HUQxtXTuowAGzR2XTINi2PSSq

Score

1^/10

Malware Config

Signatures

Files

9c0f7b8fc769c1f00ce157d6bd29d4d0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

eec4990778ce3bf84a5d578c908b718e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12-02-2015 00:59

Not After

12-02-2017 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:3c:ea:b5:ae:6b:1c:96:1c:72:01:02:c1:6f:0d:46:57:60:26:41
Signer

Actual PE Digest

0c:3c:ea:b5:ae:6b:1c:96:1c:72:01:02:c1:6f:0d:46:57:60:26:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\ad_AttackDefense_common_compile\basic\KVOutput\binrelease\ad.pdb

Imports

shlwapi

PathFileExistsW
PathRemoveFileSpecW
SHDeleteKeyW
PathFindFileNameW
wnsprintfW
PathAppendW
PathAddBackslashW

kernel32

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteFile
Sleep
lstrlenW
DeleteFileW
GetTickCount
GetTempPathW
IsBadReadPtr
IsBadWritePtr
MoveFileW
SetFilePointer
GetCurrentProcess
DeviceIoControl
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
FreeLibrary
GetFileAttributesW
TerminateThread
GetLocalTime
GetModuleHandleW
CreateIoCompletionPort
QueueUserAPC
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetWindowsDirectoryW
GetModuleFileNameW
OpenProcess
ProcessIdToSessionId
ResetEvent
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
lstrcmpiW
CreateProcessW
CreateFileA
OpenMutexW
CopyFileW
FindFirstFileW
FindClose
FindNextFileW
GetLogicalDrives
GetDriveTypeW
LoadLibraryW
LocalFree
LockResource
LoadResource
SizeofResource
FindResourceExW
FindResourceW
SetFileAttributesW
GetSystemDirectoryW
OutputDebugStringW
GetModuleFileNameA
GlobalAlloc
GlobalFree
GetVolumeInformationA
TerminateProcess
SetProcessShutdownParameters
DisableThreadLibraryCalls
DebugBreak
GetSystemWow64DirectoryW
MoveFileExW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetFileSizeEx
GetBinaryTypeW
GetCurrentProcessId
GetModuleHandleExW
OpenEventW
OpenFileMappingW
OutputDebugStringA
SetEnvironmentVariableW
GetEnvironmentVariableW
QueryPerformanceFrequency
ReleaseMutex
GetExitCodeThread
QueryPerformanceCounter
FileTimeToSystemTime
WriteFileEx
GetFileSize
CreateFileW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
CreateWaitableTimerW
SleepEx
CreateEventW
HeapAlloc
GetCurrentThreadId
TlsGetValue
GetProcessHeap
InterlockedIncrement
CloseHandle
InterlockedDecrement
SetLastError
InterlockedExchange
InterlockedExchangeAdd
TlsFree
TlsAlloc
EnterCriticalSection
TlsSetValue
GetLastError
SetWaitableTimer
SetEvent
WaitForSingleObject
HeapFree
PostQueuedCompletionStatus
InterlockedCompareExchange
LeaveCriticalSection
GetQueuedCompletionStatus
CreateEventA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateWaitableTimerA
SystemTimeToFileTime
ResumeThread
OpenEventA
ReleaseSemaphore
GetSystemTimeAsFileTime
CreateMutexW
FormatMessageA
LocalAlloc
GetCurrentDirectoryW
GetThreadLocale
GetLocaleInfoA
IsDebuggerPresent

user32

FindWindowA
IsWindow
SendMessageTimeoutW
DestroyIcon
UnregisterClassA

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
ConvertSidToStringSidW
IsValidSid
LookupAccountSidW
ChangeServiceConfig2W
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegSetValueExW
RegNotifyChangeKeyValue
DuplicateTokenEx
GetTokenInformation
CreateProcessAsUserW
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
ControlService
OpenServiceW
LookupPrivilegeValueW
CreateServiceW
AdjustTokenPrivileges
QueryServiceStatus
OpenSCManagerW
StartServiceW
OpenProcessToken
CloseServiceHandle
DeleteService

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoUninitialize
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

msvcp80

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?uncaught_exception@std@@YA_NXZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

ws2_32

ntohl
htonl
WSACleanup
WSAStartup

msvcr80

_itoa
memset
_purecall
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
??8type_info@@QBE_NABV0@@Z
_beginthreadex
_snwprintf_s
wcsncpy_s
_snprintf_s
free
malloc
wcsncat_s
_time64
srand
wcsrchr
rand
_wtoi
sprintf
strerror
_errno
_vsnprintf
fclose
_ftelli64
_fseeki64
fopen
fread
ferror
fwrite
ftell
fseek
memmove
_vsnprintf_s
sscanf_s
atof
fprintf
fopen_s
isalpha
isalnum
strncmp
strchr
tolower
isspace
wcscpy_s
_snwprintf
wcsncpy
_wcsupr
swprintf_s
wcsstr
__RTDynamicCast
memmove_s
wcschr
_wstat64i32
_wcslwr
_wcsicmp
setlocale
toupper
memcpy_s
__CxxFrameHandler3
wcstombs_s
_CxxThrowException
memcpy
realloc
_wcsnicmp
swscanf_s
_vscwprintf
vswprintf_s
_memicmp
strrchr
strncpy_s
_fsopen
fflush
printf_s
_vsnwprintf_s
_itow_s
wcsncmp
_gmtime64
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_snprintf
__iob_func
_except_handler3

wininet

HttpOpenRequestW
HttpSendRequestW
InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetConnectW
InternetReadFile

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

psapi

GetProcessImageFileNameW
EnumProcesses

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

imagehlp

MapAndLoad
UnMapAndLoad

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CreateAD
CreateEvaluateReport
QueryInterfaceExist
ReleaseAD
ReleaseEvaluateReport

Sections

.text
Size: 612KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eec4990778ce3bf84a5d578c908b718e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49Certificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

0c:3c:ea:b5:ae:6b:1c:96:1c:72:01:02:c1:6f:0d:46:57:60:26:41Signer

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

ws2_32

msvcr80

wininet

wtsapi32

userenv

psapi

version

iphlpapi

imagehlp

Exports

Exports

Sections

.text Size: 612KB - Virtual size: 608KB

.rdata Size: 212KB - Virtual size: 210KB

.data Size: 28KB - Virtual size: 44KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 63KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

0c:3c:ea:b5:ae:6b:1c:96:1c:72:01:02:c1:6f:0d:46:57:60:26:41
Signer

.text
Size: 612KB - Virtual size: 608KB

.rdata
Size: 212KB - Virtual size: 210KB

.data
Size: 28KB - Virtual size: 44KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 63KB