aaaf1addab51893afb4c7b86ab7ebfaa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aaaf1addab51893afb4c7b86ab7ebfaa_JaffaCakes118
Size

9.9MB
MD5

aaaf1addab51893afb4c7b86ab7ebfaa
SHA1

b71297f8f3eb5b2e87e0620b9fe5ba42b1b038f6
SHA256

850eb604ef0ab12cbdc3b1eab34f433b6fa99aa81bc2b9712e857192b62d1723
SHA512

7d8752c7b06d5453ecfc5bceb8aac26d813d1d299efcbb18a9b8af5870a5dcde6df9231802d1e775d826127ce465930f45085e156bb9d0223c55102ac12dd4e4
SSDEEP

98304:bxOxUy3hj2Pizj57MrgTTd5DIXJ759cSBrt1EXct/OPpjrPeqjMsQg86LYPnF8Wg:Oj5A0t5D67caGcZOxHeqj5FjoJbKNpx

Score

1^/10

Malware Config

Signatures

Files

aaaf1addab51893afb4c7b86ab7ebfaa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b070c629d5b15fc6804d5523352393ca

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

52:74:18:0f:a9:40:be:e8:96:e1:b4:df:9e:21:77:0c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2016, 00:00

Not After

09/09/2019, 23:59

Subject

CN=Cole Williams Software Limited,O=Cole Williams Software Limited,POSTALCODE=DN37 9PQ,STREET=8 Defender Drive,L=Grimsby,ST=North East Lincolnshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:74:18:0f:a9:40:be:e8:96:e1:b4:df:9e:21:77:0c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2016, 00:00

Not After

09/09/2019, 23:59

Subject

CN=Cole Williams Software Limited,O=Cole Williams Software Limited,POSTALCODE=DN37 9PQ,STREET=8 Defender Drive,L=Grimsby,ST=North East Lincolnshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:4f:01:a3:60:bb:c7:a4:73:44:2c:db:5f:74:a5:b0:2b:74:f6:96:19:73:71:e9:ca:1f:e8:51:2e:f7:35:08
Signer

Actual PE Digest

8c:4f:01:a3:60:bb:c7:a4:73:44:2c:db:5f:74:a5:b0:2b:74:f6:96:19:73:71:e9:ca:1f:e8:51:2e:f7:35:08

Digest Algorithm

sha256

PE Digest Matches

true

09:01:21:96:90:a3:7c:d0:5c:48:37:8f:a4:72:30:a3:64:f1:d2:bd
Signer

Actual PE Digest

09:01:21:96:90:a3:7c:d0:5c:48:37:8f:a4:72:30:a3:64:f1:d2:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\progs\Compiling\mpc-hc\bin\mpc-hc_x86\mpc-hc.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdiplusStartup
GdipSaveImageToFile
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown

uxtheme

GetThemePartSize
IsAppThemed
DrawThemeParentBackground
OpenThemeData
IsThemeBackgroundPartiallyTransparent
ord61
GetThemeSysColor
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeColor
GetWindowTheme
GetCurrentThemeName
SetWindowTheme

winmm

timeGetDevCaps
waveOutSetVolume
waveOutGetVolume
timeGetTime
timeSetEvent
timeKillEvent
timeBeginPeriod
timeEndPeriod
PlaySoundW
mixerSetControlDetails

kernel32

EncodePointer
GlobalFindAtomW
GetFileSize
LockFile
UnlockFile
lstrcmpiW
GetStringTypeExW
GetThreadLocale
lstrcmpA
GetProfileIntW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
VerSetConditionMask
lstrcpyW
VerifyVersionInfoW
FindResourceExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GlobalFlags
SetErrorMode
GetWindowsDirectoryW
SearchPathW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
OutputDebugStringA
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetEnvironmentVariableA
FindFirstFileExW
GetConsoleCP
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
GetOEMCP
IsValidCodePage
HeapQueryInformation
SetStdHandle
WriteConsoleW
ExitProcess
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
LCMapStringW
SizeofResource
LockResource
LoadResource
GlobalSize
GetTimeZoneInformation
VirtualProtectEx
ResumeThread
SuspendThread
GetProcessAffinityMask
GetShortPathNameW
GetLongPathNameW
OutputDebugStringW
TryEnterCriticalSection
RemoveDirectoryW
CreateHardLinkW
MoveFileW
SetFileAttributesW
GetSystemDirectoryW
GetConsoleMode
GetSystemTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileType
GetFileTime
SetFileTime
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetStdHandle
IsDBCSLeadByte
GetCPInfo
CompareStringW
FoldStringW
AreFileApisANSI
DebugBreak
IsDBCSLeadByteEx
LocalAlloc
IsBadWritePtr
IsBadReadPtr
GlobalGetAtomNameW
FormatMessageW
FlushInstructionCache
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
SetThreadPriority
GetCurrentThread
GetThreadPriority
VirtualFree
VirtualAlloc
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
lstrcmpW
InterlockedDecrement
InterlockedIncrement
GetNumberFormatW
SetLastError
IsWow64Process
GetVersionExW
GetFileAttributesW
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
CreateMutexA
GetModuleFileNameA
GetExitCodeThread
QueueUserWorkItem
GetStringTypeW
FindResourceW
GetProcAddress
GetModuleHandleW
FormatMessageA
CreateProcessW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DuplicateHandle
CreatePipe
TerminateProcess
CreateThread
GetVolumeInformationW
GetModuleFileNameW
GetTempFileNameW
DecodePointer
RaiseException
GetUserDefaultUILanguage
ReadDirectoryChangesW
GetOverlappedResult
CancelIo
GetACP
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
GlobalDeleteAtom
GlobalAddAtomW
CreateDirectoryW
ReleaseMutex
CreateMutexW
SetCurrentDirectoryW
HeapSetInformation
SetDllDirectoryW
DeviceIoControl
GetTempPathW
CreateFileA
WriteProcessMemory
ReadProcessMemory
IsDebuggerPresent
DeleteFileW
CopyFileW
MultiByteToWideChar
SleepEx
HeapReAlloc
HeapSize
HeapDestroy
HeapFree
GetProcessHeap
HeapAlloc
FreeResource
GetDriveTypeW
LocalFree
GetLocaleInfoA
GetCurrentDirectoryW
FindNextFileW
GetDiskFreeSpaceExW
FindClose
FindFirstFileW
SetSystemPowerState
SetThreadExecutionState
GetLocaleInfoW
TerminateThread
WaitForSingleObject
WriteFile
GetTickCount
MulDiv
ResetEvent
SetEvent
CreateEventW
GetLocalTime
GetCurrentProcessId
CreateFileW
ReadFile
SetFilePointerEx
GetFileSizeEx
InitializeCriticalSection
CloseHandle
LoadLibraryExW
GetCurrentThreadId
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
Sleep
GetUserDefaultLCID
InterlockedExchange
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
FreeLibrary
GetLastError
WideCharToMultiByte
GetFullPathNameW
GetCurrentProcess
SetPriorityClass
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc

user32

BringWindowToTop
IsClipboardFormatAvailable
MapVirtualKeyW
GetKeyNameTextW
CharNextW
MapDialogRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextW
WaitMessage
SendDlgItemMessageA
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageW
SetWindowTextW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
IsWindowEnabled
GetNextDlgTabItem
WinHelpW
SetScrollInfo
GetLastActivePopup
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetMenu
SetFocus
IsChild
GetClassInfoExW
GetClassInfoW
GetMenuState
GetMenuStringW
GetIconInfo
GetDCEx
SetWindowRgn
GetScrollInfo
GetClassLongW
GetWindowRgn
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
InvertRect
DrawTextExW
GetMenu
CreateDialogIndirectParamW
EndDialog
DialogBoxParamW
CharUpperW
CharLowerW
CharToOemBuffW
OemToCharA
CharToOemA
OemToCharBuffA
CharLowerBuffW
DestroyWindow
RegisterClassW
GetAsyncKeyState
GetQueueStatus
wsprintfA
LoadAcceleratorsW
TrackPopupMenu
GetMessageW
SetParent
UnregisterClassW
SetProcessDefaultLayout
SendNotifyMessageW
GetMessagePos
EnumDisplayDevicesW
RedrawWindow
SetPropW
GetDlgCtrlID
TranslateMessage
GetDlgItemTextW
SetWindowPos
MoveWindow
FindWindowExW
CreateWindowExW
CallWindowProcW
IntersectRect
UnregisterHotKey
RegisterHotKey
RegisterRawInputDevices
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetRawInputData
SetWindowPlacement
GetWindowPlacement
ShowWindow
AllowSetForegroundWindow
DefWindowProcW
LockWindowUpdate
ChangeDisplaySettingsExA
MsgWaitForMultipleObjectsEx
SetClassLongW
GetDoubleClickTime
TrackMouseEvent
GetClassNameW
EnumDisplayMonitors
CallNextHookEx
DispatchMessageW
GetMessageTime
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
EqualRect
MonitorFromRect
DestroyIcon
FindWindowW
MsgWaitForMultipleObjects
CheckMenuItem
AppendMenuW
RemoveMenu
CreatePopupMenu
ChangeDisplaySettingsExW
EnumDisplaySettingsW
IsMenu
MessageBeep
CheckMenuRadioItem
SetWindowLongW
SetRectEmpty
InsertMenuW
DeleteMenu
EnableMenuItem
SetMenuItemInfoW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
GetSystemMenu
SetWindowContextHelpId
ShowOwnedPopups
SetLayeredWindowAttributes
CopyImage
RealChildWindowFromPoint
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawStateW
DrawFocusRect
DrawIconEx
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
LockWorkStation
ExitWindowsEx
SystemParametersInfoW
GetActiveWindow
GetTopWindow
GetForegroundWindow
MonitorFromPoint
GetMonitorInfoW
GetWindowLongW
AdjustWindowRectEx
GetMenuItemRect
GetSubMenu
SetForegroundWindow
NotifyWinEvent
SetCursorPos
GetMenuDefaultItem
EnableScrollBar
HideCaret
CopyIcon
DrawIcon
SetMenuDefaultItem
ModifyMenuW
IsCharLowerW
MapVirtualKeyExW
CharUpperBuffW
UpdateLayeredWindow
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetUpdateRect
SubtractRect
CreateMenu
GetComboBoxInfo
DestroyCursor
DestroyMenu
IsIconic
PostThreadMessageW
LoadMenuW
RegisterWindowMessageW
PostQuitMessage
GetFocus
GetAncestor
GetCapture
IsZoomed
RegisterClipboardFormatW
MessageBoxW
GetKeyState
GetSysColorBrush
GetCursorPos
DrawFrameControl
OffsetRect
ReleaseCapture
WindowFromPoint
ScreenToClient
ClientToScreen
SetCapture
FrameRect
FillRect
CopyRect
MonitorFromWindow
ReleaseDC
GetDC
SetTimer
KillTimer
PeekMessageW
UpdateWindow
SetActiveWindow
GetDesktopWindow
SetRect
UnionRect
SetCursor
GetSysColor
GetDlgItem
LoadIconW
PtInRect
GetSystemMetrics
InflateRect
GetWindowRect
IsRectEmpty
InvalidateRect
IsWindow
PostMessageW
MapWindowPoints
GetClientRect
IsWindowVisible
GetWindow
LoadCursorW
CreateAcceleratorTableW
DestroyAcceleratorTable
CloseClipboard
SetClipboardData
EmptyClipboard
GetParent
OpenClipboard
LoadImageW
SendMessageW
EnableWindow
wsprintfW

gdi32

GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
RestoreDC
SaveDC
SelectPalette
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
ExtTextOutW
SetWindowExtEx
SetWindowOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
DPtoLP
GetBkColor
SetRectRgn
StretchDIBits
CreateDIBitmap
GetTextCharsetInfo
GetRgnBox
CreateEllipticRgn
Ellipse
Polygon
Polyline
CreateRoundRectRgn
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FrameRgn
GetBoundsRect
PtInRegion
GetViewportExtEx
SetPixelV
GetTextFaceW
OffsetRgn
GdiFlush
OffsetViewportOrgEx
SelectClipRgn
AbortPath
GetPath
EndPath
CloseFigure
BeginPath
SetMapMode
AddFontResourceW
GetICMProfileW
TextOutW
SetTextColor
SetBkColor
GetCurrentObject
TranslateCharsetInfo
EnumFontFamiliesExW
CreateFontW
EqualRgn
CombineRgn
CreateRectRgn
GetRegionData
EnumFontFamiliesW
GetTextMetricsW
GetTextColor
GetStockObject
ExtSelectClipRgn
CreateRectRgnIndirect
SetPixel
SetBkMode
CreateFontIndirectW
SetViewportExtEx
SetViewportOrgEx
CreateDCW
SetDIBColorTable
CreateCompatibleBitmap
CreateBitmap
LineTo
MoveToEx
CreateSolidBrush
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
GetObjectW
CreateDIBSection
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreatePatternBrush
CreateHatchBrush
CopyMetaFileW
PatBlt
CreatePolygonRgn
GetPixel
GetWindowOrgEx
GetViewportOrgEx
FillRgn
SelectObject
DeleteDC
CreateCompatibleDC
SetStretchBltMode
StretchBlt
BitBlt
GetCharWidthW
CreatePen
Rectangle

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegSetValueA
RegCloseKey
RegQueryValueW
RegQueryValueA
RegOpenKeyW
RegOpenKeyA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA

shell32

ShellExecuteW
ord680
SHChangeNotify
DragQueryFileW
DragFinish
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHAddToRecentDocs
ExtractIconExW
SHGetFolderPathW
ShellExecuteExW
SHParseDisplayName
SHOpenFolderAndSelectItems
SHFileOperationW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetDesktopFolder
SHAppBarMessage
ExtractIconW

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_Add
_TrackMouseEvent
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_GetImageInfo

shlwapi

PathRenameExtensionW
PathStripPathW
PathRemoveFileSpecW
StrFormatByteSizeW
PathFindExtensionW
PathSkipRootW
PathRemoveExtensionW
PathMakePrettyW
PathIsDirectoryW
PathCombineW
PathAddExtensionW
PathAddBackslashW
StrCmpLogicalW
SHCopyKeyW
PathFileExistsW
StrRetToStrW
PathAppendW
PathCompactPathW
PathRelativePathToW
PathCanonicalizeW
PathRemoveBackslashW
PathIsRelativeW
PathIsPrefixW
PathIsUNCW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
StrFormatKBSizeW

ole32

CreateStreamOnHGlobal
OleLoadFromStream
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
CoInitialize
CoWaitForMultipleHandles
CreateItemMoniker
GetRunningObjectTable
CLSIDFromString
MkParseDisplayName
CreateBindCtx
CoCreateInstance
OleCreateMenuDescriptor
CoTaskMemAlloc
CoTaskMemFree
OleLockRunning
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CoCreateGuid
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
ReleaseStgMedium
OleDuplicateData
CoFreeUnusedLibraries
CoInitializeEx
StringFromCLSID
OleInitialize
OleUninitialize
StringFromGUID2
PropVariantClear
OleSaveToStream

oleaut32

SysFreeString
VarBstrFromDate
VariantCopy
SafeArrayDestroy
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VariantInit
SysAllocString
VarBstrCmp
OleCreatePropertyFrame

oledlg

OleUIBusyW

ws2_32

gethostbyname
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
socket
ntohs
sendto
send
recvfrom
accept
listen
shutdown
select
recv
inet_ntoa
inet_addr
bind
htons
htonl
getsockname
getpeername
connect
closesocket
WSAAsyncSelect

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

wininet

HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetGetLastResponseInfoW
InternetWriteFile
InternetSetFilePointer
InternetOpenUrlW
InternetConnectW
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetReadFile
InternetSetOptionW
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpQueryInfoW
InternetSetOptionA
InternetSetStatusCallbackW
HttpOpenRequestA
InternetQueryDataAvailable
InternetQueryOptionW
InternetGetConnectedState

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b070c629d5b15fc6804d5523352393ca

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

52:74:18:0f:a9:40:be:e8:96:e1:b4:df:9e:21:77:0cCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

52:74:18:0f:a9:40:be:e8:96:e1:b4:df:9e:21:77:0cCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

8c:4f:01:a3:60:bb:c7:a4:73:44:2c:db:5f:74:a5:b0:2b:74:f6:96:19:73:71:e9:ca:1f:e8:51:2e:f7:35:08Signer

09:01:21:96:90:a3:7c:d0:5c:48:37:8f:a4:72:30:a3:64:f1:d2:bdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

gdiplus

uxtheme

winmm

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

oleacc

wininet

imm32

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.data Size: 278KB - Virtual size: 606KB

.idata Size: 24KB - Virtual size: 23KB

.gfids Size: 113KB - Virtual size: 113KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 547KB - Virtual size: 547KB

.reloc Size: 408KB - Virtual size: 407KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

52:74:18:0f:a9:40:be:e8:96:e1:b4:df:9e:21:77:0c
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

52:74:18:0f:a9:40:be:e8:96:e1:b4:df:9e:21:77:0c
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

8c:4f:01:a3:60:bb:c7:a4:73:44:2c:db:5f:74:a5:b0:2b:74:f6:96:19:73:71:e9:ca:1f:e8:51:2e:f7:35:08
Signer

09:01:21:96:90:a3:7c:d0:5c:48:37:8f:a4:72:30:a3:64:f1:d2:bd
Signer

.text
Size: 8.5MB - Virtual size: 8.5MB

.data
Size: 278KB - Virtual size: 606KB

.idata
Size: 24KB - Virtual size: 23KB

.gfids
Size: 113KB - Virtual size: 113KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 547KB - Virtual size: 547KB

.reloc
Size: 408KB - Virtual size: 407KB