ae680ebf182bad9d6c5dc5297dcdb6d1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ae680ebf182bad9d6c5dc5297dcdb6d1_JaffaCakes118
Size

733KB
MD5

ae680ebf182bad9d6c5dc5297dcdb6d1
SHA1

017435ab8b17b85f6f0cf6e433d1a1e0229d9117
SHA256

d4c3919ec72842ee308477798826f76fec77e2f20e862750b7cf542b385b0433
SHA512

ce8ba8384dc02cb30342a75c0a591c97c5e3428501db10cb52409604f8ac5188687cdaf5a2025b174550933a78dd85cee984f1db726248ab9cb8c2f01f7cef43
SSDEEP

12288:3EEShYO99Vv12R8nvwz7ap2GAKmozGBBvtGAXfmnoILU9TbF9jn8h:3HS999V928vwz7aw7vgAPZd9TbF9jnk

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ae680ebf182bad9d6c5dc5297dcdb6d1_JaffaCakes118
unpack001/$PLUGINSDIR/manager/scripts/WebBrowser_embedded.exe

Files

ae680ebf182bad9d6c5dc5297dcdb6d1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DM_loader.gif
.gif
$PLUGINSDIR/FDMClient.dll
.dll windows:5 windows x86 arch:x86

26354f18363e84db3ad0df15b94f135a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2014 00:00

Not After

05-02-2016 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:20:c8:fc:7e:f5:12:06:6e:19:3d:e0:13:9a:90:cb:be:35:33:76
Signer

Actual PE Digest

b5:20:c8:fc:7e:f5:12:06:6e:19:3d:e0:13:9a:90:cb:be:35:33:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCreateUrlA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
InternetGetCookieA
HttpOpenRequestA
InternetWriteFile
HttpSendRequestExA
HttpEndRequestA
InternetGetLastResponseInfoA
FtpSetCurrentDirectoryA
InternetQueryOptionA
FtpFindFirstFileA
FtpCommandA
InternetSetOptionA
InternetReadFile
InternetConnectA

ws2_32

bind
htons
socket
gethostname
send
connect
accept
listen
closesocket
recv
WSAGetLastError
gethostbyname
WSAStartup

user32

PeekMessageA
TranslateMessage
DispatchMessageA
CharLowerA
MessageBoxA

ole32

OleRun
CoUninitialize
CoInitialize
CoCreateInstance

kernel32

GetCommandLineA
lstrcmpiA
GetProcessHeap
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetCurrentDirectoryA
Sleep
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
SetFileTime
lstrcatA
InterlockedDecrement
WriteFile
CreateThread
InterlockedIncrement
SetEndOfFile
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
GetFileTime
CreateFileW
GetFileAttributesW
GetLastError
SetFileAttributesW
SetFilePointer
DeleteFileW
MoveFileW
SetLastError
GetExitCodeThread
TerminateThread
WaitForSingleObject
FreeLibrary
GetCurrentThreadId
CompareStringA
GetModuleFileNameA
CreateDirectoryW
ReadFile
SystemTimeToFileTime
GetTickCount
CreateMutexA
ReleaseMutex
CreateFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

FromCppDownload
Load

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Failed.htm
.js
$PLUGINSDIR/FirefoxHandler.dll
.dll windows:5 windows x86 arch:x86

0b0bd9a74b81c20dd1ca10dffb1e2ff5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2014 00:00

Not After

05-02-2016 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:2a:54:eb:f4:12:cf:73:ea:8d:70:b3:3d:76:36:5a:c9:3e:80:5c
Signer

Actual PE Digest

66:2a:54:eb:f4:12:cf:73:ea:8d:70:b3:3d:76:36:5a:c9:3e:80:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SmartBar\DevelopmentTools\FF\FirefoxHandler\Release\FirefoxHandler.pdb

Imports

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses

kernel32

CopyFileW
CreateFileW
GetFileSize
CloseHandle
GetDiskFreeSpaceExW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
OpenProcess
DeleteFileW
TerminateProcess
Sleep
CreateProcessW
LoadLibraryA
GetProcAddress
GetVersionExW
GetTempPathW
lstrcpynW
GlobalAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
UnhandledExceptionFilter
EncodePointer

user32

GetWindowThreadProcessId
FindWindowW
CharUpperW
wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
DuplicateTokenEx
OpenProcessToken
RegQueryValueExW

shlwapi

PathFileExistsW

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
memset
memcpy
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
memmove
_wfsopen
fwrite
fflush
fclose
??_V@YAXPAX@Z
fseek
ftell
rewind
fread
malloc
realloc
free
_wtoi
calloc
iswspace
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook

Exports

Exports

DllIsFireFoxRunning
DllRestoreFF
DllTerminateFF

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NoneSilentSuccess.htm
.js
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

6e63471b3d7c59cf9b8572bf93e2cf35

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2014 00:00

Not After

05-02-2016 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:f0:36:8c:6d:35:c4:1e:87:a5:59:a6:5d:04:90:19:22:7a:2a:47
Signer

Actual PE Digest

4d:f0:36:8c:6d:35:c4:1e:87:a5:59:a6:5d:04:90:19:22:7a:2a:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_snprintf
swscanf
_snwprintf
rand
srand
time
_wcsicmp
??2@YAPAXI@Z
wcsncpy
??3@YAXPAX@Z
wcschr
_beginthreadex
memset

shlwapi

ord176

kernel32

LeaveCriticalSection
lstrcpynW
GlobalFree
MultiByteToWideChar
EnterCriticalSection
GetProcAddress
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
DeleteCriticalSection
GetCommandLineW
GetVersionExW
WaitForSingleObject
CloseHandle
Sleep
CreateEventW
GetTickCount
FreeLibrary
LoadLibraryW
GetModuleHandleW
TerminateThread
GlobalAlloc

user32

MessageBoxA
LoadStringW
MessageBoxW
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Exports

Exports

DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWait
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetMinutes
GetParameter
InvokeShellVerb
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
Time
TrimStr
TrimStrLeft
TrimStrRight
WaitForProc

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Success.htm
.js
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2014 00:00

Not After

05-02-2016 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13
Signer

Actual PE Digest

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WelcomeScreen.htm
.js
$PLUGINSDIR/certInlineLB.pfx
$PLUGINSDIR/icon.png
.png
$PLUGINSDIR/manager/init.html
.html
$PLUGINSDIR/manager/manager.html
$PLUGINSDIR/manager/scripts/WebBrowser_embedded.exe
.exe windows:5 windows x86 arch:x86

58d8aadd9090057384b15d80c89248b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
GetModuleFileNameW
CreateThread
RaiseException
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
Sleep
HeapFree
lstrlenA
MultiByteToWideChar
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetProcessHeap
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedExchange

user32

ShowWindow
RegisterClassW
DispatchMessageW
TranslateMessage
GetWindowTextW
GetClientRect
DefWindowProcW
ReleaseDC
PostMessageW
GetDC
SetRect
LoadCursorW
GetMessageW
CreateWindowExW

gdi32

GetDeviceCaps

shell32

CommandLineToArgvW

ole32

CLSIDFromString
OleSetContainedObject
OleCreate
OleInitialize
OleLockRunning

oleaut32

VarBstrCmp
VariantClear
SysAllocString
SysFreeString

msvcr90

exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_invoke_watson
_controlfp_s
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
free
memmove_s
fclose
fseek
ftell
fread
_wfopen
rewind
_itoa
_wtoi
??_U@YAPAXI@Z
??2@YAPAXI@Z
_purecall
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
malloc
__CxxFrameHandler3
_CxxThrowException
_recalloc
memset

msvcp90

?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

shlwapi

PathRemoveFileSpecW

wininet

InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetSetOptionW
InternetConnectW
InternetOpenW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/manager/scripts/gplay.js
.js
$PLUGINSDIR/manager/scripts/jquery-1.10.1.min.js
.js
$PLUGINSDIR/manager/scripts/manager.js
.js
$PLUGINSDIR/manager/scripts/sharedWorker.js
.js
$PLUGINSDIR/proxy.html
.html .js polyglot
$PLUGINSDIR/webapphost.dll
.dll windows:5 windows x86 arch:x86

32200e9dc1db0d085af7652b73e5316c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2014 00:00

Not After

05-02-2016 23:59

Subject

CN=ClientConnect LTD,OU=DM4+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:64:fc:ba:09:17:26:ca:c1:22:8d:6f:b1:5b:cd:eb:17:0b:9b:05
Signer

Actual PE Digest

e4:64:fc:ba:09:17:26:ca:c1:22:8d:6f:b1:5b:cd:eb:17:0b:9b:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
GetSystemTimeAsFileTime
ExitThread
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
ExitProcess
HeapSize
SetStdHandle
HeapCreate
HeapDestroy
VirtualFree
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringW
GetSystemInfo
LCMapStringA
GetFileAttributesA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
CreateProcessA
CreateFileA
VirtualAlloc
VirtualProtect
GetFileType
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
WritePrivateProfileStringW
GetFileTime
GetFileSizeEx
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
InterlockedIncrement
GetFullPathNameW
GetVolumeInformationW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
FormatMessageW
GetModuleFileNameW
SuspendThread
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
GetModuleHandleA
lstrcatW
lstrcmpiW
ReadFile
PeekNamedPipe
FlushFileBuffers
lstrlenW
DuplicateHandle
CreatePipe
GetModuleHandleW
lstrcpyW
SetLastError
lstrcpynW
ExpandEnvironmentStringsW
GetCurrentThreadId
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
OpenEventW
WideCharToMultiByte
GetUserDefaultLangID
WaitForMultipleObjects
HeapFree
GetProcessHeap
HeapAlloc
FileTimeToSystemTime
GetFileAttributesW
GetCurrentDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetCurrentProcessId
GetWindowsDirectoryW
GetVersionExW
GetSystemTime
LocalAlloc
OpenProcess
Process32NextW
lstrcmpW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
TerminateThread
GetExitCodeThread
FindClose
FindFirstFileW
GetTickCount
ResetEvent
WriteFile
CreateFileW
SetEvent
CreateThread
CreateEventW
ReleaseMutex
CreateMutexW
WaitForSingleObject
CloseHandle
GetExitCodeProcess
Sleep
CreateProcessW
GetEnvironmentStringsW
WriteConsoleW
GetStdHandle
AllocConsole
GetTimeZoneInformation
GetLastError
InterlockedCompareExchange

user32

GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
GetFocus
GetParent
IsWindowEnabled
GetDlgCtrlID
SetWindowTextW
GetWindowLongW
IsDialogMessageW
SendDlgItemMessageW
GetWindow
FindWindowExW
LoadImageW
UnhookWindowsHookEx
CheckMenuItem
EnableMenuItem
GetMenuState
TranslateMessage
PeekMessageW
MessageBoxW
AllowSetForegroundWindow
SystemParametersInfoW
GetForegroundWindow
IsWindow
SetForegroundWindow
BringWindowToTop
SetActiveWindow
UpdateWindow
IsWindowVisible
EnableScrollBar
SetCursor
PtInRect
ScreenToClient
GetCursorPos
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
LoadCursorW
LoadIconW
CopyRect
GetSysColor
FillRect
InvalidateRect
ReleaseDC
GetDC
SetRect
MoveWindow
GetDesktopWindow
DialogBoxParamW
EndDialog
SetFocus
SendMessageW
GetTopWindow
GetLastActivePopup
RemovePropW
GetPropW
SetPropW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
SetMenu
GetKeyState
MapWindowPoints
GetMessagePos
RegisterWindowMessageW
GetMessageTime
GetMessageW
PostThreadMessageW
wsprintfW
GetWindowThreadProcessId
EnumWindows
GetWindowTextW
ShowWindow
EnumChildWindows
WaitForInputIdle
SetWindowLongW
IsChild
WinHelpW
DispatchMessageW
AttachThreadInput
SetParent
GetClientRect
GetWindowRect
SetWindowPos
ClientToScreen
GetClassNameW
EnableWindow
PostMessageW
GetDlgItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
GetSysColorBrush
UnregisterClassW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharUpperW
DestroyMenu
SendDlgItemMessageA
CharNextW

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectW
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
GetDeviceCaps
SelectObject

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SetTokenInformation
CryptSetHashParam
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
LookupAccountSidW
RegOpenKeyW
RegCreateKeyW
RegEnumValueW
RegEnumKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
CryptHashData
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
GetUserNameW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptDestroyHash
CryptGetHashParam
CryptCreateHash

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathAddExtensionW
PathAddBackslashW
ord2
ord176

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleFlushClipboard
CoRegisterMessageFilter
OleUninitialize
CoTaskMemFree
OleInitialize
CoInitializeEx
CreateStreamOnHGlobal
OleRun
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket
OleIsCurrentClipboard
CoInitializeSecurity

oleaut32

LoadTypeLi
OleCreateFontIndirect
VariantCopy
SysAllocStringLen
VariantChangeType
GetErrorInfo
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
OleLoadPicture
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantClear
VariantInit
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CertGetNameStringW
CertOpenStore
CryptHashCertificate

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetReadFile
FtpOpenFileW
InternetQueryOptionW
HttpEndRequestW
InternetCheckConnectionW
HttpSendRequestW
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW

rpcrt4

UuidToStringW
UuidCreate

httpapi

HttpInitialize
HttpSetServiceConfiguration
HttpAddUrl
HttpReceiveHttpRequest
HttpSendHttpResponse
HttpReceiveRequestEntityBody
HttpRemoveUrl
HttpDeleteServiceConfiguration
HttpCreateHttpHandle

ws2_32

inet_addr
htons

oleacc

LresultFromObject
CreateStdAccessibleObject

Exports

Exports

BuildClientXML
CallJSMethod
CallJSMethodWithParams
ContinueStart
CreateWebInstallerBrowser
DisableWindow
DownloadAndRunCustomOfferFiles
DownloadFileHttp
EnableCurrentWindow
EnableProxyConsoleLog
ExecKillProcess
ExecWait
GetBunndleParams
GetDONumAvailable
GetDONumToPresent
GetDOParam
GetDmFlowType
GetDoBroswerRestart
GetDynamicAttributesFromVector
GetDynamicHideModeState
GetDynamicIsExternal
GetDynamicOfferId
GetDynamicOffersCount
GetEngineDuration
GetGeneralParams
GetGlobalPageNavigationStatus
GetGlobalUIParams
GetInitToInitCompleteDuration
GetInstallOffersSync
GetIsSkipAllParams
GetLCONavigationStatus
GetMONonSIlentDownloadedFileName
GetMOPosition
GetMainOfferCMD
GetMainSoftwareInnerVersion
GetMainTotalSteps
GetMrsParams
GetNavigateError
GetNextAntiOfferId
GetOfferParam
GetOfferSuccessCodes
GetPixelFireNumUrls
GetPixelFireParams
GetPixelFireUrl
GetProductParams
GetPublisherReportingParams
GetShouldInstallOffer
GetSouldRunUninstaller
GetToolbarParams
GetUIParams
GetVectorAndRuleId
GetWelcomePageParams
Hide
HideBrowser
HmacEncryptQueryString
InitToInitComplete_MeasureAdd
InstallLCO
InstallManagerRetryMO
InstallNonSIlentMO
IsBrowserCompletedNavigation
LoadNavigate
Navigate
NavigateAsync
NavigateAsyncGlobal
NavigateAsyncMO
NotifyStubOnDMFinishInit
PhaseDuration_MeasureGet
PreInstallChecking
PreLoad
PrepareLCO
ReportBI_DownloadComplete
ReportBI_DownloadStart
ReportBI_EndOfSession
ReportBI_Init
ReportBI_InitComplete
ReportBI_InstallStatus
ReportBI_OfferPresented
ReportBI_OfferSuggested
ReportBI_Technical_GlobalPage
ReportBI_Technical_Language
ReportBI_Technical_RegistryCheckEnded
ReportBI_Technical_ReportToPublisher
ReportTechnicalFromNsis
RunNotification
SearchInFile
SearchInFileExtended
SearchInFileExtendedChrome
SearchInText
SearchNumberInText
SetBIAttempt
SetDOParam
SetDownloadBrowserForWelcomePage
SetDynamicParsedParamsInBI
SetOfferFlag
SetOfferParam
SetPhase
SetUserAgent
SetUserProfile
SetUserSelectedSkipAll
Show
ShowBrowser
ShowCertificate
ShowFileOnNonSilent
ShowLoadingScreen
ShowOffersOnSuccessScr
StartDM
StartOffersInstallation
StartOffersLoop
UnLoad1
UrlDecode
WaitAndInstallDynamics
WaitForAsyncExternalShowFinish
WaitForDocComplete
WaitForFinishModal
WebAppHostExec
WebAppHostExecProcess
WebAppHostExecProcessWait
WebAppHostExecWait
WebAppHostShowWelcomeScreenAndContinueRun

Sections

.text
Size: 843KB - Virtual size: 842KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 7.8MB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 3KB

26354f18363e84db3ad0df15b94f135a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b5:20:c8:fc:7e:f5:12:06:6e:19:3d:e0:13:9a:90:cb:be:35:33:76Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ws2_32

user32

ole32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

0b0bd9a74b81c20dd1ca10dffb1e2ff5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

66:2a:54:eb:f4:12:cf:73:ea:8d:70:b3:3d:76:36:5a:c9:3e:80:5cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 7.8MB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b5:20:c8:fc:7e:f5:12:06:6e:19:3d:e0:13:9a:90:cb:be:35:33:76
Signer

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

66:2a:54:eb:f4:12:cf:73:ea:8d:70:b3:3d:76:36:5a:c9:3e:80:5c
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4d:f0:36:8c:6d:35:c4:1e:87:a5:59:a6:5d:04:90:19:22:7a:2a:47
Signer

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 68B

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

20:1c:61:61:3e:36:ef:7d:d1:63:28:01:96:cd:80:f7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13
Signer