b34b40b85d3fcef4e83f9c5d64abadf7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b34b40b85d3fcef4e83f9c5d64abadf7_JaffaCakes118
Size

920KB
MD5

b34b40b85d3fcef4e83f9c5d64abadf7
SHA1

7fe3077666b38a35d7f2496753b19e7f11219311
SHA256

d235f3a6b562eeb86ff7b3d3b54339e2c7514864a6085a1d49fe49fa524ed27d
SHA512

a4cce82cdf0729acc86d61e5d5852bda01840fc22f62004037fcdd7a93147a32e279b11009aa8d2b05aa1fc785c60e5f14c866c67e7ba031998e1f7ba6d2b8f7
SSDEEP

12288:m6TetvveYMqBxEm9iQNWWnFqaRQDSRk3RmO0tbw9HHVQnEMyJohaWPbRq/XkeOAP:m2GvveYMqV9nBDehhCCuEZ6HDRq/XlOg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/终极火力辅助/终极火力辅助.exe

Files

b34b40b85d3fcef4e83f9c5d64abadf7_JaffaCakes118
.rar
9553下载站.url
.url
游戏攻略教程 - 9553资讯.url
.url
终极火力辅助/zr.dll
.dll windows:4 windows x86 arch:x86

cb4b50d36c1a114868aa326c02f15861

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/05/2012, 00:00

Not After

03/07/2015, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:00:5c:c8:d6:4c:f9:b7:c5:cb:aa:b8:1f:3d:df:36:bd:e3:2e:0e
Signer

Actual PE Digest

ef:00:5c:c8:d6:4c:f9:b7:c5:cb:aa:b8:1f:3d:df:36:bd:e3:2e:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\DriverGenius Dev\DriverGenius\trunk\product\win32\dbginfo\PatchCore.pdb

Imports

kernel32

lstrcmpW
GlobalFindAtomA
FreeResource
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
ExitProcess
HeapSize
GetACP
IsValidCodePage
GetStdHandle
LCMapStringA
LCMapStringW
GetFileTime
GetConsoleMode
GlobalFlags
GetFileType
GetStartupInfoA
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetFileAttributesA
SetFileTime
CreateFileW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetHandleCount
GetCurrentDirectoryA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameA
GlobalGetAtomNameA
GetModuleFileNameW
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
DeleteFileA
MoveFileA
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
SetEvent
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
Process32FirstW
ProcessIdToSessionId
Process32NextW
SetLastError
ReadFile
ResetEvent
WriteFile
WaitForMultipleObjects
GetOverlappedResult
FlushFileBuffers
DisconnectNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
CreateEventA
GetCurrentProcessId
OutputDebugStringA
OpenProcess
TerminateProcess
LoadLibraryW
GetTickCount
GetPrivateProfileStringA
WaitForSingleObject
SetCurrentDirectoryA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
CompareStringA
CompareStringW
GetEnvironmentVariableW
GetVersion
InterlockedExchange
GetVersionExA
GetCurrentProcess
SetPriorityClass
CreateFileA
DeviceIoControl
InterlockedDecrement
GetWindowsDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
GetLastError
LocalAlloc
LocalFree
Sleep
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
FindFirstFileA
FindClose
GetModuleFileNameA
GetModuleHandleA
GetEnvironmentVariableA
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
lstrlenA
MultiByteToWideChar
FreeLibrary
EnterCriticalSection
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
InitializeCriticalSection
GetConsoleCP
DeleteCriticalSection

user32

GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
CopyRect
SetDlgItemInt
MessageBoxA
CharLowerW
CharLowerA
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
DeleteMenu
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextLengthA
GetWindowTextA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
MoveWindow
ShowWindow
ScrollWindowEx
DestroyIcon
UnregisterClassA
InflateRect
GetMenuItemInfoA
DestroyMenu
EndDialog
CreateDialogIndirectParamA
GetNextDlgTabItem
CharUpperW
GetDialogBaseUnits
wsprintfA
CharUpperA
RegisterWindowMessageA
GetDesktopWindow
SendMessageA
FindWindowExA
FindWindowA
GetSystemMetrics
PostMessageA
IsWindow
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
PostQuitMessage
CheckMenuItem
EnableMenuItem
IsWindowEnabled
EnableWindow
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetClassInfoExA

gdi32

GetTextMetricsA
DPtoLP
PatBlt
SelectObject
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA
GetDCOrgEx
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetMapperFlags
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectA
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
GetDeviceCaps
CopyMetaFileA
CreateDCA
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteValueA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegSetValueA
DuplicateTokenEx
SetTokenInformation
SetEntriesInAclA
AllocateLocallyUniqueId
BuildTrusteeWithSidA
GetLengthSid
CopySid
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
QueryServiceStatus
RegEnumKeyExA
RegOpenKeyExW
RegQueryValueExW
RegEnumValueA
RegSetValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
ControlService
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
ExtractIconA
SHFileOperationA

shlwapi

PathStripToRootA
PathFileExistsA
PathIsUNCA
PathFindExtensionA
PathRemoveExtensionA
PathAppendA
PathRemoveFileSpecA
PathFindFileNameA

ole32

OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoInitializeEx
CoTreatAsClass
CLSIDFromString
ReadFmtUserTypeStg
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
ReadClassStg
CoInitialize
StringFromCLSID
StringFromGUID2
CoDisconnectObject
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
VariantInit
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
VariantClear
SafeArrayGetElement
GetErrorInfo
SetErrorInfo
CreateErrorInfo

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExA
GetModuleFileNameExW

netapi32

NetApiBufferFree

version

GetFileVersionInfoA
VerQueryValueA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA

Exports

Exports

CheckSoftEnv
DeleteFiles
DgLock
DgRepInfoA
DgRepInfoB
DgRepInfoC
DgRepInfoD
DgUpPop
Dgfrep
DrvQeryStat
DrvStart
DrvStop
DumpInitial
EnableService
ExecuteCab
FuncReport
FuncReport2
FuncReport3
FuncReport4
GetCPUInfo
GetChipType
GetDACType
GetDescription
GetDirectXVersion
GetDiskInfo
GetDisplayMemoryEnglish
GetHDSN
GetHardInfo
GetLocalInfo2
GetLocalInfo3
GetLocalInfo4
GetLocalInfo5
GetLocalInfo6
GetLocalInfo7
GetMainBoard
GetMainBoard2
GetManufacturer
GetMyInfo_A
GetMyInfo_B
GetMyInfo_C
GetMyInfo_D
GetMyInfo_E
GetMyInfo_F
GetMyInfo_G
GetMyInfo_H
GetMyInfo_I
GetNetBiosMacAddresses
GetOsSystemInfo
GetPointDevice
GetRequirePatch
GetServiceStatu
GetSoftwareLicensingProduct
GetUUID
GetWLan
InfoReport
InitDirectInfo
InitRequirePatchNum
IsShowDubaSel
KVipInit
KVipUnInit
OsIntsallDate
PhoneStautsRep
PostClickWnd
PostHDChangeToWnd
QeryStat
QueryAutoFixStatus
RepSS3
RepSS4
Report0
ReportDGCache
ReportSoftC
ResidentReport
SStart
SStop
SetAutoFixStatus
SetDgPnpService
SetRequirePatch
SetWindowHwnd
SoftStatus2
Task10
Task5
Task6
Task7
Task8
Test
UpdatePublicInfo

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MyData
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
终极火力辅助/终极火力辅助.exe
.exe windows:4 windows x86 arch:x86

be7ca812102192bc413dd870bffbe935

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart

ws2_32

closesocket
send
select
WSACleanup
WSAStartup
inet_ntoa
recvfrom
ioctlsocket
recv
getpeername
accept
WSAAsyncSelect

rasapi32

RasHangUpA
RasGetConnectStatusA

kernel32

GetVersion
FileTimeToSystemTime
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
LocalFree
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
GetTimeZoneInformation
SetLastError
TerminateProcess
GetFileSize
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
TerminateThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr

user32

GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
GetActiveWindow
GetSysColorBrush
LoadStringA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
SystemParametersInfoA
GetForegroundWindow
GetDesktopWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
GetClassNameA
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetClassLongA
RemovePropA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
EndPaint
BeginPaint
CharUpperA
GetWindowTextLengthA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
GetDlgItem
FindWindowExA
GetWindowTextA
GetCursor
DrawTextA
SetPropA
CallWindowProcA
MoveWindow
GetPropA
UnregisterClassA
FrameRect
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
WindowFromDC
TabbedTextOutA
GrayStringA
DrawStateA
GetTabbedTextExtentA
GetMenuState
GetMenuItemID
GetMenuItemCount
SetWindowTextA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
KillTimer
GetMenuStringA

gdi32

LineTo
MoveToEx
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetBkColor
SetBkMode
SetTextColor
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontA
TranslateCharsetInfo
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
ExtSelectClipRgn
GetViewportExtEx
GetTextMetricsA
LPtoDP
Rectangle
Ellipse
SetPixelV
CreateCompatibleDC
GetPixel
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
SetPolyFillMode
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CombineRgn
CreateRectRgn
FillRgn
PatBlt
CreatePen
SelectObject
CreatePatternBrush
CreateBitmap
CreateHatchBrush
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
SetPixel
CreateRectRgnIndirect
EndPath

msimg32

GradientFill

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

SafeArrayGetUBound
VariantChangeType
VariantClear
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi

comctl32

ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_Read
ImageList_DrawIndirect
ImageList_Duplicate

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetSetOptionA
InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

comdlg32

ChooseColorA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

Sections

.text
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb4b50d36c1a114868aa326c02f15861

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ef:00:5c:c8:d6:4c:f9:b7:c5:cb:aa:b8:1f:3d:df:36:bd:e3:2e:0eSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

iphlpapi

psapi

netapi32

version

wtsapi32

Exports

Exports

Sections

.text Size: 596KB - Virtual size: 595KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 20KB - Virtual size: 101KB

MyData Size: 4KB - Virtual size: 16B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 36KB - Virtual size: 33KB

be7ca812102192bc413dd870bffbe935

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: 728KB - Virtual size: 727KB

.rdata Size: 464KB - Virtual size: 460KB

.data Size: 72KB - Virtual size: 369KB

.rsrc Size: 124KB - Virtual size: 122KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ef:00:5c:c8:d6:4c:f9:b7:c5:cb:aa:b8:1f:3d:df:36:bd:e3:2e:0e
Signer

.text
Size: 596KB - Virtual size: 595KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 20KB - Virtual size: 101KB

MyData
Size: 4KB - Virtual size: 16B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 36KB - Virtual size: 33KB

.text
Size: 728KB - Virtual size: 727KB

.rdata
Size: 464KB - Virtual size: 460KB

.data
Size: 72KB - Virtual size: 369KB

.rsrc
Size: 124KB - Virtual size: 122KB