18b2c9f1c8d5b803a596fea995b15b4d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

18b2c9f1c8d5b803a596fea995b15b4d_JaffaCakes118
Size

888KB
MD5

18b2c9f1c8d5b803a596fea995b15b4d
SHA1

b983968217d13aefb8b5cf6334a69d5380178402
SHA256

93bc6d23db7e7e352ffdfcd1e0a05061e0cda36085704b93e90936de1da0bccc
SHA512

d2c59a38bf1b560ac05f86589efa0478fb3665e3a8fa2c644762f6686a72d72b2ddd0e0c86f249be4ff86f9adc669c8445d8045c8073f80a517b83dc554fc2c1
SSDEEP

24576:4I6NGC/K2/UPteMOZYu/sRfyrXvZ+x6Dy:nA7w1HOZZsRqdTDy

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsProcess.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

18b2c9f1c8d5b803a596fea995b15b4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:05:d1:ca:1e:cd:09:04:76:ae:b9:5a:ff:7e:e0:ee
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22-04-2011 00:00

Not After

21-04-2012 23:59

Subject

CN=广东雨林木风计算机科技有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=广东雨林木风计算机科技有限公司,L=Dongguan,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:da:8f:31:5c:bf:58:63:72:47:e3:3c:f0:ad:f1:be:fc:e3:f0:c6
Signer

Actual PE Digest

1e:da:8f:31:5c:bf:58:63:72:47:e3:3c:f0:ad:f1:be:fc:e3:f0:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/partner.ini
114la.exe
.exe windows:5 windows x86 arch:x86

12a766f495eacd0ff1e35840507cb038

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:05:d1:ca:1e:cd:09:04:76:ae:b9:5a:ff:7e:e0:ee
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22-04-2011 00:00

Not After

21-04-2012 23:59

Subject

CN=广东雨林木风计算机科技有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=广东雨林木风计算机科技有限公司,L=Dongguan,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:37:dc:c8:f1:1c:e3:db:cf:ab:20:30:5c:d9:b8:83:a9:6c:0c:00
Signer

Actual PE Digest

0d:37:dc:c8:f1:1c:e3:db:cf:ab:20:30:5c:d9:b8:83:a9:6c:0c:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

shell32

ShellExecuteA

Sections

.text
Size: 512B - Virtual size: 42B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
115br.exe
.exe windows:5 windows x86 arch:x86

780e7d1986679f816c7e76fcd702a9a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:05:d1:ca:1e:cd:09:04:76:ae:b9:5a:ff:7e:e0:ee
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22-04-2011 00:00

Not After

21-04-2012 23:59

Subject

CN=广东雨林木风计算机科技有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=广东雨林木风计算机科技有限公司,L=Dongguan,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:10:bb:a0:86:de:bd:9c:47:22:44:9a:0f:fa:ac:93:7f:26:01:fb
Signer

Actual PE Digest

81:10:bb:a0:86:de:bd:9c:47:22:44:9a:0f:fa:ac:93:7f:26:01:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CreateFileMappingW
SetProcessWorkingSetSize
GetPrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
MulDiv
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
ExitProcess
GetModuleHandleW
GetExitCodeThread
WaitForMultipleObjects
OpenThread
GetPrivateProfileIntW
GetPrivateProfileStringA
OpenFileMappingW
OutputDebugStringA
LocalFree
OutputDebugStringW
FormatMessageW
CompareStringW
GetSystemTime
FreeLibrary
GetLocalTime
GetTickCount
FileTimeToSystemTime
DeviceIoControl
CreateFileA
ResumeThread
FreeResource
ResetEvent
OpenEventW
CreateMutexW
IsBadReadPtr
lstrlenA
ExpandEnvironmentStringsW
ReadFile
SystemTimeToFileTime
GetCurrentThread
GetSystemDefaultLCID
GlobalHandle
WinExec
lstrcpynA
SuspendThread
GetThreadContext
SetThreadContext
SetEndOfFile
UnmapViewOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
HeapCreate
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
CreateThread
ExitThread
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GlobalSize
CopyFileW
SetEvent
DeleteCriticalSection
TlsAlloc
TlsFree
GetLastError
HeapAlloc
GetFileSize
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindClose
GetWindowsDirectoryW
GetProcessHeap
HeapFree
GetTempPathW
TerminateThread
DeleteFileW
CreateDirectoryW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
CreateProcessW
TerminateProcess
OpenProcess
DuplicateHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpynW
GetCurrentProcessId
WritePrivateProfileStringW
VirtualProtect
VirtualQuery
lstrcmpiA
WriteProcessMemory
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetProcAddress
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
GetSystemInfo
GetModuleHandleA
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
SetLastError
MultiByteToWideChar
RaiseException
GetModuleFileNameW
lstrcmpiW
WaitForSingleObject
CreateEventW
CloseHandle
Sleep
WideCharToMultiByte
TlsSetValue
TlsGetValue
GetCurrentThreadId
lstrlenW
lstrcmpW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW

user32

SendNotifyMessageW
EnableMenuItem
FindWindowExW
EnumChildWindows
WindowFromPoint
IsChild
GetActiveWindow
RemovePropW
PostQuitMessage
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
EnableWindow
EqualRect
GetPropW
OffsetRect
CopyRect
SetRectEmpty
PtInRect
IsRectEmpty
GetWindowDC
ReleaseDC
GetDC
SetCursor
ReleaseCapture
SetCapture
FillRect
UpdateLayeredWindow
IsWindow
SendMessageTimeoutW
GetSysColor
RedrawWindow
CharNextW
CreateAcceleratorTableW
InvalidateRgn
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW
SystemParametersInfoW
FindWindowW
SetRect
LoadStringW
IsDlgButtonChecked
UpdateWindow
GetCapture
GetDlgCtrlID
ScrollWindow
SetScrollPos
UnregisterClassA
wsprintfW
ShowScrollBar
GetWindowTextW
GetWindowTextLengthW
SetFocus
MessageBeep
SetDlgItemTextW
GetParent
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
PostMessageW
GetClassNameW
CharUpperW
CallNextHookEx
PostThreadMessageW
PrintWindow
LoadStringA
wvsprintfW
RemoveMenu
GetClipboardData
SetWindowContextHelpId
MapDialogRect
DialogBoxIndirectParamW
CheckMenuItem
CopyIcon
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMessageExtraInfo
IsMenu
GetMenuItemID
SetMenuInfo
TrackPopupMenuEx
InsertMenuW
RegisterClipboardFormatW
IsWindowEnabled
DrawTextW
DrawFocusRect
FrameRect
SetScrollInfo
IsIconic
InflateRect
GetMenuItemCount
ModifyMenuW
AppendMenuW
CreatePopupMenu
mouse_event
DrawStateW
LockWindowUpdate
DeleteMenu
DestroyWindow
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
ClientToScreen
SetWindowTextW
GetDesktopWindow
SetLayeredWindowAttributes
DestroyIcon
MonitorFromPoint
TrackPopupMenu
SetWindowsHookExW
UnhookWindowsHookEx
AttachThreadInput
GetWindowThreadProcessId
CreateDialogParamW
SetWindowRgn
SetForegroundWindow
SetPropW
BringWindowToTop
GetForegroundWindow
RegisterWindowMessageW
ShowWindow
LoadIconW
GetFocus
GetDlgItemTextW
MoveWindow
LoadImageW
ScreenToClient
MessageBoxW
SendMessageW
DialogBoxParamW
SetWindowLongW
CreateWindowExW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SetTimer
DrawIconEx
InvalidateRect
GetCursorPos
IsWindowVisible
GetKeyState
KillTimer
GetSubMenu
DefWindowProcW
LoadMenuW
DestroyMenu
BeginPaint
EndPaint
CallWindowProcW
IsZoomed
GetSystemMetrics
UnregisterHotKey
EndDialog
RegisterHotKey

gdi32

EnumFontsW
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
CreateDCW
CombineRgn
CreateRoundRectRgn
SetWindowOrgEx
Rectangle
CreatePen
GetTextExtentPoint32W
DPtoLP
LineTo
MoveToEx
GetObjectW
GetDeviceCaps
CreateSolidBrush
SetBkColor
ExtTextOutW
CreateDIBSection
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
BitBlt
CreatePatternBrush
SetTextColor
SetBkMode
GetStockObject
CreateFontW
CreateFontIndirectW
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetLengthSid
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
CopySid
GetUserNameW
RegCloseKey
RegGetKeySecurity
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
InitializeAcl
AddAce
GetSidIdentifierAuthority

shell32

SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
ord155
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
Shell_NotifyIconW
DragQueryFileW
SHFileOperationW
SHCreateDirectoryExW

ole32

CoCreateInstance
CoTaskMemRealloc
StringFromCLSID
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
DoDragDrop
OleRun
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
OleUninitialize
CoGetInterfaceAndReleaseStream
CoUnmarshalInterface
CoGetMarshalSizeMax
CoMarshalInterface
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
SysAllocString
SysStringLen
VarUI4FromStr
VariantCopy
VariantChangeType
VarBstrCat
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VarBstrCmp
SysAllocStringLen
SysFreeString

shlwapi

SHGetValueW
PathFindFileNameA
PathFileExistsW
SHDeleteKeyW
PathFindFileNameW
SHSetValueW
SHDeleteValueW
StrRetToStrW
PathRemoveFileSpecW
PathFindExtensionW
PathIsDirectoryW
PathUnquoteSpacesW
PathRemoveArgsW
PathMatchSpecW

comctl32

ImageList_AddMasked
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw
ImageList_GetImageInfo
CreateStatusWindowW
ImageList_Create
ImageList_GetIcon
ImageList_Destroy
ImageList_ReplaceIcon

urlmon

UrlMkSetSessionOption

dbghelp

ImageDirectoryEntryToData

psapi

GetProcessMemoryInfo

gdiplus

GdipSetPenMode
GdipSetPenStartCap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipLoadImageFromStreamICM
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipSaveImageToStream
GdipSaveImageToFile
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatFlags
GdipDrawLineI
GdipSetPageUnit
GdipDeletePen
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipImageRotateFlip
GdipGraphicsClear
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromHICON
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDeleteFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipMeasureString
GdipSetTextRenderingHint
GdipReleaseDC
GdipGetDC
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC2
GdipDrawLinesI
GdipSetSmoothingMode
GdipCreatePen1

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpSendRequestA
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetOpenUrlW
HttpQueryInfoA
InternetReadFile
InternetOpenW
InternetSetCookieA
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle
InternetCrackUrlW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetSetCookieW
InternetSetOptionW
InternetConnectW

setupapi

SetupIterateCabinetW

netapi32

Netbios

dsound

ord1

winmm

waveOutWrite

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IcoCache/116.com_favicon.ico
IcoCache/search8.taobao.com_favicon.ico
IcoCache/www.baidu.com_favicon.ico
IcoCache/www.google.com.hk_favicon.ico
Recent.ini
ThumbnailCache/u.115.com.jpeg
.jpg
ThumbnailCache/www.114la.com.jpeg
.jpg
ThumbnailCache/www.915.com.jpeg
.jpg
ThumbnailCache/www.xiazaiba.com.jpeg
.jpg
cfg.ini
html/404error.html
.html .js polyglot
html/config.html
.js
html/error.html
.html .js polyglot
html/last.html
.html .js polyglot
html/start.html
.html .js polyglot
html/static/css/config.css
html/static/css/last.css
html/static/css/reset.css
html/static/css/start.css
html/static/images/115.gif
.gif
html/static/images/194x136.jpg
.jpg
html/static/images/baidu.gif
.gif
html/static/images/c_btn.png
.png
html/static/images/c_left.png
.png
html/static/images/c_left_bg.png
.png
html/static/images/c_line.png
.png
html/static/images/c_plug.png
.png
html/static/images/c_top.png
.png
html/static/images/google.gif
.gif
html/static/images/mouse/MouseGesture_0.png
.png
html/static/images/mouse/MouseGesture_1.png
.png
html/static/images/mouse/MouseGesture_10.png
.png
html/static/images/mouse/MouseGesture_11.png
.png
html/static/images/mouse/MouseGesture_12.png
.png
html/static/images/mouse/MouseGesture_13.png
.png
html/static/images/mouse/MouseGesture_14.png
.png
html/static/images/mouse/MouseGesture_15.png
.png
html/static/images/mouse/MouseGesture_16.png
.png
html/static/images/mouse/MouseGesture_17.png
.png
html/static/images/mouse/MouseGesture_18.png
.png
html/static/images/mouse/MouseGesture_19.png
.png
html/static/images/mouse/MouseGesture_2.png
.png
html/static/images/mouse/MouseGesture_3.png
.png
html/static/images/mouse/MouseGesture_4.png
.png
html/static/images/mouse/MouseGesture_5.png
.png
html/static/images/mouse/MouseGesture_6.png
.png
html/static/images/mouse/MouseGesture_7.png
.png
html/static/images/mouse/MouseGesture_8.png
.png
html/static/images/mouse/MouseGesture_9.png
.png
html/static/images/mp3.gif
.gif
html/static/images/pic.gif
.gif
html/static/images/s_add.png
.png
html/static/images/s_bg.png
.png
html/static/images/s_btn.png
.png
html/static/images/s_con.png
.png
html/static/images/s_form.png
.png
html/static/images/s_ico.png
.png
html/static/images/s_ico_bg.png
.png
html/static/images/s_last.png
.png
html/static/images/s_load.gif
.gif
html/static/images/s_test_204_127.png
.png
html/static/images/s_top.png
.png
html/static/images/taobao.gif
.gif
html/static/images/video.gif
.gif
html/static/images/zhidao.gif
.gif
html/static/js/suggest.js
.js
setting.ini
skin/default/add.png
.png
skin/default/addr_go.png
.png
skin/default/addr_goframe.png
.png
skin/default/addr_history.png
.png
skin/default/addr_hover_left.png
.png
skin/default/addr_hover_right.png
.png
skin/default/addr_left.png
.png
skin/default/addr_right.png
.png
skin/default/addr_safe.png
.png
skin/default/addr_stop.png
.png
skin/default/ani_download.gif
.gif
skin/default/ani_webfav.gif
.gif
skin/default/arrow_down.png
.png
skin/default/arrow_up.png
.png
skin/default/bg.png
.png
skin/default/bitmap_fav.bmp
skin/default/bitmap_nodes.bmp
skin/default/bitmap_page.bmp
skin/default/bottom_left.PNG
.png
skin/default/bottom_right.PNG
.png
skin/default/button_bg.png
.png
skin/default/button_close.png
.png
skin/default/button_maxi.png
.png
skin/default/button_menu_bg.png
.png
skin/default/button_mini.png
.png
skin/default/button_restore.png
.png
skin/default/change_skin.png
.png
skin/default/chevron.png
.png
skin/default/close-tab.png
.png
skin/default/date.png
.png
skin/default/del.png
.png
skin/default/download_close.png
.png
skin/default/edit.png
.png
skin/default/edit_left.png
.png
skin/default/edit_right.png
.png
skin/default/filtrate.png
.png
skin/default/frame_left.png
.png
skin/default/frame_right.PNG
.png
skin/default/loading.png
.png
skin/default/move_tab.png
.png
skin/default/no_trace.png
.png
skin/default/page.png
.png
skin/default/pluginbar_bg.png
.png
skin/default/progress_bg.png
.png
skin/default/progress_fw.png
.png
skin/default/scrollbar_bg.png
.png
skin/default/scrollbar_thumb.png
.png
skin/default/search.png
.png
skin/default/search_botton.png
.png
skin/default/search_choose.png
.png
skin/default/side_band_top_bg.png
.png
skin/default/side_favorite.png
.png
skin/default/side_grip.png
.png
skin/default/side_history.png
.png
skin/default/side_leftband.png
.png
skin/default/side_top_bg.png
.png
skin/default/side_top_close.png
.png
skin/default/side_top_fixed.png
.png
skin/default/side_top_moved.png
.png
skin/default/site.png
.png
skin/default/skin.ini
skin/default/status_bg.png
.png
skin/default/status_curpage.png
.png
skin/default/status_download.png
.png
skin/default/status_loading.png
.png
skin/default/status_netuser.png
.png
skin/default/status_newpage.png
.png
skin/default/status_nonetuser.png
.png
skin/default/status_nosound.png
.png
skin/default/status_ok.png
.png
skin/default/status_sound.png
.png
skin/default/tab_add.png
.png
skin/default/tab_all.png
.png
skin/default/tab_background.png
.png
skin/default/tab_item.png
.png
skin/default/tab_left.png
.png
skin/default/tab_right.png
.png
skin/default/tab_sidebarbutton.png
.png
skin/default/tool_back.PNG
.png
skin/default/tool_browsermode.png
.png
skin/default/tool_forward.PNG
.png
skin/default/tool_home.PNG
.png
skin/default/tool_refresh.png
.png
skin/default/tool_restore.png
.png
skin/default/tool_showmenu.png
.png
skin/default/webzoom.png
.png
skin/default/¸ßÁÁ.png
.png
skin/default/»»·ô.png
.png
skin/default/ÉÏ.png
.png
skin/default/ÏÂ.png
.png
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

79:05:d1:ca:1e:cd:09:04:76:ae:b9:5a:ff:7e:e0:eeCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1e:da:8f:31:5c:bf:58:63:72:47:e3:3c:f0:ad:f1:be:fc:e3:f0:c6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 18KB - Virtual size: 18KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 836B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

79:05:d1:ca:1e:cd:09:04:76:ae:b9:5a:ff:7e:e0:ee
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1e:da:8f:31:5c:bf:58:63:72:47:e3:3c:f0:ad:f1:be:fc:e3:f0:c6
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

79:05:d1:ca:1e:cd:09:04:76:ae:b9:5a:ff:7e:e0:ee
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0d:37:dc:c8:f1:1c:e3:db:cf:ab:20:30:5c:d9:b8:83:a9:6c:0c:00
Signer

.text
Size: 512B - Virtual size: 42B

.rdata
Size: 512B - Virtual size: 148B

.data
Size: 512B - Virtual size: 41B

.rsrc
Size: 28KB - Virtual size: 28KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

79:05:d1:ca:1e:cd:09:04:76:ae:b9:5a:ff:7e:e0:ee
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

81:10:bb:a0:86:de:bd:9c:47:22:44:9a:0f:fa:ac:93:7f:26:01:fb
Signer