2336343ac0ac17cc25a5c9ccac2481c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2336343ac0ac17cc25a5c9ccac2481c5_JaffaCakes118
Size

3.3MB
MD5

2336343ac0ac17cc25a5c9ccac2481c5
SHA1

9927b6b36d7aaa27545e0ad7e98a161b7a710960
SHA256

999e9e5e0426f87372f6eaa9031b6fc1c9d213e5e1d78ce89c90227ad980d53f
SHA512

744addec3a287cf7bd8ad9f9079c702022d3cea7f4a4e5c84dec8a734f2e66a0d0ada96be345764f46148a11a5a2249bdd8fa95d8ef860a082b6f15554f8bc4d
SSDEEP

24576:leHJ25A8O3k5izKXjAAF0vbjvuqIU8yer2sy1OA2lA:leFAGDuqHeko6

Score

1^/10

Malware Config

Signatures

Files

2336343ac0ac17cc25a5c9ccac2481c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

638dca5d844d587a66702d776c30802b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:db:a8:50:21:ee:00:c9:73:b5:c5:39:8b:2e:11:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

07/01/2012, 23:59

Subject

CN=Lenovo (Beijing) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=Lenovo (Beijing) Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

69:e4:42:c8:99:55:1d:8b:04:bd:84:c7:39:38:c6:59:54:17:72:e6
Signer

Actual PE Digest

69:e4:42:c8:99:55:1d:8b:04:bd:84:c7:39:38:c6:59:54:17:72:e6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\WorkBace\Veriface38\bin4\VeriFace.pdb

Imports

igetskin

ReleaseGetSkin
CreateGetSkin

mainop

ReleaseHeadImage
CreateLogOp
ReleaseLogOp
CreateUserOp
ReleaseUserOp
CreateHeadImage

setdev

ord8
ord5

wtsapi32

WTSRegisterSessionNotification

secur32

GetUserNameExW

mfc80ud

ord745
ord3401
ord4068
ord2224
ord4646
ord426
ord1089
ord5784
ord7513
ord5398
ord286
ord5219
ord4106
ord3856
ord4332
ord921
ord6998
ord5767
ord3417
ord2718
ord7601
ord3243
ord8279
ord4746
ord8608
ord7281
ord8641
ord1187
ord1340
ord7664
ord6343
ord3446
ord7818
ord6928
ord1119
ord6346
ord6378
ord5403
ord3469
ord8424
ord6321
ord6312
ord4648
ord8647
ord5214
ord6672
ord1101
ord1821
ord2185
ord7012
ord3693
ord3850
ord2022
ord296
ord9137
ord4834
ord699
ord919
ord358
ord5912
ord2096
ord5747
ord2024
ord2539
ord8388
ord8673
ord4065
ord832
ord573
ord7641
ord7787
ord5989
ord5902
ord6147
ord4858
ord729
ord407
ord5922
ord6624
ord6687
ord6003
ord6823
ord6381
ord640
ord4622
ord5918
ord2144
ord2740
ord870
ord8337
ord7813
ord5582
ord7602
ord4663
ord4661
ord6725
ord697
ord354
ord5055
ord772
ord922
ord467
ord4535
ord5916
ord2737
ord4771
ord8470
ord3898
ord4042
ord4773
ord4003
ord6402
ord6316
ord3065
ord3696
ord4012
ord8028
ord4008
ord8436
ord5510
ord4893
ord5756
ord755
ord445
ord4519
ord5914
ord2109
ord2203
ord4027
ord4002
ord4007
ord3253
ord3256
ord794
ord499
ord4560
ord1359
ord3219
ord1468
ord1552
ord2132
ord898
ord4190
ord655
ord4633
ord4186
ord883
ord7214
ord8688
ord5555
ord9197
ord8677
ord3660
ord1034
ord1046
ord2836
ord1713
ord868
ord638
ord4620
ord2142
ord2213
ord2503
ord9158
ord4357
ord4421
ord6037
ord855
ord4644
ord2317
ord621
ord3369
ord3241
ord7547
ord2547
ord5585
ord2537
ord8462
ord4279
ord2029
ord288
ord8463
ord5045
ord4845
ord714
ord386
ord1669
ord2784
ord5941
ord7001
ord1916
ord8117
ord9157
ord2100
ord2101
ord2244
ord2245
ord2646
ord6638
ord6468
ord5884
ord6977
ord2394
ord6418
ord8391
ord5649
ord6278
ord3187
ord5000
ord6935
ord891
ord668
ord8244
ord8242
ord7948
ord7718
ord694
ord345
ord8290
ord3201
ord6260
ord3102
ord4487
ord5633
ord7991
ord1641
ord5468
ord7441
ord4133
ord4132
ord4777
ord6712
ord6482
ord2725
ord5502
ord3151
ord8622
ord5573
ord900
ord5785
ord8154
ord4642
ord1527
ord3785
ord2981
ord8240
ord5192
ord4659
ord4658
ord5087
ord6237
ord888
ord662
ord4638
ord1757
ord2891
ord6174
ord3975
ord7553
ord7011
ord7046
ord6266
ord5503
ord3080
ord7036
ord7034
ord4114
ord2522
ord5313
ord7276
ord8601
ord6873
ord1341
ord5287
ord7570
ord2644
ord2689
ord6009
ord8669
ord5279
ord8667
ord5613
ord5655
ord8227
ord1396
ord1537
ord5311
ord7954
ord4955
ord910
ord840
ord586
ord2133
ord2209
ord7264
ord8389
ord2319
ord5420
ord521
ord2173
ord834
ord7639
ord5598
ord5781
ord7640
ord575
ord4392
ord8179
ord858
ord626
ord4612
ord2139
ord4980
ord2760
ord7642
ord2731
ord8323
ord7254
ord3105
ord5397
ord7638
ord7551
ord7648
ord2305
ord577
ord4805
ord2308
ord4469
ord1095
ord5617
ord4349
ord269
ord8338
ord8341
ord865
ord634
ord4617
ord2140
ord2212
ord4356
ord8206
ord8120
ord2179
ord2176
ord5499
ord1917
ord5910
ord6946
ord2508
ord2517
ord2094
ord6841
ord8666
ord5856
ord2994
ord1802
ord2634
ord4775
ord6455
ord5961
ord2153
ord8194
ord7052
ord7050
ord1173
ord1178
ord1182
ord1180
ord1184
ord3271
ord3291
ord3275
ord3281
ord3279
ord3277
ord3294
ord3289
ord3273
ord3296
ord3284
ord3266
ord3268
ord3286
ord3002
ord2992
ord2064
ord8668
ord5280
ord8670
ord4655
ord6730
ord1864
ord6970
ord2580
ord2222
ord2221
ord2152
ord3508
ord3803
ord3972
ord5990
ord3780
ord3999
ord3511
ord3684
ord3503
ord5151
ord5152
ord5142
ord3682
ord5506
ord6179
ord5940
ord2894
ord1760
ord348
ord299
ord654
ord1416
ord5622
ord695
ord882
ord4827
ord5088
ord267
ord270
ord1358
ord379
ord3663
ord3640
ord2166
ord3664
ord2165
ord7637
ord3104
ord1098
ord7366
ord2584
ord711
ord289
ord5707
ord3111
ord673
ord693
ord908
ord2771
ord1686
ord7685
ord4466
ord340
ord893
ord901
ord1578
ord7600
ord1435

msvcr80d

_exit
__wgetmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_vswprintf
wcscat
wcscpy
swprintf_s
wcsstr
wcscat_s
malloc
free
wcscmp
_wcsicmp
wcsrchr
memcpy
__CxxFrameHandler3
wprintf
atoi
iswdigit
vswprintf_s
_wtoi
tolower
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
strlen
isprint
memset
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_CxxThrowException
_invalid_parameter
_CrtDbgReportW
wcslen
memmove_s
memcmp
_recalloc
calloc
strcpy_s
_snwprintf_s
_XcptFilter
_cexit
_vsnwprintf_s
_vsnprintf_s
strcpy
_CrtDbgReport
_errno
_snprintf_s
vsprintf_s
wcscpy_s
wcsncpy_s
??0exception@std@@QAE@ABV01@@Z
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_CRT_RTC_INITW
_initterm_e
_initterm
_CrtSetCheckCount
_wcmdln
exit
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

GetModuleHandleW
GetProcAddress
lstrlenW
IsBadStringPtrW
lstrcmpW
GlobalReAlloc
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
GetPrivateProfileSectionW
MultiByteToWideChar
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
DebugBreak
WideCharToMultiByte
IsDebuggerPresent
lstrlenA
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
EnterCriticalSection
CloseHandle
CreateFileW
OutputDebugStringW
Sleep
CreateThread
DeleteCriticalSection
GetModuleFileNameW
InitializeCriticalSection
CopyFileW
SystemTimeToFileTime
GetLocalTime
GetTimeFormatW
GetDateFormatW
DeleteFileW
FreeLibrary
GetLastError
CreateEventW
GetComputerNameW
CreateDirectoryW
LoadLibraryW
GetPrivateProfileStringW
WritePrivateProfileStringW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
GetVersion
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
SetUnhandledExceptionFilter
MulDiv
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
SetEvent
OpenEventA
OutputDebugStringA
VirtualAlloc
QueryPerformanceCounter

user32

IsWindowVisible
GetCapture
GetCursorPos
WindowFromPoint
GetWindow
InvalidateRect
SetCursor
LoadImageW
GetTitleBarInfo
SetWindowRgn
SetWindowLongW
RegisterClassExW
LoadCursorW
DefWindowProcW
FillRect
SetClassLongW
GetSystemMetrics
PostQuitMessage
SetCapture
ClientToScreen
SetFocus
SetActiveWindow
OffsetRect
GetScrollInfo
CallWindowProcW
SendMessageW
ReleaseDC
GetDC
GetClassNameW
SubtractRect
UnionRect
IntersectRect
InflateRect
EqualRect
SetRectEmpty
CopyRect
GetDlgItem
GetWindowTextW
GetParent
ReleaseCapture
GetNextDlgGroupItem
PostMessageW
FindWindowExW
GetWindowLongW
SetRect
GetWindowRect
GetScrollBarInfo
GetSysColor
GetMessagePos
SetWindowPos
IsWindow
GetClassLongW
ScreenToClient
UpdateWindow
MessageBoxW
SetLayeredWindowAttributes
DrawFocusRect
PtInRect
IsRectEmpty
FindWindowW
SetForegroundWindow

gdi32

SetMapMode
GetDeviceCaps
CreateRoundRectRgn
CreateRectRgn
SelectClipRgn
StretchDIBits
CreateSolidBrush
SetStretchBltMode
StretchBlt
CreatePen
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
DeleteDC
GetObjectW
SetDCBrushColor
GetStockObject
DeleteObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
GetUserNameW
OpenThreadToken
RevertToSelf
SetThreadToken
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

comctl32

FlatSB_EnableScrollBar
InitializeFlatSB
ord17
_TrackMouseEvent

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysFreeString
OleLoadPicturePath
OleLoadPicture

msvcp80d

?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0_Container_base@std@@QAE@XZ
??1_Container_base@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?eof@?$char_traits@_W@std@@SAGXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Orphan_all@_Container_base@std@@QBEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?open@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXPBDHH@Z
??_D?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?close@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@U_Has_debug_it@01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?fail@ios_base@std@@QBE_NXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Bios_base@std@@QBEPAXXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@U_Has_debug_it@01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

gdiplus

GdipSetStringFormatAlign
GdipDrawString
GdipDrawImageRect
GdipGetGenericFontFamilySansSerif
GdiplusStartup
GdipGetEmHeight
GdipCreateBitmapFromGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteStringFormat
GdipDrawImageRectI
GdipCreateFont
GdipDeleteFontFamily
GdipGetPathWorldBounds
GdipDrawImageRectRectI
GdipFree
GdipCreateMatrix2
GdipDeleteMatrix
GdipCreateSolidFill
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipDrawImageRectRect
GdipFillPath
GdipDrawPath
GdipDeleteFont
GdipCreateStringFormat
GdipSetWorldTransform
GdipSetSmoothingMode
GdipGetLogFontW
GdipAddPathString
GdipSetInterpolationMode
GdipReleaseDC
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAddPathStringI
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipCloneBrush

chooselang

?GetLangDir@@YAHPA_WK@Z

langhlpr

?GetCurIniName_Vf@@YAHPB_WPA_WK@Z

Sections

.textbss
Size: - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

638dca5d844d587a66702d776c30802b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2e:db:a8:50:21:ee:00:c9:73:b5:c5:39:8b:2e:11:55Certificate

Extended Key Usages

Key Usages

69:e4:42:c8:99:55:1d:8b:04:bd:84:c7:39:38:c6:59:54:17:72:e6Signer

Headers

File Characteristics

PDB Paths

Imports

igetskin

mainop

setdev

wtsapi32

secur32

mfc80ud

msvcr80d

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp80d

gdiplus

chooselang

langhlpr

Sections

.textbss Size: - Virtual size: 291KB

.text Size: 624KB - Virtual size: 623KB

.rdata Size: 104KB - Virtual size: 102KB

.data Size: 12KB - Virtual size: 10KB

.idata Size: 24KB - Virtual size: 22KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2e:db:a8:50:21:ee:00:c9:73:b5:c5:39:8b:2e:11:55
Certificate

69:e4:42:c8:99:55:1d:8b:04:bd:84:c7:39:38:c6:59:54:17:72:e6
Signer

.textbss
Size: - Virtual size: 291KB

.text
Size: 624KB - Virtual size: 623KB

.rdata
Size: 104KB - Virtual size: 102KB

.data
Size: 12KB - Virtual size: 10KB

.idata
Size: 24KB - Virtual size: 22KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB