25dbd900bfa70cacaab30fdfc4332599_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25dbd900bfa70cacaab30fdfc4332599_JaffaCakes118
Size

489KB
MD5

25dbd900bfa70cacaab30fdfc4332599
SHA1

28e33c2277e37824096f08d6682ba74866aad1c3
SHA256

e6f0a5feb1147021ed2ee401e22ff4dce53e4e76deb773ae9db48354496bae92
SHA512

113bc7b43edb126054695b7142f8c8ed412f35eee0ee45c36b53b1cc340e6422d190833bcee033f8f4a03194ce969ceab4575b6f275aeeeab76f120001feb038
SSDEEP

6144:9KMRznsKTEZLWv/GTKef18wQXxcTc4lr+0HY6IH/ja2lRzsTBpyyGHG00qNOGXdo:PWZcGF18wewRVHY6I7fl5sTLyA05QUg

Score

1^/10

Malware Config

Signatures

Files

25dbd900bfa70cacaab30fdfc4332599_JaffaCakes118
.exe windows:4 windows x86 arch:x86

381c94377d97372977df7faf46509fdf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

22:1e:a4:e1:e6:44:2c:38:db:4e:ec:e4:86:79:04:a4:e0:44:87:bb
Signer

Actual PE Digest

22:1e:a4:e1:e6:44:2c:38:db:4e:ec:e4:86:79:04:a4:e0:44:87:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\qqpcmgr_proj\QQPCMgr_Public\Basic\Output\BinFinal\QQPCPatch.pdb

Imports

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

htons
htonl
ntohs
ntohl

shlwapi

StrFromTimeIntervalW
StrFormatByteSizeW
StrRChrW
PathAddBackslashW
StrFormatKBSizeW
PathIsDirectoryW
StrStrIW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

kernel32

VirtualAllocEx
lstrcpynW
GetCommandLineW
GetModuleFileNameW
HeapAlloc
GetProcessHeap
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
SetErrorMode
GetProcAddress
InitializeCriticalSection
HeapFree
EnterCriticalSection
CreateEventW
SearchPathW
OpenProcess
CreateProcessW
CloseHandle
WaitForSingleObject
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
WriteProcessMemory
LoadLibraryW
CreateFileW
GetTickCount
ReadFile
CreateDirectoryW
InterlockedCompareExchange
InterlockedExchange
SwitchToThread
DeleteCriticalSection
FreeLibrary
LeaveCriticalSection
MoveFileExW
ReplaceFileW
GetLastError
CopyFileW
DeleteFileW
lstrcmpiW
Process32NextW
SleepEx
ReleaseMutex
CreateMutexW
DuplicateHandle
GetCurrentThread
SetDllDirectoryW
Sleep
CreateToolhelp32Snapshot
Process32FirstW
GetSystemTime
SetEvent
GetTempPathW
GetTempFileNameW
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileSizeEx
WritePrivateProfileSectionW
GetPrivateProfileStringW
GetFullPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
GetFileType
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
WriteFile
SetFileTime
lstrlenW
GetSystemInfo
OpenFileMappingA
MapViewOfFileEx
FormatMessageA
InterlockedIncrement
LocalFree
ChangeTimerQueueTimer
DeleteTimerQueueTimer
InterlockedDecrement
UnmapViewOfFile
CreateTimerQueueTimer
CreateFileMappingA
InitializeCriticalSectionAndSpinCount
GetFileSize
QueueUserAPC
ProcessIdToSessionId
RaiseException
FormatMessageW
GetVersionExW
TerminateThread
ResetEvent
InterlockedExchangeAdd
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
WaitForMultipleObjects
GetOverlappedResult
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoA
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocaleInfoW
GetNumberFormatW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
MapViewOfFile
SetLastError
GetLocalTime
OpenFileMappingW
OpenEventW
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
VirtualQuery
LoadLibraryA
GetSystemDefaultLangID
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
DeviceIoControl
CreatePipe
GetStdHandle
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetACP
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW

user32

GetWindowLongW
IsWindow
UnregisterClassA
DefWindowProcW
CreateWindowExW
SetWindowLongW
RegisterClassExW
DestroyWindow
PostMessageW
SendMessageW
SendMessageTimeoutW
FindWindowA

advapi32

RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

StgIsStorageFile
StgOpenStorage
CoFreeUnusedLibrariesEx
CoCreateGuid
CoCreateInstance
CoTaskMemFree
StgCreateDocfile
CoInitialize
CoUninitialize

msvcp80

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0strstreambuf@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??1strstreambuf@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

msvcr80

wcstol
memcpy
_CxxThrowException
memset
isspace
strncmp
_mbsstr
strtoul
_mbschr
_strlwr_s
_wmkdir
_wstat64
isalnum
_unlink
_controlfp_s
_invoke_watson
__CxxFrameHandler3
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_wsplitpath_s
tolower
memcpy_s
strncpy_s
_memicmp
strrchr
_vsnprintf
_snprintf_s
_vsnwprintf_s
??_V@YAXPAX@Z
wcschr
wcscpy_s
_wtol
_snwprintf
??3@YAXPAX@Z
wcscat_s
_invalid_parameter_noinfo
wcsrchr
swprintf_s
??2@YAPAXI@Z
_wfopen
fwrite
fclose
??0exception@std@@QAE@ABQBD@Z
_itow_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_time64
setlocale
wcsstr
_wtoi
fopen
memmove_s
fseek
rename
_localtime64
_purecall
_snprintf
swscanf_s
memmove
realloc
fflush
_ui64tow_s
_wcsicmp
_wtoi64
_errno
calloc
free
malloc
strncpy
wcsncpy_s
_snwscanf
wcsncat_s
_wcsnicmp
_snwprintf_s
ldiv
wcsncpy
_wcsupr
isprint
_beginthreadex
strchr
putchar
putwchar
_except_handler3

wininet

InternetReadFile
InternetOpenW
InternetCloseHandle
InternetOpenUrlW

iphlpapi

GetIpForwardTable

psapi

GetModuleFileNameExW
EnumProcesses
GetModuleBaseNameW
EnumProcessModules

oleaut32

VariantInit
SysAllocString
VariantClear

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

381c94377d97372977df7faf46509fdf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

22:1e:a4:e1:e6:44:2c:38:db:4e:ec:e4:86:79:04:a4:e0:44:87:bbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

version

ws2_32

shlwapi

kernel32

user32

advapi32

shell32

ole32

msvcp80

msvcr80

wininet

iphlpapi

psapi

oleaut32

netapi32

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 336KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 8KB - Virtual size: 103KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 32KB - Virtual size: 29KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

22:1e:a4:e1:e6:44:2c:38:db:4e:ec:e4:86:79:04:a4:e0:44:87:bb
Signer

.text
Size: 340KB - Virtual size: 336KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 8KB - Virtual size: 103KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 32KB - Virtual size: 29KB