310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118
Size

661KB
MD5

310f55a2f3de9e160c01dc8fa23c7128
SHA1

0d5bfe67add3f31feb2e69394e9106fbfdde0fa3
SHA256

13fa37ccf5aaa7d38b1edbc6730dcce49add3aff7f5237633abae25868716953
SHA512

08567f15e7626bc434920122682384a7130b4d5f8412dbb4bedd8c2ab12e6dcb35373935ae005515d0ae01a77bbc09e17b71304aab962c07861a9a1fc5862359
SSDEEP

12288:J3MlbSeGIZEZHV77u0w+lrtLsNaLTXSwaNYk4wi3:J3MVsHV77uAaaLTXHaNYk493

Score

1^/10

Malware Config

Signatures

Files

310f55a2f3de9e160c01dc8fa23c7128_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

de4715f9bb75f1d92a94e55860c69fd2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26-01-2010 00:00

Not After

25-01-2013 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:24:44:e0:03:f0:03:f8:1b:fa:ad:8c:22:07:b2:87:9e:15:5d:4d
Signer

Actual PE Digest

90:24:44:e0:03:f0:03:f8:1b:fa:ad:8c:22:07:b2:87:9e:15:5d:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\qqpcmgr_proj\电脑管家6.8\Basic\Output\BinFinal\QMTrayPlugin\QMBJTrayPlugin\QMBJTrayPlugin.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htonl
htons

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
StrRChrW
PathAddBackslashW
StrStrIW
PathRemoveArgsW
PathIsRelativeW
PathFindExtensionW
wnsprintfW
StrCmpIW
StrFormatByteSizeW
StrFormatKBSizeW
StrFromTimeIntervalW
PathAppendW
PathFileExistsW

common

??0CTXBSTR@@QAE@ABV0@@Z
?InitPluginFileSystem@Boot@Util@@YAHPA_W@Z
?AddPlugin@CoreCenter@Util@@YAHPA_WPAUITXData@@@Z
?GetFileHash@FS@Util@@YAHPB_WAAVCTXBuffer@@AAK@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?QueryPluginCore@CoreCenter@Util@@YAHPA_WPAPAUITXPluginCore@@@Z
??BCTXBSTR@@QBEPA_WXZ
?ToLower@CTXBSTR@@QAEJXZ
?IsFileExist@FS@@YAHPB_W@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??1CTXStringW@@QAE@XZ
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
??0CTXStringW@@QAE@PB_W@Z
??0CTXStringW@@QAE@ABV0@@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??BCTXStringW@@QBEPB_WXZ
??4CTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@XZ
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?Format@CTXStringW@@QAAXPB_WZZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
??0CTXBSTR@@QAE@XZ
?GetString@CTXStringW@@QBEPB_WXZ
??ICTXBSTR@@QAEPAPA_WXZ
??8CTXBSTR@@QBE_NABV0@@Z
?InitPluginI18NConfig@Boot@Util@@YAHPA_W@Z
?InitPluginGFConfig@Boot@Util@@YAHPA_W@Z
?InitPluginModeConfig@Boot@Util@@YAHPA_W@Z
?EnablePlugin@CoreCenter@Util@@YAHPA_W@Z
??1CTXBSTR@@QAE@XZ
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXBSTR@@QAE@PB_W@Z
?InitPluginCoreConfig@Boot@Util@@YAHPA_W@Z
?IsEmpty@CTXBSTR@@QAEHXZ
?Mid@CTXStringW@@QBE?AV1@HH@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?GetLength@CTXStringW@@QBEHXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
?Delete@CTXStringW@@QAEHHH@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?Left@CTXStringW@@QBE?AV1@H@Z

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z

kernel32

GetProcAddress
GetFileAttributesW
GetWindowsDirectoryW
GetCurrentProcess
lstrcpynW
lstrcatW
GetLastError
LocalFree
GetSystemDirectoryW
GetEnvironmentVariableW
IsBadReadPtr
IsBadWritePtr
LoadLibraryW
FreeLibrary
CreateFileW
WriteFile
MultiByteToWideChar
ReadFile
GetFileSize
lstrlenA
CreateMutexW
DeleteFileW
ReleaseMutex
FormatMessageW
WideCharToMultiByte
GetACP
ProcessIdToSessionId
GetVersionExW
GetCurrentDirectoryW
GetCurrentProcessId
CreateEventW
QueueUserAPC
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoA
TerminateThread
ResetEvent
InterlockedExchangeAdd
InterlockedExchange
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
WaitForMultipleObjects
GetOverlappedResult
GetSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
ExpandEnvironmentStringsW
OpenFileMappingW
OpenEventW
FindResourceExW
UnmapViewOfFile
SetLastError
InterlockedCompareExchange
GetLocalTime
lstrcmpiW
HeapFree
GetProcessHeap
HeapAlloc
GetSystemDefaultLangID
VirtualQuery
LoadLibraryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
FindClose
TerminateProcess
WaitForSingleObject
RaiseException
GetModuleFileNameW
Sleep
CreateProcessW
CloseHandle
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrlenW
GetThreadLocale
DeviceIoControl
CreatePipe
GetStdHandle
InitializeCriticalSectionAndSpinCount
DuplicateHandle
CreateTimerQueueTimer
FormatMessageA
DeleteTimerQueueTimer
SwitchToThread
ChangeTimerQueueTimer
MapViewOfFileEx
OpenFileMappingA
CreateFileMappingA
GetSystemTimeAsFileTime
IsDebuggerPresent
GetQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
FindResourceW
FindFirstFileW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
OpenMutexW
SetEvent
MapViewOfFile
OpenProcess
CopyFileW

user32

DestroyIcon
GetWindowRect
PostMessageW
PtInRect
SetWindowPos
SendMessageW
SendMessageTimeoutW
UnregisterClassA
GetCursorPos
GetDC
ReleaseDC
ShowScrollBar
FindWindowA

gdi32

DeleteObject
SelectObject
CreateFontIndirectW
GetStockObject
GetObjectW
GetTextExtentPoint32W

advapi32

OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
ImpersonateLoggedOnUser

shell32

ShellExecuteW
SHGetFileInfoW
ExtractIconW
DuplicateIcon
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ExtractIconExW

ole32

StgOpenStorage
CoInitialize
StgIsStorageFile
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StgCreateDocfile
CoFreeUnusedLibrariesEx
CoUninitialize

oleaut32

SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
VariantInit
SysAllocString
VariantClear

atl80

ord18
ord22
ord64
ord23
ord61
ord32
ord30
ord31
ord10
ord11
ord15

msvcp80

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0strstreambuf@std@@QAE@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1strstreambuf@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
?str@strstreambuf@std@@QAEPADXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

comctl32

_TrackMouseEvent

msvcr80

?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
isspace
_wcsupr
ldiv
_wtol
realloc
isalnum
_wstat64
_wmkdir
_strlwr_s
strtoul
strchr
putchar
putwchar
_beginthreadex
swscanf_s
strrchr
_memicmp
setlocale
_snprintf_s
tolower
_mbschr
wcsncat
_snwscanf
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_mbsstr
??3@YAXPAX@Z
_CxxThrowException
memset
swprintf_s
_purecall
free
_time64
__CxxFrameHandler3
wcsncpy_s
wcsncat_s
wcslen
??2@YAPAXI@Z
memcpy_s
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memmove_s
_vscwprintf
vswprintf_s
_wcslwr_s
wcsrchr
_wtoi
wcsncmp
_wcsnicmp
wcsstr
_snwprintf_s
_wcsicmp
wcschr
malloc
wcstol
_vsnwprintf_s
wcscpy_s
_wsplitpath_s
strlen
memcpy
_wcsupr_s
strncpy_s
strncmp
fwrite
fflush
fread
fseek
memmove
isprint
wcsncpy

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules
EnumProcesses

mfc80u

ord1908

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 404KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de4715f9bb75f1d92a94e55860c69fd2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

90:24:44:e0:03:f0:03:f8:1b:fa:ad:8c:22:07:b2:87:9e:15:5d:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

shlwapi

common

gf

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl80

msvcp80

comctl32

msvcr80

psapi

mfc80u

netapi32

Exports

Exports

Sections

.text Size: 404KB - Virtual size: 400KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 28KB - Virtual size: 31KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 48KB - Virtual size: 47KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

90:24:44:e0:03:f0:03:f8:1b:fa:ad:8c:22:07:b2:87:9e:15:5d:4d
Signer

.text
Size: 404KB - Virtual size: 400KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 28KB - Virtual size: 31KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 48KB - Virtual size: 47KB