CompareFileVersion
CompareFileVersionLocal
GetAppDataFolder
GetBHOFileName
GetCmdLineParam
GetIEFolder
GetNewGUID
GetResult
GetWindowsVersion
IsModuleRunning
IsRegisterIEPolicy
KillProcess
KillProcessByName
OnInit
SetParam
Uninit
Overview
overview
6Static
static
3340eea9d46...18.exe
windows7-x64
3340eea9d46...18.exe
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$_6_/$_7_.dll
windows7-x64
6$_6_/$_7_.dll
windows10-2004-x64
6FlashGetBHO3.dll
windows7-x64
6FlashGetBHO3.dll
windows10-2004-x64
6FlashGetHook.dll
windows7-x64
1FlashGetHook.dll
windows10-2004-x64
1Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
340eea9d4664186051bcf9d2ad8f84d8_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
340eea9d4664186051bcf9d2ad8f84d8_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$_6_/$_7_.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$_6_/$_7_.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
FlashGetBHO3.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
FlashGetBHO3.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
FlashGetHook.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral12
Sample
FlashGetHook.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
340eea9d4664186051bcf9d2ad8f84d8_JaffaCakes118
-
Size
1.5MB
-
MD5
340eea9d4664186051bcf9d2ad8f84d8
-
SHA1
fff414323d8fa2b0a2788a364e7a649996743c31
-
SHA256
c95354ad2120f732f4dc587c11208ca78719a23ca000a1819357a3d1f3a24e0a
-
SHA512
3eb7eeb03f4a0f80bffd7dec3996ed93ed6ddadc86af32f7f44b2c32d7c0b0ce706959cea2cd546e48d09ae78ddd082535da501188e234404cdf9c378134981d
-
SSDEEP
49152:dzBdbdutgJFPhjJYA9DgfoL1hd5KgEZN/hx4PYESj:xPby2xh1YAVLtMgEZZhjLj
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource 340eea9d4664186051bcf9d2ad8f84d8_JaffaCakes118 unpack001/$PLUGINSDIR/ProcDll.dll unpack001/$PLUGINSDIR/System.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
340eea9d4664186051bcf9d2ad8f84d8_JaffaCakes118.exe windows:4 windows x86 arch:x86
dfb06052e74b26a42b0e490bd1c07959
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 252KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 472KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ProcDll.dll.dll windows:4 windows x86 arch:x86
6aac02222a7107798e494b35d1b0b7d6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LoadLibraryA
lstrcmpiA
OpenProcess
Process32Next
CreateToolhelp32Snapshot
TerminateProcess
GetVersionExA
WideCharToMultiByte
GlobalAlloc
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
lstrcpynA
lstrcpyA
GlobalFree
GetProcAddress
FlushFileBuffers
FreeLibrary
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleHandleA
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
user32
CallNextHookEx
GetDlgCtrlID
GetWindowLongA
GetWindowThreadProcessId
GetParent
PostMessageA
SendMessageA
SetWindowsHookExA
GetClassNameA
wsprintfA
UnhookWindowsHookEx
GetWindowRect
GetCursorPos
PtInRect
GetFocus
CallWindowProcA
IsWindow
SetWindowLongA
advapi32
RegOpenKeyExA
RegQueryValueA
RegCloseKey
shell32
SHGetFolderPathA
ole32
StringFromCLSID
CoTaskMemFree
CoInitialize
CoCreateGuid
CoUninitialize
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
Exports
Exports
Sections
.text Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
4ec328f99bdd944fc98d8a5cf11f7a62
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 446B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_6_/$_7_.dll regsvr32 windows:4 windows x86 arch:x86
70b66d328f20ee2d9c0f7562751fc605
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
15:e8:ac:e7:89:3d:48:73:8c:35:06:a5:02:ac:63:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before29/06/2009, 00:00Not After29/06/2011, 23:59SubjectCN=Trend Media Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trend Media Corporation Limited,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\documents and settings\administrator\application data\flashgetbho\FlashGetBHO3.pdb
Imports
kernel32
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
GetProcAddress
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
lstrcmpW
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
IsBadReadPtr
WideCharToMultiByte
GetLastError
WriteFile
SetFilePointer
GetCurrentProcessId
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CloseHandle
lstrlenW
GetConsoleCP
GetLocaleInfoA
LCMapStringA
LoadLibraryA
InterlockedExchange
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
Sleep
GetOEMCP
GetACP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStringTypeW
GetStringTypeA
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
user32
GetWindowModuleFileNameW
CharNextW
UnhookWindowsHookEx
CharUpperBuffW
CallNextHookEx
GetClassNameW
GetWindow
GetWindowThreadProcessId
FindWindowExW
FindWindowW
UnregisterClassA
SetWindowsHookExW
advapi32
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
ole32
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
oleaut32
SysFreeString
VariantClear
VariantCopy
VariantChangeType
VarUI4FromStr
VariantInit
DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
rpcrt4
NdrStubForwardingFunction
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterHook
UnRegisterHook
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 4KB - Virtual size: 267B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DLLShare Size: 4KB - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FlashGetBHO3.dll.dll regsvr32 windows:4 windows x86 arch:x86
70b66d328f20ee2d9c0f7562751fc605
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
15:e8:ac:e7:89:3d:48:73:8c:35:06:a5:02:ac:63:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before29/06/2009, 00:00Not After29/06/2011, 23:59SubjectCN=Trend Media Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trend Media Corporation Limited,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\documents and settings\administrator\application data\flashgetbho\FlashGetBHO3.pdb
Imports
kernel32
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
GetProcAddress
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
lstrcmpW
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
IsBadReadPtr
WideCharToMultiByte
GetLastError
WriteFile
SetFilePointer
GetCurrentProcessId
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CloseHandle
lstrlenW
GetConsoleCP
GetLocaleInfoA
LCMapStringA
LoadLibraryA
InterlockedExchange
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
Sleep
GetOEMCP
GetACP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStringTypeW
GetStringTypeA
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
user32
GetWindowModuleFileNameW
CharNextW
UnhookWindowsHookEx
CharUpperBuffW
CallNextHookEx
GetClassNameW
GetWindow
GetWindowThreadProcessId
FindWindowExW
FindWindowW
UnregisterClassA
SetWindowsHookExW
advapi32
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
ole32
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
oleaut32
SysFreeString
VariantClear
VariantCopy
VariantChangeType
VarUI4FromStr
VariantInit
DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
rpcrt4
NdrStubForwardingFunction
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterHook
UnRegisterHook
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 4KB - Virtual size: 267B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DLLShare Size: 4KB - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FlashGetHook.dll.dll regsvr32 windows:4 windows x86 arch:x86
1f115cbc157acb46321fdb8e696edca2
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
15:e8:ac:e7:89:3d:48:73:8c:35:06:a5:02:ac:63:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before29/06/2009, 00:00Not After29/06/2011, 23:59SubjectCN=Trend Media Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trend Media Corporation Limited,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\documents and settings\administrator\application data\flashgetbho\FlashGetHook.pdb
Imports
kernel32
GetProcAddress
LoadLibraryW
IsBadWritePtr
WideCharToMultiByte
CloseHandle
WriteFile
SetFilePointer
GetCurrentProcessId
lstrlenA
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
GetCurrentThreadId
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
GetVersionExW
IsBadReadPtr
GetExitCodeThread
WaitForSingleObject
CreateThread
MapViewOfFile
CreateFileMappingW
FindClose
FindFirstFileW
UnmapViewOfFile
Sleep
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
DisableThreadLibraryCalls
GetConsoleCP
FindResourceExW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
InterlockedExchange
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetProcessHeap
GetVersionExA
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
RtlUnwind
HeapFree
HeapAlloc
LockResource
GetThreadLocale
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetThreadLocale
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetConsoleMode
user32
SetWindowsHookExW
CharNextW
GetWindowModuleFileNameW
CallNextHookEx
SendMessageW
SendMessageTimeoutW
RegisterWindowMessageW
GetWindowThreadProcessId
GetWindow
FindWindowExW
GetClassNameW
FindWindowW
GetWindowTextW
IsWindow
DestroyWindow
SetWindowLongW
GetWindowLongW
DialogBoxParamW
PostMessageW
KillTimer
DefWindowProcW
GetSysColor
MoveWindow
UnhookWindowsHookEx
SetWindowPos
UnregisterClassA
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
EndDialog
CreatePopupMenu
AppendMenuW
TrackPopupMenu
MessageBoxW
PtInRect
WindowFromPoint
CopyRect
GetCursorPos
GetSystemMetrics
GetKeyState
LoadBitmapW
SetWindowContextHelpId
SendDlgItemMessageW
SetTimer
IsWindowVisible
ShowWindow
GetWindowDC
GetWindowRect
MapDialogRect
CharUpperBuffW
CreateDialogIndirectParamW
GetWindowTextLengthW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
gdi32
CreateSolidBrush
GetDeviceCaps
BitBlt
GetObjectW
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
CreateCompatibleDC
GetStockObject
advapi32
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
shell32
ShellExecuteW
ole32
OleLockRunning
OleUninitialize
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
CoCreateInstance
StringFromGUID2
CoInitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
oleaut32
VarBstrCat
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayGetDim
SafeArrayGetElemsize
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
rpcrt4
NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrOleAllocate
NdrOleFree
NdrStubForwardingFunction
comctl32
_TrackMouseEvent
urlmon
CoInternetGetSession
oleacc
ObjectFromLresult
ws2_32
gethostbyname
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FreeIEInstance
FreeMxInstance
FreeTTInstance
init_hook
init_hook_IE
init_hook_Maxthon
init_hook_TTravel
Sections
.text Size: 252KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 4KB - Virtual size: 844B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 72KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ