4bcd4e5213f3b96313a869020979f33b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bcd4e5213f3b96313a869020979f33b_JaffaCakes118
Size

1.1MB
MD5

4bcd4e5213f3b96313a869020979f33b
SHA1

a43f5b4ba57f5ebc26460f80ec84e738b6cfdf4f
SHA256

5afb0569233607ed39dc38407920eafdd96c0c29b4e26cb32214228863b327a1
SHA512

c846e3ebe68b6f037707cb95de6174b129712e1d4116fe86ed7dd1e35b397fa87837ae611bd61bb0affd9bd195b8a3e092f75004749559d65c043d53286fe909
SSDEEP

24576:la3txCwm9j7zCPNnThbRF+JNwxM4kckCtumFXDiGxZUC+/Ow:lutRa7yfFepktdpFxKC+/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
4bcd4e5213f3b96313a869020979f33b_JaffaCakes118
unpack001/Baidu-Toolbar.exe
unpack002/$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Baidu-Toolbar.exe	nsis_installer_1

Files

4bcd4e5213f3b96313a869020979f33b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

c6079cff13dd538f8c2b93227d9d6d6c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0b
Signer

Actual PE Digest

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\scmpf\compiler_src\pupeng_213326_win32\app\gensoft\bar\address-search\Res\Chinese\Baidudg\AddressBar.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

gethostname
WSAStartup
gethostbyname
inet_ntoa
WSACleanup

shlwapi

StrDupW
PathRemoveFileSpecW
StrCmpNW
UrlCanonicalizeW
UrlUnescapeA
StrCmpIW
PathRemoveFileSpecA
PathIsDirectoryA
SHDeleteValueW
PathFileExistsW
StrStrIW
SHGetValueW
StrCpyNW
SHDeleteKeyW
SHSetValueW

dbghelp

ImageDirectoryEntryToData

winmm

timeGetTime

iphlpapi

GetAdaptersInfo
GetNetworkParams

wininet

InternetConnectA
InternetConnectW
HttpOpenRequestA
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackA
InternetSetStatusCallbackW
HttpSendRequestW
InternetOpenW
InternetQueryOptionW
DeleteUrlCacheEntryW
InternetGetCookieW
InternetCrackUrlW
InternetOpenUrlW
InternetSetOptionW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
GetUrlCacheEntryInfoW

rpcrt4

UuidCreate

setupapi

SetupIterateCabinetW

imm32

ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmGetCompositionWindow

kernel32

GetConsoleCP
GetModuleFileNameA
GetConsoleMode
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
InterlockedIncrement
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
lstrlenA
DebugBreak
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DisableThreadLibraryCalls
LocalFree
CloseHandle
ResumeThread
SetThreadPriority
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetACP
GetCurrentThreadId
WideCharToMultiByte
GetTickCount
GlobalUnlock
GlobalLock
CreateFileW
DeviceIoControl
GetVersionExW
FlushInstructionCache
GetCurrentProcess
lstrcmpW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
MoveFileExW
CreateDirectoryW
GetCurrentDirectoryA
GetSystemDirectoryW
GetLongPathNameW
TerminateThread
CopyFileW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
TryEnterCriticalSection
GetLocalTime
CompareStringW
GetWindowsDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
WriteFile
GetTempFileNameW
GetTempPathW
LockResource
GlobalFree
GlobalAlloc
SetErrorMode
GetFileSize
FileTimeToSystemTime
GetShortPathNameW
lstrcatW
lstrcpyW
WritePrivateProfileStringW
FindNextFileW
FindClose
FindFirstFileW
FreeResource
WriteProcessMemory
ReadProcessMemory
VirtualProtect
VirtualQuery
lstrcmpiA
GetFileInformationByHandle
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
LocalAlloc
GetProcessHeap
GlobalReAlloc
GetFileAttributesA
DeleteFileA
AreFileApisANSI
CreateFileA
GetTempPathA
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
SetCurrentDirectoryA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
CreateThread
FileTimeToLocalFileTime
GetDriveTypeW
GetDriveTypeA
GetEnvironmentStrings
FindFirstFileA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThread
HeapDestroy
HeapCreate
FatalAppExitA
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
SetStdHandle
ExitThread
IsDebuggerPresent
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
UnhandledExceptionFilter
RemoveDirectoryW
SetUnhandledExceptionFilter

user32

GetCapture
CreateIconFromResourceEx
CharLowerBuffW
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
GetClassLongW
KillTimer
SetTimer
wsprintfW
RemovePropW
SetPropW
GetPropW
OffsetRect
SetCursor
IsWindowEnabled
GetWindowDC
ScreenToClient
MoveWindow
GetWindowTextLengthW
SetFocus
GetWindow
MapWindowPoints
SetWindowPos
GetDlgItem
EndDialog
MessageBoxW
CharLowerW
FindWindowW
SetWindowTextW
GetActiveWindow
DialogBoxParamW
FindWindowExW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgCtrlID
IsWindowVisible
EnumChildWindows
GetKeyState
GetClassNameW
GetParent
GetWindowThreadProcessId
WindowFromPoint
GetWindowRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
PtInRect
LoadCursorW
IsWindow
ShowWindow
PostMessageW
UpdateWindow
SetRectEmpty
CreateDialogParamW
BeginPaint
EndPaint
RegisterWindowMessageW
InvalidateRect
FillRect
GetClientRect
SystemParametersInfoW
GetWindowTextW
ReleaseDC
GetDC
GetFocus
CharLowerBuffA
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcW
GetWindowLongW
SetWindowLongW
CharNextW
LoadIconW
GetSysColor
DrawFocusRect
LoadStringW
InflateRect
CopyRect
DrawTextW
SendMessageW
DrawIconEx
SetScrollPos
ReleaseCapture
UpdateLayeredWindow
SetRect
GetSystemMetrics
RegisterClassW
SetCapture
DestroyIcon
GetScrollInfo
SetScrollInfo
ShowScrollBar
PeekMessageW
GetDesktopWindow
CharUpperBuffW
CharUpperW
MonitorFromRect
GetMonitorInfoW
GetCursorPos
LoadImageW
UnregisterClassA
CallWindowProcW

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
DeleteDC
SelectObject
TextOutW
DeleteObject
ExtCreateRegion
CombineRgn
SetStretchBltMode
StretchBlt
GetDIBits
SetTextColor
SetBkMode
SetBkColor
GetPixel
ExtTextOutW
GetTextExtentPointW
BitBlt
CreateCompatibleDC
CreateDIBSection
CreateFontW
GetStockObject
GetCurrentObject
MoveToEx
CreateCompatibleBitmap
LineTo
CreatePen
GetObjectW
CreateSolidBrush

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
RegOpenKeyW
RegEnumKeyExA
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
CryptDestroyKey
RegQueryValueExW
RegCreateKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
ExtractIconW
SHGetSpecialFolderPathW
DragQueryFileA
ord85

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject
RevokeDragDrop
CoInitialize
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantInit
SysFreeString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantCopy
SysStringLen
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

msimg32

AlphaBlend

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RemoveOldVersion
RunOnceUpdate
SVCUninstall
UpdateASBar
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ASBarBroker.exe
.exe windows:4 windows x86 arch:x86

8cb73f23fc4ffce04345bba981c347fe

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:51:89:e8:e8:95:4d:3a:72:ab:63:d9:79:2f:96:2f:80:c3:f4:da
Signer

Actual PE Digest

88:51:89:e8:e8:95:4d:3a:72:ab:63:d9:79:2f:96:2f:80:c3:f4:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

kernel32

OutputDebugStringW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
GetProcAddress
LoadLibraryW
GetLongPathNameW
GetCurrentThreadId
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
DebugBreak
GetShortPathNameW
OpenProcess
CreateFileW
DeviceIoControl
GetVersionExW
GlobalFree
GlobalAlloc
GetCurrentProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
lstrlenA
InterlockedIncrement
GetModuleFileNameW
CreateEventW
CreateThread
SetEvent
lstrcmpiW
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
WaitForSingleObject
CloseHandle
VirtualAllocEx
GetConsoleCP
SetFilePointer
LoadLibraryA
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetVersionExA
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcessHeap
GetStartupInfoW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
CharNextW
PostThreadMessageW
UnregisterClassA
CharLowerBuffW

advapi32

RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
StrCmpNIW
SHGetValueW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Baidu-Toolbar.exe
.exe windows:4 windows x86 arch:x86

73b73e00f465fa1a2a3bf6377a40219b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cloudmkAddr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c6079cff13dd538f8c2b93227d9d6d6c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0b
Signer

Actual PE Digest

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\scmpf\compiler_src\pupeng_213326_win32\app\gensoft\bar\address-search\Res\Chinese\Baidudg\AddressBar.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

gethostname
WSAStartup
gethostbyname
inet_ntoa
WSACleanup

shlwapi

StrDupW
PathRemoveFileSpecW
StrCmpNW
UrlCanonicalizeW
UrlUnescapeA
StrCmpIW
PathRemoveFileSpecA
PathIsDirectoryA
SHDeleteValueW
PathFileExistsW
StrStrIW
SHGetValueW
StrCpyNW
SHDeleteKeyW
SHSetValueW

dbghelp

ImageDirectoryEntryToData

winmm

timeGetTime

iphlpapi

GetAdaptersInfo
GetNetworkParams

wininet

InternetConnectA
InternetConnectW
HttpOpenRequestA
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackA
InternetSetStatusCallbackW
HttpSendRequestW
InternetOpenW
InternetQueryOptionW
DeleteUrlCacheEntryW
InternetGetCookieW
InternetCrackUrlW
InternetOpenUrlW
InternetSetOptionW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
GetUrlCacheEntryInfoW

rpcrt4

UuidCreate

setupapi

SetupIterateCabinetW

imm32

ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmGetCompositionWindow

kernel32

GetConsoleCP
GetModuleFileNameA
GetConsoleMode
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
InterlockedIncrement
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
lstrlenA
DebugBreak
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DisableThreadLibraryCalls
LocalFree
CloseHandle
ResumeThread
SetThreadPriority
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetACP
GetCurrentThreadId
WideCharToMultiByte
GetTickCount
GlobalUnlock
GlobalLock
CreateFileW
DeviceIoControl
GetVersionExW
FlushInstructionCache
GetCurrentProcess
lstrcmpW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
MoveFileExW
CreateDirectoryW
GetCurrentDirectoryA
GetSystemDirectoryW
GetLongPathNameW
TerminateThread
CopyFileW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
TryEnterCriticalSection
GetLocalTime
CompareStringW
GetWindowsDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
WriteFile
GetTempFileNameW
GetTempPathW
LockResource
GlobalFree
GlobalAlloc
SetErrorMode
GetFileSize
FileTimeToSystemTime
GetShortPathNameW
lstrcatW
lstrcpyW
WritePrivateProfileStringW
FindNextFileW
FindClose
FindFirstFileW
FreeResource
WriteProcessMemory
ReadProcessMemory
VirtualProtect
VirtualQuery
lstrcmpiA
GetFileInformationByHandle
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
LocalAlloc
GetProcessHeap
GlobalReAlloc
GetFileAttributesA
DeleteFileA
AreFileApisANSI
CreateFileA
GetTempPathA
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
SetCurrentDirectoryA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
CreateThread
FileTimeToLocalFileTime
GetDriveTypeW
GetDriveTypeA
GetEnvironmentStrings
FindFirstFileA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThread
HeapDestroy
HeapCreate
FatalAppExitA
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
SetStdHandle
ExitThread
IsDebuggerPresent
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
UnhandledExceptionFilter
RemoveDirectoryW
SetUnhandledExceptionFilter

user32

GetCapture
CreateIconFromResourceEx
CharLowerBuffW
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
GetClassLongW
KillTimer
SetTimer
wsprintfW
RemovePropW
SetPropW
GetPropW
OffsetRect
SetCursor
IsWindowEnabled
GetWindowDC
ScreenToClient
MoveWindow
GetWindowTextLengthW
SetFocus
GetWindow
MapWindowPoints
SetWindowPos
GetDlgItem
EndDialog
MessageBoxW
CharLowerW
FindWindowW
SetWindowTextW
GetActiveWindow
DialogBoxParamW
FindWindowExW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgCtrlID
IsWindowVisible
EnumChildWindows
GetKeyState
GetClassNameW
GetParent
GetWindowThreadProcessId
WindowFromPoint
GetWindowRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
PtInRect
LoadCursorW
IsWindow
ShowWindow
PostMessageW
UpdateWindow
SetRectEmpty
CreateDialogParamW
BeginPaint
EndPaint
RegisterWindowMessageW
InvalidateRect
FillRect
GetClientRect
SystemParametersInfoW
GetWindowTextW
ReleaseDC
GetDC
GetFocus
CharLowerBuffA
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcW
GetWindowLongW
SetWindowLongW
CharNextW
LoadIconW
GetSysColor
DrawFocusRect
LoadStringW
InflateRect
CopyRect
DrawTextW
SendMessageW
DrawIconEx
SetScrollPos
ReleaseCapture
UpdateLayeredWindow
SetRect
GetSystemMetrics
RegisterClassW
SetCapture
DestroyIcon
GetScrollInfo
SetScrollInfo
ShowScrollBar
PeekMessageW
GetDesktopWindow
CharUpperBuffW
CharUpperW
MonitorFromRect
GetMonitorInfoW
GetCursorPos
LoadImageW
UnregisterClassA
CallWindowProcW

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
DeleteDC
SelectObject
TextOutW
DeleteObject
ExtCreateRegion
CombineRgn
SetStretchBltMode
StretchBlt
GetDIBits
SetTextColor
SetBkMode
SetBkColor
GetPixel
ExtTextOutW
GetTextExtentPointW
BitBlt
CreateCompatibleDC
CreateDIBSection
CreateFontW
GetStockObject
GetCurrentObject
MoveToEx
CreateCompatibleBitmap
LineTo
CreatePen
GetObjectW
CreateSolidBrush

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
RegOpenKeyW
RegEnumKeyExA
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
CryptDestroyKey
RegQueryValueExW
RegCreateKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
ExtractIconW
SHGetSpecialFolderPathW
DragQueryFileA
ord85

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject
RevokeDragDrop
CoInitialize
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantInit
SysFreeString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantCopy
SysStringLen
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

msimg32

AlphaBlend

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RemoveOldVersion
RunOnceUpdate
SVCUninstall
UpdateASBar
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conf.xml
.xml

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 11KB - Virtual size: 11KB

c6079cff13dd538f8c2b93227d9d6d6c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:24:4c:60:a5:85Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0bSigner

Headers

File Characteristics

PDB Paths

Imports

version

ws2_32

shlwapi

dbghelp

winmm

iphlpapi

wininet

rpcrt4

setupapi

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

urlmon

Exports

Exports

Sections

.text Size: 872KB - Virtual size: 872KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 27KB - Virtual size: 37KB

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 38KB - Virtual size: 38KB

8cb73f23fc4ffce04345bba981c347fe

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 11KB - Virtual size: 11KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0b
Signer

.text
Size: 872KB - Virtual size: 872KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 27KB - Virtual size: 37KB

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 38KB - Virtual size: 38KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

88:51:89:e8:e8:95:4d:3a:72:ab:63:d9:79:2f:96:2f:80:c3:f4:da
Signer

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 24KB - Virtual size: 20KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 24KB - Virtual size: 28KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 286KB - Virtual size: 286KB

.data
Size: 16KB - Virtual size: 29KB

.Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 638KB - Virtual size: 638KB

.reloc
Size: 86KB - Virtual size: 85KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0b
Signer