49b5b3e84781f84de7a74e849bbf1104_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

49b5b3e84781f84de7a74e849bbf1104_JaffaCakes118
Size

2.5MB
MD5

49b5b3e84781f84de7a74e849bbf1104
SHA1

b3b9bbbf846b20aeadaa2783e89feeb099d15811
SHA256

e43b19f99a9d35b0c95dcbac519ee756513174544186c526f7849958634fc9f8
SHA512

99944248fa919f1a408864d103c747dd786d23052d9a461a16b4aa2776bdde61cdaf52db4198da9bba9677dedbc5f090410bd4aff9d7d150b820e5c4abec9e9f
SSDEEP

49152:kcl9kpWS3XBfFKS9CB4vG8PE7NYAezaaga1wolKO0hjcB+PZS:kclgWGBfUS94CE7NSzaaga+nO0tcBqS

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/$3

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

49b5b3e84781f84de7a74e849bbf1104_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$1
.exe windows:4 windows x86 arch:x86

2c58a599ab9f826c47dbdaeecb216bfe

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
GetTempPathW
LoadLibraryExW
GetFileAttributesA
SetProcessWorkingSetSize
ReleaseMutex
MoveFileW
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceW
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
MulDiv
SizeofResource
GetPrivateProfileSectionNamesW
GetWindowsDirectoryW
CreateProcessW
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileType
CreateFileMappingW
DuplicateHandle
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
InterlockedExchange
IsBadReadPtr
LoadLibraryA
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
FatalAppExitA
IsBadWritePtr
HeapSize
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetCurrentThread
TlsFree
TlsAlloc
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ResumeThread
HeapReAlloc
RaiseException
TerminateProcess
ExitThread
TlsGetValue
TlsSetValue
GetTimeZoneInformation
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
VirtualAlloc
VirtualFree
CreateThread
Sleep
lstrcpynW
GetShortPathNameW
ResetEvent
WaitForSingleObject
CreateEventW
SetEvent
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
CreateMutexW
DeleteCriticalSection
HeapDestroy
SetErrorMode
GetCurrentProcessId
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
OutputDebugStringW
DebugBreak
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcpyW
GetFullPathNameW
SetLastError
GetLocalTime
CompareFileTime
DeleteFileW
FileTimeToSystemTime
SystemTimeToFileTime
LoadLibraryW
GetProcAddress
GetModuleFileNameA
GetPrivateProfileSectionW
GetSystemTime
WriteFile
CreateFileA
GetFileSize
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetCurrentProcess
OpenProcess
GetPrivateProfileIntW
WritePrivateProfileStringW
GetLongPathNameW
CreateFileW
ReadFile
SetFilePointer
LocalFree
CloseHandle
lstrlenA
GetModuleHandleW
GetVersionExW
GetModuleFileNameW
lstrcmpiW
GetFileAttributesW
InterlockedDecrement
GetPrivateProfileStringW
lstrlenW
InterlockedIncrement
GetLastError
LocalAlloc
IsBadCodePtr
SetEnvironmentVariableA

user32

CreateAcceleratorTableW
InvalidateRgn
wsprintfW
ScreenToClient
DestroyIcon
GetIconInfo
LoadBitmapW
IsWindowVisible
LoadIconW
DefWindowProcW
DrawTextW
IsWindowEnabled
GetClientRect
DrawFocusRect
InflateRect
GetSystemMetrics
DrawEdge
KillTimer
PtInRect
GetWindowRect
ClientToScreen
ReleaseCapture
GetParent
GetDlgCtrlID
SetTimer
MoveWindow
DrawIconEx
SetRect
MapWindowPoints
EndDialog
CreateDialogParamW
ValidateRect
GetCursorPos
TrackMouseEvent
CopyRect
SetScrollPos
RedrawWindow
GetClassNameW
GetFocus
IsChild
SetFocus
GetDC
ReleaseDC
FillRect
GetDlgItem
GetSysColor
SetWindowTextW
GetScrollPos
GetScrollInfo
DrawIcon
SetScrollInfo
EqualRect
SetCursor
DialogBoxIndirectParamW
SystemParametersInfoW
UpdateWindow
InvalidateRect
FrameRect
WindowFromPoint
EnableWindow
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
SendMessageTimeoutW
DestroyMenu
GetCapture
CallWindowProcW
SetCapture
SendMessageW
DestroyWindow
IsWindow
GetWindowTextW
GetWindowTextLengthW
EndPaint
BeginPaint
SetWindowPos
AdjustWindowRectEx
GetMenu
SetWindowLongW
GetWindowLongW
CreateWindowExW
LoadImageW
GetWindowThreadProcessId
FindWindowExW
TrackPopupMenu
OffsetRect
LoadMenuW
GetSubMenu
IsDialogMessageW
CreateDialogIndirectParamW
GetDesktopWindow
PostMessageW
SetForegroundWindow
GetWindow
GetClassInfoW
RegisterClassW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetActiveWindow
DialogBoxParamW
wvsprintfW
LoadStringW
GetForegroundWindow
ExitWindowsEx
CharUpperW
CharLowerW
CharNextW
WaitForInputIdle
FindWindowW
ShowWindow

gdi32

GetPixel
Rectangle
GetTextMetricsW
GetBkColor
CreateFontIndirectW
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
RoundRect
SetPixel
CreateDIBSection
CreatePen
MoveToEx
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontW
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetObjectW
GetStockObject
SetViewportOrgEx
StretchBlt
ExtTextOutW
SetBkColor
GetTextExtentPoint32W
CreateSolidBrush
LineTo

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

DeleteAce
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
GetUserNameW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
SetNamedSecurityInfoW

shell32

SHGetFileInfoW
ord165
DragAcceptFiles
ShellExecuteExW
SHGetSpecialFolderPathW
ExtractIconExW
DragQueryFileW
ord680
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
OleLockRunning

oleaut32

OleCreateFontIndirect
OleLoadPicture
DispCallFunc
SysAllocStringLen
VariantClear
LoadRegTypeLi
SysAllocString
SysStringLen
SysFreeString
VariantCopy

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_Destroy
InitCommonControlsEx
ImageList_Add
ImageList_Create
ImageList_GetIcon
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Draw

shlwapi

PathCombineW
StrStrIW
PathFindExtensionW
StrCmpNIW
SHGetValueW
SHDeleteValueW
SHSetValueW
PathFindFileNameW
PathIsDirectoryW
PathRemoveFileSpecW
PathStripPathW
PathFileExistsW
StrChrW
PathStripToRootW
StrCmpIW
StrCpyNW
PathAppendW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetOpenW
InternetGetConnectedState
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetCrackUrlW

iphlpapi

GetIpNetTable
SendARP
DeleteIpNetEntry
GetAdaptersInfo

netapi32

Netbios

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo

ws2_32

inet_addr
inet_ntoa

Sections

.text
Size: 752KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 880KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BoxOption.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/$3
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360safebox.exe
.exe windows:4 windows x86 arch:x86

2c58a599ab9f826c47dbdaeecb216bfe

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
GetTempPathW
LoadLibraryExW
GetFileAttributesA
SetProcessWorkingSetSize
ReleaseMutex
MoveFileW
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceW
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
MulDiv
SizeofResource
GetPrivateProfileSectionNamesW
GetWindowsDirectoryW
CreateProcessW
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileType
CreateFileMappingW
DuplicateHandle
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
InterlockedExchange
IsBadReadPtr
LoadLibraryA
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
FatalAppExitA
IsBadWritePtr
HeapSize
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetCurrentThread
TlsFree
TlsAlloc
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ResumeThread
HeapReAlloc
RaiseException
TerminateProcess
ExitThread
TlsGetValue
TlsSetValue
GetTimeZoneInformation
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
VirtualAlloc
VirtualFree
CreateThread
Sleep
lstrcpynW
GetShortPathNameW
ResetEvent
WaitForSingleObject
CreateEventW
SetEvent
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
CreateMutexW
DeleteCriticalSection
HeapDestroy
SetErrorMode
GetCurrentProcessId
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
OutputDebugStringW
DebugBreak
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcpyW
GetFullPathNameW
SetLastError
GetLocalTime
CompareFileTime
DeleteFileW
FileTimeToSystemTime
SystemTimeToFileTime
LoadLibraryW
GetProcAddress
GetModuleFileNameA
GetPrivateProfileSectionW
GetSystemTime
WriteFile
CreateFileA
GetFileSize
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetCurrentProcess
OpenProcess
GetPrivateProfileIntW
WritePrivateProfileStringW
GetLongPathNameW
CreateFileW
ReadFile
SetFilePointer
LocalFree
CloseHandle
lstrlenA
GetModuleHandleW
GetVersionExW
GetModuleFileNameW
lstrcmpiW
GetFileAttributesW
InterlockedDecrement
GetPrivateProfileStringW
lstrlenW
InterlockedIncrement
GetLastError
LocalAlloc
IsBadCodePtr
SetEnvironmentVariableA

user32

CreateAcceleratorTableW
InvalidateRgn
wsprintfW
ScreenToClient
DestroyIcon
GetIconInfo
LoadBitmapW
IsWindowVisible
LoadIconW
DefWindowProcW
DrawTextW
IsWindowEnabled
GetClientRect
DrawFocusRect
InflateRect
GetSystemMetrics
DrawEdge
KillTimer
PtInRect
GetWindowRect
ClientToScreen
ReleaseCapture
GetParent
GetDlgCtrlID
SetTimer
MoveWindow
DrawIconEx
SetRect
MapWindowPoints
EndDialog
CreateDialogParamW
ValidateRect
GetCursorPos
TrackMouseEvent
CopyRect
SetScrollPos
RedrawWindow
GetClassNameW
GetFocus
IsChild
SetFocus
GetDC
ReleaseDC
FillRect
GetDlgItem
GetSysColor
SetWindowTextW
GetScrollPos
GetScrollInfo
DrawIcon
SetScrollInfo
EqualRect
SetCursor
DialogBoxIndirectParamW
SystemParametersInfoW
UpdateWindow
InvalidateRect
FrameRect
WindowFromPoint
EnableWindow
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
SendMessageTimeoutW
DestroyMenu
GetCapture
CallWindowProcW
SetCapture
SendMessageW
DestroyWindow
IsWindow
GetWindowTextW
GetWindowTextLengthW
EndPaint
BeginPaint
SetWindowPos
AdjustWindowRectEx
GetMenu
SetWindowLongW
GetWindowLongW
CreateWindowExW
LoadImageW
GetWindowThreadProcessId
FindWindowExW
TrackPopupMenu
OffsetRect
LoadMenuW
GetSubMenu
IsDialogMessageW
CreateDialogIndirectParamW
GetDesktopWindow
PostMessageW
SetForegroundWindow
GetWindow
GetClassInfoW
RegisterClassW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetActiveWindow
DialogBoxParamW
wvsprintfW
LoadStringW
GetForegroundWindow
ExitWindowsEx
CharUpperW
CharLowerW
CharNextW
WaitForInputIdle
FindWindowW
ShowWindow

gdi32

GetPixel
Rectangle
GetTextMetricsW
GetBkColor
CreateFontIndirectW
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
RoundRect
SetPixel
CreateDIBSection
CreatePen
MoveToEx
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontW
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetObjectW
GetStockObject
SetViewportOrgEx
StretchBlt
ExtTextOutW
SetBkColor
GetTextExtentPoint32W
CreateSolidBrush
LineTo

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

DeleteAce
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
GetUserNameW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
SetNamedSecurityInfoW

shell32

SHGetFileInfoW
ord165
DragAcceptFiles
ShellExecuteExW
SHGetSpecialFolderPathW
ExtractIconExW
DragQueryFileW
ord680
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
OleLockRunning

oleaut32

OleCreateFontIndirect
OleLoadPicture
DispCallFunc
SysAllocStringLen
VariantClear
LoadRegTypeLi
SysAllocString
SysStringLen
SysFreeString
VariantCopy

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_Destroy
InitCommonControlsEx
ImageList_Add
ImageList_Create
ImageList_GetIcon
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Draw

shlwapi

PathCombineW
StrStrIW
PathFindExtensionW
StrCmpNIW
SHGetValueW
SHDeleteValueW
SHSetValueW
PathFindFileNameW
PathIsDirectoryW
PathRemoveFileSpecW
PathStripPathW
PathFileExistsW
StrChrW
PathStripToRootW
StrCmpIW
StrCpyNW
PathAppendW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetOpenW
InternetGetConnectedState
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetCrackUrlW

iphlpapi

GetIpNetTable
SendARP
DeleteIpNetEntry
GetAdaptersInfo

netapi32

Netbios

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo

ws2_32

inet_addr
inet_ntoa

Sections

.text
Size: 752KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 880KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SafeboxKrnl.sys
.sys windows:5 windows x86 arch:x86

f9d5fb15cef98a2b2f8d638770a703ff

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn\1li\0923\box\sys200909241451\safeboxkrnl\Debug\i386\SafeBoxKrnl.pdb

Imports

ntoskrnl.exe

ObfDereferenceObject
KeDetachProcess
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
ExAllocatePoolWithTag
KeAttachProcess
PsLookupProcessByProcessId
PsGetCurrentProcessId
MmIsAddressValid
wcscpy
wcsncpy
NtBuildNumber
_stricmp
PsGetVersion
IoGetCurrentProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwClose
RtlInitUnicodeString
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
_wcsicmp
wcsncmp
wcslen
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeResetEvent
KeWaitForSingleObject
KeDelayExecutionThread
swprintf
wcscat
KeSetEvent
PsGetCurrentThreadId
wcsrchr
MmProbeAndLockPages
MmUnlockPages
KeUserModeCallback
ProbeForRead
ExGetPreviousMode
DbgPrint
ObReferenceObjectByHandle
KeReadStateSemaphore
IoGetDeviceObjectPointer
RtlAppendUnicodeStringToString
RtlVolumeDeviceToDosName
wcsstr
_wcsupr
KeServiceDescriptorTable
PsThreadType
PsLookupThreadByThreadId
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfReferenceObject
ZwReadFile
ZwQueryInformationFile
IoCreateFile
ObReferenceObjectByName
IoDriverObjectType
RtlEqualUnicodeString
KeSetAffinityThread
KeGetCurrentThread
KeClearEvent
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
_except_handler3
KeInitializeSpinLock
IoCreateNotificationEvent
ExFreePool

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 4KB - Virtual size: 4KB

2c58a599ab9f826c47dbdaeecb216bfe

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

version

wininet

iphlpapi

netapi32

psapi

ws2_32

Sections

.text Size: 752KB - Virtual size: 748KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 60KB - Virtual size: 70KB

.idata Size: 12KB - Virtual size: 10KB

.rsrc Size: 880KB - Virtual size: 876KB

.reloc Size: 44KB - Virtual size: 43KB

b1cd0d78f652ce5fc63f0879371af012

Headers

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 4KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 752KB - Virtual size: 748KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 60KB - Virtual size: 70KB

.idata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 880KB - Virtual size: 876KB

.reloc
Size: 44KB - Virtual size: 43KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate