49fb9f5d1fffdcc64d2e3976032ccd4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49fb9f5d1fffdcc64d2e3976032ccd4d_JaffaCakes118
Size

7.1MB
MD5

49fb9f5d1fffdcc64d2e3976032ccd4d
SHA1

70be623f10fce17512a8b8dd23580740c77ff2ed
SHA256

62dc0144f51a8ab3a84c226bec9008412e062723d4cf5cee29b568b50d0363aa
SHA512

13c563fff268926d56056cfa3c891f5c22637f644013add5ec30589d93bc5ad123ce730ad5864bc2ae86bf43f6da36b29e5b322bd5a8ed7cca932a71ac5881ca
SSDEEP

196608:JWjz5O8FpcVpci4hUCy1qujz5O8FpcVpci4hUCyep5y:JWH5BFqVpc/hUj1quH5BFqVpc/hUjepk

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1/Data/tools/GenerateFNIS_for_Modders/GenerateFNISforModders.exe
unpack001/1/Data/tools/GenerateFNIS_for_Modders/hkxcmd.exe
unpack001/1/Data/tools/GenerateFNIS_for_Users/GenerateFNISforUsers.exe
unpack001/1/Data/tools/GenerateFNIS_for_Users/hkxcmd.exe

Files

49fb9f5d1fffdcc64d2e3976032ccd4d_JaffaCakes118
.zip
1/Data/Meshes/actors/character/animations/FNIS/FNIS_FNIS_List.txt
1/Data/Meshes/actors/character/animations/FNISBase/FNIS_FNISBase_List.txt
1/Data/Meshes/actors/character/behaviors/0_master.hkx
1/Data/Meshes/actors/character/behaviors/FNIS_FNISBase_Behavior.hkx
1/Data/Meshes/actors/character/behaviors/FNIS_FNIS_Behavior.hkx
1/Data/tools/GenerateFNIS_for_Modders/GenerateFNISforModders.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Harald\Documents\Visual Studio 2010\Projects\GenerateFNISModders2\GenerateFNISModders\obj\x86\Release\GenerateFNISforModders.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/Data/tools/GenerateFNIS_for_Modders/hkxcmd LICENSE.TXT
1/Data/tools/GenerateFNIS_for_Modders/hkxcmd.exe
.exe windows:5 windows x86 arch:x86

17c5b6077a396ada2040d9975a7fd00d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Development\Projects\niftools\hkxcmd\bin\Release\hkxcmd.pdb

Imports

kernel32

GetModuleFileNameA
TlsGetValue
FindFirstFileA
FindNextFileA
GetFullPathNameA
FindClose
CreateDirectoryA
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetUserDefaultLangID
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WaitForSingleObject
CreateSemaphoreA
VirtualQuery
GetExitCodeThread
CreateThread
GetSystemInfo
OutputDebugStringA
InterlockedExchangeAdd
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetTimeZoneInformation
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
GetDriveTypeA
GetCommandLineA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
WriteFile
SetHandleCount
GetFileType
GetStartupInfoA
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
ReadFile
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
ReleaseSemaphore

shlwapi

PathCombineA
PathIsDirectoryA
PathAddBackslashA
PathAppendA
PathFindFileNameA
PathFindExtensionA
PathRelativePathToA
PathRemoveExtensionA
PathAddExtensionA
PathFileExistsA
PathRemoveFileSpecA

wsock32

htons
ioctlsocket
gethostbyname
connect
WSAAsyncSelect
recv
WSAGetLastError
socket
closesocket
select
inet_ntoa
WSAStartup
setsockopt
inet_addr
ntohs
accept
__WSAFDIsSet
gethostname
listen
bind
send

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1/Data/tools/GenerateFNIS_for_Modders/templates/FNIS_Behavior_TEMPLATE.txt
.xml
1/Data/tools/GenerateFNIS_for_Modders/temporary_logs/DUMMY_FILE_for_NMM_installation_only.txt
1/Data/tools/GenerateFNIS_for_Users/GenerateFNISforUsers.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Harald\Documents\Visual Studio 2010\Projects\GenerateFNISUsers3\GenerateFNISUsers\obj\x86\Release\GenerateFNISforUsers.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/Data/tools/GenerateFNIS_for_Users/KnownCustomBehaviors.txt
1/Data/tools/GenerateFNIS_for_Users/PatchList.txt
1/Data/tools/GenerateFNIS_for_Users/hkxcmd LICENSE.TXT
1/Data/tools/GenerateFNIS_for_Users/hkxcmd.exe
.exe windows:5 windows x86 arch:x86

17c5b6077a396ada2040d9975a7fd00d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Development\Projects\niftools\hkxcmd\bin\Release\hkxcmd.pdb

Imports

kernel32

GetModuleFileNameA
TlsGetValue
FindFirstFileA
FindNextFileA
GetFullPathNameA
FindClose
CreateDirectoryA
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetUserDefaultLangID
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WaitForSingleObject
CreateSemaphoreA
VirtualQuery
GetExitCodeThread
CreateThread
GetSystemInfo
OutputDebugStringA
InterlockedExchangeAdd
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetTimeZoneInformation
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
GetDriveTypeA
GetCommandLineA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
WriteFile
SetHandleCount
GetFileType
GetStartupInfoA
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
ReadFile
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
ReleaseSemaphore

shlwapi

PathCombineA
PathIsDirectoryA
PathAddBackslashA
PathAppendA
PathFindFileNameA
PathFindExtensionA
PathRelativePathToA
PathRemoveExtensionA
PathAddExtensionA
PathFileExistsA
PathRemoveFileSpecA

wsock32

htons
ioctlsocket
gethostbyname
connect
WSAAsyncSelect
recv
WSAGetLastError
socket
closesocket
select
inet_ntoa
WSAStartup
setsockopt
inet_addr
ntohs
accept
__WSAFDIsSet
gethostname
listen
bind
send

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1/Data/tools/GenerateFNIS_for_Users/languages/Deutsch.txt
1/Data/tools/GenerateFNIS_for_Users/languages/English.txt
1/Data/tools/GenerateFNIS_for_Users/languages/Español.txt
1/Data/tools/GenerateFNIS_for_Users/languages/Français.txt
1/Data/tools/GenerateFNIS_for_Users/languages/Italiano.txt
1/Data/tools/GenerateFNIS_for_Users/languages/Polski.txt
1/Data/tools/GenerateFNIS_for_Users/languages/Portugus.txt
1/Data/tools/GenerateFNIS_for_Users/languages/ݧԧѧܧ (Bulgarian).txt
1/Data/tools/GenerateFNIS_for_Users/languages/ܧڧ (Russian).txt
1/Data/tools/GenerateFNIS_for_Users/languages/Z (Chinese trad.).txt
1/Data/tools/GenerateFNIS_for_Users/languages/ (Chinese simpl.).txt
1/Data/tools/GenerateFNIS_for_Users/templates/FNISRoot_Behavior_TEMPLATE.txt
.xml
1/Data/tools/GenerateFNIS_for_Users/templates/defaultfemale_TEMPLATE.txt
.xml
1/Data/tools/GenerateFNIS_for_Users/templates/defaultmale_TEMPLATE.txt
.xml
1/Data/tools/GenerateFNIS_for_Users/temporary_logs/DUMMY_FILE_for_NMM_installation_only.txt
1/FNIS_README_3.5.txt
setup.exe
.exe windows:4 windows x86 arch:x86

b1ce86732ca5e0ef531f0a541177d693

Code Sign

19:9d:f8:72
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=Time-Stamping Authority WoSign,O=WoSign eCommerce Services Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:cb:93:7f:07:32:59
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/03/2013, 08:46

Not After

19/03/2014, 18:02

Subject

CN=南京凡游网络技术有限公司,O=南京凡游网络技术有限公司,L=南京市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c0e70756a63406b756169382e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Apps\release\KuaibaDown.pdb

Imports

wininet

InternetOpenW
InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetOpenUrlA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentThreadId
ResumeThread
SetEvent
ResetEvent
CreateEventW
SetFilePointer
SetEndOfFile
GetFileSize
ReadFile
WriteFile
FindNextFileW
FindClose
FindFirstFileW
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
MulDiv
InterlockedIncrement
InterlockedDecrement
GetConsoleMode
GetConsoleCP
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
HeapReAlloc
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTempPathW
RemoveDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
CreateFileW
CreateDirectoryW
GetLongPathNameW
GetCurrentDirectoryW
GetFileAttributesW
DeleteFileW
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetLastError
Sleep
GetTickCount
CreateProcessW
LoadLibraryA
SetStdHandle
WriteConsoleA
GetLocaleInfoA
GetStringTypeA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetStringTypeW

user32

ShowCaret
HideCaret
CreateCaret
SetCaretPos
GetSysColor
FillRect
DrawTextW
CharPrevW
DrawIconEx
MoveWindow
RedrawWindow
ClientToScreen
OffsetRect
IntersectRect
CharNextW
IsRectEmpty
DrawFocusRect
SetCursor
CharNextA
DestroyIcon
RegisterClassExW
LoadImageW
GetAsyncKeyState
CreateAcceleratorTableW
InvalidateRgn
GetPropW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
LoadCursorW
SetPropW
LoadBitmapW
GetFocus
IsWindow
GetMessageW
EndPaint
GetUpdateRect
GetDC
CreateWindowExW
DestroyAcceleratorTable
DestroyWindow
ReleaseDC
ReleaseCapture
GetMonitorInfoW
IsChild
SetCapture
MonitorFromWindow
SendMessageW
TranslateAcceleratorW
UpdateLayeredWindow
SetWindowRgn
GetCursorPos
DispatchMessageW
SetFocus
GetKeyState
ScreenToClient
InvalidateRect
BeginPaint
PtInRect
IsIconic
GetClientRect
IsZoomed
MapWindowPoints
GetWindowTextW
GetWindow
GetWindowTextLengthW
SetWindowTextW
SetForegroundWindow
GetWindowRect
ShowWindow
GetParent
LoadStringW
PostMessageW
KillTimer
GetWindowLongW
SetTimer
PostQuitMessage
SetWindowLongW
GetSystemMetrics
SetWindowPos
TranslateMessage
EnableWindow

gdi32

RoundRect
ExtSelectClipRgn
SetBkMode
SetBkColor
GetClipBox
StretchBlt
ExtTextOutW
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateRoundRectRgn
Rectangle
SetTextColor
CreateSolidBrush
SelectClipRgn
GetObjectW
CombineRgn
GetStockObject
CreateRectRgnIndirect
BitBlt
CreateCompatibleDC
GetDeviceCaps
SetStretchBltMode
GetCharABCWidthsW
SetBitmapBits
GetBitmapBits
TextOutW
CreateEllipticRgn
CreateRectRgn
CreateFontIndirectW
GetTextMetricsW
SelectObject
CreateDIBSection
DeleteDC
DeleteObject
CreatePen

advapi32

RegOpenKeyExW
RegCloseKey

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

OleLoadPicture
SysFreeString
SysAllocString

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 282KB - Virtual size: 282KB

.sdata Size: 512B - Virtual size: 190B

.rsrc Size: 239KB - Virtual size: 238KB

.reloc Size: 512B - Virtual size: 12B

17c5b6077a396ada2040d9975a7fd00d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

wsock32

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 2.0MB - Virtual size: 3.0MB

.rsrc Size: 1KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 297KB - Virtual size: 296KB

.sdata Size: 512B - Virtual size: 184B

.rsrc Size: 241KB - Virtual size: 240KB

.reloc Size: 512B - Virtual size: 12B

17c5b6077a396ada2040d9975a7fd00d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

wsock32

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 2.0MB - Virtual size: 3.0MB

.rsrc Size: 1KB - Virtual size: 1KB

b1ce86732ca5e0ef531f0a541177d693

Code Sign

19:9d:f8:72Certificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

0f:cb:93:7f:07:32:59Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

msimg32

comctl32

riched20

.text
Size: 282KB - Virtual size: 282KB

.sdata
Size: 512B - Virtual size: 190B

.rsrc
Size: 239KB - Virtual size: 238KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 2.0MB - Virtual size: 3.0MB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 297KB - Virtual size: 296KB

.sdata
Size: 512B - Virtual size: 184B

.rsrc
Size: 241KB - Virtual size: 240KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 2.0MB - Virtual size: 3.0MB

.rsrc
Size: 1KB - Virtual size: 1KB

19:9d:f8:72
Certificate

19:9d:f8:8e
Certificate

0f:cb:93:7f:07:32:59
Certificate

3d
Certificate

01
Certificate

.text
Size: 428KB - Virtual size: 425KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 18KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 48KB - Virtual size: 45KB