5e0b4dfce4888de13867d62d9b0a3b72_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e0b4dfce4888de13867d62d9b0a3b72_JaffaCakes118
Size

2.0MB
MD5

5e0b4dfce4888de13867d62d9b0a3b72
SHA1

8d99967fffeff338f2af8ccf73616a5290087387
SHA256

3e2c03aef3641140916dbc0b02cf4dfe0a5dd64e4faffa6394d02132f215b71a
SHA512

0f5a9e680db3e67f749dc30970467fe81c6b5832f5914ce49b2d60f0a3ac644033df780f63c14fcbc637333b693d02ee1fdf3607abf66ae98bc168df16ffd1ba
SSDEEP

49152:e+f8kL5PPu0lKIT09OHAbZ2XCQwoBmBXkxrIEb:e+/JdlKITdHAAYoABUxrd

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
5e0b4dfce4888de13867d62d9b0a3b72_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/Uninstall.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1

Files

5e0b4dfce4888de13867d62d9b0a3b72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
AdminWorker.exe
.exe windows:4 windows x86 arch:x86

2a5287505f3c382bcec6f639685f2cc7

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/11/2006, 00:00

Not After

16/11/2008, 23:59

Subject

CN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:d0:53:08:83:fc:94:ce:2c:71:38:1a:23:59:87:ee:fc:04:76:ef
Signer

Actual PE Digest

8b:d0:53:08:83:fc:94:ce:2c:71:38:1a:23:59:87:ee:fc:04:76:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueW
SHGetValueA

kernel32

GetFullPathNameW
DeleteFileA
GetModuleFileNameA
GetModuleFileNameW
DeleteFileW
WriteFile
GetModuleHandleA
Sleep
CreateDirectoryA
CopyFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
GetCurrentDirectoryW
CreateFileW
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
GetCurrentDirectoryA
CompareStringA
CompareStringW
WaitForSingleObject
HeapFree
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LoadLibraryA
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
FindNextFileA
GetCommandLineA
SetEnvironmentVariableA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer

user32

SetForegroundWindow
MessageBoxA
FindWindowA
ShowWindow
SetActiveWindow

advapi32

RegDeleteKeyA
RegEnumKeyW
RegEnumKeyA
RegEnumValueW
RegOpenKeyW
RegOpenKeyA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
WebInstaller.exe
.exe windows:4 windows x86 arch:x86

c94af32a4408328b7b0c96187b5f7a11

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/11/2006, 00:00

Not After

16/11/2008, 23:59

Subject

CN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:e2:41:bf:d7:f6:2b:24:25:b3:53:e6:fa:82:8f:89:34:3c:90:bb
Signer

Actual PE Digest

dc:e2:41:bf:d7:f6:2b:24:25:b3:53:e6:fa:82:8f:89:34:3c:90:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueA

kernel32

GetModuleFileNameW
GetModuleFileNameA
WinExec
GetVersionExA
FlushFileBuffers
HeapSize
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
CloseHandle
GetProcAddress
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetLastError
SetFilePointer
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
GetStringTypeA
GetStringTypeW
ReadFile
LCMapStringA
LCMapStringW

advapi32

RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumValueA
RegOpenKeyA
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
RegFlushKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WebUpdater.bmp
WebUpdater.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/11/2006, 00:00

Not After

16/11/2008, 23:59

Subject

CN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:47:3e:f4:c6:34:70:83:1e:07:1f:a6:82:3d:7b:00:24:75:e1:b3
Signer

Actual PE Digest

15:47:3e:f4:c6:34:70:83:1e:07:1f:a6:82:3d:7b:00:24:75:e1:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 44KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
firefox/chrome/iwinarcade.jar
.zip
content/contents.rdf
.xml
content/iwa-ovr.js
.js
content/iwa-ovr.xul
.xml
firefox/iWinArcadeLauncher.exe
.exe windows:4 windows x86 arch:x86

80ecfa2eb6a7155e205be13d4cdc1119

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/11/2006, 00:00

Not After

16/11/2008, 23:59

Subject

CN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c2:f2:b1:ce:35:01:13:e3:a2:5b:2f:4f:00:17:54:c6:c6:d7:b5:49
Signer

Actual PE Digest

c2:f2:b1:ce:35:01:13:e3:a2:5b:2f:4f:00:17:54:c6:c6:d7:b5:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegOpenKeyW
RegCloseKey

shell32

ShellExecuteW

kernel32

GetStringTypeW
GetStringTypeA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
firefox/install.rdf
.xml
ftdownload.dat
host.cfg
iWinGames.exe
.exe windows:4 windows x86 arch:x86

e8224202dec2f82c8f28225c373362b3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/11/2006, 00:00

Not After

16/11/2008, 23:59

Subject

CN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:15:f3:aa:a1:7a:f6:b5:c1:ab:85:d6:15:a4:b3:4d:42:b8:88:4c
Signer

Actual PE Digest

55:15:f3:aa:a1:7a:f6:b5:c1:ab:85:d6:15:a4:b3:4d:42:b8:88:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
htons
socket
gethostbyname
ioctlsocket
send
WSACleanup
recv
WSAStartup
closesocket
connect

winmm

PlaySoundA
PlaySoundW
timeGetTime

msimg32

GradientFill
TransparentBlt

shlwapi

SHGetValueA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
SHGetValueW

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
RemoveDirectoryA
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapSize
GetStdHandle
GetACP
LCMapStringA
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FindResourceExA
LoadLibraryExA
InterlockedCompareExchange
IsBadWritePtr
IsBadReadPtr
RaiseException
GetProfileIntA
GetFileTime
GetFileAttributesA
SetErrorMode
GetUserDefaultLCID
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CreateEventA
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcmpA
GetCurrentProcessId
GlobalSize
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
GlobalAlloc
GlobalFree
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
InterlockedExchange
ExitProcess
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindFirstFileW
FindNextFileW
FindClose
GetExitCodeProcess
GetSystemTime
GetTimeZoneInformation
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetLastError
ReleaseMutex
WriteFile
ReadFile
GetProcAddress
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FreeLibrary
CreateThread
Sleep
GetVolumeInformationA
GetSystemInfo
GetDiskFreeSpaceExA
TerminateThread
WaitForSingleObject
MulDiv
GetTickCount
FindResourceA
LoadResource
LockResource
SizeofResource
CopyFileA
CloseHandle
CreateProcessW
CreateProcessA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetModuleFileNameW
GetModuleFileNameA
MoveFileW
MoveFileA
CreateMutexW
CreateMutexA
CreateFileW
CreateFileA
GetFullPathNameW
GetFullPathNameA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathW
GetTempPathA
LoadLibraryW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
GetUserDefaultLangID
GetNumberFormatA
GetCurrencyFormatA
lstrcpyA
LCMapStringW
WinExec

user32

GetNextDlgTabItem
EndDialog
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
GetMenuItemInfoA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetDesktopWindow
ValidateRect
SetParent
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
IsWindowEnabled
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetPropA
RemovePropA
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
RegisterClassA
EqualRect
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
CallWindowProcA
SystemParametersInfoA
PeekMessageA
TranslateMessage
DispatchMessageA
IsWindowUnicode
CharUpperA
GetSysColor
ReleaseCapture
SetCapture
GetCapture
DrawFocusRect
FillRect
InflateRect
SetRect
AdjustWindowRectEx
SetWindowLongA
GetDlgItem
EnumChildWindows
RegisterClipboardFormatA
InvalidateRgn
CreateMenu
GetKeyNameTextA
MapVirtualKeyA
DeleteMenu
UnionRect
CreateDialogIndirectParamA
WaitMessage
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
GetDCEx
LockWindowUpdate
PostThreadMessageA
EnumWindows
LoadIconA
IsIconic
LoadMenuA
SetMenuItemBitmaps
GetWindowThreadProcessId
CreateWindowExW
SendMessageW
DestroyWindow
GetClassNameA
IsZoomed
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClassInfoA
DefWindowProcA
GetWindowLongA
GetWindowPlacement
GetSystemMetrics
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MapVirtualKeyExA
DestroyAcceleratorTable
EnableScrollBar
IsClipboardFormatAvailable
IsCharAlphaNumericA
DrawIconEx
GetCursor
GetIconInfo
CreateAcceleratorTableA
LoadMenuIndirectA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
GetAsyncKeyState
IsMenu
GetWindowRgn
CreateIconIndirect
DrawFrameControl
IsChild
SetWindowRgn
GetSystemMenu
ShowWindow
SetActiveWindow
SetForegroundWindow
OffsetRect
DrawIcon
GetActiveWindow
SetFocus
SetCursor
WindowFromPoint
DestroyCursor
LoadImageA
LoadCursorA
DestroyIcon
IsWindow
GetKeyState
IsWindowVisible
ClientToScreen
PostMessageA
PtInRect
CopyRect
GetCursorPos
GrayStringA
DrawTextExA
TabbedTextOutA
SetWindowPos
EnableWindow
GetWindow
GetFocus
KillTimer
SetTimer
RedrawWindow
InvalidateRect
UpdateWindow
ScreenToClient
GetClientRect
GetWindowRect
LoadBitmapA
IntersectRect
SetRectEmpty
IsRectEmpty
SendMessageA
GetParent
FrameRect
DrawStateA
FindWindowW
FindWindowA
MessageBoxW
MessageBoxA
DrawTextW
DrawTextA
GetWindowTextW
PostQuitMessage
GetMessageA
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
GetWindowTextA
SetWindowTextW
SetWindowTextA
GetSysColorBrush
UnregisterClassA
SetPropA

gdi32

SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
SelectPalette
GetWindowExtEx
CreatePen
ExtCreatePen
CreateHatchBrush
CopyMetaFileA
CreateRectRgnIndirect
SetRectRgn
PatBlt
GetTextMetricsA
OffsetRgn
StretchDIBits
GetRgnBox
Rectangle
SetBrushOrgEx
ExtFloodFill
RoundRect
SetPixelV
GetViewportExtEx
CreateRectRgn
SelectClipRgn
GetStockObject
GetTextFaceA
GetWindowOrgEx
CombineRgn
GetPixel
CreateBitmap
CreateCompatibleBitmap
Polygon
CreateEllipticRgn
CreateEllipticRgnIndirect
PtInRegion
EnumFontFamiliesExA
CreateDIBitmap
FrameRgn
RealizePalette
GetDIBits
SetDIBits
GetTextCharset
EnumFontFamiliesA
ExtCreateRegion
SetPixel
Ellipse
FillRgn
GetNearestColor
CreateRoundRectRgn
CreatePalette
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetStretchBltMode
SetStretchBltMode
GetTextColor
GetDeviceCaps
SetBkMode
CreateSolidBrush
CreatePolygonRgn
DeleteObject
GetViewportOrgEx
CreateFontIndirectA
CreateDIBSection
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StretchBlt
BitBlt
LPtoDP
DPtoLP
GetMapMode
GetBkColor
CreateCompatibleDC
GetObjectA
GetTextExtentPoint32A
GetTextExtentPoint32W

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExW
RegSetValueExA
RegEnumKeyW
RegEnumKeyA
RegEnumValueW
RegEnumValueA
RegOpenKeyW
RegOpenKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA

shell32

SHBrowseForFolderA
DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetMalloc
ExtractIconW
ExtractIconA
ShellExecuteExW
ShellExecuteExA
ShellExecuteW
ShellExecuteA
SHGetPathFromIDListW
SHGetPathFromIDListA
SHBrowseForFolderW
SHGetDesktopFolder

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
OleSaveToStream
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleLoadFromStream
CoFreeUnusedLibraries
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoGetClassObject
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
WriteClassStm
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
OleGetClipboard
OleTranslateAccelerator
IsAccelerator

oleaut32

SysFreeString
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
VarBstrFromDate
OleCreateFontIndirect
VariantInit
SysAllocString
VarMul

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ImageList_Duplicate

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iWinGamesHookIE.dll
.dll regsvr32 windows:4 windows x86 arch:x86

23331ce75f79e07fc2254800b337afe3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/11/2006, 00:00

Not After

16/11/2008, 23:59

Subject

CN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:91:7d:78:fa:58:21:3b:4c:8f:8d:b5:4b:d2:2a:f7:b2:14:db:25
Signer

Actual PE Digest

5b:91:7d:78:fa:58:21:3b:4c:8f:8d:b5:4b:d2:2a:f7:b2:14:db:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
GetShortPathNameA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
DisableThreadLibraryCalls
CloseHandle
FlushFileBuffers
SetFilePointer
SetStdHandle
LCMapStringW
LCMapStringA
ReadFile
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetCommandLineA
GetVersion
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
RaiseException

user32

MessageBoxA
CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantCopy
VariantChangeType
VariantClear
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pages/alert32x32.gif
.gif
pages/blank.html
.html
pages/blank2.html
.html
pages/error.html
.html
pages/iwin_logo.gif
.gif
pages/login.html
.html
pages/maintenance.html
.html
pages/offlineBg.gif
.gif
pages/offline_tag.gif
.gif
sounds/animation.wav
sounds/animationBack.wav
sounds/button_click.wav
sounds/download_completed.wav
sounds/start.wav

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 109KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 20KB - Virtual size: 20KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

2a5287505f3c382bcec6f639685f2cc7

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

8b:d0:53:08:83:fc:94:ce:2c:71:38:1a:23:59:87:ee:fc:04:76:efSigner

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 10KB

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

8b:d0:53:08:83:fc:94:ce:2c:71:38:1a:23:59:87:ee:fc:04:76:ef
Signer

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 20KB - Virtual size: 20KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

dc:e2:41:bf:d7:f6:2b:24:25:b3:53:e6:fa:82:8f:89:34:3c:90:bb
Signer

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 424B

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

15:47:3e:f4:c6:34:70:83:1e:07:1f:a6:82:3d:7b:00:24:75:e1:b3
Signer

.text
Size: 44KB - Virtual size: 5.2MB

.rsrc
Size: 30KB - Virtual size: 32KB

0a
Certificate

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c2:f2:b1:ce:35:01:13:e3:a2:5b:2f:4f:00:17:54:c6:c6:d7:b5:49
Signer