5ae952d7c64b550f23e4fe662d7fb800_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5ae952d7c64b550f23e4fe662d7fb800_JaffaCakes118
Size

519KB
MD5

5ae952d7c64b550f23e4fe662d7fb800
SHA1

ad460e8db5ba00da20a4c92f31e95e6621b2ca52
SHA256

5b2b154547329285f51e3dcdc97e806d617f9192c2aec0720f271a444224a578
SHA512

ef58b057c79142abd4d5004f243fb9979da6663689d8dc4f3e932c50d1e4c9be0e67c1b5505ba5554349eb968def74bbff0fb1b4e5fd6aa9ce2063cee09ad788
SSDEEP

12288:klgstKm0GLpqEVa/sx6NhqqchuMA2srF9vP8lyQ2VlBJi:xqLpqGxPhhuMqnFdVlBJi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Legalizator XP v2/1-removewga.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Legalizator XP v2/1-removewga.exe
unpack002/out.upx
unpack001/Legalizator XP v2/2-AntiWPA_3.3.exe
unpack001/Legalizator XP v2/4-WGA_Fixer.exe
unpack003/$PLUGINSDIR/System.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/Legalizator XP v2/4-WGA_Fixer.exe	nsis_installer_1

Files

5ae952d7c64b550f23e4fe662d7fb800_JaffaCakes118
.rar
Legalizator XP v2/1-removewga.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 11B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.flat
Size: 1024B - Virtual size: 557B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Legalizator XP v2/2-AntiWPA_3.3.exe
.exe windows:4 windows x86 arch:x86

bc5ce990cf54f8d435a68eb97512f73e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Legalizator XP v2/3-Add_Licence.reg
Legalizator XP v2/4-WGA_Fixer.exe
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Legalizator XP v2/5-Sprawdzanie legalności.exe
.exe windows:6 windows x86 arch:x86

6d9b8e241918742c58f836d26c86d8e8

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

be:b3:13:6a:d1:f5:b7:de:cc:3b:11:2e:7e:7c:15:a2:6e:3c:6e:22
Signer

Actual PE Digest

be:b3:13:6a:d1:f5:b7:de:cc:3b:11:2e:7e:7c:15:a2:6e:3c:6e:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bt\11\src\client\obfuscate\obj\i386\oWGADiag2.pdb

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetSystemTime
GetExitCodeThread
GetLogicalDriveStringsA
GlobalMemoryStatus
GetCurrentThreadId
QueryPerformanceCounter
HeapAlloc
GetModuleHandleA
GetProcessAffinityMask
SetThreadAffinityMask
ResumeThread
DeviceIoControl
SetLastError
GetTickCount
CreateThread
WaitForSingleObject
CloseHandle
GetFileAttributesA
SetFileAttributesA
HeapFree
GetProcessHeap
GetSystemDirectoryA
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
FreeLibrary
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetSystemInfo
lstrlenW
lstrlenA
FindNextFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetLocalTime
SystemTimeToFileTime
CompareFileTime
ExpandEnvironmentStringsW
GetCommandLineA
GetVersionExA
GetStartupInfoA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
IsDebuggerPresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
Sleep
HeapSize
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
MultiByteToWideChar
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
SetEndOfFile
ReadFile
GetTimeZoneInformation
ReadProcessMemory
GlobalFree
FindClose
FindFirstFileA
FindFirstFileW
GetSystemDirectoryW
GetDriveTypeA
CreateDirectoryW
GetCurrentDirectoryW
CreateDirectoryA
LocalFree
LocalAlloc
GetSystemDefaultLangID
TryEnterCriticalSection
GetComputerNameW
GetVolumeInformationA
CreateFileW
GetVersion
InitializeCriticalSectionAndSpinCount
VirtualProtect

advapi32

CryptHashData
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA
GetCurrentHwProfileW
RegEnumKeyExA
RegEnumKeyExW
GetCurrentHwProfileA
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegCreateKeyExW
RegQueryValueExW
RegSetValueExA
RegCreateKeyExA
LookupAccountNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
CryptImportKey
CryptExportKey
CryptGenKey
CryptDeriveKey

gdi32

DeleteObject
SelectObject
GetTextMetricsA
GetTextFaceA
CreateFontA
SetTextColor
SetBkMode
GetStockObject

user32

LoadCursorA
BroadcastSystemMessageA
wsprintfA
GetDesktopWindow
SetDlgItemTextA
GetDlgItem
EndDialog
GetDlgCtrlID
SetWindowPos
GetSystemMetrics
GetDC
GetClientRect
MapWindowPoints
MoveWindow
ReleaseDC
GetWindowLongA
IsWindow
CallWindowProcA
DrawTextA
DrawFocusRect
GetWindowRect
DestroyCursor
GetParent
PostMessageA
EnableWindow
LoadStringA
DialogBoxParamA
MessageBoxA
GetCursor
SetWindowLongA
SetCursor
InvalidateRect
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
SendMessageA

ole32

IIDFromString
CLSIDFromProgID
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

comctl32

PropertySheetA
ord17
CreatePropertySheetPageA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

crypt32

CertEnumCertificatesInStore
CryptSignCertificate
CryptExportPublicKeyInfo
CryptEncodeObject
CertVerifySubjectCertificateContext
CertFindExtension
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCreateCertificateContext
CertCloseStore
CertComparePublicKeyInfo
CertOpenStore
CryptUnprotectData
CertGetIssuerCertificateFromStore

wininet

HttpSendRequestA
InternetConnectA
InternetQueryOptionA
HttpOpenRequestA
InternetErrorDlg
InternetAutodial
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetGetConnectedState

setupapi

SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo

shell32

ShellExecuteA

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

Sections

.text
Size: 650KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Legalizator XP v2/BE SURE It's Legal.jpg
.jpg
Legalizator XP v2/INSTRUCTIONS-EN.txt
Legalizator XP v2/INSTRUKCJA-PL.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 11KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.code Size: 9KB - Virtual size: 9KB

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 11B

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.flat Size: 1024B - Virtual size: 557B

bc5ce990cf54f8d435a68eb97512f73e

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

.text Size: 78KB - Virtual size: 80KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 158KB - Virtual size: 157KB

9c523d8653da5455667e3f82274f2f88

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 3.6MB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 24KB - Virtual size: 23KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

6d9b8e241918742c58f836d26c86d8e8

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 4KB

.code
Size: 9KB - Virtual size: 9KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 11B

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.flat
Size: 1024B - Virtual size: 557B

.text
Size: 78KB - Virtual size: 80KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 158KB - Virtual size: 157KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

be:b3:13:6a:d1:f5:b7:de:cc:3b:11:2e:7e:7c:15:a2:6e:3c:6e:22
Signer

.text
Size: 650KB - Virtual size: 649KB

.data
Size: 281KB - Virtual size: 281KB

.rsrc
Size: 19KB - Virtual size: 18KB