5d8ab146515313c24ed289fda1fb65ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d8ab146515313c24ed289fda1fb65ed_JaffaCakes118
Size

899KB
MD5

5d8ab146515313c24ed289fda1fb65ed
SHA1

d614e956444fc056eb45bdcb3e8221ce51b172ed
SHA256

befbd80cabcb1df1330c7ce67dfba75b898e462667d70b4899eda736d6e1b9d3
SHA512

114ebf27b3fefa22b141dc1e7c9622f335fb86ad88044082063d9d44c30ba62347daf714c6f787e7de34de641e39526cc83394dfdb671e93ae848f6cd2e53e0b
SSDEEP

24576:RrvFyq+eVC5ErWQseygxGZDUqiBQuiKo1:tKeVC5EF2gKVkiKo1

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$SYSDIR/InstallDll.dll
unpack002/Coopen.exe
unpack002/CoopenActiveControl61.dll
unpack002/CoopenClient.cop
unpack002/CoopenDownloader.cop
unpack002/CoopenPlayer.cop
unpack002/CoopenUI.cop
unpack002/CoopenUpdate.cop

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/coopen_setup_100092.exe	nsis_installer_1

Files

5d8ab146515313c24ed289fda1fb65ed_JaffaCakes118
.rar
coopen_setup_100092.exe
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:38:6d:a7:a5:f4:6f:5d:19:fb:fb:56:88:ff:9a:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/09/2006, 00:00

Not After

13/09/2007, 23:59

Subject

CN=Beijing Capital Online Network Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=New Media,O=Beijing Capital Online Network Technology Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Coopen/CoopenRuntime.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/InstallDll.dll
.dll windows:4 windows x86 arch:x86

7f449943c59ca24e7abf5b0d15d9c2a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord825
ord3626
ord3663
ord641
ord2414
ord2358
ord4234
ord3619
ord2452
ord3092
ord1641
ord6197
ord4710
ord539
ord535
ord2818
ord537
ord540
ord6334
ord5875
ord4476
ord2379
ord640
ord5785
ord1640
ord323
ord1146
ord939
ord860
ord823
ord858
ord922
ord3830
ord5241
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord4424
ord3738
ord561
ord815
ord6467
ord2976
ord3081
ord2985
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord861
ord2385
ord826
ord269
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3573
ord3571
ord4274
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_EH_prolog
_CxxThrowException
__CxxFrameHandler
sprintf
_mbscmp
strstr
wcslen
??1type_info@@UAE@XZ

kernel32

LocalFree
CreateToolhelp32Snapshot
Process32First
WideCharToMultiByte
Process32Next
MultiByteToWideChar
OpenProcess
TerminateProcess
GetCurrentProcessId
Sleep
GetCurrentProcess
SetPriorityClass
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
GetSystemDirectoryA
OpenFile
GetPrivateProfileStringA
GetLocalTime
DeleteFileA
ExpandEnvironmentStringsA
GetPrivateProfileIntA
LocalAlloc

user32

EnableWindow
PostMessageA
IsCharAlphaNumericA
GetClientRect
wsprintfA
MessageBoxW
GetDlgItem
SendMessageA
LoadBitmapA

gdi32

CreateFontIndirectA
GetObjectA
GetStockObject
SelectObject
CreateCompatibleDC
StretchBlt
BitBlt
CreateFontA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetReadFile

iphlpapi

GetAdaptersInfo

oleaut32

VariantClear

Exports

Exports

KillProcess
UnInstallNotify

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Coopen.exe
.exe windows:4 windows x86 arch:x86

e924ffa7adac2cb7672dbb3b154863da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetTickCount
FreeLibrary
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
ExpandEnvironmentStringsW
GlobalMemoryStatus
GetVersionExW
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetProcAddress
EnterCriticalSection
SetEvent
Sleep
DeviceIoControl
CreateFileA
SetPriorityClass
GetCurrentProcess
ReleaseMutex
GetLastError
CreateMutexW
GetCurrentProcessId
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LeaveCriticalSection
GetStartupInfoW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateDirectoryW
SetCurrentDirectoryW
GetModuleFileNameW
WriteFile
CreateFileW
CopyFileW
GetFileAttributesW
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW

user32

CloseWindow
MessageBoxW
GetWindow
FindWindowW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
ShowWindow
wsprintfA
IsCharAlphaNumericW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid

iphlpapi

GetAdaptersInfo

rpcrt4

RpcStringFreeW
UuidToStringW

msvcrt

_ftol
_beginthreadex
wcslen
swscanf
_vsnwprintf
wcsncpy
_wcslwr
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
_controlfp
wcscpy
__CxxFrameHandler
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
wcscmp

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CoopenActiveControl61.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b3203c8f74bcd43d2db31b3b3b271959

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
EnterCriticalSection
DisableThreadLibraryCalls
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
LocalFree

user32

IsChild
UnionRect
SetFocus
GetKeyState
PtInRect
GetFocus
GetClientRect
FindWindowW
SendMessageW
wsprintfW
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
BeginPaint
DefWindowProcW
EndPaint
InvalidateRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
IsWindow
DestroyWindow
GetParent
ShowWindow

gdi32

GetDeviceCaps
LPtoDP
SetMapMode
SetViewportOrgEx
TextOutW
SetTextAlign
Rectangle
CreateRectRgnIndirect
CloseMetaFile
DeleteMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileW
DeleteDC

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleRegGetMiscStatus
CreateDataAdviseHolder
CoTaskMemFree
CreateOleAdviseHolder
CoTaskMemAlloc
OleRegEnumVerbs
OleRegGetUserType

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString
OleCreatePropertyFrame

atl

ord32
ord58
ord30
ord51
ord31
ord57
ord26
ord21
ord50
ord44
ord43
ord18
ord15
ord27
ord45
ord23
ord16

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

msvcrt

wcslen
wcscpy
fclose
malloc
realloc
memset
memcmp
??2@YAPAXI@Z
memcpy
??1type_info@@UAE@XZ
_adjust_fdiv
_purecall
_initterm
_CxxThrowException
free
wcscat
fgetws
_wfopen
swprintf
fwprintf
_wtoi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CoopenClient.Config
CoopenClient.cop
.dll windows:4 windows x86 arch:x86

83e630679d3d1bc3c3cc23f92894a7f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileW
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
ReadFile
GetLocalTime
GetLastError
lstrlenW
GetModuleFileNameW
DeleteFileW
GetTickCount
MultiByteToWideChar
GetModuleHandleW

user32

CloseWindow
GetDlgItem
SetWindowTextW
EnableWindow
SendMessageW
UpdateWindow
BeginPaint
EndPaint
LoadCursorW
RegisterClassExW
GetSystemMetrics
CreateWindowExW
PostMessageW
wsprintfW
LoadImageW
GetDoubleClickTime
SetForegroundWindow
GetClientRect
mouse_event
EndDialog
GetDlgItemInt
GetWindowLongW
MoveWindow
SetDlgItemInt
LoadIconW
SetClassLongW
CreateDialogParamW
SetWindowLongW
PostQuitMessage
SetFocus
KillTimer
GetCursorPos
MessageBoxW
DefWindowProcW
GetWindowRect
SystemParametersInfoW
SetWindowPos
SetTimer
ShowWindow

gdi32

CreateCompatibleDC
BitBlt
DeleteDC
DeleteObject
GetObjectW
SelectObject

advapi32

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

shell32

SHGetMalloc
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

msvcrt

_adjust_fdiv
__CxxFrameHandler
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
_wfopen
fread
fclose
srand
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscpy
wcslen
_ftol
_purecall
time
_tzset
rand
wcscmp
swscanf
_vsnwprintf
wcsncpy
_wcslwr

Exports

Exports

CreatePlugInInstance
DestroyPlugInInstance

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CoopenDownloader.Config
CoopenDownloader.cop
.dll windows:4 windows x86 arch:x86

2c4a7582ae7b6a1a5661c05bb6abec00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
GetLastError
GetLocalTime
SetFileTime
Sleep
WriteFile
CreateFileW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileAttributesW
SetEvent
ResetEvent
MultiByteToWideChar
GetTickCount
GetModuleHandleW
EnterCriticalSection
CloseHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
GetModuleHandleA
GetProcAddress
RaiseException
LCMapStringW
LCMapStringA
VirtualFree
HeapCreate
ExitProcess
GetModuleFileNameW
WideCharToMultiByte
GetFileAttributesW
DeleteFileW
ReadFile
FlushFileBuffers
SetFilePointer
GetFileSize
SetEndOfFile
ExpandEnvironmentStringsW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateDirectoryW
GetCurrentProcess
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
HeapAlloc
HeapFree
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy

user32

SetWindowTextW
wsprintfW
MessageBoxW
CloseWindow
GetWindowLongW
GetWindowTextW
SetFocus
EndDialog
SystemParametersInfoW
GetWindowRect
MoveWindow
LoadIconW
SetClassLongW
SendMessageW
GetDlgItem
EnableWindow
CreateDialogParamW
SetWindowLongW
ShowWindow
SetForegroundWindow

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

wininet

InternetOpenUrlW
InternetGetConnectedState
InternetGetLastResponseInfoW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetSetOptionW

shlwapi

StrToIntW

Exports

Exports

CreatePlugInInstance
DestroyPlugInInstance

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CoopenPlayer.Config
CoopenPlayer.cop
.dll windows:4 windows x86 arch:x86

db53601026f026568c1267b4e3b8ed50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetLastError
DeleteFileW
SetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetFileAttributesW
CreateDirectoryW
GetModuleFileNameW
LocalFree
lstrlenA
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeResource
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GlobalAlloc
GlobalLock
CreateFileW
GlobalUnlock
GlobalFree
CloseHandle
WriteFile
InterlockedDecrement
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource

user32

SystemParametersInfoW
GetSystemMetrics
PostQuitMessage
DefWindowProcW
MoveWindow
UpdateWindow
LoadIconW
RegisterClassExW
CreateWindowExW
GetCursorPos
LoadCursorW
SetCursor
PtInRect
BeginPaint
DrawTextW
EndPaint
InvalidateRect
FindWindowW
SetParent
GetWindowLongW
SetWindowLongW
DestroyWindow
ShowWindow
SetWindowPos
GetForegroundWindow
GetWindowTextW
GetAncestor
GetWindowRect
WindowFromPoint
GetClassNameW
wsprintfW
DrawTextExW
FillRect
GetDC
CloseWindow
ReleaseDC

gdi32

SetStretchBltMode
StretchBlt
CreateDCW
GetDeviceCaps
GetObjectW
GetStockObject
SelectPalette
SetBkMode
GetDIBits
CreateSolidBrush
DeleteDC
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
SetTextColor
SelectObject
CreateFontW
RealizePalette

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW

shell32

ShellExecuteW

ole32

OleRun
CoInitialize
CoCreateInstance

oleaut32

GetErrorInfo
OleLoadPicturePath
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantClear

comctl32

_TrackMouseEvent

shlwapi

StrToIntW

msvcrt

??1type_info@@UAE@XZ
_onexit
__dllonexit
_adjust_fdiv
_wfopen
malloc
_initterm
fread
fclose
_wcslwr
wcsncpy
_vsnwprintf
swscanf
_CxxThrowException
_ftol
free
?terminate@@YAXXZ
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_purecall
wcscpy
wcslen
wcscmp
_except_handler3

Exports

Exports

CreatePlugInInstance
DestroyPlugInInstance

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CoopenUI.Config
CoopenUI.cop
.dll windows:4 windows x86 arch:x86

3608e6f0863abfc4241d95421052bb61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetTickCount
FreeLibrary
GetProcAddress
GetModuleHandleW

user32

DestroyWindow
SetWindowLongW
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DefWindowProcW
GetWindowLongW
UpdateWindow
EndPaint
BeginPaint
SetForegroundWindow
SetWindowPos
ShowWindow
DrawIconEx
DrawTextW
FillRect
MoveWindow
GetWindowRect
GetDC
ReleaseDC
SystemParametersInfoW
InflateRect
GetSysColor
SetWindowRgn
GetClientRect
SetParent
SetCapture
ReleaseCapture
SetCursor
LoadImageW
SendMessageW
PtInRect
GetCursorPos
GetFocus
SetTimer
KillTimer
InvalidateRect
CloseWindow
GetSystemMetrics

gdi32

GetObjectW
CreatePolygonRgn
CreateRectRgn
CombineRgn
FrameRgn
GetStockObject
CreateRoundRectRgn
CreateCompatibleDC
StretchBlt
DeleteDC
CreateFontW
GetTextExtentPointW
SetBkMode
SelectObject
MoveToEx
LineTo
SetTextColor
SetPolyFillMode
Polygon
ExtCreatePen
CreateSolidBrush
DeleteObject
CreateFontIndirectW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent

msvcrt

free
_vsnwprintf
wcscmp
wcslen
_ftol
_purecall
wcscpy
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_initterm
_adjust_fdiv
malloc

Exports

Exports

CreatePlugInInstance
DestroyPlugInInstance

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CoopenUpdate.cop
.dll windows:4 windows x86 arch:x86

5655ecfd2d467828c1f0696e3e8897ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
CopyFileW
CreateDirectoryW
ExpandEnvironmentStringsW
SetFileAttributesW
GetFileAttributesW
FindClose
DeleteFileW
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
GetProcessVersion
GetLastError
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalFlags
lstrcmpiW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
lstrcpynW
InterlockedDecrement
InterlockedIncrement
MulDiv
SetLastError
GetModuleHandleA
LoadLibraryA
lstrlenA
MultiByteToWideChar
GetVersion
GlobalAddAtomW
GlobalFindAtomW
GetModuleHandleW
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
CloseHandle
GetModuleFileNameW
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
lstrcatW
lstrlenW
WinExec
WideCharToMultiByte
lstrcpyW
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary

user32

LoadIconW
SetDlgItemTextW
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
ClientToScreen
TabbedTextOutW
DrawTextW
GrayStringW
WindowFromPoint
UnregisterClassW
GetClassNameW
GetSysColorBrush
LoadStringW
DestroyMenu
CopyRect
GetTopWindow
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
UpdateWindow
CreateWindowExW
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
PostMessageW
PostQuitMessage
wsprintfW
GetSystemMetrics
GetWindowRect
KillTimer
SendMessageW
IsWindow
GetWindowLongW
SetWindowPos
EnableWindow
LoadCursorW
CopyIcon
GetParent
GetDC
ReleaseDC
InflateRect
GetSysColor
SetCursor
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
SetFocus
DefWindowProcW
AdjustWindowRectEx
GetMessagePos
ScreenToClient
GetClientRect
PtInRect
InvalidateRect
SetTimer
MessageBeep
SetWindowLongW
CreateDialogIndirectParamW

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteObject
SetViewportOrgEx
GetDeviceCaps
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetMapMode
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetTextExtentPoint32W
GetStockObject
CreateFontIndirectW
GetObjectW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW

comctl32

ord17
ImageList_Destroy
ImageList_LoadImageW

ole32

CoInitialize
CoUninitialize

Exports

Exports

CreatePlugInInstance
DestroyPlugInInstance

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Templete/ModeB.tpl
Templete/ModeB_logo.jpg
.jpg
Templete/ModeC.tpl
conf/ChannelListAll.txt
conf/ChannelListReal.txt
conf/ChannelSetup.txt
conf/DailyMessage.txt
conf/ModeAChannelList.txt
conf/PluginConfig.ini
conf/SelectChannel.txt
licence.txt

Sharing

General

Malware Config

Signatures

Files

9c523d8653da5455667e3f82274f2f88

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

06:38:6d:a7:a5:f4:6f:5d:19:fb:fb:56:88:ff:9a:84Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 110KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 5KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

7f449943c59ca24e7abf5b0d15d9c2a4

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

wininet

iphlpapi

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 5KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

06:38:6d:a7:a5:f4:6f:5d:19:fb:fb:56:88:ff:9a:84
Certificate

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 110KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 5KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB