6735e64a82695d10981680f3e9f2f03f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6735e64a82695d10981680f3e9f2f03f_JaffaCakes118
Size

465KB
MD5

6735e64a82695d10981680f3e9f2f03f
SHA1

8f66567991400969817a0b3a9875e3f99bb1ebbe
SHA256

5ef36224f081527c383f37c1713f8123d5eb991e9614e1c75efc2ecbcac1242b
SHA512

dcebe5595913966d37f06a7f407a1960b94ebdb4816f8fa438c0c858ab7eadd0d76fb02498928a4be61278b91497a69bf76250cc5419510dc0db5f97f96ff171
SSDEEP

12288:DdqIh6X3MCAGowgFef1duawUZJ/DCf3XxHSHgLNBK/47Rs:Ddqldowgmu6o3XlStcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll

Files

6735e64a82695d10981680f3e9f2f03f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f40af6c51f6ff16f3d02b357d588ce4

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2007, 00:00

Not After

21/06/2010, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$0/Resources/Button_0/images/alot_icon_35x16.bmp
$0/Resources/Button_1/images/alot_search_24x16.bmp
$0/Resources/Button_2/images/default_285_alot_celeb_search.bmp
$0/Resources/Button_3/images/default_281_alot_weather_widget.bmp
$0/Resources/Button_4/images/active_default_345_alot_celeb_news.bmp
$0/Resources/Button_4/images/default_345_alot_celeb_news.bmp
$0/Resources/Button_5/images/default_287_alot_celeb_center.bmp
$0/Resources/Button_6/images/default_288_alot_mrkt_bang.bmp
$0/Resources/Shared/domains.dat
$0/Resources/Shared/images/$PROGRAMFILES/alot/alotUninst.exe.nsis
$0/Resources/Shared/images/alot_brand.png
.png
$0/Resources/Shared/images/alot_spinner.gif
.gif
$0/Resources/Shared/images/widget_bottom.bmp
$0/Resources/Shared/images/widget_btnclose0.bmp
$0/Resources/Shared/images/widget_btnclose1.bmp
$0/Resources/Shared/images/widget_btnmin0.bmp
$0/Resources/Shared/images/widget_btnmin1.bmp
$0/Resources/Shared/images/widget_caption.bmp
$0/Resources/Shared/images/widget_error_bg.bmp
$0/Resources/Shared/images/widget_error_close.bmp
$0/Resources/Shared/images/widget_error_icon.bmp
$0/toolbar.xml
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

7458f96eb10904198d988c72ce690084

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteObject
GetDIBits
GetObjectA
SelectObject
SetTextColor

kernel32

GetCurrentDirectoryA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
SetCurrentDirectoryA
WritePrivateProfileStringA
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

user32

CallWindowProcA
CharNextA
CloseClipboard
CreateDialogParamA
CreateWindowExA
DestroyIcon
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
EnableMenuItem
EnableWindow
GetClientRect
GetClipboardData
GetDlgCtrlID
GetDlgItem
GetMessageA
GetSystemMenu
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapWindowPoints
MessageBoxA
OpenClipboard
PostMessageA
PtInRect
SendMessageA
SetCursor
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextA
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/closeie.ini
$PLUGINSDIR/eula.ini
$PLUGINSDIR/modern-header.bmp
$PROGRAMFILES/alot/bin/ALOTSettings.exe
.exe windows:4 windows x86 arch:x86

24b813560079797c410aa1f2f2fe76c4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2007, 00:00

Not After

21/06/2010, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetVersionExW
GetACP
InterlockedExchange
GetThreadLocale
GetProcessHeap
HeapAlloc
DeleteCriticalSection
HeapFree
HeapReAlloc
lstrcmpW
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetStringTypeW
InitializeCriticalSection
MultiByteToWideChar
lstrlenW
GetStringTypeA
GetCPInfo
LoadLibraryA
GetVersionExA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW

advapi32

RegCreateKeyExW
RegSetValueExW

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/alot/bin/alot.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ac2a71a8a74fc4d486e81c2a5aa685b6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2007, 00:00

Not After

21/06/2010, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Alot\ALOT_build\alot\bin\support\band.pdb

Imports

kernel32

GetSystemTimeAsFileTime
WriteFile
GetCurrentProcessId
SetEndOfFile
ReadFile
SetFilePointer
GetFileSize
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
FindClose
GetVersionExA
GetSystemDefaultLangID
ResumeThread
SetThreadPriority
GetExitCodeThread
SetEvent
LocalFree
GetModuleFileNameA
GetExitCodeProcess
GlobalAlloc
TerminateProcess
HeapReAlloc
SystemTimeToFileTime
GetSystemTime
ResetEvent
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
GetCommandLineA
HeapDestroy
HeapCreate
FileTimeToLocalFileTime
IsBadWritePtr
ExitProcess
HeapSize
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetTimeZoneInformation
UnhandledExceptionFilter
GetTimeFormatA
GetDateFormatA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
IsBadReadPtr
IsBadCodePtr
GetOEMCP
LCMapStringA
GetStringTypeA
QueryPerformanceCounter
SetStdHandle
CompareStringA
SetEnvironmentVariableA
FlushFileBuffers
GetWindowsDirectoryA
GetSystemDirectoryA
FileTimeToSystemTime
lstrcpyA
lstrlenA
WaitForSingleObject
Sleep
MulDiv
DisableThreadLibraryCalls
GlobalLock
GlobalUnlock
LoadLibraryA
TerminateThread
GetTickCount
ReleaseMutex
CloseHandle
LoadResource
SizeofResource
FreeLibrary
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InterlockedIncrement
OutputDebugStringA
SetLastError
GetLastError
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersion
VirtualFree
GetModuleHandleA
LocalAlloc

advapi32

RegCloseKey

user32

CopyImage
GetSysColor
TrackPopupMenu
GetCursorPos
ClientToScreen
GetDC
ReleaseDC
FillRect
DestroyMenu
CreatePopupMenu
WaitMessage
InSendMessage
EnumThreadWindows
DestroyCursor
DestroyIcon
TranslateMessage
MsgWaitForMultipleObjects
EqualRect
GetDlgItem
DestroyWindow
GetWindowThreadProcessId
InvalidateRect
GetFocus
IsWindow
RedrawWindow
CopyRect
GetParent
MoveWindow
SetFocus
SetActiveWindow
EnumWindows
GetWindow
SetCapture
ScreenToClient
ReleaseCapture
ShowWindow
EndPaint
KillTimer
GetSysColorBrush
GetClientRect
GetWindowDC
GetWindowPlacement
IsChild
DestroyAcceleratorTable
SetForegroundWindow
IsWindowEnabled
PostQuitMessage
DrawCaption
DrawFrameControl
CallNextHookEx
UnhookWindowsHookEx
SetWindowRgn
BeginPaint
SetTimer
EndDialog
ValidateRect
GetKeyState
InvalidateRgn
GetDesktopWindow
OffsetRect
PtInRect
GetSystemMenu
GetActiveWindow
SetCursor
MapWindowPoints
WaitForInputIdle
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
BringWindowToTop
GetWindowRect
SetWindowPos
IsWindowVisible
EnumChildWindows
ReplyMessage
GetComboBoxInfo

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DPtoLP
SetBkColor
SetMapMode
GetMapMode
CreateBitmap
GetPixel
CreateSolidBrush
GetDIBColorTable
GetDeviceCaps
CombineRgn
GetStockObject
CreateRectRgn
SetDIBColorTable
CreateDIBSection
SetDIBitsToDevice
CreateDIBitmap
StretchDIBits
PatBlt
StretchBlt
CreatePatternBrush
CreateRectRgnIndirect
SetBkMode
SetTextColor
Ellipse
DeleteObject
DeleteDC

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHFileOperationA
ord92
ord165
SHGetMalloc

wininet

FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindFirstUrlCacheEntryW
InternetCrackUrlW
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetGetLastResponseInfoW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetAttemptConnect
CommitUrlCacheEntryW
UnlockUrlCacheEntryFileW
CreateUrlCacheEntryW
InternetGetCookieW
HttpQueryInfoW

urlmon

IsValidURL
URLDownloadToFileW

oleacc

ObjectFromLresult

ole32

CLSIDFromString
StringFromGUID2
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
StringFromCLSID
OleUninitialize
CLSIDFromProgID
CreateStreamOnHGlobal
OleSetContainedObject
OleCreate
OleInitialize
CoGetClassObject

oleaut32

DispCallFunc
VariantChangeType
VariantCopyInd
VarUI4FromStr
SysAllocStringLen
VariantCopy
SafeArrayAccessData
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayPutElement
SysStringLen
VariantClear
SafeArrayUnaccessData
SysStringByteLen
VarBstrCmp
SafeArrayGetVartype
SafeArrayCopy
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantInit
SafeArrayCreateVector
SysAllocString
GetErrorInfo
SysFreeString

shlwapi

SHDeleteKeyW
UrlCanonicalizeW
PathFindFileNameW
SHGetValueW
UrlUnescapeW
SHRegCreateUSKeyW
SHDeleteValueW
UrlGetPartW
StrRetToStrW
SHEnumValueW
SHCopyKeyW
PathIsURLW
SHRegWriteUSValueW

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_GetSystemOptionsDirectory@8
_GetUserOptionsDirectory@8
_LaunchIEInProtectedMode@4
_createActionButton@4
_createBrowserSearch@4
_createCommunicator@4
_createConfigurator@4
_createErrorSearch@4
_createRssTicker@4
_createTimerManager@4
_createToolbarSearch@4
_createUpdater@4
_createWidget@4

Sections

.text
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f40af6c51f6ff16f3d02b357d588ce4

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 224B

.bss Size: - Virtual size: 107KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 44KB

.rsrc Size: 27KB - Virtual size: 27KB

7458f96eb10904198d988c72ce690084

Headers

File Characteristics

Imports

comdlg32

gdi32

kernel32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 800B

.bss Size: - Virtual size: 16KB

.edata Size: 512B - Virtual size: 112B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 144B

.reloc Size: 1024B - Virtual size: 892B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

24b813560079797c410aa1f2f2fe76c4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 224B

.bss
Size: - Virtual size: 107KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 44KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 800B

.bss
Size: - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 112B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 144B

.reloc
Size: 1024B - Virtual size: 892B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 736B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

.text
Size: 511KB - Virtual size: 511KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 38KB