13c3693d292f05a8d1c858beafdaa7a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

13c3693d292f05a8d1c858beafdaa7a0N.exe
Size

1.5MB
MD5

13c3693d292f05a8d1c858beafdaa7a0
SHA1

24833625ec4394e32990740741fe3675c76dd650
SHA256

edcfee4598509abb98f79584c18c26e3bbacefaf0d0cd4b77f9eff1a7fdb3eb9
SHA512

d41276dec29cc2c11994aea9ac30ed80530f6f67576ab575a09777e0d2940b6407f9f0867c04a552ce3c03e6c1a95ac1e8ff22d3285d03faceb34017a5d7221f
SSDEEP

24576:Qqb1r5XHPXlwT5dwyrmFvv0KoljCGtYHW/hOmH86hutctGU+d1ETwyfmh1t:XbXHPITtu3vQMU41imh1t

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/Processes.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/ZipDLL.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$TEMP/CCIS/ccsqlh.exe
unpack001/$TEMP/CCIS/sqlite3.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

13c3693d292f05a8d1c858beafdaa7a0N.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DefaultBanner.bmp
$PLUGINSDIR/Processes.dll
.dll windows:5 windows x86 arch:x86

283a9a269662c1e7a7bc6ae76b77c330

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
lstrcpyA
OpenProcess
CloseHandle
GetModuleHandleA
TerminateProcess
GlobalFree
lstrcpynA
GlobalAlloc
FlushFileBuffers
CreateFileA
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
GetDesktopWindow
FindWindowA
UpdateWindow
MessageBoxA

Exports

Exports

FindDevice
FindProcess
GetProcessPID
KillParentProcess
KillProcess

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WelcomeScreenLogo.bmp
$PLUGINSDIR/ZipDLL.dll
.dll windows:4 windows x86 arch:x86

f10b94e3705eae25c7617ba56a648b77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetLocaleInfoW
LoadLibraryA
IsBadCodePtr
LocalFree
FormatMessageA
GetLastError
MapViewOfFile
CreateFileMappingA
CloseHandle
UnmapViewOfFile
GetDiskFreeSpaceA
CreateFileA
GetCurrentDirectoryA
SetFileAttributesA
GetFileAttributesA
GetDriveTypeA
SetVolumeLabelA
DeleteFileA
MoveFileA
CreateDirectoryA
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileType
FlushFileBuffers
SetStdHandle
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetEndOfFile
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetProcAddress
GetStringTypeA
GetStringTypeW
IsBadReadPtr

user32

SendMessageA
GetDlgItem
SetWindowTextA
FindWindowExA
OemToCharBuffA
CharToOemBuffA

Exports

Exports

extractall
extractfile

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CCIS/ccsqlh.exe
.exe windows:5 windows x86 arch:x86

708c688bbd79779f67258911999a00a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\ishai\Omnibox\Conduit C++ Google Chrome Demo\Code\Debug\CppSQLiteDemo.pdb

Imports

sqlite3

sqlite3_prepare
sqlite3_busy_timeout
sqlite3_last_insert_rowid
sqlite3_get_table
sqlite3_exec
sqlite3_close
sqlite3_open
sqlite3_bind_null
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_text
sqlite3_changes
sqlite3_reset
sqlite3_free_table
sqlite3_step
sqlite3_finalize
sqlite3_errmsg
sqlite3_column_type
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_double
sqlite3_column_int
sqlite3_column_text
sqlite3_column_count
sqlite3_vmprintf
sqlite3_mprintf
sqlite3_free

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

kernel32

WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
VirtualQuery
GetProcessHeap
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetConsoleOutputCP
GetStringTypeA
GetDateFormatA
GetTimeFormatA
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
CloseHandle
FlushFileBuffers
SetFilePointer
ReadFile
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
SetEndOfFile
GetStringTypeW
FatalAppExitA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedCompareExchange
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetCommandLineA
HeapValidate
IsBadReadPtr
GetCPInfo
LCMapStringA
GetLastError
LCMapStringW
DebugBreak
lstrlenA
LoadLibraryA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
WriteFile
GetStdHandle
SetConsoleCtrlHandler
FreeLibrary
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
VirtualFree

Sections

.textbss
Size: - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/CCIS/sqlite3.dll
.dll windows:4 windows x86 arch:x86

90f0646a1d53143c8e05a27e348e88f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile

msvcrt

free
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strncmp

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 784B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ccex.crx
.zip
128.png
.png
634522081278230424.png
634522081510930374.png
634522081511701809.png
CT3156034.txt
Controller.html
.js
Css/about.css
Css/chromeMain.css
Css/ctbMain.css
Css/ddmenu.css
Css/facebook.css
Css/gmail.css
Css/logoMenu.css
Css/options.css
Css/safariMain.css
Css/searchEngine.css
Css/searchHistory.css
Media/128.png
.png
Media/128g.png
.png
Media/Collapse.png
.png
Media/ajax-loader.gif
.gif
Media/arrow_down.png
.png
Media/base64/bak.gif
.gif
Media/base64/dyamincMenu/backstrip.png
.png
Media/base64/dyamincMenu/overstrip.png
.png
Media/base64/icons/about_icon.png
.png
Media/base64/icons/delete_s.png
.png
Media/base64/icons/read_s.png
.png
Media/base64/icons/shevronLeft.png
.png
Media/base64/icons/shevronRight.png
.png
Media/base64/icons/unread_s.png
.png
Media/base64/ifarme/blackToWhite.png
.png
Media/base64/ifarme/whiteToBlack.png
.png
Media/base64/rssItem/down_active.png
.png
Media/base64/rssItem/down_disable.png
.png
Media/base64/rssItem/down_over_on.png
.png
Media/base64/rssItem/image_box.png
.png
Media/base64/rssItem/noimage_box.png
.png
Media/base64/rssItem/option_layer.png
.png
Media/base64/rssItem/point_select.png
.png
Media/base64/rssItem/scroll_back.png
.png
Media/base64/rssItem/scroll_bar_center.png
.png
Media/base64/rssItem/scroll_bar_end.png
.png
Media/base64/rssItem/scroll_bar_start.png
.png
Media/base64/rssItem/scroll_down.png
.png
Media/base64/rssItem/scroll_down_on.png
.png
Media/base64/rssItem/scroll_up.png
.png
Media/base64/rssItem/scroll_up_on.png
.png
Media/base64/rssItem/shadow_list.png
.png
Media/base64/rssItem/up_active.png
.png
Media/base64/rssItem/up_disable.png
.png
Media/base64/rssItem/up_over_on.png
.png
Media/base64/searchBox/searchMe.png
.png
Media/base64/searchBox/searchMe_rtl.png
.png
Media/base64/searchBox/search_center_over.png
.png
Media/base64/searchBox/search_left_over.png
.png
Media/base64/searchBox/search_right_over.png
.png
Media/colapse.png
.png
Media/endSeperator.gif
.gif
Media/expend.png
.png
Media/icon.png
.png
Media/icons/addApp.png
.png
Media/icons/delete.png
.png
Media/icons/delete_blue.png
.png
Media/icons/delete_grey.png
.png
Media/icons/delete_hover.png
.png
Media/icons/delete_press.png
.png
Media/icons/read.png
.png
Media/icons/read_hover.png
.png
Media/icons/read_press.png
.png
Media/icons/read_reg.png
.png
Media/icons/refresh.png
.png
Media/icons/refresh_hover.png
.png
Media/icons/refresh_press.png
.png
Media/icons/refresh_reg.png
.png
Media/icons/small_arrow.png
.png
Media/icons/small_arrowRTL.png
.png
Media/icons/trans.png
.png
Media/icons/unread.png
.png
Media/icons/unread_hover.png
.png
Media/icons/unread_press.png
.png
Media/icons/unread_reg.png
.png
Media/icons/urlGadget/close_hover.png
.png
Media/icons/urlGadget/close_normal.png
.png
Media/icons/urlGadget/info_hover.png
.png
Media/icons/urlGadget/info_normal.png
.png
Media/icons/urlGadget/minimize_hover.png
.png
Media/icons/urlGadget/minimize_normal.png
.png
Media/icons/urlGadget/snap_hover.png
.png
Media/icons/urlGadget/snap_normal.png
.png
Media/icons/useful_components/0.png
.png
Media/icons/useful_components/1.png
.png
Media/icons/useful_components/10.png
.png
Media/icons/useful_components/11.png
.png
Media/icons/useful_components/12.png
.png
Media/icons/useful_components/2.png
.png
Media/icons/useful_components/3.png
.png
Media/icons/useful_components/4.png
.png
Media/icons/useful_components/5.png
.png
Media/icons/useful_components/6.png
.png
Media/icons/useful_components/7.png
.png
Media/icons/useful_components/8.png
.png
Media/icons/useful_components/9.png
.png
Media/options_acc_collapse.png
.png
Media/options_acc_expand.png
.png
Media/options_acc_item_bg.png
.png
Media/options_acc_item_bg_hover.png
.png
Media/options_button_bg_green.png
.png
Media/options_button_bg_orange.png
.png
Media/overBtn.png
.png
Media/pixelon.gif
.gif
Media/popup/main_menu_about.gif
.gif
Media/popup/main_menu_contact.gif
.gif
Media/popup/main_menu_help.gif
.gif
Media/popup/main_menu_hide.png
.png
Media/popup/main_menu_privacy.gif
.gif
Media/popup/main_menu_refresh.gif
.gif
Media/popup/main_menu_show.png
.png
Media/popup/main_menu_tell_a_friend.gif
.gif
Media/popup/main_menu_upgrade.gif
.gif
Media/rssItem/noImage.png
.png
Media/seperator.png
.png
Media/shadow_list.png
.png
Media/shadow_list_.png
.png
Options.html
Options/additional_settings.html
.js
Options/alerts_setting.html
.js
Options/personal_components.html
Options/predefined_components.html
.js
Options/useful_components.html
.js
initData.json
js/API/component/view/BrowserCompApi.js
.js
js/clicksHandler.js
.js
js/contentScript.js
.js
js/controller/controller.js
.js
js/css/ctbmain.css
js/everypage_early.js
.js
js/items/about/about.css
js/items/about/about.htm
.js
js/items/about/about.js
.js
js/items/components/view/InjectScript/ticker.js
.js
js/items/container/container.css
js/items/container/container.html
.js
js/items/container/container.js
.js
js/items/contextMenu/view/contextMenu.js
.js
js/items/dynamicMenu/view/dynamicMenu.css
js/items/dynamicMenu/view/dynamicMenu.html
.js
js/items/dynamicMenu/view/dynamicMenu.js
.js
js/items/menuPanel/view/menuPanel.htm
.html .js polyglot
js/items/menuPanel/view/menuPanel.js
.js
js/items/multiRssItem/view/MultiRssItem.css
js/items/multiRssItem/view/MultiRssItem.html
.js
js/items/multiRssItem/view/multiRssItem.js
.js
js/items/urlGadget/view/urlGadget.css
js/items/urlGadget/view/urlGadget.html
.js
js/items/urlGadget/view/urlGadget.js
.js
js/items/xmlMenu/view/xmlMenu.css
js/items/xmlMenu/view/xmlMenu.html
js/items/xmlMenu/view/xmlMenu.js
.js
js/lib/jquery-ui-accordion.js
.js
js/lib/jquery-ui.custom.js
.js
js/lib/jquery.additions.js
.js
js/lib/jquery.batchImageLoad.js
.js
js/lib/jquery.bdc.ddmenu.js
.js
js/lib/jquery.js
.js
js/lib/jquery.mousewheel.js
.js
js/lib/jsonStringify.js
.js
js/lib/pure.js
.js
js/lib/xml2json.js
.js
js/model/model.js
.js
js/options.js
.js
js/popup/view/popup.css
js/popup/view/popup.html
.js
js/popup/view/popup.js
.js
js/popup/view/popupShow.html
.js
js/services/alerts/alerts.view.css
js/services/alerts/alerts.view.html
.js
js/services/alerts/alerts.view.js
.js
js/services/translation/translation_fallback.json
manifest.json
translation_fallback.json

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:ddCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 100KB

.rsrc Size: 3KB - Virtual size: 3KB

283a9a269662c1e7a7bc6ae76b77c330

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

f10b94e3705eae25c7617ba56a648b77

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 110KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 21KB - Virtual size: 27KB

.reloc Size: 12KB - Virtual size: 12KB

1e2884056e655f2b7bc5a904e352fc80

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 21KB - Virtual size: 27KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

.textbss
Size: - Virtual size: 241KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 8KB - Virtual size: 17KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 425KB - Virtual size: 424KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 784B

.edata
Size: 6KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB

.stab
Size: 5KB - Virtual size: 4KB

.stabstr
Size: 5KB - Virtual size: 5KB