7729f00c54968e51c21c3189f518cb4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7729f00c54968e51c21c3189f518cb4d_JaffaCakes118
Size

3.3MB
MD5

7729f00c54968e51c21c3189f518cb4d
SHA1

94a4409e1a2f1168957f0522fd453e651a0f1cdc
SHA256

7ed75e485ee7361af145ab4bb55c603d0f66c3a51e5ecdabd3749b486eea30ba
SHA512

9f48c2b9279fc65b7925e294b95b15e9c6c01037b53dc16cef390a609057efe6a946a20a6999e350331c74006a5db2007952f54b50d66998292843f5055c72bc
SSDEEP

98304:tGf1BwFPA4Jz9VZTgC2qJAB20R5LPZ53Qh5P:t2Bwx5vgNquB20Ll53mP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$TEMP/flashfxp-4.0.0-build-1470-rc-1.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
7729f00c54968e51c21c3189f518cb4d_JaffaCakes118
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$TEMP/windll.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

7729f00c54968e51c21c3189f518cb4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
CreateSemaphoreA
CreateThread
DeleteFileA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
MulDiv
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

_write
__dllonexit
_errno
_iob
abort
fflush
fputc
fputs
free
fwrite
malloc
memcpy
realloc
strcmp
strcpy
strlen

user32

CallWindowProcA
CharPrevA
CreateWindowExA
DestroyWindow
EnableWindow
FindWindowExA
GetClientRect
GetDlgItem
GetFocus
GetWindowLongA
GetWindowRect
IsWindowVisible
RegisterWindowMessageA
SendMessageA
SetDlgItemTextA
SetWindowLongA
SetWindowTextA
ShowWindow
wsprintfA

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
getsockname
htons
inet_addr
ioctlsocket
recv
select
send
shutdown
socket

Exports

Exports

download
download_quiet

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/flashfxp-4.0.0-build-1470-rc-1.exe
.exe windows:1 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:dd:36:5a:f8:70:c6:2d:ee:8b:7f:50:70:95:dc:38
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/08/2010, 00:00

Not After

09/08/2012, 23:59

Subject

CN=OpenSight Software\, LLC,O=OpenSight Software\, LLC,POSTALCODE=623010000,STREET=2230 PAYSON AVENUE,L=Quincy,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:aa:b6:b5:af:c7:a3:df:17:57:c0:f7:e9:fe:24:d6:c3:2d:30:ab
Signer

Actual PE Digest

eb:aa:b6:b5:af:c7:a3:df:17:57:c0:f7:e9:fe:24:d6:c3:2d:30:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/windll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e74640a5495039a84e597379beec9771

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessAffinityMask
FindFirstChangeNotificationW
GetFullPathNameW
SearchPathW
MoveFileExA
GetDefaultCommConfigW
VirtualFree
ExitThread
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareFileTime
GetLogicalDriveStringsW
GetBinaryTypeW
ConvertDefaultLocale
ChangeTimerQueueTimer
FindVolumeClose
LockFileEx
SetVolumeMountPointW
lstrcpynW
CreateMailslotW
CopyFileW
GetLogicalDriveStringsA
ClearCommError
UpdateResourceA
MapViewOfFileEx
SetVolumeLabelA
ExitProcess
CompareStringA
VerSetConditionMask
FlushConsoleInputBuffer
EnumSystemLocalesA
GetProfileStringW
CreateTimerQueue
GetLocaleInfoW
GetModuleHandleExW
GetFileInformationByHandle
EnumUILanguagesW
DeleteTimerQueueTimer
CreateDirectoryW
CopyFileExW
SetCurrentDirectoryA
CreateWaitableTimerA
WaitForMultipleObjectsEx
OpenJobObjectW
GetTempPathA
GetFileSizeEx
FormatMessageW
MoveFileW
HeapUnlock
SetHandleInformation
EnumResourceNamesW
VirtualQueryEx
CreateMutexW
GetUserDefaultUILanguage
SetConsoleMode
GetFileType
WriteConsoleA
GetShortPathNameA
FreeEnvironmentStringsW
SetConsoleCtrlHandler
AllocConsole
AreFileApisANSI
lstrcatA
LocalSize
GetLocalTime
GetThreadPriority
GetEnvironmentStringsW
FindFirstFileA
lstrcatW
FindNextFileW
GetVersion
GetVolumeInformationA
SetFileApisToOEM
GetDateFormatW
GetSystemWindowsDirectoryA
lstrcmpA
FindClose
OpenProcess
DosDateTimeToFileTime
FindFirstFileExW
SetComputerNameA
GetFileSize
GlobalFree
CreateFileMappingW
RaiseException
LoadResource
OpenFileMappingA
HeapWalk
SetDefaultCommConfigW
GetDiskFreeSpaceA
LockResource
GetQueuedCompletionStatus
CreateToolhelp32Snapshot
FlushFileBuffers
GetShortPathNameW
VirtualAllocEx
OpenFile
SetConsoleTitleA
GlobalReAlloc
GetCompressedFileSizeW
FindNextVolumeMountPointW
GetFileTime
GetSystemDirectoryW
GetModuleHandleW
LCMapStringA
GetCurrentDirectoryW
GetLongPathNameW
IsValidLocale
CreateTimerQueueTimer
VerifyVersionInfoW
GetCurrentDirectoryA
WriteProcessMemory
SystemTimeToFileTime
lstrcpynA
GetAtomNameW
OpenThread
OpenEventA
GetProcessVersion
GetSystemDefaultLangID
ReadFile
GetModuleFileNameA
VirtualQuery
MapViewOfFile
VirtualProtect
InterlockedIncrement
MoveFileA
HeapFree
GlobalAlloc
CloseHandle
HeapAlloc
CreateDirectoryA
GetCurrentProcessId
DeleteFileA
GetProcAddress
GetComputerNameA
CreateMutexA
LeaveCriticalSection
LocalFree
GetModuleHandleA
CreateThread
CreateProcessA
EnterCriticalSection
CopyFileA
FreeResource
LoadLibraryA

ole32

SetConvertStg
IIDFromString
CoTaskMemRealloc
StringFromGUID2
OleLoadFromStream
CoGetObjectContext
CoGetCallContext
CreateItemMoniker
CreateDataAdviseHolder
OleLockRunning
CoGetClassObject
CoImpersonateClient
OleSetContainedObject
StgOpenStorage
GetRunningObjectTable
CoMarshalInterThreadInterfaceInStream
RegisterDragDrop
OleDuplicateData
StgOpenStorageOnILockBytes
CoAllowSetForegroundWindow
StgCreateDocfile
CoFileTimeNow
CoUnmarshalInterface
CreateDataCache
CoRevertToSelf
CoFreeUnusedLibrariesEx
OleRegGetMiscStatus
OleRegGetUserType
CoReleaseMarshalData
StgCreateDocfileOnILockBytes
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

user32

CharUpperBuffA
InvertRect
CreateDialogIndirectParamW
GetActiveWindow
GetUpdateRect
FreeDDElParam
CreateDialogParamA
PostMessageA
CharToOemW
SetMessageQueue
LoadStringA
GetMonitorInfoW
GetUserObjectInformationA
CharNextExA
SetPropW
VkKeyScanW
OemToCharBuffA
GetMenuStringW
CopyIcon
DestroyCursor
GetMenuCheckMarkDimensions
ReplyMessage
IsDialogMessageW
SystemParametersInfoW
DestroyAcceleratorTable
GetWindowRect
DispatchMessageW
ShowWindowAsync
MapVirtualKeyExW
TranslateMessage
OpenWindowStationA
MessageBoxExW
MessageBoxIndirectA
ValidateRect
OpenInputDesktop
GetParent
SendMessageTimeoutW
GetDC
LoadIconA
SetParent
ChildWindowFromPoint
DefMDIChildProcA
GetClassInfoExA
GetClassNameW
CharLowerBuffW
BringWindowToTop
GetScrollInfo
GetProcessWindowStation
OpenDesktopW
GetProcessDefaultLayout
LoadImageA
GetInputState
LoadBitmapW
GetDlgItem
EnumChildWindows
GetPropA
ShowWindow
LoadMenuW
DialogBoxParamA
DialogBoxIndirectParamW
EndDialog
SendDlgItemMessageA
CharToOemBuffA
ReuseDDElParam
DeleteMenu
LoadImageW
SetMenuItemInfoA
ToAsciiEx
ScreenToClient
AllowSetForegroundWindow
ReleaseDC
DefWindowProcA
DrawAnimatedRects
CharLowerW
GetQueueStatus
AppendMenuW
MessageBoxW
PtInRect
CloseWindowStation
DrawTextExA
GetDialogBaseUnits
DrawTextExW
CreatePopupMenu
BeginPaint
GetWindowTextLengthW
ClientToScreen
GetWindowWord
GetScrollRange
InvalidateRect
GetWindowTextA
CopyAcceleratorTableW
CharUpperW
CopyRect
CharToOemA
GetWindowLongW
ToUnicodeEx
ChangeDisplaySettingsA
IsWindowVisible
GetSysColorBrush
ScrollWindow
SetWindowLongA
CallWindowProcW
WaitForInputIdle
CallMsgFilterW
InternalGetWindowText
CreateIconFromResourceEx
FlashWindow
IntersectRect
FindWindowExW
EnumThreadWindows
GetClassLongW
SendMessageTimeoutA
CharUpperBuffW
MessageBoxIndirectW
SubtractRect
GetCursorPos
SetDlgItemInt
ToAscii
KillTimer
GetMessageW
GetMenuItemID
GetGUIThreadInfo
SetCursor
IsRectEmpty
SetWindowRgn
GetAncestor
CharPrevA
SetThreadDesktop
EnumWindows
DrawFrameControl
TrackPopupMenu
UnhookWindowsHookEx
CallNextHookEx
SendMessageA
DispatchMessageA
GetClassNameA
SetWindowsHookExA
GetWindowThreadProcessId
GetUpdateRgn

shlwapi

PathSkipRootW
StrChrW
StrStrA
UrlCanonicalizeW
PathMatchSpecW
PathIsRootW
StrDupW
PathRemoveFileSpecW
SHCreateShellPalette
StrCmpW
PathRemoveBlanksW
SHGetValueW
PathIsDirectoryW
PathSetDlgItemPathW
PathAddBackslashW
SHRegGetValueW
AssocQueryStringW
UrlCreateFromPathW
PathIsPrefixW
PathRenameExtensionW
PathIsURLW
PathFindFileNameA
PathMakePrettyW
PathFileExistsA
PathAddBackslashA
PathCommonPrefixW
PathCreateFromUrlW
StrToIntA
SHRegGetBoolUSValueW
StrCpyW
SHStrDupW
PathRemoveExtensionW
PathIsNetworkPathW
PathStripPathW
StrCpyNW
StrCmpNIA
UrlUnescapeW
PathIsUNCServerW

advapi32

RegCreateKeyExA
LookupAccountNameA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegSetValueExA
SetNamedSecurityInfoA
RegEnumKeyExA
ConvertSidToStringSidA
QueryServiceLockStatusA
RegSaveKeyW
DeregisterEventSource
ChangeServiceConfig2W
RegisterEventSourceW
OpenServiceA
SetTokenInformation
UnlockServiceDatabase
RegOpenCurrentUser
CreateProcessWithLogonW
GetNumberOfEventLogRecords
RegFlushKey
OpenSCManagerA
ChangeServiceConfigW
RegCreateKeyW
RegDeleteKeyW
GetUserNameW
ClearEventLogW
RegUnLoadKeyW
RegConnectRegistryW
RevertToSelf
RegRestoreKeyA
DuplicateTokenEx
NotifyBootConfigStatus
RegQueryValueA
GetServiceKeyNameW
GetTokenInformation
OpenEventLogA
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerA
RegEnumKeyW
RegEnumKeyA
RegNotifyChangeKeyValue
StartServiceCtrlDispatcherW
EnumServicesStatusW
RegEnumKeyExW
MapGenericMask
StartServiceA
ReadEventLogA
RegQueryInfoKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 150KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 16KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 24KB

.edata Size: 512B - Virtual size: 95B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

26:dd:36:5a:f8:70:c6:2d:ee:8b:7f:50:70:95:dc:38Certificate

Extended Key Usages

Key Usages

eb:aa:b6:b5:af:c7:a3:df:17:57:c0:f7:e9:fe:24:d6:c3:2d:30:abSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 292KB

UPX1 Size: 133KB - Virtual size: 136KB

.rsrc Size: 33KB - Virtual size: 36KB

e74640a5495039a84e597379beec9771

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 150KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 16KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 24KB

.edata
Size: 512B - Virtual size: 95B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

26:dd:36:5a:f8:70:c6:2d:ee:8b:7f:50:70:95:dc:38
Certificate

eb:aa:b6:b5:af:c7:a3:df:17:57:c0:f7:e9:fe:24:d6:c3:2d:30:ab
Signer

UPX0
Size: - Virtual size: 292KB

UPX1
Size: 133KB - Virtual size: 136KB

.rsrc
Size: 33KB - Virtual size: 36KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB