89e2761795a988349643b6ae461f7533_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89e2761795a988349643b6ae461f7533_JaffaCakes118
Size

9.7MB
MD5

89e2761795a988349643b6ae461f7533
SHA1

8237d22a8d6f4e7055f66a63bf7bafbdc33c5717
SHA256

fb6d1e790ce716a3374775a6c323d1bff4726ac6b1486fe5ddfcd3a5a6b52919
SHA512

271da5dc5fced11eb543ff75e5d3d74a4b17208035e714f5f3d61e248147f48a8bd16c1bd66f555579bd12f83b84a4b7e9643336d1971e9f8475c349205534b2
SSDEEP

196608:Zeq+HyxzkUt899e6UZkJP39hjO4l1lLzMJvIoZQiJnXCyxHcBE2Ra1EgIH:ZehSxgUamDZS7OgfLz0AuLpx8K2Imn

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
89e2761795a988349643b6ae461f7533_JaffaCakes118
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$TEMP/windll.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

89e2761795a988349643b6ae461f7533_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ewallet-7.0.0.27618.exe
.exe windows:1 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

27:21:29:3b:fb:1e:46:76:b6:f9:33:24:68:f3:a4:d5
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/06/2009, 00:00

Not After

24/06/2010, 23:59

Subject

CN=Ilium Software\, Inc.,O=Ilium Software\, Inc.,POSTALCODE=48105,STREET=3759 Prospect,L=Ann Arbor,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/windll.dll
.dll windows:4 windows x86 arch:x86

2d2c5998626aac99e7a4b3abccca1af3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLogicalDrives
GetSystemTimeAdjustment
GetFileSizeEx
EnumSystemLocalesA
LocalHandle
SetLocalTime
GetCPInfo
GetDiskFreeSpaceA
SystemTimeToFileTime
FindNextVolumeMountPointW
SizeofResource
SetConsoleActiveScreenBuffer
OpenJobObjectW
GlobalGetAtomNameW
GetModuleHandleW
EnumResourceLanguagesW
GetNumberFormatW
lstrcpynW
ReplaceFileW
MoveFileW
GetWindowsDirectoryW
TerminateProcess
GlobalReAlloc
GetCompressedFileSizeW
GetNumberFormatA
HeapLock
FindFirstChangeNotificationA
SetConsoleMode
LockFile
FindResourceW
LocalSize
SetEnvironmentVariableW
GetSystemInfo
RegisterWaitForSingleObject
GetProfileStringA
GlobalDeleteAtom
CancelIo
PostQueuedCompletionStatus
GetEnvironmentVariableA
CancelWaitableTimer
FindFirstFileExW
CreateFileA
GetSystemDirectoryA
GetLongPathNameW
OpenSemaphoreW
RtlMoveMemory
OpenThread
FindFirstChangeNotificationW
HeapValidate
IsBadHugeReadPtr
SetEvent
GlobalFindAtomW
SetVolumeLabelW
UnregisterWaitEx
GetVersionExW
ConvertDefaultLocale
CreateConsoleScreenBuffer
HeapCompact
WinExec
LocalFlags
LCMapStringW
FreeConsole
GetProfileSectionA
GetDiskFreeSpaceW
PeekConsoleInputW
GetShortPathNameA
lstrcmpW
WriteFileEx
SetConsoleCtrlHandler
GetLogicalDriveStringsA
GetShortPathNameW
CreateMutexW
WaitForMultipleObjectsEx
GetTimeZoneInformation
CompareStringW
Sleep
GetStartupInfoW
ReadProcessMemory
PeekNamedPipe
TryEnterCriticalSection
SearchPathW
UpdateResourceA
SetProcessWorkingSetSize
SetEndOfFile
DeleteTimerQueueTimer
CreateTimerQueue
ExpandEnvironmentStringsW
GetComputerNameW
PurgeComm
GetVolumePathNameW
InterlockedCompareExchange
SetSystemTime
ExpandEnvironmentStringsA
GetConsoleMode
GetSystemDefaultUILanguage
GetProcessAffinityMask
GetLocalTime
FindNextFileA
CreateRemoteThread
DeleteTimerQueueEx
UnregisterWait
ResetEvent
ReadFile
SetHandleInformation
DeviceIoControl
GetUserDefaultLangID
CreateEventW
FindNextFileW
GetModuleHandleA
GetSystemTimeAsFileTime
lstrlenA
lstrcpyW
lstrcatW
ReleaseMutex
CreateFileMappingA
CopyFileA
GetLastError
HeapAlloc
LoadLibraryA
WaitForSingleObject
HeapFree
LeaveCriticalSection
GetComputerNameA
CreateDirectoryA
MoveFileExA
EnterCriticalSection
CreateThread
GetProcAddress
ReadFileEx
CloseHandle

ole32

CreateFileMoniker
CreateOleAdviseHolder
CreateBindCtx
CoInitializeEx
CreateDataAdviseHolder
OleUninitialize
SetConvertStg
CoGetMarshalSizeMax
OleCreateLinkFromData
StgCreateDocfileOnILockBytes
OleSetMenuDescriptor
CreateILockBytesOnHGlobal
CoQueryProxyBlanket
CoDisableCallCancellation
OleTranslateAccelerator
CreateAntiMoniker
OleCreateMenuDescriptor
MkParseDisplayName
OleSaveToStream
CoGetInterfaceAndReleaseStream
StgOpenStorageEx
OleRegGetUserType
StringFromIID
StgOpenStorage
CoFileTimeNow
OleLoad
CoUninitialize
CoTaskMemFree
CoInitialize

user32

CallWindowProcA
FrameRect
EndPaint
TranslateAcceleratorW
EnableMenuItem
GetPropW
DrawFrameControl
MonitorFromRect
DefFrameProcA
CheckRadioButton
GetCursorPos
IsDlgButtonChecked
RemovePropA
GetWindowWord
AppendMenuW
MoveWindow
LoadImageA
SetMenuItemBitmaps
EnumDisplaySettingsA
AdjustWindowRect
GetKeyNameTextA
GetCaretPos
BeginPaint
EnableWindow
InSendMessage
DialogBoxIndirectParamW
AppendMenuA
GetMenuCheckMarkDimensions
ChildWindowFromPoint
CharLowerBuffA
GetPropA
GetMenuItemCount
ToAscii
GetComboBoxInfo
SetMenu
CopyAcceleratorTableA
GetDlgCtrlID
CharNextW
GetSystemMenu
DefWindowProcA
GetWindowContextHelpId
GetMenuItemInfoW
RedrawWindow
SendNotifyMessageA
CreateAcceleratorTableA
DrawEdge
CharLowerA
ToAsciiEx
DestroyIcon
OffsetRect
DefFrameProcW
InsertMenuA
GetMenuItemID
SendMessageTimeoutA
GetMenuDefaultItem
GetCursor
GetClassLongW
LockWindowUpdate
ReplyMessage
GetWindowRect
CallMsgFilterW
GetWindowTextLengthA
SetClassLongW
CharUpperW
GetClassLongA
DialogBoxIndirectParamA
GetDialogBaseUnits
LoadBitmapW
CharToOemBuffA
SendInput
EndDialog
SetScrollPos
DestroyAcceleratorTable
GetScrollInfo
GetClassNameA
PostMessageW
ScrollDC
MessageBoxIndirectA
GetDesktopWindow
OpenInputDesktop
GetQueueStatus
EnableScrollBar
BroadcastSystemMessageW
DrawTextExW
DrawTextA
GetIconInfo
GetGUIThreadInfo
MessageBoxA
PeekMessageA
MessageBoxIndirectW
CreateDialogParamA
EndTask
GetUpdateRgn
GetKeyNameTextW
DrawIcon
SetThreadDesktop
PostThreadMessageA
GetMenuStringA
LoadCursorA
InternalGetWindowText
SetWindowContextHelpId
GetAncestor
IsDialogMessageW
GetNextDlgTabItem
MessageBoxW
wsprintfW
UnpackDDElParam
UnregisterClassW
BringWindowToTop
FindWindowExW
InvalidateRgn
SetCaretPos
LoadAcceleratorsA
SendNotifyMessageW
GetWindow
SetFocus
ScreenToClient
GetMessageTime
SetDlgItemInt
SetWindowLongW
CharNextA
GetUpdateRect
AllowSetForegroundWindow
GetTopWindow
VkKeyScanW
ShowCaret
DialogBoxParamA
GetWindowThreadProcessId
FindWindowExA
VkKeyScanA
CloseWindowStation
GetWindowDC
SetProcessDefaultLayout
GetMenuItemInfoA
ModifyMenuA
MonitorFromPoint
CallNextHookEx
UnhookWindowsHookEx
GetMessageA
KillTimer
SetTimer
SetWindowsHookExA
SetCapture

advapi32

RegOpenKeyExA
GetEffectiveRightsFromAclW
RegSetValueW
CreateProcessWithLogonW
RegisterServiceCtrlHandlerExA
GetServiceKeyNameW
RegFlushKey
RegQueryValueA
RegRestoreKeyA
StartServiceCtrlDispatcherA
RegQueryValueW
QueryServiceStatusEx
UnlockServiceDatabase
QueryServiceConfig2W
RegOpenKeyA
RegisterEventSourceA
RegUnLoadKeyA
RegOpenCurrentUser
NotifyBootConfigStatus
OpenEventLogA
RegEnumValueW
QueryServiceConfigW
RegCreateKeyW
GetAclInformation
OpenServiceA
GetUserNameW
RevertToSelf
CloseServiceHandle
CreateServiceA
QueryServiceStatus
RegQueryValueExW
SetThreadToken
ControlService
OpenProcessToken
StartServiceA
RegSetValueExA
RegDeleteValueA
GetUserNameA
RegQueryValueExA
RegQueryInfoKeyW

shell32

SHBrowseForFolderW
SHCreateShellItem
SHGetPathFromIDListA
SHGetFileInfoA
SHParseDisplayName
SHGetSpecialFolderPathA
SHGetFileInfoW
ExtractIconExA
SHGetSettings
DragQueryFileA
CommandLineToArgvW
SHGetPathFromIDListW
ExtractIconExW
SHGetSpecialFolderLocation
ExtractIconA
SHGetFolderPathA

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 836B

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

27:21:29:3b:fb:1e:46:76:b6:f9:33:24:68:f3:a4:d5Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 36KB

DATA Size: 1024B - Virtual size: 588B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 58KB - Virtual size: 58KB

2d2c5998626aac99e7a4b3abccca1af3

Headers

File Characteristics

Imports

kernel32

ole32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

27:21:29:3b:fb:1e:46:76:b6:f9:33:24:68:f3:a4:d5
Certificate

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 588B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 58KB - Virtual size: 58KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB