8d420e487239ab6556e211e40cab2dc9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d420e487239ab6556e211e40cab2dc9_JaffaCakes118
Size

536KB
MD5

8d420e487239ab6556e211e40cab2dc9
SHA1

6a55491a952ea63676bc4bc39402488a855501e1
SHA256

1a71fbfc0498668776dbfd1fabdc9bc38f424789b860261956f5d5213a7b272d
SHA512

7f3e64a62a49143dd0d215947d1a6b4067b6fd50dd72a0c5b2928e17accdb4ce5c18f4300dc6efb4a80c5d66781766be937de963a704c22812d447a9bea5c2e8
SSDEEP

12288:ageroUVdxqEHI3TNEcb+AlvaTSqhYsHHtUUPdfRp:agwd05b+AATSqtHHtRVfRp

Score

1^/10

Malware Config

Signatures

Files

8d420e487239ab6556e211e40cab2dc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

69fca406fca60cbc40ffbe822d7a45bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:e4:7a:31:10:dc:23:d9:66:44:93:1f:2c:f6:1b:e2:8e:10:52:70
Signer

Actual PE Digest

08:e4:7a:31:10:dc:23:d9:66:44:93:1f:2c:f6:1b:e2:8e:10:52:70

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\qqpcmgr_proj\QQPCMgr_Trojan\qqpcmgr_proj\Basic\Output\BinFinal\QQPCUpdateAVLib.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htonl
ntohl
ntohs
htons

shlwapi

PathFileExistsW
StrFromTimeIntervalW
StrFormatKBSizeW
StrFormatByteSizeW
PathAddBackslashW
PathRemoveFileSpecW
PathAppendW
wnsprintfW

common

??1Big@@QAE@XZ
?from_binary@@YA?AVBig@@HPAD@Z
??4Big@@QAEAAV0@ABV0@@Z
??0Big@@QAE@XZ
?Verify@CEcdsa@@QAE_NABUCPublicKey@@ABVBig@@ABUCSignature@@@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
??0CEcdsa@@QAE@W4ECCBIT@eccparam@@@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
??1CEcdsa@@QAE@XZ

kernel32

CloseHandle
GetModuleFileNameW
CreateDirectoryW
ReleaseMutex
CreateMutexW
WaitForSingleObject
FindFirstFileW
WritePrivateProfileStringW
FindClose
GetProcAddress
LoadLibraryW
DeleteFileW
MoveFileExW
GetLocalTime
GetPrivateProfileIntW
GetFileAttributesW
GetStdHandle
GetConsoleScreenBufferInfo
GetLastError
WriteConsoleW
UnhandledExceptionFilter
SetThreadPriority
WideCharToMultiByte
MultiByteToWideChar
Sleep
CreateProcessW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
LocalFree
GetFileSize
CreateFileA
WriteFile
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CreateDirectoryA
SetFilePointer
ReadFile
CreateFileW
CreateEventW
SetEvent
GetExitCodeProcess
GetFullPathNameW
GetTempPathW
SetLastError
GetPrivateProfileStringW
SetEndOfFile
GetProcessHeap
HeapAlloc
IsBadReadPtr
HeapFree
ResetEvent
TerminateThread
WaitForMultipleObjects
lstrcpynW
GetCurrentProcessId
ProcessIdToSessionId
InterlockedExchangeAdd
lstrlenA
InterlockedExchange
GetCurrentThreadId
QueueUserAPC
GetSystemInfo
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
FormatMessageW
GetVersionExW
GetCurrentDirectoryW
GetTimeFormatW
GetLocaleInfoA
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
MapViewOfFile
InterlockedCompareExchange
GetModuleHandleW
OpenEventW
Process32NextW
ExpandEnvironmentStringsW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
VirtualQuery
GetSystemDefaultLangID
LoadLibraryA
FreeLibrary
GetTickCount
GetWindowsDirectoryW
InitializeCriticalSection
InterlockedDecrement
FindResourceExW
GetCommandLineW
LoadResource
LockResource
SizeofResource
FindResourceW
LeaveCriticalSection
CopyFileW
DeviceIoControl
CreatePipe
OpenFileMappingA
CreateFileMappingA
InitializeCriticalSectionAndSpinCount
DuplicateHandle
EnterCriticalSection
DeleteTimerQueueTimer
SwitchToThread
ChangeTimerQueueTimer
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
TerminateProcess
GetStartupInfoW
GetThreadLocale
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
RaiseException
InterlockedIncrement
DeleteCriticalSection
SetUnhandledExceptionFilter
SetErrorMode
lstrlenW
FormatMessageA

user32

FindWindowW
PostMessageW
IsWindow
SetTimer
GetMessageW
DispatchMessageW
EnumWindows
IsWindowVisible
GetWindowTextW
GetWindowRect
FindWindowA
SendMessageTimeoutW
SendMessageW
RedrawWindow
DefWindowProcW
KillTimer
PostQuitMessage
UnregisterClassA
DestroyWindow
UpdateWindow
RegisterClassExW
CreateWindowExW
ShowWindow
GetSystemMetrics
GetDesktopWindow
GetClassNameW
IsIconic
GetForegroundWindow
TranslateMessage

advapi32

RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ChangeServiceConfigW
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitializeEx
CLSIDFromProgID
StgOpenStorage
StgIsStorageFile
CoTaskMemFree
StgCreateDocfile
CoInitialize
CoCreateInstance
CoFreeLibrary
CoLoadLibrary
CoCreateGuid
CoFreeUnusedLibrariesEx

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString
VariantInit

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0strstreambuf@std@@QAE@H@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1strstreambuf@std@@UAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

msvcr80

strrchr
_memicmp
setlocale
strncpy_s
wcsncpy_s
_wfopen_s
wcsncat_s
_wtoi
_wsplitpath_s
_getpid
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
_invoke_watson
_controlfp_s
_snwscanf
isalnum
_wstat64
_wmkdir
strtoul
_mbschr
_mbslwr_s
_mbsstr
isspace
strncmp
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_CxxThrowException
memcpy
??3@YAXPAX@Z
_wtol
??2@YAPAXI@Z
memcpy_s
memmove_s
??_V@YAXPAX@Z
_time64
vswprintf_s
_vscwprintf
wcsrchr
_purecall
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
_localtime64_s
_snwprintf_s
??0exception@std@@QAE@XZ
wcsstr
_vsnwprintf_s
_snwprintf
_vscprintf
vsprintf_s
_wfopen
_beginthreadex
fwrite
fflush
fclose
malloc
free
_vsnprintf
_ftelli64
_fseeki64
fopen
fread
ferror
rand
srand
memmove
realloc
wcscpy_s
_wcsupr_s
_wsplitpath
tolower
wcschr
_wcsicmp
swscanf_s
isprint
wcsncpy
_wcsupr
ldiv
strchr
putchar
putwchar
wcstol
_snprintf_s

wininet

HttpQueryInfoW
InternetCloseHandle
HttpOpenRequestW
InternetCrackUrlW
InternetConnectW
InternetQueryOptionW
InternetSetStatusCallbackW
InternetOpenW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFileExA

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69fca406fca60cbc40ffbe822d7a45bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

08:e4:7a:31:10:dc:23:d9:66:44:93:1f:2c:f6:1b:e2:8e:10:52:70Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

shlwapi

common

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

wininet

netapi32

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 301KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 25KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

08:e4:7a:31:10:dc:23:d9:66:44:93:1f:2c:f6:1b:e2:8e:10:52:70
Signer

.text
Size: 304KB - Virtual size: 301KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 25KB