a38fb9d4722d1e94f10ecbf8a9c36b5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a38fb9d4722d1e94f10ecbf8a9c36b5e_JaffaCakes118
Size

273KB
MD5

a38fb9d4722d1e94f10ecbf8a9c36b5e
SHA1

ada63994880cb09d6d484fd8fcdd5f8915bac526
SHA256

37747da1a417eeea2a9c8be6f417f4806931c69e40b810e104989624de83956c
SHA512

97bc2b04de6b5ea1a6dbfc545695c7e2e270dd78a6be777998691af4bf39a5bebfb6660c601fdfe9202f9445e97a1734120c164ee10caaf832c5f9b128971db5
SSDEEP

6144:CrEOSuzojadBC6/HL58hDAPYe+46dOBDU5vxOA:CrEOSaoZ6/HV8+Z+XvxOA

Score

1^/10

Malware Config

Signatures

Files

a38fb9d4722d1e94f10ecbf8a9c36b5e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0b18bde7ad960aa78c4039812445ef68

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07/07/2010, 00:00

Not After

06/07/2013, 23:59

Subject

CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:1d:ac:e0:e7:fd:44:5f:84:ef:dc:0f:20:5d:12:4c:c1:87:5c:88
Signer

Actual PE Digest

f7:1d:ac:e0:e7:fd:44:5f:84:ef:dc:0f:20:5d:12:4c:c1:87:5c:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jdk7u2_32P\jdk7u4_2856_new\build\windows-i586\tmp\deploy\jre-image\bin\deploy.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
FreeLibrary
LocalFree
InterlockedDecrement
lstrlenA
InterlockedIncrement
GetVersionExW
GetCurrentProcess
GetNativeSystemInfo
CloseHandle
GetLastError
CreateFileW
LoadLibraryW
GetSystemDirectoryW
WaitForSingleObject
LocalAlloc
lstrlenW
FormatMessageW
GetLongPathNameW
GetShortPathNameW
GetModuleFileNameW
GetWindowsDirectoryW
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
RaiseException
GetSystemWindowsDirectoryW
GetTickCount
GetModuleHandleExW
GetTempPathW
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
lstrcmpiW
SizeofResource
LoadResource
LeaveCriticalSection
LoadLibraryExW
GlobalFree
ExpandEnvironmentStringsW
FindClose
CreateDirectoryW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
GetExitCodeProcess
LockResource
GetFullPathNameW
GetFileAttributesW
Sleep
CreateProcessW
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
MoveFileExW
CopyFileW
GetTempFileNameW
GetEnvironmentVariableW
GetSystemTime
SetEvent
OpenEventW
GetSystemInfo
WriteFile
lstrcpynW
SystemTimeToTzSpecificLocalTime
CompareFileTime
SystemTimeToFileTime
InterlockedExchange
LoadLibraryA
FindResourceW
EncodePointer
DecodePointer
WideCharToMultiByte
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
EnterCriticalSection

user32

DispatchMessageW
GetMessageW
LoadIconW
TranslateMessage
CreatePopupMenu
AppendMenuW
ModifyMenuW
SetMenuDefaultItem
PostMessageW
TrackPopupMenu
SetWindowLongW
ShowWindow
DefWindowProcW
ExitWindowsEx
MessageBoxW
CharNextW
GetForegroundWindow
GetWindowThreadProcessId
wsprintfW
DestroyIcon
SetForegroundWindow
GetCursorPos
FindWindowExW
GetWindowRect
PostQuitMessage
GetWindowLongW
RegisterClassW
CreateWindowExW
wsprintfA
GetDesktopWindow

gdi32

GetStockObject

ole32

CoFreeUnusedLibraries
CoUninitialize
CoInitialize
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
OleInitialize
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysStringLen
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
VarUI4FromStr
VariantClear
VariantInit
VariantChangeType
SysFreeString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetTimeToSystemTimeW
InternetCrackUrlW
InternetReadFile
InternetSetOptionW
InternetGetCookieW
InternetSetCookieW
HttpQueryInfoW
InternetErrorDlg
InternetGoOnlineW
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW

urlmon

FindMimeFromData
CoInternetCreateSecurityManager

msvcr100

_read
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
wcsncat
asctime
_strdup
_close
swscanf
rand
srand
_time64
wcsncmp
fwprintf_s
_wfopen_s
_swprintf
_wsplitpath
memmove
_snwprintf
islower
strchr
_resetstkoflw
_wchdir
fread
fseek
fwrite
_wmkdir
wcschr
wcsncpy
_wassert
strstr
_local_unwind4
_recalloc
malloc
??_U@YAPAXI@Z
?_wopen@@YAHPB_WHH@Z
_dup
_dup2
_lseek
_wtempnam
calloc
free
_fstat64i32
_wfopen
fputws
fclose
_wremove
wcsnlen
wcstok
_wcsicmp
_wtoi
wcsstr
wcsrchr
memcpy
_purecall
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z
memset
strncpy
??_V@YAXPAX@Z
_wsplitpath_s
memcpy_s
swprintf_s
wcscat_s
wcscpy_s
_wstat64i32
wcsncpy_s
_localtime64
_snwprintf_s
wcsftime
_ftime64_s
_vsnwprintf_s

Exports

Exports

??0BasicPerfHelper@@QAE@ABV0@@Z
??0BasicPerfHelper@@QAE@ABVSystemTime@@AAVNativeLock@@@Z
??0BasicPerfStore@@QAE@ABV0@@Z
??0BasicPerfStore@@QAE@ABVSystemTime@@AAVNativeLock@@@Z
??0DeployPerf@@QAE@ABV0@@Z
??0DeployPerf@@QAE@XZ
??0NativeLock@@IAE@XZ
??0NativeLocker@@QAE@PAVNativeLock@@@Z
??0PerfHelper@@QAE@ABV0@@Z
??0PerfHelper@@QAE@XZ
??0PerfLabel@@QAE@ABV0@@Z
??0PerfLabel@@QAE@XZ
??0PerfLabel@@QAE@_JPBD@Z
??0PerfStore@@QAE@ABV0@@Z
??0PerfStore@@QAE@XZ
??0SystemTime@@QAE@ABV0@@Z
??0SystemTime@@QAE@XZ
??0WinLock@@QAE@XZ
??0WinTime@@QAE@ABV0@@Z
??0WinTime@@QAE@XZ
??1BasicPerfHelper@@UAE@XZ
??1BasicPerfStore@@UAE@XZ
??1DeployPerf@@UAE@XZ
??1NativeLock@@MAE@XZ
??1NativeLocker@@QAE@XZ
??1PerfHelper@@UAE@XZ
??1PerfStore@@UAE@XZ
??1SystemTime@@UAE@XZ
??1WinLock@@UAE@XZ
??1WinTime@@UAE@XZ
??4DeployPerf@@QAEAAV0@ABV0@@Z
??4NativeLocker@@QAEAAV0@ABV0@@Z
??4PerfHelper@@QAEAAV0@ABV0@@Z
??4PerfLabel@@QAEAAV0@ABV0@@Z
??4PerfStore@@QAEAAV0@ABV0@@Z
??4SystemTime@@QAEAAV0@ABV0@@Z
??4WinTime@@QAEAAV0@ABV0@@Z
??_7BasicPerfHelper@@6B@
??_7BasicPerfStore@@6B@
??_7DeployPerf@@6B@
??_7NativeLock@@6B@
??_7PerfHelper@@6B@
??_7PerfStore@@6B@
??_7SystemTime@@6B@
??_7WinLock@@6B@
??_7WinTime@@6B@
?Java_com_sun_deploy_config_WinPlatform_getPublicJdks@@YGPAV_jobject@@PAUJNIEnv_@@PAV1@@Z
?Java_com_sun_deploy_config_WinPlatform_getPublicJres@@YGPAV_jobject@@PAUJNIEnv_@@PAV1@@Z
?Java_com_sun_deploy_config_WinPlatform_init@@YGXPAUJNIEnv_@@PAV_jobject@@@Z
?Java_com_sun_deploy_config_WinPlatform_showURL@@YGEPAUJNIEnv_@@PAV_jobject@@PAV_jstring@@@Z
?LABEL_BUFFER_SIZE@PerfLabel@@2IB
?MAX_LABEL_COUNT@BasicPerfStore@@0IB
?_get@BasicPerfStore@@ABE?AVPerfLabel@@I@Z
?acquire@WinLock@@UAEXXZ
?calculateJavaEpoch@WinTime@@CA_JXZ
?get@BasicPerfStore@@UBE?AVPerfLabel@@I@Z
?getCurrentTime@BasicPerfHelper@@UBE_JXZ
?getCurrentTime@WinTime@@UBE_JXZ
?getJavaObj@PerfLabel@@QBEPAV_jobject@@PAUJNIEnv_@@@Z
?initStore@BasicPerfHelper@@UAE_NXZ
?labelToString@PerfLabel@@QBEPAV_jstring@@PAUJNIEnv_@@@Z
?put@BasicPerfHelper@@UAEXPAUJNIEnv_@@PAV_jstring@@@Z
?put@BasicPerfHelper@@UAEXPBD@Z
?put@BasicPerfStore@@QAEXPAUJNIEnv_@@PAV_jstring@@@Z
?put@BasicPerfStore@@UAEXPBD@Z
?put@PerfHelper@@MAEXPAUJNIEnv_@@PAV_jstring@@@Z
?release@WinLock@@UAEXXZ
?size@BasicPerfStore@@UBEIXZ
?toArray@BasicPerfHelper@@UBEPAV_jobjectArray@@PAUJNIEnv_@@@Z
?toArray@BasicPerfStore@@QBEPAV_jobjectArray@@PAUJNIEnv_@@@Z
?toArray@PerfHelper@@MBEPAV_jobjectArray@@PAUJNIEnv_@@@Z
GetBestHomeBin
GetCurrentJavaHomeFromRegistry
GetDeployPerf
InstallJQS
IsDefaultInBrowser
IsDefaultVMInIExplorer
IsJREForAppletLatest
RegJava2BrowserDefault
RegJava2IExplorerDefault
RegJavaConsole
RegJavaConsoleIExplorer
RegisterDeploy
RegisterDeployEx
RegisterGivenDeployBin
SystemCleanup
UninstallJQS
UninstallJQS1
UnregJava2BrowserDefault
UnregJava2IExplorerDefault
UnregJavaConsole
UnregJavaConsoleIExplorer
UnregisterDeploy
UnregisterDeployEx
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_ExpandEnvironmentStrings@12
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_FindMimeFromData@16
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegCloseKey@12
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegCreateKeyEx@16
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegCreateNoReflectionKey@16
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegDeleteKey@16
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegDeleteValue@16
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegEnumKeyEx@20
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegEnumValue@20
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegFlushKey@12
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegOpenKey@20
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegQueryInfoKey@12
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegQueryValueEx@16
_Java_com_sun_deploy_association_utility_WinRegistryWrapper_RegSetValueEx@20
_Java_com_sun_deploy_config_WinPlatform_addRemoveProgramsAdd@36
_Java_com_sun_deploy_config_WinPlatform_addRemoveProgramsRemove@16
_Java_com_sun_deploy_config_WinPlatform_applyBrowserSettings@8
_Java_com_sun_deploy_config_WinPlatform_canBecomeAdmin@8
_Java_com_sun_deploy_config_WinPlatform_getBrowserHomePath@8
_Java_com_sun_deploy_config_WinPlatform_getBrowserPath@8
_Java_com_sun_deploy_config_WinPlatform_getDesktopIconSize@8
_Java_com_sun_deploy_config_WinPlatform_getJavaPluginSettings@8
_Java_com_sun_deploy_config_WinPlatform_getJqsSettings@8
_Java_com_sun_deploy_config_WinPlatform_getLoadedNativeLibPath@12
_Java_com_sun_deploy_config_WinPlatform_getLongPathName@12
_Java_com_sun_deploy_config_WinPlatform_getPlatformMaxCommandLineLength@8
_Java_com_sun_deploy_config_WinPlatform_getPlatformPID@8
_Java_com_sun_deploy_config_WinPlatform_getPlatformSystemHome@8
_Java_com_sun_deploy_config_WinPlatform_getPlatformUserHome@8
_Java_com_sun_deploy_config_WinPlatform_getSysTickCount@8
_Java_com_sun_deploy_config_WinPlatform_getSystemExecutableHome@8
_Java_com_sun_deploy_config_WinPlatform_handleUserResponse@12
_Java_com_sun_deploy_config_WinPlatform_hasAdminPrivileges@8
_Java_com_sun_deploy_config_WinPlatform_initBrowserSettings@8
_Java_com_sun_deploy_config_WinPlatform_installShortcut@36
_Java_com_sun_deploy_config_WinPlatform_isBrowserFireFox@8
_Java_com_sun_deploy_config_WinPlatform_isNativeModalDialogUp@8
_Java_com_sun_deploy_config_WinPlatform_isPlatformWindowsVista@8
_Java_com_sun_deploy_config_WinPlatform_notifyJREInstalled@12
_Java_com_sun_deploy_config_WinPlatform_onLoad@12
_Java_com_sun_deploy_config_WinPlatform_onSave@12
_Java_com_sun_deploy_config_WinPlatform_sendJFXPingImpl@40
_Java_com_sun_deploy_config_WinPlatform_setJavaPluginSettings@12
_Java_com_sun_deploy_config_WinPlatform_setJqsSettings@12
_Java_com_sun_deploy_config_WinPlatform_shouldPromptForAutoCheck@8
_Java_com_sun_deploy_config_WinPlatform_showDocument@12
_Java_com_sun_deploy_net_cookie_IExplorerCookieHandler_getCookieInfo@12
_Java_com_sun_deploy_net_cookie_IExplorerCookieHandler_setCookieInfo@16
_Java_com_sun_deploy_net_offline_WIExplorerOfflineHandler_askUserGoOnline@12
_Java_com_sun_deploy_net_offline_WIExplorerOfflineHandler_isGlobalOffline@8
_Java_com_sun_deploy_net_offline_WIExplorerOfflineHandler_setGlobalOffline@12
_Java_com_sun_deploy_net_proxy_WIExplorerAutoProxyHandler_evalScript@12
_Java_com_sun_deploy_net_proxy_WIExplorerProxyConfig_getBrowserProxySettings@8
_Java_com_sun_deploy_net_proxy_WIExplorerProxyConfig_performAutoDetection@8
_Java_com_sun_deploy_perf_NativePerfHelper_put@12
_Java_com_sun_deploy_perf_NativePerfHelper_toArray@8
_Java_com_sun_deploy_security_MSCredentialManager_decryptMSPassword@12
_Java_com_sun_deploy_security_MSCredentialManager_encryptMSPassword@12
_Java_com_sun_deploy_security_MSCredentialManager_getLoginUID@8
_Java_com_sun_deploy_security_MSCredentialManager_isEncryptionAvailable@8
_Java_com_sun_deploy_security_MSCryptoDSASignature_nativeSignHash@24
_Java_com_sun_deploy_security_MSCryptoNONEwithRSASignature_nativeSignHash@24
_Java_com_sun_deploy_security_MSCryptoPrivateKey_cleanUp@16
_Java_com_sun_deploy_security_WIExplorerBrowserAuthenticator14_getAuthentication@12
_Java_com_sun_deploy_security_WIExplorerBrowserAuthenticator_getAuthFromInet@28
_Java_com_sun_deploy_security_WIExplorerCertStore_loadCertificates@20
_Java_com_sun_deploy_security_WIExplorerMyKeyStore_loadKeysAndCertificateChains@16
_Java_com_sun_deploy_security_WSeedGenerator_generateSeed@12
_Java_com_sun_deploy_security_WinDeployNTLMAuthCallback_IsTrustedSite@12
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_appendMenu@32
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_createPopupMenu@8
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_createWindow@12
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_defWindowProc@36
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_destroyIcon@16
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_getCurrentProcessId@8
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_hasBalloonTooltipShown0@16
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_isBalloonClickInBounds@8
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_loadTrayIcon@8
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_mainLoop@8
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_modifyMenu@32
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_notifyShell@60
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_openControlPanel@8
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_postQuitMessage@12
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_registerClass@12
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_setBalloonTooltipShown0@20
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_setMenuDefaultItem@24
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_setUserData@16
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_showPopupMenu@24
_Java_com_sun_deploy_ui_WindowsJavaTrayIcon_showWindow@20
_Java_com_sun_deploy_uitoolkit_ui_ConsoleHelper_dumpAllStacksImpl@8
_Java_com_sun_deploy_uitoolkit_ui_ConsoleHelper_preMustangDumpAllStacksImpl@8
_Java_com_sun_deploy_util_WinRegistry_getWindowsDirectory@8
_Java_com_sun_deploy_util_WinRegistry_initIDs@8
_Java_com_sun_deploy_util_WinRegistry_sysCloseKey@12
_Java_com_sun_deploy_util_WinRegistry_sysCreateKey@20
_Java_com_sun_deploy_util_WinRegistry_sysDeleteKey@16
_Java_com_sun_deploy_util_WinRegistry_sysOpenKey@20
_Java_com_sun_deploy_util_WinRegistry_sysQueryKey@16
_Java_com_sun_deploy_util_WinRegistry_sysReboot@8
_Java_com_sun_deploy_util_WinRegistry_sysSetStringValue@20
canInstallJavaFX
getLatestInstalledVersion

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b18bde7ad960aa78c4039812445ef68

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7Certificate

Extended Key Usages

Key Usages

f7:1d:ac:e0:e7:fd:44:5f:84:ef:dc:0f:20:5d:12:4c:c1:87:5c:88Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleaut32

version

wininet

urlmon

msvcr100

Exports

Exports

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 11KB - Virtual size: 11KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7
Certificate

f7:1d:ac:e0:e7:fd:44:5f:84:ef:dc:0f:20:5d:12:4c:c1:87:5c:88
Signer

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 11KB - Virtual size: 11KB