a6e74aa77d7b183fd9b4150871cffaf9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6e74aa77d7b183fd9b4150871cffaf9_JaffaCakes118
Size

333KB
MD5

a6e74aa77d7b183fd9b4150871cffaf9
SHA1

9d362389fc687e6d479450b43858f2f89d2af36b
SHA256

acb037d3cf676f1ac0bfb52a582d109f4e4bc7dd5c48a386f0ce2a8aae191dee
SHA512

a18ff2c2c70ec9d97941c94ea820f485a960c5433a4d020536e7f53859b61df33bbfe6194d0a094bb93ce282da50fc5109e1c8a7b55d6b39a1fe7a6d0acad1b4
SSDEEP

6144:zTq+bKJuTtHKVetVXDL9b16MGx86H8rX6b1uxmDrBkADWzO+1WvRx6C/K:v9KJE6AbC4rKb1iirBv+W3K

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack003/plugins/WajamNPAPI.dll
unpack001/$PLUGINSDIR/DcryptDll.dll
unpack001/$PLUGINSDIR/IpConfig.dll
unpack001/$PLUGINSDIR/MoreInfo.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsisos.dll
unpack001/IE/waitBHOEnable.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

a6e74aa77d7b183fd9b4150871cffaf9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Code Sign

8a:53:aa:d5:42:c9:19:df:71:72:aa:6a:fb:31:2b:17
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

03/06/2011, 00:00

Not After

02/06/2012, 23:59

Subject

CN=Wajam,O=Wajam,POSTALCODE=H2W1Y7,STREET=suite 200+STREET=4115 St-Laurent,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:13:e3:2e:d3:1b:92:d2:9a:20:28:69:6e:52:26:37:7a:80:93:18
Signer

Actual PE Digest

39:13:e3:2e:d3:1b:92:d2:9a:20:28:69:6e:52:26:37:7a:80:93:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Mozilla/Firefox/Profiles/$1/extensions/{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.zip
META-INF/WajamsTheUSERTRUSTNetworkID.rsa
META-INF/WajamsTheUSERTRUSTNetworkID.sf
META-INF/manifest.mf
chrome.manifest
content/browserLoad.js
.js
content/domLoad.js
.js
content/firefoxOverlay.xul
.xml
content/wajam.js
.js
content/wajam.png
.png
defaults/preferences/wajam.js
install.rdf
.xml
$LOCALAPPDATA/Wajam/Chrome/wajam_121.crx
.zip
html/background.html
.html
js/background.js
.js
js/domLoad.js
.js
js/wajam.js
.js
manifest.json
plugins/WajamNPAPI.dll
.dll windows:5 windows x86 arch:x86

455f95c246e91c78598ac3780135923d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent
RtlUnwind
RaiseException
WideCharToMultiByte
IsDebuggerPresent
MultiByteToWideChar
LoadLibraryW
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
HeapAlloc
GetLastError
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeLibrary
GetProcessHeap
GetModuleFileNameW
VirtualQuery
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

oleaut32

SysFreeString
SysAllocStringLen

gdiplus

GdiplusStartup
GdiplusShutdown

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wajam_icon_128x128.png
.png
wajam_icon_48x48.png
.png
$PLUGINSDIR/DcryptDll.dll
.dll windows:4 windows x86 arch:x86

5e1d3f49e5b7590e18325930cd3084f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
CreateFileA
lstrlenA
DeleteFileA
WriteFile
ReadFile
lstrcmpA
CloseHandle
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

Exports

Exports

Decrypt
HexDecoder
HexEncoder
LoadStr
MD5Hash

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IpConfig.dll
.dll windows:5 windows x86 arch:x86

a9988f98d52a3c7d16228f87844f85ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Visual Studio\NSIS Plugins\IpConfig\Output\Plugins\IpConfig.pdb

Imports

kernel32

lstrcpynA
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
MultiByteToWideChar
GlobalFree
lstrcpyA
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetLastError
lstrlenA
WideCharToMultiByte
HeapFree
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
HeapAlloc
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfA

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
SysAllocStringLen
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

Exports

Exports

GetAllNetworkAdaptersIDs
GetAllNetworkAdaptersIDsCB
GetDNSSuffixSearchList
GetEnabledNetworkAdaptersIDs
GetEnabledNetworkAdaptersIDsCB
GetHostName
GetNetworkAdapterConnectionID
GetNetworkAdapterConnectionSpecificDNSSuffix
GetNetworkAdapterDHCPLeaseExpires
GetNetworkAdapterDHCPLeaseObtained
GetNetworkAdapterDHCPServer
GetNetworkAdapterDNSServers
GetNetworkAdapterDNSServersCB
GetNetworkAdapterDefaultIPGateways
GetNetworkAdapterDefaultIPGatewaysCB
GetNetworkAdapterDescription
GetNetworkAdapterIDFromDescription
GetNetworkAdapterIDFromIPAddress
GetNetworkAdapterIDFromMACAddress
GetNetworkAdapterIPAddresses
GetNetworkAdapterIPAddressesCB
GetNetworkAdapterIPSubNets
GetNetworkAdapterIPSubNetsCB
GetNetworkAdapterMACAddress
GetNetworkAdapterPrimaryWINSServer
GetNetworkAdapterSecondaryWINSServer
GetNetworkAdapterType
GetNodeType
GetPrimaryDNSSuffix
IsIPRoutingEnabled
IsNetworkAdapterAutoSense
IsNetworkAdapterDHCPEnabled
IsWINSProxyEnabled

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MoreInfo.dll
.dll windows:4 windows x86 arch:x86

01d106fd6b60d71fb22bfc025916871f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\untgz\MoreInfo\SRC\Release\MoreInfo.pdb

Imports

user32

wsprintfA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetSystemDirectoryA
lstrcpyA
lstrcpynA
GlobalFree
lstrlenA
GlobalAlloc
lstrcatA

Exports

Exports

GetComments
GetCompanyName
GetFileDescription
GetFileVersion
GetInternalName
GetLegalCopyright
GetLegalTrademarks
GetOSUserinterfaceLanguage
GetOriginalFilename
GetPrivateBuild
GetProductName
GetProductVersion
GetSpecialBuild
GetUserDefined

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisos.dll
.dll windows:1 windows x86 arch:x86

a70233c77fd258ec47709388c2338273

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetVersionExA
RtlUnwind
RtlZeroMemory
lstrcpyA

crtdll

_fdopen
_open_osfhandle
_ultoa
fclose
_cexit
malloc
printf
raise
setbuf
strcpy

Exports

Exports

osplatform
osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 588B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Wajam/Firefox/firefox_trigger_extension.htm
.html .js polyglot
$PROGRAMFILES/Wajam/Firefox/{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.zip
META-INF/WajamsTheUSERTRUSTNetworkID.rsa
META-INF/WajamsTheUSERTRUSTNetworkID.sf
META-INF/manifest.mf
chrome.manifest
content/browserLoad.js
.js
content/domLoad.js
.js
content/firefoxOverlay.xul
.xml
content/wajam.js
.js
content/wajam.png
.png
defaults/preferences/wajam.js
install.rdf
.xml
IE/favicon.ico
IE/res/alert_window_bho.html
.html .js polyglot
IE/res/wajam_logo.png
.png
IE/uninstall.exe.nsis
IE/waitBHOEnable.exe
.exe windows:5 windows x86 arch:x86

7ddc8b3d2ba881c46f2403a466c3c621

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetModuleHandleW
GetProcAddress
GetStringTypeW
MultiByteToWideChar
LCMapStringW
IsProcessorFeaturePresent
HeapReAlloc
HeapSize
GetLastError
HeapFree
HeapAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
LoadLibraryW
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte

advapi32

RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IE/wajam.dll
.dll regsvr32 windows:5 windows x86 arch:x86

9ab957feae07e24731cc304f0ca2056d

Code Sign

8a:53:aa:d5:42:c9:19:df:71:72:aa:6a:fb:31:2b:17
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

03/06/2011, 00:00

Not After

02/06/2012, 23:59

Subject

CN=Wajam,O=Wajam,POSTALCODE=H2W1Y7,STREET=suite 200+STREET=4115 St-Laurent,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a7:7c:10:26:11:75:62:fd:e8:8c:5e:04:08:f5:61:f4:2c:f2:ce:d7
Signer

Actual PE Digest

a7:7c:10:26:11:75:62:fd:e8:8c:5e:04:08:f5:61:f4:2c:f2:ce:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Guillaume\Desktop\svnwajam\Clients\IE_BHO\source\wajam\Release\wajam.pdb

Imports

wininet

InternetSetCookieW

kernel32

InterlockedExchange
FindCloseChangeNotification
GetProcAddress
GetModuleHandleW
lstrlenW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
lstrcpyW
GetPrivateProfileStringW
FindNextFileW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
DeleteCriticalSection
GetModuleFileNameW
FreeLibrary
lstrcmpiW
FindFirstChangeNotificationW
LoadLibraryExW
GetThreadLocale
SetThreadLocale
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcess
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WaitForSingleObject
FindNextChangeNotification
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
FreeEnvironmentStringsW
WriteConsoleW
FlushFileBuffers
SetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
CreateThread
ResumeThread
CloseHandle
ExitThread
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetModuleFileNameA
GetProcessHeap
HeapSize
GetStartupInfoW
SetHandleCount
RtlUnwind
CreateFileW
GetFileType
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
WriteFile
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc

user32

CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
CharNextW
GetFocus
MessageBoxW
UnregisterClassA

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayLock
SafeArrayCreate
DispCallFunc
SafeArrayUnlock
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayGetLBound
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
VarBstrCmp
VariantInit
BSTR_UserFree
VARIANT_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserSize
BSTR_UserSize
SysAllocStringLen
SysStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
VARIANT_UserMarshal
SafeArrayRedim

shlwapi

SHCreateStreamOnFileW

urlmon

CoInternetGetSession

rpcrt4

NdrDllUnregisterProxy
NdrDllGetClassObject
IUnknown_AddRef_Proxy
NdrCStdStubBuffer2_Release
IUnknown_Release_Proxy
NdrStubCall2
NdrDllCanUnloadNow
NdrDllRegisterProxy
NdrOleAllocate
NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Updater/WajamUpdater.exe
.exe windows:5 windows x86 arch:x86

1290526020ee7953dd528ca9b331c17f

Code Sign

8a:53:aa:d5:42:c9:19:df:71:72:aa:6a:fb:31:2b:17
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

03/06/2011, 00:00

Not After

02/06/2012, 23:59

Subject

CN=Wajam,O=Wajam,POSTALCODE=H2W1Y7,STREET=suite 200+STREET=4115 St-Laurent,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:26:7e:8f:09:55:09:95:e6:7a:37:21:0a:b2:d3:90:d9:c2:2e:6b
Signer

Actual PE Digest

3a:26:7e:8f:09:55:09:95:e6:7a:37:21:0a:b2:d3:90:d9:c2:2e:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Guillaume\Desktop\svnwajam\Clients\Updater\Release\WajamUpdater.pdb

Imports

kernel32

GetCommandLineW
GetCurrentThreadId
InterlockedDecrement
CompareStringW
LockResource
ReadFile
SetEndOfFile
LoadLibraryW
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
EnterCriticalSection
RaiseException
LeaveCriticalSection
FreeLibrary
GetLastError
lstrlenW
lstrcmpiW
MultiByteToWideChar
WaitForSingleObject
CreateProcessW
CloseHandle
CreateFileW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
HeapCreate
GetTimeZoneInformation
Sleep
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
ExitThread
CreateThread
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError

user32

CharNextW
PostThreadMessageW
LoadStringW
MessageBoxW
GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW

advapi32

ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
DeleteService
ControlService
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
DeregisterEventSource

ole32

CLSIDFromProgID
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoInitialize

oleaut32

VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayGetVartype

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Code Sign

8a:53:aa:d5:42:c9:19:df:71:72:aa:6a:fb:31:2b:17Certificate

Extended Key Usages

Key Usages

39:13:e3:2e:d3:1b:92:d2:9a:20:28:69:6e:52:26:37:7a:80:93:18Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 7KB - Virtual size: 7KB

455f95c246e91c78598ac3780135923d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

5e1d3f49e5b7590e18325930cd3084f1

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 470B

.data Size: 2KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 730B

a9988f98d52a3c7d16228f87844f85ea

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

01d106fd6b60d71fb22bfc025916871f

Headers

DLL Characteristics

File Characteristics

PDB Paths

8a:53:aa:d5:42:c9:19:df:71:72:aa:6a:fb:31:2b:17
Certificate

39:13:e3:2e:d3:1b:92:d2:9a:20:28:69:6e:52:26:37:7a:80:93:18
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 470B

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 730B

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 28B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 188B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B