ae20bcd0048d8be97d9984d5b98a9389_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae20bcd0048d8be97d9984d5b98a9389_JaffaCakes118
Size

12.4MB
MD5

ae20bcd0048d8be97d9984d5b98a9389
SHA1

fe6bce0167e559a14df941ba19c89d5f35516a96
SHA256

e934ff822320805804825ef082d041f2495f9a912797a314ed1edb440e859b95
SHA512

74724f8d6270ae6f939ce137cf2ce94d509696a6b02a14acb44bc0d6e9760e83a0ec106a59c47a7f906d656c553637d3e33258152b019151fec031d409074efd
SSDEEP

393216:8wEoyH99Ua0QPTmpzBqKbzlY3ztVo9l+IoSY0d9Hg:8wEoyHzVTCTvG35V8vtLA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/system/WarRock.exe

Files

ae20bcd0048d8be97d9984d5b98a9389_JaffaCakes118
.zip
animation/AG/1st_Animations/AR/Degtyaryov.AG
animation/AG/1st_Animations/AR/G11.AG
animation/AG/1st_Animations/MG/M240B.AG
animation/AG/3rd_Animations/3rd_Animations.AG
animation/AG/3rd_Animations/AI_Breaker.AG
animation/AG/3rd_Animations/AI_Defender.AG
animation/ASS/1st_animation/AR/Degtyaryov.ASS
animation/ASS/1st_animation/AR/G11.ASS
animation/ASS/1st_animation/MG/M240B.ASS
animation/ASS/1st_animation/SMG/Veresk.ASS
animation/ASS/1st_animation/SMG/Veresk_Dot.ASS
animation/ASS/3rd_animation/AI/AI_Defender.ASS
animation/ASS/3rd_animation/AI/Ai_Breaker.ASS
animation/ASS/3rd_animation/U_AR/U_3AR_Degtyaryov.ASS
animation/ASS/3rd_animation/U_AR/U_3AR_G11.ASS
animation/ASS/3rd_animation/U_SR/U_3SR_sr25.ASS
animation/RPK/1st_animation.RPK
animation/RPK/1st_character.RPK
animation/RPK/1st_weapon.RPK
animation/RPK/3rd_animation.RPK
animation/RPK/3rd_character.RPK
animation/RPK/3rd_weapon.RPK
animation/SGF/1st_character/Gloves_W37_Santa_1st.SGF
animation/SGF/1st_character/Upper_W37_Santa_1st.SGF
animation/SGF/1st_weapon/AR/Degtyaryov.SGF
animation/SGF/1st_weapon/AR/G11.SGF
animation/SGF/1st_weapon/SR/DragunovSC.SGF
animation/SGF/3rd_character/Helmet_W37_Santa.SGF
animation/SGF/3rd_character/Lower_W37_Santa.SGF
animation/SGF/3rd_character/Shoes_W37_Santa.SGF
animation/SGF/3rd_character/Upper_W37_Santa.SGF
animation/SGF/3rd_character/Vest_W37.SGF
animation/SGF/3rd_weapon/Degtyaryov_3rd.SGF
animation/SGF/3rd_weapon/DragunovSC_3rd.SGF
animation/SGF/3rd_weapon/G11_3rd.SGF
animation/SGF/3rd_weapon/SR25_3rd.SGF
animation/WCC/WRCC.WCC
animation/WCD/3rd_character.WCD
animation/WCD/Degtyaryov.WCD
animation/WCD/Dragunov_SC.WCD
animation/WCD/Fist.WCD
animation/WCD/G11.WCD
animation/WCD/K1_SC.WCD
animation/WCD/M4_SC.WCD
data/Global.FCL
data/HShield/AhnUpCtl.dll
.dll windows:4 windows x86 arch:x86

0aa2ae188aec8c192d9ba9f57bc1f677

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

29/10/2011, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:65:42:d6:71:ae:c4:0e:0e:e4:62:5b:50:6d:d5:03:c8:ba:a8:78
Signer

Actual PE Digest

28:65:42:d6:71:ae:c4:0e:0e:e4:62:5b:50:6d:d5:03:c8:ba:a8:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
lstrcatA
GetWindowsDirectoryA
GetDriveTypeA
GetCurrentProcess
GetProcAddress
lstrcmpA
GetSystemDirectoryA
GetModuleHandleA
SetFileAttributesA
CreateFileA
FreeLibrary
lstrlenA
lstrcpynA
lstrcpyA
GetVersionExA
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
GetUserDefaultLangID
GetDateFormatA
SetLastError
GetTimeFormatA
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetLastError
DeleteFileA
MoveFileA
GetFileAttributesA
GetCommandLineA
GetVersion
RtlUnwind
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapSize
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
ReadFile
FlushFileBuffers
CloseHandle
CompareStringA
SetEndOfFile

user32

wsprintfA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

AhnUpCtl_GetInfo
AhnUpCtl_GetInfo2
AhnUpCtl_GetInstalledAndNeighborsPdList
AhnUpCtl_GetInstalledPdCount
AhnUpCtl_GetInstalledPdList
AhnUpCtl_GetMainFile
AhnUpCtl_GetPPAuthInfo
AhnUpCtl_GetPd
AhnUpCtl_GetPdList
AhnUpCtl_GetSection
AhnUpCtl_GetSubPdList
AhnUpCtl_GetTList
AhnUpCtl_GetText
AhnUpCtl_GetType

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/HShield/AhnUpGS.dll
.dll windows:4 windows x86 arch:x86

8b716d740b68bca833d4fbfa86889fd0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

29/10/2011, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:7c:ad:b3:ed:f4:7f:54:e2:a5:74:9c:86:4f:d2:78:e4:08:83:c2
Signer

Actual PE Digest

45:7c:ad:b3:ed:f4:7f:54:e2:a5:74:9c:86:4f:d2:78:e4:08:83:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
DeleteFileA
GetFileSize
ReadFile
Sleep
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
OutputDebugStringA
LocalAlloc
GetLocalTime
lstrcpyA
lstrcatA
FormatMessageA
GetSystemInfo
GetModuleHandleA
GetVersionExA
GlobalMemoryStatus
GetComputerNameA
GetCurrentProcess
GetCurrentThread
GetDiskFreeSpaceA
GetVolumeInformationA
CreateFileA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
LocalFileTimeToFileTime
SetFileTime
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
SetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
GetLastError
SetLastError
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
SetFilePointer
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
lstrlenA
lstrcpynA
GetDriveTypeA
GetModuleFileNameA
WriteFile
IsBadWritePtr
IsBadReadPtr
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
HeapFree
HeapAlloc
RtlUnwind
CreateThread
GetCurrentThreadId
ExitThread
InterlockedDecrement
InterlockedIncrement
RaiseException
GetCommandLineA
GetVersion
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
TerminateProcess
HeapSize
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

user32

GetSystemMetrics
wvsprintfA
wsprintfA
LoadStringA

advapi32

LookupAccountSidA
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
EqualSid
FreeSid
RegCloseKey
OpenThreadToken
OpenProcessToken
GetTokenInformation

v3inetgs

??0V3INetEx@@QAE@XZ
?GetFile@V3INetEx@@QAEKPAUINTERNET_CONNECT_INFO@@PAU__V3INETDATA__@@J@Z
?Close@V3INetEx@@QAEHXZ
?RegisterInterface@V3INetEx@@QAEHPAVAbsInterface@@@Z
?Initialize@V3INetEx@@QAEHXZ
??1V3INetEx@@QAE@XZ

v3hunt

V3Net_GetCount
V3Net_CloseHandle
V3Net_GetUpdateData2
V3Net_IsFileEqual
V3Net_CompareFileInfo
V3Net_CompareFileInfo2
V3Net_SetDestFullPath
V3Net_GetAt

ahnupctl

AhnUpCtl_GetText
AhnUpCtl_GetSection
AhnUpCtl_GetInfo

urlmon

URLDownloadToFileA

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
DeleteUrlCacheEntry
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpQueryInfoA

Exports

Exports

?DownloadFile@@YAJPBD00PAUUD_STATUS@@JPAXH@Z
?UpdateProgress@@YAHKKJ@Z
AhnUp_ClearPatchURL
AhnUp_DoIt
AhnUp_GetPatchPath
AhnUp_GetPatchURL
AhnUp_SetDefaultPatchURL
AhnUp_SetPatchURL

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/HShield/HSInst.dll
.dll windows:4 windows x86 arch:x86

85f0a53320c617af19fda0768e3dfbbf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

29/10/2011, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:9b:6d:4d:76:95:c7:07:0c:f0:fc:6a:28:db:2a:ed:31:87:e6:07
Signer

Actual PE Digest

6a:9b:6d:4d:76:95:c7:07:0c:f0:fc:6a:28:db:2a:ed:31:87:e6:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetVersionExA
MultiByteToWideChar
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
GetModuleHandleA
lstrcpynA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
CloseHandle
lstrcpyA
lstrcmpiA
lstrcmpA
FormatMessageA
SetConsoleCtrlHandler
LocalFree
IsBadWritePtr
VirtualAlloc
LoadLibraryA
lstrlenA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
Sleep
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SetEnvironmentVariableA

user32

GetWindowLongA
SendMessageA
SetWindowLongA
wsprintfA
LoadStringA
CopyImage
LoadImageA
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
InvalidateRect
SetWindowTextA
DestroyWindow
IsWindow
CreateDialogParamA
ShowWindow
GetClientRect
GetSystemMetrics
SetWindowPos
CreateWindowExA

gdi32

BitBlt
GetObjectA
CreateCompatibleDC
DeleteObject
CreateFontA
SetTextColor
SetBkMode
SelectObject
GetStockObject
StretchBlt

oleaut32

OleLoadPicturePath

comctl32

ord17

winmm

timeGetTime

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/HShield/HSUpdate.exe
.exe windows:4 windows x86 arch:x86

77298e58656d2c6cb7857f6d71477242

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

29/10/2011, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:32:0b:18:62:e9:8f:5a:1a:78:b5:5a:89:75:98:71:c2:d1:2b:8a
Signer

Actual PE Digest

f0:32:0b:18:62:e9:8f:5a:1a:78:b5:5a:89:75:98:71:c2:d1:2b:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetVersionExA
GetExitCodeThread
CreateThread
CreateEventA
Sleep
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetModuleHandleA
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
GetVersion
GetCommandLineA
GetProcAddress
FreeLibrary
LoadLibraryA
OpenEventA
OutputDebugStringA
LocalAlloc
GetLocalTime
lstrcatA
GlobalMemoryStatus
GetComputerNameA
GetCurrentProcess
GetCurrentThread
GetSystemInfo
GetVolumeInformationA
GetDriveTypeA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
CreateDirectoryA
SetEndOfFile
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetFullPathNameA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
CreateMutexA
SetEvent
GetLastError
WaitForSingleObject
CloseHandle
GetTickCount
lstrcpyA
ExitThread
lstrcmpiA
lstrcmpA
FormatMessageA
LocalFree
lstrcpynA
lstrlenA
GetTimeZoneInformation
CompareStringA
CompareStringW
GetDiskFreeSpaceA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
RtlUnwind
ExitProcess
TerminateProcess
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

GetSystemMetrics
wvsprintfA
GetWindowPlacement
GetClientRect
SystemParametersInfoA
CreateWindowExA
ShowWindow
SetWindowPos
GetParent
LoadIconA
LoadCursorA
RegisterClassA
PostQuitMessage
BeginPaint
EndPaint
DefWindowProcA
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SendMessageA
LoadStringA
GetWindowRect

gdi32

GetStockObject

advapi32

EqualSid
FreeSid
LookupAccountSidA
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegEnumValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid

winmm

timeGetTime

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/HShield/V3Hunt.dll
.dll windows:4 windows x86 arch:x86

33816193d1de5a2fde0735bc571df41a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

29/10/2011, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:66:dc:b5:d9:93:64:3a:bc:47:38:08:d2:f6:e9:98:38:f7:a7:73
Signer

Actual PE Digest

af:66:dc:b5:d9:93:64:3a:bc:47:38:08:d2:f6:e9:98:38:f7:a7:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
lstrcatA
lstrlenA
GetFileSize
ReadFile
lstrcpyA
GetLastError
lstrcmpiA
SetLastError
WaitNamedPipeA
WriteFile
CopyFileA
SetNamedPipeHandleState
CloseHandle
SetEndOfFile
FreeLibrary
GetProcAddress
LoadLibraryA
CallNamedPipeA
TlsAlloc
TlsFree
LocalFree
TlsSetValue
LocalAlloc
TlsGetValue
lstrcpynA
DeleteFileA
SetFileTime
GetComputerNameA
GetFileTime
FileTimeToSystemTime
GetCurrentProcessId
OutputDebugStringA
SystemTimeToFileTime
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleHandleA
GetCurrentProcess
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
MoveFileExA
CreateDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
LocalFileTimeToFileTime
FormatMessageA
HeapFree
HeapAlloc
GetModuleFileNameA
GetCommandLineA
FileTimeToLocalFileTime
GetDriveTypeA
GetLocalTime
RtlUnwind
lstrcmpA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
TerminateProcess
HeapSize
GetCurrentThreadId
GetCurrentThread
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
Sleep
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FlushFileBuffers
GetTimeZoneInformation
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersion
GetFileType

user32

LoadStringA
IsCharAlphaA
CharLowerA
wsprintfA
CharNextA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

V3Net_AddArray
V3Net_CheckFileCRC
V3Net_CloseHandle
V3Net_CompareFileInfo
V3Net_CompareFileInfo2
V3Net_CompareFileVersion2
V3Net_GetAt
V3Net_GetCount
V3Net_GetEngineDate
V3Net_GetFileCRC
V3Net_GetFileTime
V3Net_GetFileVersion
V3Net_GetLastErrorMessage
V3Net_GetUpdateCfg
V3Net_GetUpdateData
V3Net_GetUpdateData2
V3Net_IsFileEqual
V3Net_IsFileEqual2
V3Net_IsFileValid
V3Net_RemoveAt
V3Net_RemoveFileCRC
V3Net_SetAt
V3Net_SetDestFullPath
V3Net_UpdateFromFolder
V3Net_UpdateFromNT
V3Net_WriteFileCRC

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/HShield/V3InetGS.dll
.dll windows:4 windows x86 arch:x86

832be30bf9c941826763ff0640d5f430

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

29/10/2011, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:f9:d3:c0:07:6a:4c:cf:d3:92:02:af:1f:be:b3:83:e3:08:a6:bf
Signer

Actual PE Digest

48:f9:d3:c0:07:6a:4c:cf:d3:92:02:af:1f:be:b3:83:e3:08:a6:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
WaitForSingleObject
DeleteFileA
Sleep
LocalFree
OutputDebugStringA
LocalAlloc
lstrcpyA
CloseHandle
CreateEventA
ResetEvent
GetLastError
FormatMessageA
GetModuleFileNameA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection

user32

wsprintfA
wvsprintfA

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetOpenA
FtpGetFileA
InternetReadFile
InternetQueryDataAvailable
InternetCloseHandle
InternetConnectA
InternetGetLastResponseInfoA
InternetReadFileExA
InternetSetStatusCallback
FtpOpenFileA

msvcrt

strchr
_stat
_stricmp
_adjust_fdiv
_initterm
__CxxFrameHandler
??2@YAPAXI@Z
malloc
_strdate
_strtime
sprintf
free
fopen
fwrite
_purecall
??3@YAXPAX@Z
strncpy
_except_handler3
fclose

Exports

Exports

??0V3INetEx@@QAE@XZ
??1V3INetEx@@QAE@XZ
??4V3INetEx@@QAEAAV0@ABV0@@Z
?Cancel@V3INetEx@@QAEHXZ
?Close@V3INetEx@@QAEHXZ
?GetFile@V3INetEx@@QAEKPAUINTERNET_CONNECT_INFO@@PAU__V3INETDATA__@@J@Z
?Initialize@V3INetEx@@QAEHXZ
?RegisterInterface@V3INetEx@@QAEHPAVAbsInterface@@@Z
?fnV3INetEx@@YAHXZ
?nV3INetEx@@3HA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/Tool.srl
data/UI/CouponPopup.bin
data/UI/CouponPopup.xml
data/UI/PlayTimeEvent.bin
data/UI/PlayTimeEvent.xml
data/UI/UISInGame.bin
data/UI/UISInGame.xml
data/UI/UISMainMenu_r.bin
data/UI/UISMainMenu_r.xml
data/Weapons.txt
data/items.bin
data/textdata_eng.lua
data/textdata_ger.lua
data/textdata_tur.lua
data/weapondata.bin
maps/MapList.xml
maps/XMarien/MapInfo.xml
maps/XVelruf/MapInfo.xml
sound/Weapons/BigSnowBall/WR_fire.wav
staticmesh/StandardMesh/AN06.smf
system/WarRock.exe
.exe windows:5 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

Size: 2.0MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bfrbikhm
Size: 831KB - Virtual size: 832KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lfmrpvst
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
texture/UI/AI/Ai_result_ph.tga
texture/UI/AI/Ai_result_ph.tga.xml
texture/UI/Arms/Image/Item/EtcItem04.tga
texture/UI/Arms/Image/Item/EtcItem04.tga.xml
texture/UI/Arms/Name/Weapon_name_01.tga
texture/UI/Arms/Name/Weapon_name_02.tga
texture/UI/Arms/Name/Weapon_name_02.tga.xml
texture/UI/Custom/CustumeItem08.tga
texture/UI/Custom/CustumeItem08.tga.xml
texture/UI/Custom/Custume_Ch02.tga
texture/UI/Custom/Custume_Ch02.tga.xml
texture/UI/Event/EventBanner.tga
texture/UI/Event/EventBanner_Ger.tga
texture/UI/Event/EventBanner_Tur.tga
texture/UI/Event/LevelUpEvent02.tga
texture/UI/Event/LevelUpEvent02.tga.xml
texture/UI/Event/LevelUpEvent03.tga
texture/UI/Event/LevelUpEvent03.tga.xml
texture/UI/Event/LevelUpEvent03_Ger.tga
texture/UI/Event/LevelUpEvent03_Tur.tga
texture/UI/Event/MissionCount.tga
texture/UI/Event/MissionCount.tga.xml
texture/UI/Event/MissionCount02.tga
texture/UI/In_icon_01.tga
texture/UI/In_icon_01.tga.xml
texture/UI/ItemShop/NewItemShop_05.tga
texture/UI/ItemShop/NewItemShop_05_Ger.tga
texture/UI/ItemShop/NewItemShop_05_Tur.tga
texture/UI/MainLoading/MainLoadingBG01.dds
texture/UI/MainLoading/MainLoadingBG02.dds
texture/UI/MainLoading/MainLoadingBG03.dds
texture/UI/MainLoading/MainLoadingBG04.dds
texture/UI/Map/Etc/UniqueMission/Purpose/Purpose_Text_Snowfight.tga
texture/UI/Map/Etc/UniqueMission/Purpose/Purpose_Text_Snowfight_Ger.tga
texture/UI/Map/Etc/UniqueMission/Purpose/Purpose_Text_Snowfight_tur.tga
texture/UI/Notice/OutNotice.tga
texture/UI/Notice/OutNotice_Ger.tga
texture/UI/Notice/OutNotice_Tur.tga
texture/Weapon/1stWeapons/Degtyaryov_1st.dds
texture/Weapon/1stWeapons/Dragunov_Cloth.dds
texture/Weapon/1stWeapons/Dragunov_SC.dds
texture/Weapon/1stWeapons/G11_1st.dds
texture/Weapon/1stWeapons/K1_SC.dds
texture/Weapon/1stWeapons/M240B_Dogsight.dds
texture/Weapon/1stWeapons/M4A1_SC.dds
texture/Weapon/3rd_Weapon/3rd_M4_SC.dds
texture/Weapon/3rd_Weapon/3rd_dragunov_SC.dds
texture/Weapon/3rd_Weapon/3rd_k1_SC.dds
texture/Weapon/3rd_Weapon/Degtyaryov_3rd.dds
texture/Weapon/3rd_Weapon/G11_3rd.dds
texture/characters/1st/Gloves_W37_Santa_1st.dds
texture/characters/1st/Gloves_W37_Santa_D_1st.dds
texture/characters/1st/Gloves_W37_Santa_N_1st.dds
texture/characters/1st/Upper_W37_Santa_1st.dds
texture/characters/1st/Upper_W37_Santa_D_1st.dds
texture/characters/1st/Upper_W37_Santa_N_1st.dds
texture/characters/3rd/Gloves_W37_Santa.dds
texture/characters/3rd/Gloves_W37_Santa_D.dds
texture/characters/3rd/Gloves_W37_Santa_N.dds
texture/characters/3rd/Helmat_W37_Santa.dds
texture/characters/3rd/Helmat_W37_Santa_D.dds
texture/characters/3rd/Helmat_W37_Santa_N.dds
texture/characters/3rd/Lower_W37_Santa.dds
texture/characters/3rd/Lower_W37_Santa_D.dds
texture/characters/3rd/Lower_W37_Santa_N.dds
texture/characters/3rd/Shoes_W37_Santa.dds
texture/characters/3rd/Shoes_W37_Santa_D.dds
texture/characters/3rd/Shoes_W37_Santa_N.dds
texture/characters/3rd/Upper_W37_Santa_D.dds
texture/characters/3rd/Upper_W37_Santa_F.dds
texture/characters/3rd/Upper_W37_Santa_N.dds

Sharing

General

Malware Config

Signatures

Files

0aa2ae188aec8c192d9ba9f57bc1f677

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

28:65:42:d6:71:ae:c4:0e:0e:e4:62:5b:50:6d:d5:03:c8:ba:a8:78Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 40KB - Virtual size: 44KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 8KB - Virtual size: 7KB

8b716d740b68bca833d4fbfa86889fd0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

45:7c:ad:b3:ed:f4:7f:54:e2:a5:74:9c:86:4f:d2:78:e4:08:83:c2Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

v3inetgs

v3hunt

ahnupctl

urlmon

wininet

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 28KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 8KB - Virtual size: 7KB

85f0a53320c617af19fda0768e3dfbbf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

28:65:42:d6:71:ae:c4:0e:0e:e4:62:5b:50:6d:d5:03:c8:ba:a8:78
Signer

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 40KB - Virtual size: 44KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

45:7c:ad:b3:ed:f4:7f:54:e2:a5:74:9c:86:4f:d2:78:e4:08:83:c2
Signer

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

6a:9b:6d:4d:76:95:c7:07:0c:f0:fc:6a:28:db:2a:ed:31:87:e6:07
Signer

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 92KB - Virtual size: 88KB

.reloc
Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

f0:32:0b:18:62:e9:8f:5a:1a:78:b5:5a:89:75:98:71:c2:d1:2b:8a
Signer

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 32KB - Virtual size: 30KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:97:db:af:dd:31:29:29:9b:e1:a5:eb:cc:6d:1e:33
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate