b4ce94324a8e8024b43df01bf22e216e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4ce94324a8e8024b43df01bf22e216e_JaffaCakes118
Size

12.6MB
MD5

b4ce94324a8e8024b43df01bf22e216e
SHA1

67c20d30f88cacac4f548c93dbef7660f215cca8
SHA256

40811192495c472b0346133bde44d00d4a36b9cd1baf423e1bd88b1682463329
SHA512

ae2226750678576343094f5b512007067159047dab560f38f4e3d040f582f0b61407635d5139339a37165db5ba5596f55b9aaffab671d498ca09f346b2b160c2
SSDEEP

393216:U2HYFefCU/aJvogmPuDoMA/tNGjilc9k5mcUQqNQjmPz9d:YvonPeoMA/839Qqy6H

Score

1^/10

Malware Config

Signatures

Files

b4ce94324a8e8024b43df01bf22e216e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa75dc086d16536a6c3192988ab3268a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:98:a5:86:6a:aa:cf:e8:c3:28:4c:98:35:b8:56:22:f6:99:d2:b2
Signer

Actual PE Digest

2e:98:a5:86:6a:aa:cf:e8:c3:28:4c:98:35:b8:56:22:f6:99:d2:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\xlview\x86\ship\0\xlview.pdb

Imports

advapi32

RegCloseKey
OpenProcessToken
MakeSelfRelativeSD
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
SetSecurityDescriptorDacl
GetPrivateObjectSecurity
SetPrivateObjectSecurity
GetSecurityDescriptorLength
MapGenericMask
ImpersonateSelf
OpenThreadToken
AccessCheck
RevertToSelf
IsValidSecurityDescriptor
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegQueryValueW
MakeAbsoluteSD
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExA
RegQueryValueExA

gdi32

SetTextColor
SetROP2
SetBkMode
GetObjectW
DeleteDC
PlayEnhMetaFile
DeleteEnhMetaFile
SelectClipRgn
CreateSolidBrush
RestoreDC
GetTextColor
GetStockObject
IntersectClipRect
GetViewportExtEx
SetViewportExtEx
GetClipBox
CreatePen
CreatePatternBrush
GetNearestColor
GetTextFaceW
GetNearestPaletteIndex
GetBkColor
SaveDC
GetMapMode
CreateBrushIndirect
CreateCompatibleBitmap
SetMapMode
CombineRgn
DPtoLP
SetRectRgn
GetPaletteEntries
DeleteObject
CreateBitmap
GetTextCharsetInfo
GetRgnBox
ExcludeClipRect
GetDIBits
SetBrushOrgEx
CreateFontIndirectW
CreateHatchBrush
EnumFontsW
GetWindowExtEx
SetWindowExtEx
LPtoDP
GetTextMetricsW
CreateDIBPatternBrush
GetWindowOrgEx
BitBlt
EnumFontFamiliesW
SetWindowOrgEx
SetBitmapBits
ExtCreatePen
MoveToEx
GetCurrentPositionEx
LineTo
PatBlt
Polygon
Ellipse
Pie
Arc
CreateCompatibleDC
GetBitmapBits
GetPixel
SetPixel
StretchBlt
Escape
CreatePolygonRgn
CreateRectRgnIndirect
CreateRectRgn
GetEnhMetaFileHeader
GetWinMetaFileBits
SetMetaFileBitsEx
CreateMetaFileW
EnumMetaFile
CloseMetaFile
DeleteMetaFile
GetMetaFileBitsEx
SetWinMetaFileBits
PlayMetaFileRecord
PlayEnhMetaFileRecord
EnumEnhMetaFile
GdiComment
Polyline
CreateDIBSection
GdiFlush
SetDIBits
GetSystemPaletteEntries
CreatePalette
SelectPalette
RealizePalette
RoundRect
Rectangle
CreateRoundRectRgn
OffsetRgn
GetTextAlign
SetTextAlign
GetCharWidthA
GetTextExtentPointA
SetMapperFlags
EnumObjects
GetCurrentObject
SetAbortProc
ExtEscape
AbortDoc
EndDoc
StartPage
EndPage
CreateICW
SetStretchBltMode
StretchDIBits
InvertRgn
GetEnhMetaFileBits
CopyMetaFileW
CopyEnhMetaFileW
CreateDIBitmap
GetObjectType
SetEnhMetaFileBits
GetOutlineTextMetricsW
GetObjectA
ExtTextOutA
ExtTextOutW
UnrealizeObject
GetClipRgn
GetTextExtentPoint32W
TextOutW
CreateFontA
CreateBitmapIndirect
SetBkColor
GetDeviceCaps
SelectObject
GetCharacterPlacementA
GetTextMetricsA

kernel32

GetProcAddress
GetVersion
GetFileAttributesW
GetModuleHandleA
OutputDebugStringA
GlobalSize
GlobalFree
GlobalLock
GlobalUnlock
GetCurrentThreadId
GetModuleFileNameW
GetUserDefaultLCID
GetCurrentProcessId
WinExec
GetSystemDefaultLCID
GlobalAlloc
GetVersionExW
lstrlenW
IsDBCSLeadByte
GetACP
IsDBCSLeadByteEx
GetDriveTypeW
GlobalReAlloc
GetFileSize
GetFileTime
SetFileTime
GetVolumeInformationW
UnlockFile
LockFile
GetCurrentDirectoryW
MoveFileW
ReadFile
WriteFile
SetFilePointer
DeleteFileW
SetFileAttributesW
CloseHandle
SearchPathW
FindClose
FindFirstFileW
FindNextFileW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetShortPathNameW
SetErrorMode
FindResourceW
LoadResource
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareStringA
GetStringTypeW
FreeLibrary
LCMapStringW
IsBadReadPtr
GetOEMCP
GetCurrentProcess
LocalAlloc
LocalFree
GetSystemDirectoryW
GetCommandLineW
GetCurrentThread
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemDefaultLangID
GetEnvironmentVariableW
GetWindowsDirectoryW
CreateEventW
CreateThread
SetThreadIdealProcessor
GetExitCodeThread
TerminateThread
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
GetSystemInfo
GetTempFileNameW
GetSystemTime
IsBadWritePtr
TerminateProcess
OutputDebugStringW
SizeofResource
LockResource
SetThreadPriority
GlobalAddAtomW
AddAtomW
FlushFileBuffers
GetTempPathW
lstrcmpW
VirtualAlloc
VirtualFree
GetLocaleInfoW
LoadLibraryExW
IsValidCodePage
EnumCalendarInfoW
FreeResource
GetLogicalDrives
GetFullPathNameW
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
IsValidLocale
GlobalGetAtomNameW
GlobalDeleteAtom
SystemTimeToTzSpecificLocalTime
RaiseException
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetStringTypeExW
MulDiv
Sleep
GetTickCount
GetModuleHandleW
SetLastError
GetLastError
LoadLibraryA
LoadLibraryW
FormatMessageA
VirtualProtect
LoadLibraryExA
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
GetSystemDirectoryA
GetStringTypeExA
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTempPathA
GetTempFileNameA
CreateProcessA
GetSystemTimeAsFileTime
GetVersionExA

ole32

OleConvertIStorageToOLESTREAM
OleSaveToStream
WriteClassStm
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTreatAsClass
ReadClassStm
OleSetContainedObject
IsAccelerator
OleTranslateAccelerator
OleSetMenuDescriptor
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoCreateGuid
CoCreateInstanceEx
CoGetClassObject
GetHGlobalFromILockBytes
OleCreateFromData
CoRegisterMessageFilter
CoTaskMemAlloc
CLSIDFromProgID
OleLoad
OleCreateLinkToFile
OleCreate
CoFileTimeNow
CoIsOle1Class
CreateItemMoniker
OleGetIconOfClass
ReadFmtUserTypeStg
CoGetMalloc
CLSIDFromString
OleSave
ReadClassStg
CoDisconnectObject
CreateGenericComposite
OleIsRunning
ProgIDFromCLSID
ReleaseStgMedium
MkParseDisplayName
OleRun
OleCreateLinkFromData
OleCreateLink
CreateBindCtx
CoTaskMemFree
StgIsStorageFile
OleIsCurrentClipboard
OleGetClipboard
OleFlushClipboard
OleSetClipboard
StringFromGUID2
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
OleQueryCreateFromData
CoRegisterClassObject
CoRevokeClassObject
CreateOleAdviseHolder
OleRegGetUserType
CreateDataAdviseHolder
OleQueryLinkFromData
CoInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CoLockObjectExternal
GetRunningObjectTable
CreateFileMoniker
StringFromCLSID
StgSetTimes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleConvertOLESTREAMToIStorage

user32

GetKeyboardState
SetKeyboardState
UnhookWindowsHookEx
SetActiveWindow
SystemParametersInfoW
IsRectEmpty
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
RegisterClassExW
ClientToScreen
AdjustWindowRectEx
HideCaret
ShowCaret
GetActiveWindow
IsChild
GetSystemMenu
PeekMessageW
BeginPaint
EndPaint
GetScrollInfo
InvalidateRect
SetRect
GetTopWindow
GetParent
GetWindowTextW
GetUpdateRgn
InvalidateRgn
ExcludeUpdateRgn
ValidateRect
ValidateRgn
SetCapture
ReleaseCapture
GetCapture
EnableWindow
IsWindowEnabled
IsWindow
DestroyWindow
UpdateWindow
FlashWindow
DispatchMessageW
GetClassLongW
GetFocus
BeginDeferWindowPos
EndDeferWindowPos
GetUpdateRect
SetClassLongW
IsWindowVisible
InSendMessage
VkKeyScanW
GetClassNameW
TranslateMessage
MapVirtualKeyW
WaitMessage
GetQueueStatus
GetAsyncKeyState
GetInputState
SetTimer
KillTimer
PostQuitMessage
GetCursorPos
RegisterClipboardFormatW
SetCursor
ShowCursor
MessageBeep
OpenIcon
GetWindowThreadProcessId
SetRectEmpty
EnumDisplayMonitors
CreateMenu
DestroyMenu
DrawMenuBar
GetMenuItemCount
GetMenuItemID
DeleteMenu
RemoveMenu
GetSubMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
EnumThreadWindows
SetWindowWord
SetScrollPos
GetWindowWord
CallWindowProcW
GetDlgItem
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollInfo
EmptyClipboard
CloseClipboard
SetCaretPos
GetKeyboardLayout
IsClipboardFormatAvailable
GetClipboardData
SetWindowsHookExW
OpenClipboard
GetClipboardOwner
EnumClipboardFormats
FindWindowW
InflateRect
GetMessageExtraInfo
CreateCaret
DestroyCaret
GetCaretPos
PostMessageW
GetThreadDesktop
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
IsCharUpperW
SetWindowTextA
IsWindowUnicode
DispatchMessageA
GetMessageW
WindowFromPoint
SetCursorPos
ArrangeIconicWindows
RedrawWindow
IsZoomed
GetAncestor
FlashWindowEx
GetMenu
SendMessageA
UnregisterClassW
MoveWindow
EqualRect
GetMessagePos
PostMessageA
ToAscii
ToUnicode
GetMessageTime
GetTitleBarInfo
GetWindowInfo
DestroyIcon
DrawIcon
RegisterWindowMessageW
SetParent
EnumChildWindows
CharLowerW
ActivateKeyboardLayout
FreeDDElParam
PackDDElParam
GetClipboardFormatNameW
SetWindowTextW
MapWindowPoints
CreatePopupMenu
CharLowerBuffW
MessageBoxW
DrawFrameControl
GetCursor
SetMenu
CreateAcceleratorTableW
CharUpperBuffW
CreateIconIndirect
IsCharAlphaW
DrawFocusRect
GetForegroundWindow
DefWindowProcW
LoadCursorFromFileW
GetIconInfo
GetKeyboardLayoutList
CallNextHookEx
LoadImageW
DestroyAcceleratorTable
GetDesktopWindow
GetDoubleClickTime
GetWindowDC
UnpackDDElParam
SendMessageTimeoutW
MessageBoxA
FillRect
GetClientRect
IsIconic
SetForegroundWindow
ShowWindow
GetSysColor
MonitorFromRect
SetWindowLongW
GetWindowLongW
CreateWindowExW
RegisterClassW
LoadIconW
LoadCursorW
GetSystemMetrics
RegisterWindowMessageA
SetFocus
ScreenToClient
ReleaseDC
GetDC
UnionRect
IntersectRect
OffsetRect
GetKeyState
UnregisterClassA
PtInRect
DeferWindowPos
SetWindowPos
GetWindowRect
SendMessageW
SetWindowPlacement
GetWindowPlacement
SetClipboardData
GetWindow

msvcr80

__CxxFrameHandler3
memcpy
?raw_name@type_info@@QBEPBDXZ
floor
__CxxLongjmpUnwind
_CxxThrowException
_seh_longjmp_unwind4
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_crt_debugger_hook
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
fopen_s
fwprintf_s
fclose
vsprintf_s
wcscpy_s
vswprintf_s
wcsrchr
memset
free
tolower
toupper
_ecvt_s
printf
_wtof
_fpreset
atof
_controlfp_s
wcsncmp
rand
srand
_wtoi
memmove
exit
_wassert
ceil
??8type_info@@QBE_NABV0@@Z

winspool.drv

ord203

oart

ord5249
ord3927
ord3091
ord3904
ord3830
ord758
ord4627
ord3868
ord4287
ord3820
ord4052
ord3912
ord3911
ord3510
ord3513
ord5278
ord4484
ord5029
ord4051
ord4809
ord5494
ord3758
ord189
ord1425
ord188
ord6004
ord2726
ord1315
ord1776
ord3972
ord3976
ord4896
ord4399
ord1244
ord1752
ord1261
ord1756
ord1270
ord1760
ord5934
ord4558
ord4549
ord4429
ord6166
ord5523
ord741
ord1601
ord2159
ord5388
ord5429
ord3909
ord730
ord5389
ord1067
ord1700
ord5105
ord4347
ord1310
ord1775
ord2544
ord2540
ord5747
ord528
ord1014
ord1688
ord163
ord1416
ord4477
ord478
ord1517
ord1821
ord1823
ord5978
ord5877
ord4442
ord1309
ord4456
ord2905
ord2543
ord742
ord1318
ord1777
ord3037
ord4841
ord3925
ord5365
ord4852
ord2881
ord514
ord143
ord3369
ord5030
ord3076
ord3078
ord3422
ord4286
ord4628
ord3055
ord5111
ord314
ord3777
ord316
ord4998
ord752
ord4659
ord6048
ord4180
ord3352
ord1192
ord1227
ord1746
ord86
ord1384
ord5982
ord183
ord1422
ord462
ord6249
ord1214
ord1743
ord209
ord1434
ord5761
ord1246
ord191
ord15
ord6194
ord1426
ord6283
ord2532
ord2557
ord2985
ord6357
ord6387
ord517
ord1533
ord3370
ord875
ord1640
ord4350
ord5366
ord4035
ord1596
ord727
ord856
ord3220
ord4037
ord1678
ord2483
ord4077
ord4274
ord4615
ord3210
ord2526
ord5610
ord4985
ord1352
ord1788
ord3020
ord1360
ord1010
ord5807
ord3781
ord3779
ord3778
ord3782
ord2887
ord3780
ord6012
ord6082
ord4186
ord1085
ord4410
ord2619
ord5702
ord5508
ord2312
ord6309
ord1087
ord1707
ord4068
ord3158
ord3423
ord5408
ord4658
ord136
ord2973
ord3455
ord5685
ord4596
ord3764
ord2432
ord5431
ord805
ord4289
ord2678
ord548
ord1544
ord3373
ord3415
ord5952
ord5931
ord4393
ord3900
ord2547
ord4431
ord5584
ord5578
ord6404
ord6426
ord6411
ord6433
ord1706
ord1521
ord1473
ord1474
ord1595
ord1738
ord2097
ord2094
ord1986
ord1997
ord2092
ord1260
ord1226
ord182
ord208
ord1213
ord1269
ord2006
ord2099
ord258
ord257
ord1449
ord4181
ord4545
ord4854
ord5297
ord5298
ord4092
ord4091
ord3080
ord3993
ord3530
ord4195
ord3132
ord3956
ord3367
ord2990
ord5543
ord2995
ord5549
ord2994
ord5545
ord2478
ord5498
ord6248
ord1857
ord3128
ord3038
ord3879
ord4338
ord2549
ord3903
ord3141
ord1193
ord3775
ord1022
ord1691
ord1035
ord3069
ord3955
ord457
ord472
ord927
ord923
ord1092
ord537
ord386
ord4351
ord3827
ord3825
ord2793
ord1071
ord551
ord1546
ord5208
ord796
ord549
ord1545
ord749
ord1605
ord1884
ord4189
ord2679
ord4031
ord1157
ord82
ord1724
ord667
ord1568
ord6167
ord6163
ord2444
ord5236
ord3550
ord4711
ord3653
ord2032
ord1156
ord666
ord868
ord2086
ord2051
ord867
ord1636
ord5153
ord2918
ord2917
ord3032
ord3033
ord4054
ord2916
ord4071
ord3079
ord5065
ord5683
ord2910
ord908
ord425
ord84
ord1294
ord1770
ord5562
ord4126
ord4621
ord6009
ord1296
ord1771
ord4004
ord3324
ord3921
ord1090
ord2403
ord2405
ord2404
ord2402
ord4447
ord4448
ord4450
ord4449
ord166
ord167
ord169
ord168
ord4819
ord428
ord429
ord3001
ord3524
ord6275
ord3137
ord4634
ord3002
ord3525
ord6276
ord3138
ord4635
ord3004
ord3527
ord6278
ord3140
ord4637
ord3003
ord3526
ord6277
ord3139
ord4636
ord3225
ord3226
ord3224
ord3223
ord1418
ord1419
ord1421
ord1420
ord3146
ord4472
ord4032
ord384
ord4483
ord5228
ord4478
ord5018
ord2147
ord4465
ord734
ord731
ord469
ord1515
ord2021
ord468
ord2688
ord5650
ord3965
ord1371
ord1372
ord4198
ord3812
ord1034
ord3271
ord5282
ord3362
ord3363
ord3364
ord3280
ord4307
ord4306
ord4060
ord5846
ord4172
ord1927
ord6337
ord4686
ord5961
ord301
ord6338
ord3021
ord1593
ord3380
ord4640
ord3392
ord3388
ord3387
ord5852
ord6310
ord4055
ord1353
ord751
ord915
ord642
ord1558
ord4154
ord5407
ord474
ord4684
ord5469
ord5369
ord3926
ord3259
ord3284
ord5700
ord3097
ord3961
ord3481
ord2450
ord2380
ord3522
ord4057
ord6245
ord2970
ord3249
ord4038
ord5145
ord5063
ord6170
ord5539
ord5541
ord4660
ord4651
ord3940
ord5684
ord4486
ord4653
ord2359
ord2356
ord491
ord6083
ord1069
ord1702
ord1295
ord4694
ord2542
ord3796
ord518
ord2874
ord3255
ord530
ord5334
ord2942
ord4982
ord1537
ord4496
ord3432
ord3462
ord3236
ord3043
ord1332
ord6040
ord2644

oleaut32

VariantClear
VariantInit
SysFreeString

Exports

Exports

DllGetLCID
MdCallBack
MdCallBack12
_LPenHelper

Sections

.text
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 825KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 483KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa75dc086d16536a6c3192988ab3268a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:b2:9b:00:00:00:00:00:15Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

2e:98:a5:86:6a:aa:cf:e8:c3:28:4c:98:35:b8:56:22:f6:99:d2:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

ole32

user32

msvcr80

winspool.drv

oart

oleaut32

Exports

Exports

Sections

.text Size: 10.3MB - Virtual size: 10.3MB

.data Size: 236KB - Virtual size: 825KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 483KB - Virtual size: 482KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:b2:9b:00:00:00:00:00:15
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

2e:98:a5:86:6a:aa:cf:e8:c3:28:4c:98:35:b8:56:22:f6:99:d2:b2
Signer

.text
Size: 10.3MB - Virtual size: 10.3MB

.data
Size: 236KB - Virtual size: 825KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 483KB - Virtual size: 482KB