b9d9eef60802575e505ca4fcd2a840a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9d9eef60802575e505ca4fcd2a840a0_JaffaCakes118
Size

283KB
MD5

b9d9eef60802575e505ca4fcd2a840a0
SHA1

2206ee8dd9d0a2dc27931d51671895a3af0a6771
SHA256

09a1c561a4220d90ed84c7d4b22557d0838e4e106eca147205b50d841192405e
SHA512

56cb07d24f080d5ee474f18e032a3d59662d2203d325124ae74c00f51ff755dcb171a73fa744fed5dabab6188f410263d76a647fe8e20a2871dcfb834068f4be
SSDEEP

6144:wpe7kKMQ4KR63HHNiEEQcpGof0yuyGV4525IIRru8VuRnArFBcYs:8KMQw3HtuQwnHleru8VuWrUv

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
b9d9eef60802575e505ca4fcd2a840a0_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/detectimageupload.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/CrashReport.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

b9d9eef60802575e505ca4fcd2a840a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/detectimageupload.dll
.dll regsvr32 windows:5 windows x86 arch:x86

22de8ba11753719ea810e6ce1a240ee4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CloseHandle
OpenProcess
Sleep
TerminateProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DeviceIoControl
GetCurrentProcessId
DeleteFileW
CreateFileW
GetTempPathW
GetLongPathNameW
GetShortPathNameW
LoadLibraryW
QueryDosDeviceW
WriteFile
LockResource
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
FreeLibrary
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
DisableThreadLibraryCalls
OutputDebugStringW
DebugBreak
SetLastError
GetModuleHandleW
GetProcAddress
lstrcmpiW
InterlockedIncrement
lstrlenA
GetCurrentThreadId
GetModuleFileNameW
lstrlenW
MultiByteToWideChar
InterlockedDecrement
RaiseException
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapDestroy
HeapCreate
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
EnterCriticalSection
GetLastError
lstrcpyA
GlobalFree
VirtualAlloc
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree

user32

SetWindowLongW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
CreateDialogParamW
CharNextW
UnregisterClassA
DestroyIcon
EnumThreadWindows
IsIconic
GetSystemMetrics
LoadImageW
PostQuitMessage
CharLowerW
GetSubMenu
LoadMenuW
TrackPopupMenu
SetForegroundWindow
IsWindow
LoadStringW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetClientRect
MapWindowPoints
SetWindowPos
IsDialogMessageW
GetDlgItem
ShowWindow
UpdateWindow
ClientToScreen
BringWindowToTop
PostMessageW
GetWindowLongW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
SendMessageW
IsWindowVisible
EnableWindow

advapi32

RegCloseKey
RegOpenKeyExW
CreateServiceW
StartServiceW
OpenSCManagerW
OpenServiceW
ControlService
DeleteService
CloseServiceHandle
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFileInfoW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitialize
CLSIDFromProgID
CoTaskMemAlloc

oleaut32

RegisterTypeLi
SysFreeString
SysAllocString
VarUI4FromStr
SysStringLen
UnRegisterTypeLi
LoadTypeLi

comctl32

ImageList_ReplaceIcon
ImageList_Create

psapi

EnumProcessModules
GetModuleFileNameExW

Exports

Exports

AddSoftwareToFireWall
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360js.exe
.exe windows:5 windows x86 arch:x86

aa2b66ec67889e1bab30313fbae695f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:c8:f3:6f:e0:4b:17:16:d9:a1:fa:dc:94:ef:ef:8a:98:c7:1b:5f
Signer

Actual PE Digest

2a:c8:f3:6f:e0:4b:17:16:d9:a1:fa:dc:94:ef:ef:8a:98:c7:1b:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Helpton\trunk\Binaries\Release\Client\360js.pdb

Imports

kernel32

TerminateProcess
lstrcmpW
LocalFree
lstrcpynW
LocalAlloc
lstrcpyW
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
WaitForSingleObject
SetFilePointerEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteFile
SetFilePointer
GetCurrentProcessId
CreateMutexW
SetLastError
GetCurrentThreadId
LoadLibraryW
ReadFile
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
GetLastError
OutputDebugStringW
FormatMessageW
GetSystemTime
InitializeCriticalSection
ReleaseMutex
GetModuleFileNameA
GetCurrentProcess
GetSystemInfo
GetVersionExW
GetProcAddress
GetModuleHandleW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetEnvironmentVariableW
SetEnvironmentVariableW
OpenThread
CreateThread
GetModuleFileNameW
CreateFileW
CloseHandle
DeviceIoControl
CreateFileA
GetCommandLineW
GetFileSizeEx
Sleep
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetStartupInfoW
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

GetSystemMetrics

advapi32

RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
OpenSCManagerW
CreateServiceW
ChangeServiceConfig2W
RegQueryValueExA
RegEnumKeyExW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RegOpenKeyW
RegCreateKeyExW
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
DeleteService
ControlService
OpenServiceW
CloseServiceHandle

shell32

CommandLineToArgvW

ole32

CoCreateGuid

shlwapi

UrlUnescapeW

wininet

InternetReadFile
InternetCrackUrlW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CertGetNameStringW
CryptQueryObject
CryptDecodeObject

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360jsv3up.exe
.exe windows:5 windows x86 arch:x86

ad1a9651d02bce10c9871ba855342447

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:c6:71:94:35:2e:f9:60:b2:aa:d5:5e:03:74:38:b6:74:b8:85:50
Signer

Actual PE Digest

aa:c6:71:94:35:2e:f9:60:b2:aa:d5:5e:03:74:38:b6:74:b8:85:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Helpton\trunk\Binaries\Release\Client\360jsv3up.pdb

Imports

kernel32

WriteFile
LoadLibraryW
GetVersionExW
LeaveCriticalSection
TerminateProcess
ReadFile
CreateFileW
SetLastError
GetProcAddress
EnterCriticalSection
GetModuleFileNameA
GetCurrentProcess
GetCurrentThreadId
DeviceIoControl
CreateThread
GetSystemInfo
CreateFileA
FreeLibrary
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSizeEx
SetFilePointerEx
GetEnvironmentVariableW
SetEnvironmentVariableW
OpenThread
SetFilePointer
CreateMutexW
LocalFree
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetLastError
WriteConsoleW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
Sleep
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
ReleaseMutex
WaitForSingleObject
OutputDebugStringW
FormatMessageW
GetSystemTime
GetProcessHeap
InitializeCriticalSection
HeapFree
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
RtlUnwind
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

DispatchMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
ShowWindow
GetDesktopWindow
GetSystemMetrics
PostMessageW
EndPaint
PostQuitMessage
BeginPaint
TranslateMessage
RegisterClassExW
PeekMessageW
MessageBoxW
GetActiveWindow

advapi32

RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExA

shell32

ShellExecuteW

shlwapi

PathFileExistsW
PathCombineW
SHGetValueW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AnimateTipJs.exe
.exe windows:5 windows x86 arch:x86

a84f1ab2431f6f631ed8f58abff81249

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:2b:7d:a6:d3:71:f4:cf:a7:f5:79:20:c8:12:ed:27:65:ae:55:4e
Signer

Actual PE Digest

4f:2b:7d:a6:d3:71:f4:cf:a7:f5:79:20:c8:12:ed:27:65:ae:55:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
GetCommandLineW
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
SetLastError
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
lstrlenW
InitializeCriticalSection
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetLastError
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
Sleep
HeapCreate
HeapSize
HeapReAlloc
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
LoadLibraryW
FreeLibrary
GlobalAlloc
GlobalUnlock
GlobalLock
FindResourceW
SizeofResource
LoadResource
LockResource
GetVersionExW
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetStartupInfoW
FlushFileBuffers
CreateFileA
RtlUnwind
WriteConsoleW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
GetLocaleInfoA

user32

GetWindowThreadProcessId
SendMessageW
ClientToScreen
GetClassNameW
FindWindowW
FindWindowExW
EnumWindows
CharNextW
CallWindowProcW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
UnregisterClassA
PostQuitMessage
KillTimer
DestroyWindow
IsWindow
GetDC
ReleaseDC
GetWindowLongW
SetWindowLongW
IsDialogMessageW
SetTimer
SetWindowPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MonitorFromWindow
GetMonitorInfoW
GetDesktopWindow
GetWindowRect
DefWindowProcW

gdi32

CreateCompatibleDC
SelectObject
GetObjectW
DeleteObject
CreateDIBSection

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

CommandLineToArgvW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

VarUI4FromStr

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipGraphicsClear
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipAlloc

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Config.ini
CrashReport.dll
.dll windows:5 windows x86 arch:x86

3807772ef5324bb56c04ade37153b6a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dbghelp

MiniDumpWriteDump

shlwapi

PathFileExistsW

kernel32

GetFileSizeEx
GetModuleHandleA
RtlUnwind
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
Sleep
ExitProcess
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceW
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringW
CreateFileW
CreateDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetModuleFileNameW
MultiByteToWideChar
WaitForSingleObject
CreateProcessW
WritePrivateProfileStringW
SetUnhandledExceptionFilter
SetLastError
GetLastError
lstrlenW
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
WideCharToMultiByte
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
GetSystemTime
SetFilePointerEx
ReleaseMutex
GetProcessHeap
LocalFileTimeToFileTime
InterlockedExchange
GlobalFindAtomW
OpenThread
SetEnvironmentVariableW
CreateMutexW
DeviceIoControl
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
InitializeCriticalSection
GlobalAddAtomW
GlobalFlags
lstrcmpW
SystemTimeToFileTime
lstrlenA
lstrcmpA
InterlockedIncrement
FreeLibrary
InterlockedDecrement
GetModuleHandleW
GetProcAddress
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GetStringTypeW

user32

DestroyMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
PostQuitMessage
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu

gdi32

SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueExA
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

?RaiseException@@YAXXZ
Initialize
OnExiting

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 26KB - Virtual size: 26KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

22de8ba11753719ea810e6ce1a240ee4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

psapi

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 8KB

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 646B

.data Size: - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 146B

aa2b66ec67889e1bab30313fbae695f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 26KB - Virtual size: 26KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2a:c8:f3:6f:e0:4b:17:16:d9:a1:fa:dc:94:ef:ef:8a:98:c7:1b:5f
Signer

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 10KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

aa:c6:71:94:35:2e:f9:60:b2:aa:d5:5e:03:74:38:b6:74:b8:85:50
Signer

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 9KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate