bac6ce4fa65022f0b5a54c92551dd5f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bac6ce4fa65022f0b5a54c92551dd5f8_JaffaCakes118
Size

4.1MB
MD5

bac6ce4fa65022f0b5a54c92551dd5f8
SHA1

09e68487b486d2bfe5d84fd072fa0a7f25afed50
SHA256

f6fa0e48305c9409f5b7785bd77571a131a15c5da25c3431183b2be35de3f96f
SHA512

c5a48a4077553d7d9a4aaae359a4276991dc35bcbc0cfe1bf631679abdac059bb6e180946b35cc16e2a8261f5c4a77e4e6b007794bf0ae87b5cf9a9530bd4186
SSDEEP

98304:tmoDc0i76EMax2dheXAKWSAmkfq2Jm1iB9u34th:xQz6EMagheXAKlAmF2RB9uWh

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/$3

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

bac6ce4fa65022f0b5a54c92551dd5f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$1
.exe windows:5 windows x86 arch:x86

cb9778fd02fe056be33efe55d8243305

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\ccnettest\build\source\safebox321_speed\Release\360safebox.pdb

Imports

sfc

SfcIsFileProtected

dbghelp

MiniDumpWriteDump

kernel32

GetTickCount
GetSystemTime
MoveFileW
SetProcessWorkingSetSize
InterlockedCompareExchange
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
WriteFileEx
ReadFileEx
PeekNamedPipe
TransactNamedPipe
GetNamedPipeHandleStateW
GetNamedPipeInfo
SetNamedPipeHandleState
CreateNamedPipeW
CallNamedPipeW
WaitNamedPipeW
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
GlobalFree
GlobalHandle
LockResource
OpenFileMappingW
FreeResource
GetPrivateProfileSectionNamesW
GetDiskFreeSpaceExW
GetDriveTypeW
GlobalMemoryStatus
CreateProcessW
GetFileType
DuplicateHandle
DosDateTimeToFileTime
GetCurrentDirectoryW
GetTempPathW
FileTimeToDosDateTime
GetFileInformationByHandle
CopyFileW
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetExitCodeThread
CreateThread
VirtualFree
VirtualAlloc
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedExchange
ResumeThread
ExitProcess
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
TlsAlloc
TlsSetValue
TlsFree
ReleaseMutex
UnmapViewOfFile
GetTempFileNameW
RemoveDirectoryW
GetSystemDirectoryW
SetFileTime
GetWindowsDirectoryW
GetCurrentThread
HeapCreate
QueryPerformanceCounter
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetModuleHandleA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
VirtualQuery
CreateFileMappingW
MapViewOfFile
lstrcpynW
GetShortPathNameW
ResetEvent
CreateEventW
WaitForSingleObject
SetEvent
TerminateProcess
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
SetErrorMode
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
Sleep
ExpandEnvironmentStringsW
CreateDirectoryW
GetLocalTime
CompareFileTime
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
GetPrivateProfileStringW
OutputDebugStringW
DebugBreak
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedIncrement
lstrlenA
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WriteFile
CreateFileA
GetLongPathNameW
SetFilePointer
WritePrivateProfileStringW
GetFullPathNameW
SetLastError
GetFileAttributesW
FindNextFileW
InterlockedDecrement
FlushInstructionCache
lstrcpyW
CreateMutexW
GetPrivateProfileIntW
FreeLibrary
FileTimeToSystemTime
SystemTimeToFileTime
GetModuleFileNameA
CreateFileW
GetFileSize
ReadFile
FindFirstFileW
FindClose
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
OpenProcess
CloseHandle
lstrlenW
lstrcmpiW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
LoadLibraryW
GetProcAddress
GetLastError
LocalAlloc
LocalFree
GetStartupInfoA
GetStdHandle
TlsGetValue

user32

CopyRect
GetScrollInfo
GetScrollPos
SetScrollInfo
TrackMouseEvent
GetCursorPos
ValidateRect
CreateDialogParamW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
EndDialog
GetIconInfo
DestroyIcon
IsDlgButtonChecked
CheckDlgButton
DrawIconEx
LoadIconW
SetRect
IsWindowVisible
LoadBitmapW
EnableWindow
GetClassInfoW
RegisterClassW
RegisterWindowMessageW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetFocus
GetFocus
DrawIcon
DestroyAcceleratorTable
FillRect
GetClassNameW
GetDlgItem
IsChild
RedrawWindow
SetCursor
FrameRect
OffsetRect
SetDlgItemTextW
IntersectRect
GetClassLongW
LoadMenuW
DestroyMenu
MonitorFromPoint
TrackPopupMenu
SendMessageTimeoutW
GetSubMenu
DialogBoxIndirectParamW
PostQuitMessage
MessageBeep
MapDialogRect
SetWindowContextHelpId
IsDialogMessageW
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
MoveWindow
GetSysColor
MessageBoxW
WaitForInputIdle
ShowWindow
LoadImageW
SetForegroundWindow
GetActiveWindow
DialogBoxParamW
CharNextW
CharLowerW
CharUpperW
LoadStringW
wvsprintfW
WindowFromPoint
ExitWindowsEx
FindWindowW
PostMessageW
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
DrawTextW
EndPaint
BeginPaint
PtInRect
ReleaseCapture
CallWindowProcW
SendMessageW
GetCapture
SystemParametersInfoW
IsWindow
AdjustWindowRectEx
GetDlgCtrlID
CreateDialogIndirectParamW
CreatePopupMenu
InsertMenuW
GetWindow
GetParent
SetCapture
KillTimer
SetTimer
InvalidateRect
UpdateWindow
ClientToScreen
GetWindowRect
SetWindowPos
GetMenu
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
GetSystemMetrics
InflateRect
DrawEdge
DrawFocusRect
IsWindowEnabled
GetClientRect
UnregisterClassA
SetScrollPos

gdi32

StretchBlt
ExtTextOutW
CreatePen
SetBkColor
CreateDIBSection
SetPixel
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
CreateFontIndirectW
Rectangle
SetStretchBltMode
TextOutW
GetTextColor
GetClipBox
ExcludeClipRect
OffsetViewportOrgEx
IntersectClipRect
GetPixel
GetTextMetricsW
SetViewportOrgEx
GetStockObject
GetObjectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteDC
SetTextColor
SetBkMode
SelectObject
DeleteObject
RoundRect
GetTextExtentPoint32W
LineTo
CreateFontW
MoveToEx

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SetEntriesInAclW
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
GetTokenInformation
RegOpenKeyW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
GetUserNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
DeleteAce

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
DragAcceptFiles
SHGetFileInfoW
ord165
ShellExecuteExW
ExtractIconExW
ord680
SHGetSpecialFolderPathW
DragQueryFileW
ShellExecuteW

ole32

StgCreateDocfileOnILockBytes
OleUninitialize
OleInitialize
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CreateILockBytesOnHGlobal

oleaut32

VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayGetVartype
VariantInit
SafeArrayCopy
SafeArrayDestroy
SafeArrayCreate
OleLoadPicture
VariantChangeType
VarUI4FromStr
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shlwapi

StrCmpNIW
PathFindExtensionW
SHGetValueW
SHSetValueW
SHDeleteValueW
PathCombineW
PathAppendW
StrStrIW
UrlGetPartW
PathRemoveFileSpecW
PathStripPathW
PathFileExistsW
PathIsDirectoryW
StrCmpIW
StrChrW
PathStripToRootW
StrCpyNW
PathFindFileNameW

comctl32

ImageList_Draw
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Add
ImageList_Create
InitCommonControlsEx
_TrackMouseEvent
ImageList_Destroy

msimg32

GradientFill
AlphaBlend
TransparentBlt

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetReadFile
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionW
InternetGetConnectedState
HttpSendRequestW

iphlpapi

GetAdaptersInfo
SendARP
DeleteIpNetEntry
GetIpNetTable

netapi32

Netbios

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW

ws2_32

inet_ntoa
inet_addr

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928KB - Virtual size: 927KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BoxOption.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SpCaution.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/$3
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360safebox.exe
.exe windows:5 windows x86 arch:x86

cb9778fd02fe056be33efe55d8243305

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\ccnettest\build\source\safebox321_speed\Release\360safebox.pdb

Imports

sfc

SfcIsFileProtected

dbghelp

MiniDumpWriteDump

kernel32

GetTickCount
GetSystemTime
MoveFileW
SetProcessWorkingSetSize
InterlockedCompareExchange
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
WriteFileEx
ReadFileEx
PeekNamedPipe
TransactNamedPipe
GetNamedPipeHandleStateW
GetNamedPipeInfo
SetNamedPipeHandleState
CreateNamedPipeW
CallNamedPipeW
WaitNamedPipeW
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
GlobalFree
GlobalHandle
LockResource
OpenFileMappingW
FreeResource
GetPrivateProfileSectionNamesW
GetDiskFreeSpaceExW
GetDriveTypeW
GlobalMemoryStatus
CreateProcessW
GetFileType
DuplicateHandle
DosDateTimeToFileTime
GetCurrentDirectoryW
GetTempPathW
FileTimeToDosDateTime
GetFileInformationByHandle
CopyFileW
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetExitCodeThread
CreateThread
VirtualFree
VirtualAlloc
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedExchange
ResumeThread
ExitProcess
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
TlsAlloc
TlsSetValue
TlsFree
ReleaseMutex
UnmapViewOfFile
GetTempFileNameW
RemoveDirectoryW
GetSystemDirectoryW
SetFileTime
GetWindowsDirectoryW
GetCurrentThread
HeapCreate
QueryPerformanceCounter
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetModuleHandleA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
VirtualQuery
CreateFileMappingW
MapViewOfFile
lstrcpynW
GetShortPathNameW
ResetEvent
CreateEventW
WaitForSingleObject
SetEvent
TerminateProcess
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
SetErrorMode
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
Sleep
ExpandEnvironmentStringsW
CreateDirectoryW
GetLocalTime
CompareFileTime
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
GetPrivateProfileStringW
OutputDebugStringW
DebugBreak
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedIncrement
lstrlenA
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WriteFile
CreateFileA
GetLongPathNameW
SetFilePointer
WritePrivateProfileStringW
GetFullPathNameW
SetLastError
GetFileAttributesW
FindNextFileW
InterlockedDecrement
FlushInstructionCache
lstrcpyW
CreateMutexW
GetPrivateProfileIntW
FreeLibrary
FileTimeToSystemTime
SystemTimeToFileTime
GetModuleFileNameA
CreateFileW
GetFileSize
ReadFile
FindFirstFileW
FindClose
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
OpenProcess
CloseHandle
lstrlenW
lstrcmpiW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
LoadLibraryW
GetProcAddress
GetLastError
LocalAlloc
LocalFree
GetStartupInfoA
GetStdHandle
TlsGetValue

user32

CopyRect
GetScrollInfo
GetScrollPos
SetScrollInfo
TrackMouseEvent
GetCursorPos
ValidateRect
CreateDialogParamW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
EndDialog
GetIconInfo
DestroyIcon
IsDlgButtonChecked
CheckDlgButton
DrawIconEx
LoadIconW
SetRect
IsWindowVisible
LoadBitmapW
EnableWindow
GetClassInfoW
RegisterClassW
RegisterWindowMessageW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetFocus
GetFocus
DrawIcon
DestroyAcceleratorTable
FillRect
GetClassNameW
GetDlgItem
IsChild
RedrawWindow
SetCursor
FrameRect
OffsetRect
SetDlgItemTextW
IntersectRect
GetClassLongW
LoadMenuW
DestroyMenu
MonitorFromPoint
TrackPopupMenu
SendMessageTimeoutW
GetSubMenu
DialogBoxIndirectParamW
PostQuitMessage
MessageBeep
MapDialogRect
SetWindowContextHelpId
IsDialogMessageW
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
MoveWindow
GetSysColor
MessageBoxW
WaitForInputIdle
ShowWindow
LoadImageW
SetForegroundWindow
GetActiveWindow
DialogBoxParamW
CharNextW
CharLowerW
CharUpperW
LoadStringW
wvsprintfW
WindowFromPoint
ExitWindowsEx
FindWindowW
PostMessageW
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
DrawTextW
EndPaint
BeginPaint
PtInRect
ReleaseCapture
CallWindowProcW
SendMessageW
GetCapture
SystemParametersInfoW
IsWindow
AdjustWindowRectEx
GetDlgCtrlID
CreateDialogIndirectParamW
CreatePopupMenu
InsertMenuW
GetWindow
GetParent
SetCapture
KillTimer
SetTimer
InvalidateRect
UpdateWindow
ClientToScreen
GetWindowRect
SetWindowPos
GetMenu
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
GetSystemMetrics
InflateRect
DrawEdge
DrawFocusRect
IsWindowEnabled
GetClientRect
UnregisterClassA
SetScrollPos

gdi32

StretchBlt
ExtTextOutW
CreatePen
SetBkColor
CreateDIBSection
SetPixel
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
CreateFontIndirectW
Rectangle
SetStretchBltMode
TextOutW
GetTextColor
GetClipBox
ExcludeClipRect
OffsetViewportOrgEx
IntersectClipRect
GetPixel
GetTextMetricsW
SetViewportOrgEx
GetStockObject
GetObjectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteDC
SetTextColor
SetBkMode
SelectObject
DeleteObject
RoundRect
GetTextExtentPoint32W
LineTo
CreateFontW
MoveToEx

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SetEntriesInAclW
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
GetTokenInformation
RegOpenKeyW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
GetUserNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
DeleteAce

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
DragAcceptFiles
SHGetFileInfoW
ord165
ShellExecuteExW
ExtractIconExW
ord680
SHGetSpecialFolderPathW
DragQueryFileW
ShellExecuteW

ole32

StgCreateDocfileOnILockBytes
OleUninitialize
OleInitialize
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CreateILockBytesOnHGlobal

oleaut32

VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayGetVartype
VariantInit
SafeArrayCopy
SafeArrayDestroy
SafeArrayCreate
OleLoadPicture
VariantChangeType
VarUI4FromStr
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shlwapi

StrCmpNIW
PathFindExtensionW
SHGetValueW
SHSetValueW
SHDeleteValueW
PathCombineW
PathAppendW
StrStrIW
UrlGetPartW
PathRemoveFileSpecW
PathStripPathW
PathFileExistsW
PathIsDirectoryW
StrCmpIW
StrChrW
PathStripToRootW
StrCpyNW
PathFindFileNameW

comctl32

ImageList_Draw
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Add
ImageList_Create
InitCommonControlsEx
_TrackMouseEvent
ImageList_Destroy

msimg32

GradientFill
AlphaBlend
TransparentBlt

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetReadFile
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionW
InternetGetConnectedState
HttpSendRequestW

iphlpapi

GetAdaptersInfo
SendARP
DeleteIpNetEntry
GetIpNetTable

netapi32

Netbios

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW

ws2_32

inet_ntoa
inet_addr

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928KB - Virtual size: 927KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SafeboxKrnl.sys
.sys windows:5 windows x86 arch:x86

f929ca853c4ef1f35a1b5fe3d9502f87

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\ccnettest\build\source\safebox31\safeboxdrv\Debug\i386\SafeBoxKrnl.pdb

Imports

ntoskrnl.exe

ObfDereferenceObject
KeDetachProcess
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
ExAllocatePoolWithTag
KeAttachProcess
PsLookupProcessByProcessId
PsGetCurrentProcessId
MmIsAddressValid
wcscpy
wcsncpy
NtBuildNumber
_stricmp
PsGetVersion
DbgPrint
IoGetCurrentProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwClose
RtlInitUnicodeString
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
_wcsicmp
wcsncmp
wcslen
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeResetEvent
KeWaitForSingleObject
IoCreateNotificationEvent
KeDelayExecutionThread
wcscat
KeSetEvent
PsGetCurrentThreadId
wcsrchr
MmProbeAndLockPages
MmUnlockPages
KeUserModeCallback
ProbeForRead
ExGetPreviousMode
ObReferenceObjectByHandle
KeReadStateSemaphore
IoGetDeviceObjectPointer
RtlAppendUnicodeStringToString
RtlVolumeDeviceToDosName
wcsstr
_wcsupr
KeServiceDescriptorTable
PsThreadType
PsLookupThreadByThreadId
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
ObfReferenceObject
ZwReadFile
ZwQueryInformationFile
IoCreateFile
ObReferenceObjectByName
IoDriverObjectType
RtlEqualUnicodeString
KeSetAffinityThread
KeGetCurrentThread
SeReleaseSubjectContext
SeTokenIsAdmin
SeCaptureSubjectContext
KeClearEvent
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
_except_handler3
KeInitializeSpinLock
swprintf
ExFreePool

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 4KB

cb9778fd02fe056be33efe55d8243305

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sfc

dbghelp

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

wininet

iphlpapi

netapi32

psapi

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 199KB - Virtual size: 199KB

.data Size: 39KB - Virtual size: 60KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 4KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 199KB - Virtual size: 199KB

.data
Size: 39KB - Virtual size: 60KB

.rsrc
Size: 928KB - Virtual size: 927KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate