bdf46368154be6327f5830bf959d36cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bdf46368154be6327f5830bf959d36cf_JaffaCakes118
Size

1.5MB
MD5

bdf46368154be6327f5830bf959d36cf
SHA1

62c8cb784872f1d01049c0ffa4af46fec7bb5010
SHA256

b26ded71cf8b913756047e1dc0719bc5e2c37905ae5819005b29f13099e6efed
SHA512

f901874060b043c470f5bd51fcf3a0e625c4b339a2fda39400929433cdfa3ad437bfd936a699ba22180d9dea763d4a2cf5315d972bca1867ac22a737434aa646
SSDEEP

6144:G2wqsxsdsGnoG6yOFAi5CcCXH+y9y5oiKVbBFFhMh0zH9A+qc0OOgs5OqbZW+5mh:Eqsx6Rh6yOFAi5Cca+yYoiAdXwryqnu

Score

1^/10

Malware Config

Signatures

Files

bdf46368154be6327f5830bf959d36cf_JaffaCakes118
.exe windows:5 windows x64 arch:x64

b459fb50b959fa0d5e7e5bc9c1572740

Code Sign

56:c9:6d:94:80:da:21:0c:e3:0c:b7:55:62:35:ca:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/03/2012, 00:00

Not After

23/03/2013, 23:59

Subject

CN=SIMPOE SAS,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=HQ,O=SIMPOE SAS,L=Torcy,ST=Seine Et Marne,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:e8:6a:92:37:bf:1f:0b:3a:12:59:80:20:94:3b:98:94:de:51:1c
Signer

Actual PE Digest

37:e8:6a:92:37:bf:1f:0b:3a:12:59:80:20:94:3b:98:94:de:51:1c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc100u

ord13826
ord4117
ord1470
ord12880
ord7345
ord13019
ord5021
ord3688
ord13824
ord5433
ord5604
ord5790
ord2019
ord11012
ord13017
ord856
ord13055
ord10651
ord2458
ord7573
ord13827
ord11035
ord13036
ord4349
ord2054
ord11829
ord287
ord291
ord1991
ord898
ord11641
ord4356
ord2439
ord265
ord2029
ord2025
ord890
ord1953
ord286
ord5437
ord316
ord11056
ord891
ord1291
ord11057
ord4353
ord4123
ord1476
ord12885
ord7350
ord5028
ord12178
ord3693
ord13825
ord4757
ord4760
ord4753
ord5874
ord1247
ord11362
ord6924
ord7609
ord4348
ord11175
ord2076
ord12842
ord12836
ord4317
ord7315
ord4150
ord290
ord12454
ord6942
ord6941
ord11252
ord12830
ord3704
ord2595
ord1454
ord11828
ord2023
ord12434
ord2527
ord1872
ord11517
ord1418
ord2109
ord1276
ord7068
ord7568
ord3998
ord11480
ord3290
ord7222
ord10642
ord11636
ord11015
ord2444
ord11028
ord13033
ord1290
ord1900
ord5052
ord285
ord12756
ord5019
ord2541
ord1428
ord1288
ord280
ord266
ord1248
ord857
ord409
ord296
ord13823
ord11197
ord324
ord4131
ord957
ord1278

msvcr100

ceil
??0bad_cast@std@@QEAA@PEBD@Z
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@AEBV01@@Z
memcmp
fgetc
fputc
ungetc
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_cexit
_exit
_XcptFilter
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
fsetpos
_fseeki64
fgetpos
fwrite
setvbuf
_unlock_file
exit
fclose
fopen
pow
fgets
fscanf
printf
fprintf
sqrt
malloc
_ctime64
_localtime64
_time64
_localtime64_s
wcstombs
clock
strtol
strftime
log10
strstr
getchar
abort
vfprintf
fflush
__iob_func
vprintf
free
strncpy
vsprintf
calloc
sscanf
swscanf
_purecall
__CxxFrameHandler3
rand
sin
memcpy
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
memmove
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
memset
srand
sprintf
_mktime64
memcpy_s
_wtoi
_wtof
_lock_file

kernel32

WideCharToMultiByte
lstrlenW
lstrlenA
FindClose
FindFirstFileW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
LocalFree
MultiByteToWideChar
GetLastError
GetProcAddress
QueryPerformanceCounter
GlobalMemoryStatusEx
GetModuleHandleW
GetVersionExW
GetVolumeInformationW
CreateFileW
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
Sleep
GetTickCount
DeleteFileW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemTime
GetFileAttributesW
GetModuleFileNameW
FormatMessageW
LoadLibraryW
GetSystemInfo

user32

GetSystemMetrics
MessageBoxW

shell32

SHGetFolderPathW

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
VariantClear
VariantInit
SysAllocString

msvcp100

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?ends@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?ends@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AEAV21@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Decref@facet@locale@std@@QEAAPEAV123@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
?_Incref@facet@locale@std@@QEAAXXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

gdiplus

GdiplusShutdown

Exports

Exports

??0CBlowFish@@QEAA@AEAV0@@Z
??0CBlowFish@@QEAA@XZ
??0CSHA@@QEAA@XZ
??0CStringR@@QEAA@AEBV0@@Z
??0CStringR@@QEAA@H@Z
??0CStringR@@QEAA@N@Z
??0CStringR@@QEAA@PEBD@Z
??0CStringR@@QEAA@PEB_WZZ
??0CStringR@@QEAA@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
??0CStringR@@QEAA@XZ
??0IMethod@@QEAA@AEBV0@@Z
??0IMethod@@QEAA@XZ
??1CBlowFish@@UEAA@XZ
??1CStringR@@UEAA@XZ
??1IMethod@@UEAA@XZ
??4CBlowFish@@QEAAAEAV0@AEAV0@@Z
??4CSHA@@QEAAAEAV0@AEBV0@@Z
??4CStringR@@QEAAAEAV0@AEBV0@@Z
??4IMethod@@QEAAAEAV0@AEBV0@@Z
??_7CBlowFish@@6B@
??_7CStringR@@6B@
??_7IMethod@@6B@
?AddData@CSHA@@QEAAXPEBDH@Z
?Bytes2Word@CSHA@@CAXPEBEAEAI@Z
?BytesToWord@IMethod@@KAXPEBEAEAI@Z
?CH@CSHA@@CAIIII@Z
?CircularShift@CSHA@@AEAAIII@Z
?CompressSpaces@CStringR@@QEAA?AV1@XZ
?Decrypt@CBlowFish@@AEAAXAEAUSBlock@@@Z
?Decrypt@CBlowFish@@UEAAXPEBDPEAD_K@Z
?DecryptFile2Mem@CBlowFish@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DecryptFile2Mem@CBlowFish@@UEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DecryptFileW@CBlowFish@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?DecryptFileW@CBlowFish@@UEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?DecryptStrToFile@CBlowFish@@UEAAXPEAD0_K@Z
?Encrypt@CBlowFish@@AEAAXAEAUSBlock@@@Z
?Encrypt@CBlowFish@@UEAAXPEBDPEAD_K@Z
?EncryptFileW@CBlowFish@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?EncryptFileW@CBlowFish@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?ExpFormat@CStringR@@QEAA?AV1@NHH@Z
?FFF@CBlowFish@@AEAAII@Z
?FinalDigest@CSHA@@QEAAXPEAD@Z
?FormatR@CStringR@@QEAA?AV1@IZZ
?FormatR@CStringR@@QEAA?AV1@PEB_WZZ
?GetBlockSize@IMethod@@QEAAHXZ
?GetKeyLength@IMethod@@QEAAHXZ
?GetMiddleToken@CStringR@@QEAAXAEAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetMode@IMethod@@QEAAHXZ
?GetPadding@IMethod@@QEAAHXZ
?GetToken@CStringR@@QEAA?AV1@H@Z
?GetToken@CStringR@@SA?AV1@V1@H@Z
?HelpThrow@IMethod@@KAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Initialize@CBlowFish@@QEAAXPEBDHAEBUSBlock@@HH@Z
?LeftOf@CStringR@@QEAA?AV1@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?LeftOf@CStringR@@SA?AV1@V1@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?MAJ@CSHA@@CAIIII@Z
?Pad@IMethod@@QEAAHPEADH@Z
?ReplaceStringSlow@CStringR@@QEAA?AV1@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?Reset@CSHA@@QEAAXXZ
?ResetChain@CBlowFish@@UEAAXXZ
?ReverseGetToken@CStringR@@QEAA?AV1@H@Z
?ReverseGetToken@CStringR@@SA?AV1@V1@H@Z
?ReverseLeftOf@CStringR@@QEAA?AV1@_W@Z
?ReverseLeftOf@CStringR@@SA?AV1@V1@_W@Z
?ReverseRightOf@CStringR@@QEAA?AV1@_W@Z
?ReverseRightOf@CStringR@@SA?AV1@V1@_W@Z
?ReverseTrimToNext@CStringR@@QEAA?AV1@XZ
?ReverseTrimToNextLine@CStringR@@QEAA?AV1@XZ
?ReverseTrimToNextN@CStringR@@QEAA?AV1@H@Z
?RightOf@CStringR@@QEAA?AV1@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?RightOf@CStringR@@SA?AV1@V1@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SIG0@CSHA@@CAII@Z
?SIG1@CSHA@@CAII@Z
?ScanDouble@CStringR@@QEAAHAEAHAEAN@Z
?ScanFloat@CStringR@@QEAAHAEAHAEAM@Z
?ScanInt@CStringR@@QEAAHAEAH0@Z
?SetMode@IMethod@@QEAAXH@Z
?SetPadding@IMethod@@QEAAXH@Z
?Signature@CBlowFish@@EEAAXPEAD@Z
?Split@CStringR@@QEAAXAEAVCStringArray@@@Z
?SplitBy@CStringR@@QEAAXAEAVCStringArray@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ToCharStar@CStringR@@QEAAPEADXZ
?ToDouble@CStringR@@QEBANXZ
?ToDouble@CStringR@@SANV1@@Z
?ToFloat@CStringR@@QEBAMXZ
?ToFloat@CStringR@@SAMV1@@Z
?ToInt@CStringR@@QEBAHXZ
?ToInt@CStringR@@SAHV1@@Z
?ToLPCSTR@CStringR@@QEAAPEBDXZ
?ToLPCTSTR@CStringR@@QEAAPEB_WXZ
?ToLPSTR@CStringR@@QEAAPEADXZ
?ToLPTSTR@CStringR@@QEAAPEA_WXZ
?ToLPWSTR@CStringR@@QEAAPEA_WXZ
?Tostring@CStringR@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Towstring@CStringR@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?Transform@CSHA@@AEAAXXZ
?TrimToNext@CStringR@@QEAA?AV1@XZ
?TrimToNextLine@CStringR@@QEAA?AV1@XZ
?TrimToNextN@CStringR@@QEAA?AV1@H@Z
?TrimToNextN@CStringR@@SA?AV1@V1@H@Z
?Word2Bytes@CSHA@@CAXAEBIPEAE@Z
?WordToBytes@IMethod@@KAXIPEAE@Z
?Xor@IMethod@@IEAAXPEADPEBD@Z
?scm_auiInitP@CBlowFish@@0QBIB
?scm_auiInitS@CBlowFish@@0QAY0BAA@$$CBIA
?sig0@CSHA@@CAII@Z
?sig1@CSHA@@CAII@Z
?sm_H256@CSHA@@0QBIB
?sm_K256@CSHA@@0QBIB
?sm_chain0@CBlowFish@@2USBlock@@B
?sm_szErrorMsg10@IMethod@@1PEBDEB
?sm_szErrorMsg1@IMethod@@1PEBDEB
?sm_szErrorMsg2@IMethod@@1PEBDEB
?sm_szErrorMsg3@IMethod@@1PEBDEB
?sm_szErrorMsg4@IMethod@@1PEBDEB
?sm_szErrorMsg5@IMethod@@1PEBDEB
?sm_szErrorMsg6@IMethod@@1PEBDEB
?sm_szErrorMsg7@IMethod@@1PEBDEB
?sm_szErrorMsg8@IMethod@@1PEBDEB
?sm_szErrorMsg9@IMethod@@1PEBDEB

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b459fb50b959fa0d5e7e5bc9c1572740

Code Sign

56:c9:6d:94:80:da:21:0c:e3:0c:b7:55:62:35:ca:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

37:e8:6a:92:37:bf:1f:0b:3a:12:59:80:20:94:3b:98:94:de:51:1cSigner

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

kernel32

user32

shell32

ole32

oleaut32

msvcp100

gdiplus

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 15KB - Virtual size: 24KB

.pdata Size: 6KB - Virtual size: 5KB

�� Size: 1KB - Virtual size: 1KB

56:c9:6d:94:80:da:21:0c:e3:0c:b7:55:62:35:ca:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

37:e8:6a:92:37:bf:1f:0b:3a:12:59:80:20:94:3b:98:94:de:51:1c
Signer

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 15KB - Virtual size: 24KB

.pdata
Size: 6KB - Virtual size: 5KB

��
Size: 1KB - Virtual size: 1KB