bfe75c1811201b3ff76174b86464aca6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bfe75c1811201b3ff76174b86464aca6_JaffaCakes118
Size

2.1MB
MD5

bfe75c1811201b3ff76174b86464aca6
SHA1

2605b17a725658dfec9c387712ecd2b6dad45f97
SHA256

2a503c52c481d45bc1e4c80c0d694db461769be76c58854cea543fdb836ceea6
SHA512

ab2d13884bcb398e51f555288ce5cba756542dc5e5602ee374d17495b73ce91bbb68fbe3fb113976b1679b05f6fdfd642c99d81ee7ce0a566497e1b490ea547c
SSDEEP

49152:5rKYP1kGaIZFUiHSO9HFAeDOuEd+vFNlWahlMrLHUuOE:5WY9kGAiHSO9lAeyvEFNPhKHXN

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SuperLaunch2.1.0.1/DevComponents.DotNetBar2.dll
unpack001/SuperLaunch2.1.0.1/SuperLaunch.exe
unpack001/SuperLaunch2.1.0.1/SuperLaunchVM.exe
unpack001/SuperLaunch2.1.0.1/System.Data.dll
unpack001/SuperLaunch2.1.0.1/System.EnterpriseServices.Wrapper.dll
unpack001/SuperLaunch2.1.0.1/System.EnterpriseServices.dll
unpack001/SuperLaunch2.1.0.1/System.Transactions.dll
unpack001/SuperLaunch2.1.0.1/gkXsn.Soft.AccessDBUtil.dll
unpack001/SuperLaunch2.1.0.1/gkXsn.Soft.Model.dll
unpack001/SuperLaunch2.1.0.1/gkXsn.Soft.SQLServerDAL.dll
unpack001/SuperLaunch2.1.0.1/gkXsn.Soft.Utility.dll

Files

bfe75c1811201b3ff76174b86464aca6_JaffaCakes118
.rar
SuperLaunch2.1.0.1/DevComponents.DotNetBar2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/Microsoft.VC80.CRT.manifest
.xml
SuperLaunch2.1.0.1/SuperLaunch.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyDocuments\Visual Studio 2008\Projects\SuperLaunch\SuperLaunch2.0\obj\Debug\SuperLaunch.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/SuperLaunchVM.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/System.Data.dll
.dll windows:5 windows x86 arch:x86

fc231f207835bcdd02ff19cb584ce370

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Data.pdb

Imports

msvcr80

_cexit
__FrameUnwindFilter
_crt_debugger_hook
__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_callnewh
malloc
strtok_s
srand
_time64
strstr
strcat_s
sprintf_s
strtoul
calloc
strcpy_s
memmove
wcsncmp
strncpy_s
wcsncpy_s
_vsnwprintf_s
memmove_s
_atoi_l
free
_dupenv_s
_stricmp
atoi
strncmp
_stricmp_l
strchr
_strnicmp_l
_purecall
_vsnprintf_s
memset
memcpy
??3@YAXPAX@Z

mscoree

CorBindToRuntimeEx
_CorDllMain

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
CreateEventA
CloseHandle
PostQueuedCompletionStatus
Sleep
InterlockedExchange
SetLastError
GetLastError
VirtualQuery
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynA
ExpandEnvironmentStringsA
GetFullPathNameA
GetDriveTypeA
SearchPathA
lstrlenA
OutputDebugStringA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
GetSystemInfo
HeapSize
HeapAlloc
GetProcessHeap
HeapFree
CreateSemaphoreA
ReleaseSemaphore
GetCurrentThreadId
SetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
DisconnectNamedPipe
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetTickCount
GetOverlappedResult
WaitForSingleObject
WriteFile
ReadFile
PeekNamedPipe
GetVersionExA
CompareStringA
LCMapStringA
WideCharToMultiByte
InterlockedCompareExchange
MultiByteToWideChar
WaitForMultipleObjects
GetSystemTimeAsFileTime
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateThread
GlobalAlloc
GetSystemDirectoryA
TlsFree
TlsGetValue
TlsSetValue
FormatMessageA
TlsAlloc
FormatMessageW
LCMapStringW
SetHandleInformation
CancelIo
GetComputerNameA

advapi32

CryptDestroyKey
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CryptReleaseContext
RevertToSelf
ImpersonateNamedPipeClient

ws2_32

WSAStartup
getsockname
bind
WSASend
WSAIoctl
WSARecv
ioctlsocket
shutdown
connect
WSAEnumNetworkEvents
WSAStringToAddressA
WSACleanup
getpeername
socket
setsockopt
sendto
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
select
__WSAFDIsSet
WSAEventSelect
recv
closesocket
WSASetLastError
WSAConnect
getservbyport

crypt32

CertGetNameStringW
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext

user32

CharNextExA

ole32

CoCreateInstance

Exports

Exports

DllBidScopeEnterCW
DllBidTraceCW
_DllBidAssert@12
_DllBidCtlProc@24
_DllBidEnabledW@16
_DllBidEntryPoint@36
_DllBidFinalize@0
_DllBidIndent@8
_DllBidInitialize@0
_DllBidPutStrW@16
_DllBidScopeLeave@16
_DllBidSnap@16
_DllBidTouch@20

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/System.EnterpriseServices.Thunk.dll
.dll regsvr32 windows:5 windows x86 arch:x86

bf3523d12012ad1eb097a6665803b8d7

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:47:62:a2:fa:2c:e6:a1:94:5d:70:a5:b1:5a:6c:05:e7:f4:31:d0
Signer

Actual PE Digest

d9:47:62:a2:fa:2c:e6:a1:94:5d:70:a5:b1:5a:6c:05:e7:f4:31:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.EnterpriseServices.Thunk.pdb

Imports

ntdll

RtlUnwind

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetSystemInfo
VirtualQuery
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
FreeLibrary
GetOEMCP
IsValidCodePage
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetACP

oleaut32

BSTR_UserMarshal
BSTR_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserUnmarshal
BSTR_UserFree

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExA

rpcrt4

NdrOleAllocate
NdrOleFree
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy

ole32

StringFromGUID2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetClassObjectInternal
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 249B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/System.EnterpriseServices.Wrapper.dll
.dll windows:4 windows x86 arch:x86

ba6a2bdeb4b05c693ce709fd0114a489

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.EnterpriseServices.Wrapper.pdb

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
FreeLibrary
InterlockedCompareExchange
LoadLibraryW
CloseHandle
GetCurrentThread
GetSystemTimeAsFileTime
GetModuleHandleA
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
InterlockedExchange
GetProcAddress
GetModuleHandleW
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
DeleteCriticalSection

msvcr80

_lock
_onexit
__dllonexit
_unlock
_resetstkoflw
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_except_handler4_common
??3@YAXPAX@Z
memcpy
__CxxFrameHandler3
_crt_debugger_hook
__CxxUnregisterExceptionObject
__CxxDetectRethrow
_CxxThrowException
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
_cexit
__FrameUnwindFilter

ole32

CoGetMarshalSizeMax
StringFromGUID2
CoTaskMemAlloc
CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
CoInitializeEx
CoCreateInstanceEx
CoGetStandardMarshal
CoTaskMemFree
CoCreateInstance

oleaut32

LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserSize
SafeArrayDestroy
SysFreeString
SafeArrayGetElement
VariantClear
VariantInit
BSTR_UserMarshal
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal
BSTR_UserFree

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
LookupAccountSidW
RegSetValueExA

mscoree

CorBindToRuntimeEx
_CorDllMain

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 249B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/System.EnterpriseServices.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.EnterpriseServices.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/System.Transactions.dll
.dll windows:5 windows x86 arch:x86

7469780bb6fda5f25da4408eda0b3bb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Transactions.pdb

Imports

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
GetSystemDirectoryW
LoadLibraryExW
GetProcAddress
CloseHandle
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCurrentProcess
DuplicateHandle
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

mscoree

_CorDllMain

Exports

Exports

_GetNotificationFactory@8

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/gkXsn.Soft.AccessDBUtil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyDocuments\Visual Studio 2008\Projects\SuperLaunch\AccessDBUtil\obj\Debug\gkXsn.Soft.AccessDBUtil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/gkXsn.Soft.DataBase.dll
SuperLaunch2.1.0.1/gkXsn.Soft.Model.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyDocuments\Visual Studio 2008\Projects\SuperLaunch\Model\obj\Debug\gkXsn.Soft.Model.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/gkXsn.Soft.SQLServerDAL.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyDocuments\Visual Studio 2008\Projects\SuperLaunch\SQLServerDAL\obj\Debug\gkXsn.Soft.SQLServerDAL.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/gkXsn.Soft.Utility.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyDocuments\Visual Studio 2008\Projects\SuperLaunch\Utility\obj\Debug\gkXsn.Soft.Utility.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperLaunch2.1.0.1/如程序无法运行请点击下载.NET.url
SuperLaunch2.1.0.1/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 141KB - Virtual size: 140KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Sections

CODE Size: 303KB - Virtual size: 302KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 21KB - Virtual size: 21KB

.rsrc Size: 49KB - Virtual size: 49KB

fc231f207835bcdd02ff19cb584ce370

Headers

File Characteristics

PDB Paths

Imports

msvcr80

mscoree

kernel32

advapi32

ws2_32

crypt32

user32

ole32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 1024B - Virtual size: 17KB

.sdbid Size: 9KB - Virtual size: 9KB

.rsrc Size: 88KB - Virtual size: 88KB

.reloc Size: 31KB - Virtual size: 31KB

bf3523d12012ad1eb097a6665803b8d7

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

d9:47:62:a2:fa:2c:e6:a1:94:5d:70:a5:b1:5a:6c:05:e7:f4:31:d0Signer

Headers

File Characteristics

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 141KB - Virtual size: 140KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 303KB - Virtual size: 302KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 49KB - Virtual size: 49KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 1024B - Virtual size: 17KB

.sdbid
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 88KB - Virtual size: 88KB

.reloc
Size: 31KB - Virtual size: 31KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

d9:47:62:a2:fa:2c:e6:a1:94:5d:70:a5:b1:5a:6c:05:e7:f4:31:d0
Signer

.text
Size: 37KB - Virtual size: 36KB

.orpc
Size: 512B - Virtual size: 249B

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 30KB - Virtual size: 29KB

.orpc
Size: 512B - Virtual size: 249B

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 232KB - Virtual size: 229KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 250KB - Virtual size: 249KB

.data
Size: 512B - Virtual size: 868B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB