cf9bc36fbeddbb63ab1cabbbc68101db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf9bc36fbeddbb63ab1cabbbc68101db_JaffaCakes118
Size

613KB
MD5

cf9bc36fbeddbb63ab1cabbbc68101db
SHA1

18593caff4233244aca724059eb254b9d8cabf96
SHA256

ae13d103112b0a37a6ed6fe72866ab81876ce36ccd04e7803fc52156579836eb
SHA512

ba39d14ce8df4319fafb339b48059129b91d3daeb843f9f988fbf55f694e08ba4c765de8b445d0b28ad9d56867ee8dc12d624b23aa0235d8c16307c7298e1a4a
SSDEEP

12288:lSlPaBnvP8MVopecLVMD9TXSqNQU6748M:46MMVoWxTXzNQUW48M

Score

1^/10

Malware Config

Signatures

Files

cf9bc36fbeddbb63ab1cabbbc68101db_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b61b0ec9b95379a2b2e1b6a16e8c9e57

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bc:19:6e:9e:e4:82:34:52:a8:50:cd:0b:b9:1c:7a:8c:00:d1:19:ca
Signer

Actual PE Digest

bc:19:6e:9e:e4:82:34:52:a8:50:cd:0b:b9:1c:7a:8c:00:d1:19:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\qqpcmgr_proj\新建文件夹\Basic\Output\BinFinal\SoftMgr.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSAGetLastError
htons
ntohs
gethostbyname
ntohl
closesocket
shutdown
socket
connect
WSACleanup
getpeername
send
htonl
select
WSAStartup
getsockopt
setsockopt
ioctlsocket
recv

shlwapi

PathFileExistsW
PathAppendW
PathAddBackslashW
wnsprintfW
PathRemoveFileSpecW
StrRChrW

kernel32

HeapSize
RaiseException
GetVersionExA
HeapReAlloc
GetLocaleInfoA
GetThreadLocale
HeapDestroy
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetACP
UnhandledExceptionFilter
LocalAlloc
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetPrivateProfileIntW
WritePrivateProfileStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
GetLastError
CloseHandle
GetExitCodeProcess
Sleep
DeleteFileA
CopyFileW
DeleteFileW
GetSystemDefaultLangID
CreateEventW
WaitForSingleObject
ResetEvent
InterlockedExchange
SetEvent
WaitForMultipleObjects
TerminateThread
GetVersionExW
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetCurrentThreadId
GetFileAttributesW
WriteFile
SetFilePointer
ReadFile
CreateFileW
GetPrivateProfileStringW
GetFileSize
GetTickCount
GetModuleFileNameW
lstrcpynW
CreateDirectoryW
GetCurrentThread
OpenEventW
GetCurrentProcess
ExpandEnvironmentStringsW
MoveFileExW
LoadResource
LockResource
FindFirstFileW
SizeofResource
FindResourceW
FindClose
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchangeAdd
GetTempPathW
GetFileAttributesA
GetTempFileNameW
IsBadReadPtr
GetLocalTime
CreateProcessW
CreateToolhelp32Snapshot
TerminateProcess
Module32NextW
OpenProcess
Module32FirstW
Process32NextW
Process32FirstW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateMutexW
GetCurrentProcessId
LoadLibraryW
FreeLibrary
lstrlenW
GetCurrentDirectoryW
GetSystemDirectoryW
lstrcmpiW
HeapFree
GetProcessHeap
HeapAlloc
ReleaseMutex
InitializeCriticalSectionAndSpinCount
CreateFileMappingA
OpenFileMappingA
MapViewOfFileEx
ChangeTimerQueueTimer
SwitchToThread
DeleteTimerQueueTimer
FormatMessageA
LocalFree
DuplicateHandle
CreateTimerQueueTimer
SetLastError
InterlockedCompareExchange
OpenFileMappingW
GetStdHandle
CreatePipe
DeviceIoControl
VirtualQuery
LoadLibraryA

user32

GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
TranslateMessage
PostQuitMessage
PeekMessageW
CallWindowProcW
GetWindowLongW
DestroyWindow
DispatchMessageW
GetMessageW
SetWindowLongW
CreateWindowExW
KillTimer
SetTimer
PostMessageW
SendMessageW
IsWindow
IsWindowVisible
GetSystemMetrics
GetDesktopWindow
GetClassNameW
IsIconic
GetForegroundWindow
SendMessageTimeoutW
FindWindowA
UnregisterClassA

advapi32

RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoCreateGuid
CLSIDFromProgID
CoInitializeEx
CoFreeUnusedLibrariesEx
CoMarshalInterThreadInterfaceInStream
CoFreeLibrary
CoLoadLibrary
StgOpenStorage
CoCreateInstance
CoUninitialize
CoInitialize
StgIsStorageFile
CoTaskMemFree
StgCreateDocfile
CoGetInterfaceAndReleaseStream

oleaut32

VariantClear
SysAllocString
SysAllocStringByteLen
SysFreeString
VariantInit

msvcp80

?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?uncaught_exception@std@@YA_NXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

msvcr80

_except_handler3
??0exception@std@@QAE@ABQBD@Z
_snwprintf
free
realloc
memmove
??_V@YAXPAX@Z
strtok
strchr
atoi
wcsncpy
fwrite
fclose
_stricmp
atol
_wfopen
sscanf
_atoi64
atof
memmove_s
_purecall
_wtoi
_beginthreadex
_wcsicmp
_time64
wcsncpy_s
_wcsdup
wcsstr
wcsrchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
swscanf
_mktime64
_localtime64
_wtol
malloc
wcstok
??0bad_cast@std@@QAE@PBD@Z
wcsncat_s
wcschr
tolower
strstr
_wcsnicmp
memcpy_s
_snwprintf_s
rand
srand
swscanf_s
_snprintf_s
_snwscanf
wcscpy_s
fopen_s
fread
isspace
__CxxFrameHandler3
isalpha
isalnum
strncmp
memcpy
ferror
fputc
_vsnprintf_s
ftell
fseek
_vsnprintf
strrchr
_memicmp
setlocale
_vsnwprintf_s
strncpy_s
_wstat64
_wmkdir
_wsplitpath_s
_mbschr
_strlwr_s
_mbsstr
strtoul
isprint
_getpid
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_strdup
_itoa
memset
_CxxThrowException
_CIsqrt
fprintf
??3@YAXPAX@Z
_snprintf
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z

wininet

InternetSetStatusCallbackW
InternetReadFileExA
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetCloseHandle

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules
GetModuleBaseNameW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

imagehlp

MapAndLoad
UnMapAndLoad

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b61b0ec9b95379a2b2e1b6a16e8c9e57

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

bc:19:6e:9e:e4:82:34:52:a8:50:cd:0b:b9:1c:7a:8c:00:d1:19:caSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

wininet

psapi

netapi32

imagehlp

Exports

Exports

Sections

.text Size: 424KB - Virtual size: 421KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 36KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

bc:19:6e:9e:e4:82:34:52:a8:50:cd:0b:b9:1c:7a:8c:00:d1:19:ca
Signer

.text
Size: 424KB - Virtual size: 421KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 36KB