d28748876916aeeb528b747dbe81d2f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d28748876916aeeb528b747dbe81d2f7_JaffaCakes118
Size

1.3MB
MD5

d28748876916aeeb528b747dbe81d2f7
SHA1

56b280f257d8294be9b0f01b597cac3b270e1a9a
SHA256

2d682cd514beee8bf6a2f89b56a10e3ac5413bdd12e88e352c8f4a3e3bdd542b
SHA512

71f18299b84b0f5c59349062bcb00542c67f64f42a778e332e18f2faa2d607cf844556819dd5385ce73ac5edb42a90a23bf37b8179b8f75c215adf7c5a4adfa2
SSDEEP

24576:zPV5ItTG730j1/A8v3NpwxGZxiCZriWC2iJ3kEIjx4f8drCz8s9i1la:zd5WG73h8v3NpwxGZxiCZriWC2iJ3kEH

Score

1^/10

Malware Config

Signatures

Files

d28748876916aeeb528b747dbe81d2f7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c49ace00423965e9600984cbd8567df5

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ac:b4:f0:64:90:ec:91:fd:68:21:4d:9a:da:93:07:54:82:64:7a
Signer

Actual PE Digest

0b:ac:b4:f0:64:90:ec:91:fd:68:21:4d:9a:da:93:07:54:82:64:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\TempView\QQ1.83\Output\BinFinal\CustomFace.pdb

Imports

utilgif

?CreatexFile@GIF@Util@@YAXPAPAVCxFile@@VCTXStringW@@K@Z

ximage

?Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z
?FindFormat@CxImageHelper@@YAKPAVCxFile@@PAH@Z
?Load@CxImage@@QAE_NPB_WK@Z
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetPaletteSize@CxImage@@QAEKXZ
?GetNumColors@CxImage@@QBEKXZ
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetNumFrames@CxImage@@QBEJXZ
?GetWidth@CxImage@@QBEKXZ
?Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z
?GetFrameDelay@CxImage@@QBEKXZ
?SetFrameDelay@CxImage@@QAEXK@Z
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?DecreaseBpp@CxImage@@QAE_NK_NPAUtagRGBQUAD@@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetComment@CxImageGIF@@QAEXPBD@Z
?SetLoops@CxImageGIF@@QAEXH@Z
?SetDisposalMethod@CxImageGIF@@QAEXH@Z
?Encode@CxImageGIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H_N@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z
?Decode@CxImage@@QAE_NPAVCxFile@@K@Z
??0CxImage@@QAE@K@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?IsValid@CxImage@@QBE_NXZ
?Destroy@CxImage@@QAE_NXZ
?GetHeight@CxImage@@QBEKXZ
?LoadGif@CxImageHelper@@YAPAVCxImage@@PAVCxFile@@AAH@Z

xgraphic32

GeoRectangleEx
GetTextureFilter
SetTextureFilter
TranslateTexture
CreateCanvas
CanvasToTexture
DrawTexture
GetTextureHandle
DeleteTexture
GetCanvasHandle
FillSolidRect

common

?CodeTXData@CCmdCodecBase@@UAGJPAUITXData@@PAPAUITXBuffer@@@Z
?Release@CCmdCodecBase@@MAGKXZ
?DecodeBuffer@CCmdCodecBase@@UAGJPAUITXBuffer@@PAPAUITXData@@PAU3@@Z
??1CCmdCodecBase@@UAE@XZ
?CodeEndArray@CCmdCodecBase@@IAEXXZ
?CodeArrayTXDataNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
?CodeArrayLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@H@Z
?AddRef@CCmdCodecBase@@MAGKXZ
??0CTXBSTR@@QAE@H@Z
?QueryInterface@CCmdCodecBase@@MAGJABU_GUID@@PAPAX@Z
??0CCmdCodecBase@@QAE@XZ
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
?ConvertXMLStrToTXData@Convert@Util@@YAHPA_WPAPA_WPAUITXData@@0@Z
?OnError@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@K@Z
??0CTXStringW@@QAE@PB_W@Z
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@ABV0@@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??1CTXBSTR@@QAE@XZ
?Detach@CTXBSTR@@QAEPA_WXZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??0CTXBSTR@@QAE@PB_W@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??1CFmtString@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??0CFmtString@@QAE@XZ
??0CTXStringW@@QAE@XZ
??ICTXBSTR@@QAEPAPA_WXZ
?IsEmpty@CTXBSTR@@QAEHXZ
??0CTXBSTR@@QAE@XZ
?IsEmpty@CTXStringW@@QBE_NXZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?GetTXDataStr@Data@Util@@YAHPAUITXDataRead@@PB_WAAVCTXStringW@@@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??0CTXBSTR@@QAE@ABV0@@Z
??1CTXFileDialog@@QAE@XZ
?Left@CTXStringW@@QBE?AV1@H@Z
?GetFileTitleW@CTXFileDialog@@QAE?AVCTXStringW@@V2@@Z
?GetFileName@CTXFileDialog@@QAE?AVCTXStringW@@V2@@Z
?GetNextPathName@CTXFileDialog@@QBE?AVCTXStringW@@AAPAU__POSITION@@@Z
?GetStartPosition@CTXFileDialog@@QBEPAU__POSITION@@XZ
?DoModal@CTXFileDialog@@QAEHXZ
??0CTXFileDialog@@QAE@HPB_W00K0PAUHWND__@@HPAVVFileDialgCallback@@@Z
?PropertyDWord@CFmtString@@QAEHPB_WK0@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??8CTXBSTR@@QBE_NABV0@@Z
??4CTXBSTR@@QAEAAV0@ABV0@@Z
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
??8@YA_NPB_WABVCTXBSTR@@@Z
?IsFileSystemFile@FS@@YAHPB_W@Z
??8@YA_NABVCTXStringW@@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
??8CTXBSTR@@QBE_NPB_W@Z
?DeleteDirectory@FS@@YAHPB_W@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?Format@CTXStringW@@QAAXPB_WZZ
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?CreateFileW@FS@@YAHPB_WKPAPAUITXFile@@@Z
?GetFileHash@FS@Util@@YAHPB_WAAVCTXBuffer@@AAK@Z
??9CTXBSTR@@QBE_NABV0@@Z
?GetConfigFieldData@ModuleConfig@@YAJPB_W0PAPAUITXDataRead@@@Z
?Length@CTXBSTR@@QBEIXZ
??8@YA_NABVCTXStringW@@0@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?GetLCID@NLS@@YAKXZ
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
ord34
?Compare@CTXStringW@@QBEHPB_W@Z
??9@YA_NABVCTXStringW@@0@Z
?IsFileExist@FS@@YAHPB_W@Z
?PropertyLong@CFmtString@@QAEHPB_WJ0@Z
??M@YA_NABVCTXStringW@@0@Z
?GetLength@CTXStringW@@QBEHXZ
?AllocSysString@CTXStringW@@QBEPA_WXZ
?GetBSTR@CTXStringW@@QBEPA_WXZ
?GetFilePrefix@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?GetFileName@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?GetFileExt@CTXFileDialog@@QAE?AVCTXStringW@@V2@@Z
?GetFileFullName@CTXFileDialog@@QBE?AVCTXStringW@@XZ
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
?GetFileSuffix@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?GuidToString@Com@Util@@YAJABU_GUID@@PAPA_WH@Z
?OnRedirected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
?LoadXmlByName@FS@Util@@YAHPB_WPAPAUIXMLDOMDocument@@@Z
?ConvertToPureFile@FS@@YA?AVCTXStringW@@PB_W@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?ConvertXMLToTXData@Convert@Util@@YAHPA_WPAPA_WPAUITXData@@0@Z
?StopThread@CTXThreadModel@@QAEXK@Z
?CreateDirectoryW@FS@@YAHPB_W@Z
?IsDirectoryExist@FS@@YAHPB_W@Z
??7CTXStringW@@QBE_NXZ
??1CTXThreadModel@@MAE@XZ
?StartThread@CTXThreadModel@@QAEHXZ
?EnableLowCpuPriority@CTXThreadModel@@IAEXH@Z
??0CTXThreadModel@@IAE@XZ
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
?Copy@CTXBSTR@@QBEPA_WXZ
?SetAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?EraseAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?Trim@CTXStringW@@QAEAAV1@XZ
ord25
ord33
??9@YA_NABVCTXStringW@@PB_W@Z
??MCTXBSTR@@QBE_NABV0@@Z
??0CTXStringW@@QAE@H@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??9CTXBSTR@@QBE_NPA_W@Z
??8@YA_NPA_WABVCTXBSTR@@@Z
ord26
?DeleteFileW@FS@@YAHPB_W@Z
?Decode16@Encode@Util@@YAHABVCTXStringW@@AAVCTXBuffer@@@Z
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@0H@Z
?MoveDownloadFile@CTXHttpDownload@@QAEHPB_WH@Z
?GetDownloadedFilePath@CTXHttpDownload@@QAEHAAVCTXStringW@@@Z
?IsRunning@CTXHttpDownload@@QAEHXZ
??1CTXHttpDownloadSink@@UAE@XZ
??1CTXHttpDownload@@UAE@XZ
?CancelDownload@CTXHttpDownload@@QAEXXZ
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
??0CTXHttpDownload@@QAE@XZ
??0CTXHttpDownloadSink@@IAE@XZ
?OnConnecting@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
?OnConnected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@@Z
?OnDownloadStart@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@KK@Z
?OnProgress@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@KK@Z

gf

?GetBOOL@Metadata@Util@@YAJPAUITXData@@PA_WPAH@Z
?Get@Metadata@Util@@YAJPAUITXData@@PA_WPAPA_W@Z
?FreeData@Metadata@Util@@YAJAAPA_W@Z
?GetInterface@Metadata@Util@@YAJPAUITXData@@PA_WPAPAU3@@Z
?ScreenPoint2ClientPoint@GF@Util@@YAXPAUIGFFrame@@AAUtagPOINT@@@Z
?RawInitGFElementByXtml@GF@Util@@YAJPA_WPAUIGFElement@@10H@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z

kernelutil

?IsFlagValid@Contact@Util@@YAHKK@Z
?OpenUrlInIM@URL@Util@@YAXABVCTXStringW@@W4URLMODIFYLEVEL@12@0@Z
?GetSignFmt@URL@Util@@YAXAAVCFmtString@@@Z
?SetDataDWord@DataReport@Util@@YAJKPB_WK@Z
??1CTXDataReportCodecBase@@UAE@XZ
??0CTXDataReportCodecBase@@QAE@XZ
?CodecTLV@CTXDataReportCodecBase@@UAGJKPAUITXData@@PAPAUITXBuffer@@@Z
?RegisterCodec@DataReport@Util@@YAJKKPAUITXDataReportCodecExt@@@Z
?CodeWord@CTXDataReportCodecBase@@IAEXEPB_W@Z
?GetSelfUin@Contact@Util@@YAKXZ

afutil

??1CSysDialog@@UAE@XZ
?GetMonitorRectFromPoint@Misc@Util@@YAJVCPoint@@PAVCRect@@1@Z
?MessageBoxExByHwnd@Misc@Util@@YAHPAUHWND__@@PA_W1IPAUITXData@@PAPAU4@@Z
??0CSysDialog@@QAE@PAVVSysDialgCallback@@@Z
?OptColor@CSysDialog@@QAEHPAUHWND__@@AAK@Z
?MessageBoxExW@Misc@Util@@YAHPAUIGFFrame@@PA_W1IPAUITXData@@PAPAU4@@Z
?ChooseColorEx@SysDialog@Util@@YAHPAUHWND__@@AAK@Z
?SetPerfReportDataForWord@PerfDataReportUtil@@YAXPA_WKH@Z
?IsAppLocked@Misc@Util@@YAHXZ
?MessageBoxW@Misc@Util@@YAHPAUIGFFrame@@VCTXStringW@@1H@Z
?GetVipLevel@Self@Contact@Util@@YAHPAG@Z

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
lstrlenW
GetModuleFileNameW
InterlockedIncrement
FindResourceExW
InitializeCriticalSection
SetThreadLocale
GetThreadLocale
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
Sleep
GetLastError
lstrcmpiW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
FlushInstructionCache
GetCurrentProcess
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedDecrement

user32

GetMessageW
TranslateMessage
InflateRect
PostMessageW
CallWindowProcW
GetWindowLongW
DispatchMessageW
PostQuitMessage
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetFocus
UnregisterClassA
DefWindowProcW
DestroyWindow
SetWindowLongW
EqualRect
GetWindowDC
OffsetRect
GetDC
ReleaseDC
UnionRect
GetDesktopWindow
UpdateWindow
ReleaseCapture
SetCapture
SetCursor
GetCursorPos
CopyRect
GetKeyState
PtInRect
CreateWindowExW
SetForegroundWindow
BringWindowToTop
CharNextW
PeekMessageW

gdi32

GetDIBits
GetObjectW
EnumFontFamiliesExW
GetPaletteEntries
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
DeleteDC
SetBkColor
ExtTextOutW
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
CreateCompatibleDC
GdiFlush
SetDIBColorTable
CreateDIBSection
CreatePalette

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetFileInfoW

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocString

atl80

ord43
ord30
ord44
ord31
ord61
ord23
ord64
ord22
ord18
ord15
ord32
ord58

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

__CxxFrameHandler3
_CxxThrowException
_invalid_parameter_noinfo
memset
??3@YAXPAX@Z
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
swprintf_s
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_recalloc
memcpy_s
malloc
wcscpy_s
wcsncpy_s
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
calloc
_wtof
wcsncpy
_time64
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
_purecall
_initterm
_wtoi
memmove_s
free
memcpy
_wtol

gdiplus

GdipDrawImagePointRectI
GdipDrawImage
GdipFillEllipse
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCreateFont
GdipMeasureString
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawImageRectI
GdipReleaseDC
GdipGetDC
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteBrush
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipFillRectangleI
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 712KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c49ace00423965e9600984cbd8567df5

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

0b:ac:b4:f0:64:90:ec:91:fd:68:21:4d:9a:da:93:07:54:82:64:7aSigner

Headers

File Characteristics

PDB Paths

Imports

utilgif

ximage

xgraphic32

common

gf

kernelutil

afutil

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl80

msvcp80

msvcr80

gdiplus

Exports

Exports

Sections

.text Size: 712KB - Virtual size: 711KB

.rdata Size: 292KB - Virtual size: 291KB

.data Size: 96KB - Virtual size: 96KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 208KB - Virtual size: 205KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

0b:ac:b4:f0:64:90:ec:91:fd:68:21:4d:9a:da:93:07:54:82:64:7a
Signer

.text
Size: 712KB - Virtual size: 711KB

.rdata
Size: 292KB - Virtual size: 291KB

.data
Size: 96KB - Virtual size: 96KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 208KB - Virtual size: 205KB