db24fef7e7e66fea7b2f97c5e3fea745_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db24fef7e7e66fea7b2f97c5e3fea745_JaffaCakes118
Size

1.0MB
MD5

db24fef7e7e66fea7b2f97c5e3fea745
SHA1

77d741ebd6951c921a17331e51b4d2610e2a441c
SHA256

4bfbc0debf83bcb8331d7972a1ab27c07d93971658e5559521bfe541bc6850a1
SHA512

62416b032236af0439e26d5094c655b6277f8212ba160a03fd4cf0fd306f52f1f9d1f8f27120fddc701acc09dcef3bb006bb2bcf132f3505ff55e4762a6a25f4
SSDEEP

24576:hMrge5uxhwMxu4ouQj3lvsbbejP+PxyXZHHBDGyt:2se5Mg4ounwP9ZnBDGyt

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsProcess.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

db24fef7e7e66fea7b2f97c5e3fea745_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=TrustAsia Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

19/05/2013, 10:54

Not After

19/05/2015, 10:54

Subject

CN=亚洲诚信代码签名测试证书,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05
Certificate

Issuer

CN=TrustAsia Root CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

19/05/2010, 10:43

Not After

19/05/2020, 10:43

Subject

CN=TrustAsia Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:c3:ba:81:54:25:44:99:b0:5d:51:2a:21:23:7c:3e:d3:4d:b6:6a
Signer

Actual PE Digest

32:c3:ba:81:54:25:44:99:b0:5d:51:2a:21:23:7c:3e:d3:4d:b6:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kumei.exe
.exe windows:5 windows x86 arch:x86

730beff2dcdea37bc2cc597394114d08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=TrustAsia Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

19/05/2013, 10:54

Not After

19/05/2015, 10:54

Subject

CN=亚洲诚信代码签名测试证书,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05
Certificate

Issuer

CN=TrustAsia Root CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

19/05/2010, 10:43

Not After

19/05/2020, 10:43

Subject

CN=TrustAsia Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:27:29:7b:a4:8b:59:ee:df:f2:d0:92:2b:d5:bc:3b:b6:39:11:ed
Signer

Actual PE Digest

3f:27:29:7b:a4:8b:59:ee:df:f2:d0:92:2b:d5:bc:3b:b6:39:11:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
GetStringTypeW
CompareStringW
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
CreateMutexA
LockResource
GetExitCodeProcess
CreatePipe
GetDateFormatA
GetTimeFormatA
CreateProcessA
SetHandleCount
GetConsoleMode
SetEnvironmentVariableA
GetConsoleCP
IsValidCodePage
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GlobalLock
GlobalAlloc
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
MulDiv
MultiByteToWideChar
lstrlenW
GlobalUnlock
RaiseException
GetLastError
SetLastError
EnterCriticalSection
GetModuleFileNameA
DeleteCriticalSection
GetCurrentThreadId
SetCurrentDirectoryA
FindResourceW
LoadLibraryExA
GetModuleHandleA
GetProcAddress
lstrcmpiA
IsDBCSLeadByte
SizeofResource
LoadResource
FreeLibrary
FindResourceA
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WinExec
LCMapStringW
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
ExitThread
ExitProcess
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
VirtualQuery
GetSystemInfo
DecodePointer
EncodePointer
FindResourceExW
GetUserDefaultLCID
SearchPathA
GetProfileIntA
GetNumberFormatA
GetWindowsDirectoryA
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
GetTempFileNameA
SetErrorMode
GetOEMCP
GetCPInfo
GetACP
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
CreateFileA
DeleteFileA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
lstrcpyA
GetSystemDirectoryW
GetCurrentDirectoryA
FileTimeToSystemTime
GlobalFlags
InitializeCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
LoadLibraryW
lstrcmpW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
CopyFileA
GlobalSize
FormatMessageA
LocalFree
ResumeThread
SetThreadPriority
FreeResource
GlobalFree
GlobalAddAtomA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
CompareStringA
GetModuleHandleW
InterlockedExchange
GetTimeZoneInformation
GetCurrentProcessId
TerminateProcess
VirtualProtect
VirtualAlloc
GetThreadLocale
IsBadReadPtr
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
FindClose
CreateThread
GetSystemTime
CloseHandle
ReleaseMutex
FindFirstFileA
Sleep
WaitForSingleObject
LoadLibraryA
DeactivateActCtx
ActivateActCtx
GetTempPathA
lstrlenA
lstrcmpA

user32

SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
DefWindowProcA
GetDlgItem
ReleaseDC
CreateWindowExA
GetWindowLongA
CreateAcceleratorTableA
InvalidateRect
SetWindowLongA
GetWindowTextA
OffsetRect
GetDC
BeginPaint
RegisterWindowMessageA
SendMessageA
GetWindowTextLengthA
SetFocus
GetClientRect
CharNextA
InvalidateRgn
GetParent
GetFocus
DrawTextA
SetCapture
GetClassInfoExA
IsChild
FillRect
GetWindowRect
ScreenToClient
DestroyAcceleratorTable
GetClassNameA
DestroyWindow
ClientToScreen
EndPaint
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
EnableWindow
GetSystemMetrics
PostMessageA
AppendMenuA
CreatePopupMenu
GetCursorPos
LoadIconW
DrawIcon
LoadIconA
SetForegroundWindow
IsIconic
CopyRect
KillTimer
GetWindowDC
SetTimer
GetWindowThreadProcessId
TabbedTextOutA
IsWindow
GrayStringA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
CharUpperBuffA
CopyIcon
LoadImageW
EmptyClipboard
CloseClipboard
OpenClipboard
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
PostThreadMessageA
CreateMenu
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LockWindowUpdate
BringWindowToTop
SetCursorPos
LoadAcceleratorsW
ReleaseCapture
SetWindowTextA
CallWindowProcA
LoadCursorA
GetWindow
MoveWindow
DrawTextExA
SetPropA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
SetParent
SetWindowRgn
IsZoomed
CopyImage
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharUpperA
DestroyIcon
WaitMessage
WindowFromPoint
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
GetSysColorBrush
RealChildWindowFromPoint
IntersectRect
ShowWindow
IsDialogMessageA
CheckDlgButton
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
SetClipboardData
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
PtInRect
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
UnhookWindowsHookEx
MapVirtualKeyA
GetKeyNameTextA
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
SetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetWindowContextHelpId
MapDialogRect
GetLastActivePopup
IsWindowEnabled
MessageBoxA
ShowOwnedPopups

advapi32

RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegSetValueExA

ole32

CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemRealloc
CoTaskMemFree
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
CoFreeUnusedLibraries
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoUninitialize
OleDuplicateData
ReleaseStgMedium
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoCreateInstance
CoCreateGuid
CoInitialize
CoTaskMemAlloc

shell32

SHAppBarMessage
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHFileOperationA

oleaut32

VariantCopy
VariantChangeType
SysAllocStringByteLen
VarUI4FromStr
SafeArrayDestroy
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantClear
SysStringLen
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW

gdi32

SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
Ellipse
CreateBrushIndirect
CreateFontIndirectA
GetTextExtentPoint32A
TextOutA
ExtTextOutA
RectVisible
Escape
PtVisible
CreateBitmap
CopyMetaFileA
CreateDCA
CreateRectRgnIndirect
PatBlt
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
CreateCompatibleDC
GetObjectType
CreatePen
CreateHatchBrush
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
GetObjectA
GetStockObject
CreateSolidBrush
CreateCompatibleBitmap

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

InitCommonControlsEx
ImageList_GetIconSize

oledlg

ord8

lunar

ord16
ord18
ord1
ord4
ord5
ord7
ord8
ord9
ord10
ord12
ord13
ord17

wininet

HttpQueryInfoA
InternetCrackUrlA
InternetReadFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateFromHDC

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunar.dll
.dll windows:5 windows x86 arch:x86

1e8676d6112566fdb38374322b20a799

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=TrustAsia Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

19/05/2013, 10:54

Not After

19/05/2015, 10:54

Subject

CN=亚洲诚信代码签名测试证书,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05
Certificate

Issuer

CN=TrustAsia Root CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

19/05/2010, 10:43

Not After

19/05/2020, 10:43

Subject

CN=TrustAsia Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f5:b3:75:d7:f6:ba:f1:25:d8:35:64:62:41:65:28:c7:75:d9:5f:0d
Signer

Actual PE Digest

f5:b3:75:d7:f6:ba:f1:25:d8:35:64:62:41:65:28:c7:75:d9:5f:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\zs\Desktop\Lunar\Release\Lunar.pdb

Imports

msvcp90

?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

msvcr90

_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
?terminate@@YAXXZ
_decode_pointer
_onexit
_encode_pointer
__dllonexit
_unlock
free
??3@YAXPAX@Z
_lock
__CxxFrameHandler3
_CIcos
_CIsin

kernel32

Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange

Exports

Exports

CalcLunarPhase
CalcSolarTerms
GetDateFromDays
GetDateFromJD
GetDaysNumInYear
GetDaysOfMonth
GetEasterSunday
GetExtremeSeashon
GetGregorian
GetJ2000
GetJD
GetLeapMonth
GetLunar
GetLunarInfo
GetLunarYear
IsLeapYear
LongTimeToSys
SysTimeToLong
int2

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

07Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

05Certificate

Extended Key Usages

Key Usages

32:c3:ba:81:54:25:44:99:b0:5d:51:2a:21:23:7c:3e:d3:4d:b6:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 68KB

.rsrc Size: 13KB - Virtual size: 13KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 572B

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

07
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

05
Certificate

32:c3:ba:81:54:25:44:99:b0:5d:51:2a:21:23:7c:3e:d3:4d:b6:6a
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 13KB - Virtual size: 13KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

07
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

05
Certificate

3f:27:29:7b:a4:8b:59:ee:df:f2:d0:92:2b:d5:bc:3b:b6:39:11:ed
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 376KB - Virtual size: 375KB

.data
Size: 42KB - Virtual size: 77KB

.rsrc
Size: 296KB - Virtual size: 296KB

.reloc
Size: 194KB - Virtual size: 193KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

07
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

05
Certificate

f5:b3:75:d7:f6:ba:f1:25:d8:35:64:62:41:65:28:c7:75:d9:5f:0d
Signer