dffc54e2cf5c39ceef66aeb8db15e8a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dffc54e2cf5c39ceef66aeb8db15e8a9_JaffaCakes118
Size

2.4MB
MD5

dffc54e2cf5c39ceef66aeb8db15e8a9
SHA1

8c4a788cd6c9cea2c7ec682c087783f3a44bfa71
SHA256

a2d63eb8c995a5dd0095e44d6746f882fed9f93a31bb35350c82a5c3a1bfd310
SHA512

10bbc54038463569ac1830e103281d79300461628231ce3d758bf0f6e43191b2b3d58f2bf165cb5cac181933fbdeb8fef978ecb57c3c596e644c8b33765b715b
SSDEEP

49152:ZLarOB2iYJJMtohcb1okaAp2Q6Pjv7U/0X+iqTOjmZt3NH:ZnB2iwh01okLp2Q6Pjv7U/0X+iqm0

Score

1^/10

Malware Config

Signatures

Files

dffc54e2cf5c39ceef66aeb8db15e8a9_JaffaCakes118
.dll windows:6 windows x86 arch:x86

4dd9fe5ab9efb7424b36e28c430fd350

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:ba:94:23:dd:bc:e7:b1:45:a9:5f:01:ee:01:5f:17
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/10/2016, 00:00

Not After

19/01/2020, 23:59

Subject

CN=Avira Operations GmbH & Co. KG,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

11/07/2018, 11:33

Not After

11/07/2021, 11:33

Subject

SERIALNUMBER=HRA 722586,CN=Avira Operations GmbH & Co. KG,OU=Cloud\, Services and Infrastructure,O=Avira Operations GmbH & Co. KG,STREET=Kaplaneiweg 1,L=Tettnang,ST=Baden-Wuerttemberg,C=DE,1.2.840.113549.1.9.1=#0c0c63614061766972612e636f6d,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#1312426164656e2d577565727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b2:d8:02:a7:b1:1a:95:b8:af:12:ba:e9:eb:9c:4c:57:29:50:5b:82:0d:c0:cc:89:76:66:16:92:ee:7f:98:7c
Signer

Actual PE Digest

b2:d8:02:a7:b1:1a:95:b8:af:12:ba:e9:eb:9c:4c:57:29:50:5b:82:0d:c0:cc:89:76:66:16:92:ee:7f:98:7c

Digest Algorithm

sha256

PE Digest Matches

true

94:aa:ca:b8:d1:a9:9a:cc:80:b9:2b:c5:df:cc:ae:7e:21:2d:fa:bb
Signer

Actual PE Digest

94:aa:ca:b8:d1:a9:9a:cc:80:b9:2b:c5:df:cc:ae:7e:21:2d:fa:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\bamboo-build\WAVUI-WINAV-BARW\AV\BuildOutput\Bin\Release\ccsched.dll.pdb

Imports

kernel32

FreeLibraryAndExitThread
GetThreadTimes
InterlockedPushEntrySList
CreateThread
TryEnterCriticalSection
SwitchToThread
QueryPerformanceFrequency
VirtualAlloc
InterlockedFlushSList
ExpandEnvironmentStringsA
LoadLibraryExA
RtlUnwind
GetCommandLineA
GetCommandLineW
ExitThread
GetModuleHandleExW
HeapQueryInformation
SetStdHandle
GetFileType
ExitProcess
GetStdHandle
GetTimeZoneInformation
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
LCMapStringW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
TerminateThread
MoveFileExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
WaitForSingleObjectEx
ResetEvent
SearchPathW
GetProfileIntW
GetTempFileNameW
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
GetTempPathW
SetFilePointer
GlobalGetAtomNameW
GlobalFlags
SetErrorMode
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
lstrcpyW
ResumeThread
CreateEventW
SetEvent
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
FreeResource
EncodePointer
lstrcmpA
GlobalDeleteAtom
GetModuleHandleA
GetCurrentThreadId
OutputDebugStringA
GlobalSize
SetLastError
GetModuleFileNameA
GetFileAttributesA
GetCurrentDirectoryA
CreateFileA
LoadLibraryA
VirtualQuery
VirtualProtect
GlobalLock
GlobalUnlock
OutputDebugStringW
lstrcmpW
CompareFileTime
GetCPInfo
lstrlenW
lstrcmpiW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LocalAlloc
GetCurrentThread
VerifyVersionInfoW
GetVersionExW
GetSystemInfo
VerSetConditionMask
GetComputerNameW
GlobalFree
GlobalAlloc
OpenProcess
GetStartupInfoW
SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
LoadLibraryExW
GetExitCodeProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocaleInfoW
LocalFree
lstrcpynW
GetModuleFileNameW
GetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
FormatMessageW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetWindowsDirectoryW
GetSystemDirectoryW
DecodePointer
GetSystemTime
WriteFile
ReadFile
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
GetCurrentDirectoryW
SystemTimeToFileTime
GetLocalTime
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
CopyFileW
MulDiv
GetTickCount
Sleep
DeleteFileW
OpenEventW
CloseHandle
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException

user32

EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
SendDlgItemMessageA
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetKeyboardLayout
CharUpperW
GetKeyboardState
CreateAcceleratorTableW
UnregisterClassW
GetMessagePos
SendMessageW
EnableWindow
GetTopWindow
GetClassNameW
GetClassLongW
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
GetNextDlgTabItem
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
MapVirtualKeyW
GetKeyNameTextW
PostQuitMessage
DestroyAcceleratorTable
GetMenuStringW
ReleaseCapture
SetCapture
SetScrollPos
BringWindowToTop
CreateIconIndirect
GetWindowThreadProcessId
LoadMenuW
GetWindowDC
ClientToScreen
NotifyWinEvent
GetAsyncKeyState
MapDialogRect
WindowFromPoint
IntersectRect
DestroyMenu
GetMessageW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
ShowOwnedPopups
GetLastActivePopup
MessageBoxW
GetKeyState
GetActiveWindow
SetWindowLongW
SetRectEmpty
GetIconInfo
GetWindowLongW
EqualRect
DrawFocusRect
RealChildWindowFromPoint
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetSystemMenu
SetParent
DrawFrameControl
ScrollWindow
LoadAcceleratorsW
TranslateAcceleratorW
EnableMenuItem
DeleteMenu
GetDC
ReleaseDC
InvalidateRect
DestroyIcon
UpdateWindow
GetWindowRect
PostMessageW
GetParent
GetClientRect
RegisterWindowMessageW
SetWindowPos
IsWindowVisible
GetDlgCtrlID
SetWindowRgn
GetForegroundWindow
LoadStringW
TranslateMessage
DispatchMessageW
PeekMessageW
GetWindowTextW
IsWindow
GetFocus
GetSystemMetrics
DrawStateW
ScreenToClient
FillRect
CopyRect
InflateRect
LoadIconW
LoadImageW
DrawIconEx
DrawEdge
GetMenuState
CreateMenu
CreatePopupMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
GetMenuItemInfoW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetSysColor
GetSysColorBrush
SetRect
GetDesktopWindow
LoadBitmapW
SystemParametersInfoW
SetTimer
KillTimer
GetCursorPos
FrameRect
OffsetRect
IsRectEmpty
PtInRect
LoadCursorW
TrackMouseEvent
SetCursor
CopyAcceleratorTableW
IsZoomed
MessageBeep
SetCursorPos
ToUnicodeEx
LockWindowUpdate
SetClassLongW
GetNextDlgGroupItem
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CopyIcon
DrawIcon
UnionRect
MonitorFromPoint
GetDoubleClickTime
SetMenuDefaultItem
IsCharLowerW
MapVirtualKeyExW
RegisterClipboardFormatW
CharUpperBuffW
UpdateLayeredWindow
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
WaitMessage
PostThreadMessageW
GetComboBoxInfo
DestroyCursor
GetWindowRgn
UnhookWindowsHookEx

gdi32

SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextMetricsW
CreateFontW
GetCharWidthW
StretchDIBits
CombineRgn
SetRectRgn
DPtoLP
CreateDIBitmap
GetTextCharsetInfo
EnumFontFamiliesExW
CreateEllipticRgn
GetTextColor
Polyline
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
SetDIBColorTable
LPtoDP
GetRgnBox
OffsetRgn
ExtFloodFill
SetPaletteEntries
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
SetROP2
SetPolyFillMode
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetClipBox
ExcludeClipRect
CreateBitmap
SetTextColor
SetBkColor
CreateDCW
CreatePalette
Polygon
GetDeviceCaps
CreateSolidBrush
CreatePen
CreatePatternBrush
CreateRoundRectRgn
DeleteObject
GetStockObject
RoundRect
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel
GetTextExtentPoint32W
SetPixel
CreateFontIndirectW
CreateHatchBrush
DeleteDC
Ellipse
Escape
GetBkMode
PatBlt
PtVisible
RectVisible
Rectangle
CreateDIBSection
GetObjectW
TextOutW
ExtTextOutW
CreateRectRgn
GetLayout
RealizePalette
CreateRectRgnIndirect
FillRgn
StretchBlt
CreatePolygonRgn
GetBkColor
EnumFontFamiliesW
CopyMetaFileW
GetCurrentObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
TraceMessage
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
InitializeAcl
GetLengthSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AddAce
CopySid
GetAce
GetAclInformation
IsValidSid
BuildExplicitAccessWithNameW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
GetUserNameW
LookupAccountSidW
GetTokenInformation
GetSecurityDescriptorDacl
OpenProcessToken
CreateProcessAsUserW
QueryServiceStatus
QueryServiceConfigW

shell32

ShellExecuteW
ShellExecuteExW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBrowseForFolderW
SHAppBarMessage
SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Draw
ImageList_AddMasked
ImageList_GetIcon
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_GetImageInfo

shlwapi

PathIsRelativeA
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsAppThemed
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
GetWindowTheme
GetThemeColor
GetCurrentThemeName
GetThemeSysColor

ole32

RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CoInitialize
CoCreateInstance
CoDisconnectObject
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemFree
RevokeDragDrop

oleaut32

LoadTypeLi
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
VariantCopy
VarBstrFromDate
SysFreeString

gdiplus

GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetPixelOffsetMode
GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromResource
GdiplusStartup
GdiplusShutdown
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImagePalette
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImageWidth

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Exports

Exports

execCCPluginCmdA
execCCPluginCmdW
getCCPlugin

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dd9fe5ab9efb7424b36e28c430fd350

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

76:ba:94:23:dd:bc:e7:b1:45:a9:5f:01:ee:01:5f:17Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

2a:09:50:26:3e:06:49:6a:27:81:f5:50Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

b2:d8:02:a7:b1:1a:95:b8:af:12:ba:e9:eb:9c:4c:57:29:50:5b:82:0d:c0:cc:89:76:66:16:92:ee:7f:98:7cSigner

94:aa:ca:b8:d1:a9:9a:cc:80:b9:2b:c5:df:cc:ae:7e:21:2d:fa:bbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 381KB - Virtual size: 380KB

.data Size: 46KB - Virtual size: 65KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 168KB - Virtual size: 167KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

76:ba:94:23:dd:bc:e7:b1:45:a9:5f:01:ee:01:5f:17
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

b2:d8:02:a7:b1:1a:95:b8:af:12:ba:e9:eb:9c:4c:57:29:50:5b:82:0d:c0:cc:89:76:66:16:92:ee:7f:98:7c
Signer

94:aa:ca:b8:d1:a9:9a:cc:80:b9:2b:c5:df:cc:ae:7e:21:2d:fa:bb
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 381KB - Virtual size: 380KB

.data
Size: 46KB - Virtual size: 65KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 168KB - Virtual size: 167KB