eaf97a2149873c00b0f1a9d81074174f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eaf97a2149873c00b0f1a9d81074174f_JaffaCakes118
Size

5.4MB
MD5

eaf97a2149873c00b0f1a9d81074174f
SHA1

3898471438a60cbf2a135efc5becba00d4e9e3c4
SHA256

cd09e91d0d2a7b0f00a7bae562b65e029f8a561d118194df320a432ed75910ed
SHA512

5334b4e643aaa1804ac35184684af50bfde7165f150c9b9fa8609226dd6111ceb1e378f4bb8340849f56cc9a243a37591b77c69c0ed2f53809a756ec09a4efa6
SSDEEP

98304:kxUz/m1regKJvTxkBPoO2OZwYKUtbntFEOp+WDkGL0N1jkvz1pNMIdaUe:kxUzuylSB5cCbUOpPwGIHjkrjpe

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/nsisdt.dll
unpack001/Images/ads/Images/puzzles/AdorableAnimals/Jigsaw.dll
unpack001/Images/ads/Images/puzzles/AdorableAnimals/JigsawAdorableAnimals.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

eaf97a2149873c00b0f1a9d81074174f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8f5180fdf5c2d5c5d3bcba1f06dad45

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:26:87:c7:30:6c:81:a2:7d:9c:1b:28:c9:cc:77:c1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/12/2007, 00:00

Not After

08/12/2009, 23:59

Subject

CN=SpinTop Media\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SpinTop Media\, Inc.,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:ce:e3:64:b0:32:37:70:1a:fc:86:24:22:87:0c:40:8a:ac:86:e3
Signer

Actual PE Digest

0c:ce:e3:64:b0:32:37:70:1a:fc:86:24:22:87:0c:40:8a:ac:86:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
lstrcmpiA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b3d296ff6f7abb1319ee006fcc6c4d98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
OpenClipboard

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/nsisdt.dll
.dll windows:1 windows x86 arch:x86

aa911a57ef69e33e93666ad699a8d7be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
RtlUnwind
lstrcpyA

crtdll

_fdopen
_open_osfhandle
fclose
_cexit
localtime
malloc
printf
raise
setbuf
strcpy
strftime
time

Exports

Exports

currentdate

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 52B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 576B - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 144B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 76B - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
$_3_/SpinTop/spintop.ico
Images/ads/Images/activategame.gif
.gif
Images/ads/Images/activationsuccess.html
.html
Images/ads/Images/armhelper.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

389013c13e3f16743b427a7b490301ee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:26:87:c7:30:6c:81:a2:7d:9c:1b:28:c9:cc:77:c1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/12/2007, 00:00

Not After

08/12/2009, 23:59

Subject

CN=SpinTop Media\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SpinTop Media\, Inc.,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:23:33:63:3c:71:ff:ac:bf:e7:56:32:82:db:1c:c0:a9:09:1c:84
Signer

Actual PE Digest

bb:23:33:63:3c:71:ff:ac:bf:e7:56:32:82:db:1c:c0:a9:09:1c:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
SetEnvironmentVariableA
GetEnvironmentVariableA
FreeConsole
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
GetLocalTime
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
HeapReAlloc
QueryPerformanceCounter
CompareStringW
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStdHandle
WriteFile
InterlockedDecrement
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
MapViewOfFile
GetShortPathNameA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
DestroyWindow

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text1
Size: 288KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 44KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 20KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 312KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Images/ads/Images/bckgrndtop_new.gif
.gif
Images/ads/Images/box.jpg
.jpg
Images/ads/Images/btn_dlfree.gif
.gif
Images/ads/Images/btn_playfree.gif
.gif
Images/ads/Images/btn_purchase.gif
.gif
Images/ads/Images/close_window.gif
.gif
Images/ads/Images/connect.html
.html .js polyglot
Images/ads/Images/continue_activate.gif
.gif
Images/ads/Images/continue_inbrowser.gif
.gif
Images/ads/Images/continue_incart.gif
.gif
Images/ads/Images/end.html
.html .js polyglot
Images/ads/Images/exit_ad.html
.html .js polyglot
Images/ads/Images/expire.html
.html .js polyglot
Images/ads/Images/expired_ad.html
.html .js polyglot
Images/ads/Images/logotop02.gif
.gif
Images/ads/Images/morespintopgames.jpg
.jpg
Images/ads/Images/noconnection.html
.html
Images/ads/Images/processing_bar.gif
.gif
Images/ads/Images/puzzles/AdorableAnimals/200207207-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200207744-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200207785-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200226542-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200262156-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200269619-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200281173-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200281419-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200321173-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200329111-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200351581-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200351939-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200352066-001.jig
Images/ads/Images/puzzles/AdorableAnimals/200352108-001.jig
Images/ads/Images/puzzles/AdorableAnimals/71028882.jig
Images/ads/Images/puzzles/AdorableAnimals/71029128.jig
Images/ads/Images/puzzles/AdorableAnimals/71029258.jig
Images/ads/Images/puzzles/AdorableAnimals/71029265.jig
Images/ads/Images/puzzles/AdorableAnimals/71029325.jig
Images/ads/Images/puzzles/AdorableAnimals/71042434.jig
Images/ads/Images/puzzles/AdorableAnimals/71042438.jig
Images/ads/Images/puzzles/AdorableAnimals/71042504.jig
Images/ads/Images/puzzles/AdorableAnimals/71044128.jig
Images/ads/Images/puzzles/AdorableAnimals/71044142.jig
Images/ads/Images/puzzles/AdorableAnimals/71044149.jig
Images/ads/Images/puzzles/AdorableAnimals/71057035.jig
Images/ads/Images/puzzles/AdorableAnimals/71057065.jig
Images/ads/Images/puzzles/AdorableAnimals/71057159.jig
Images/ads/Images/puzzles/AdorableAnimals/71057181.jig
Images/ads/Images/puzzles/AdorableAnimals/71057192.jig
Images/ads/Images/puzzles/AdorableAnimals/Jigsaw.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Images/ads/Images/puzzles/AdorableAnimals/JigsawAdorableAnimals.exe
.exe windows:4 windows x86 arch:x86

040d42a8c952baef48568bd3725ac38c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
MultiByteToWideChar
HeapSize
HeapReAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
DeleteCriticalSection
GetStdHandle
WriteFile
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
MapViewOfFile
GetShortPathNameA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
GetSystemMetrics
SetTimer
GetAsyncKeyState
KillTimer
BeginPaint
EndPaint
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
DestroyWindow

gdi32

CreateDCA
CreateDIBitmap
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
BitBlt
DeleteDC
DeleteObject
CreatePalette

Exports

Exports

?CheckTrial@@YAXXZ
?GetRegistrationInformation@@YGXPAD@Z
?SetRegistrationKey@@YGPADXZ

Sections

.text
Size: - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 7B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 264KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 44KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 628KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Images/ads/Images/puzzles/AdorableAnimals/JigsawAdorableAnimalsCredits.txt
Images/ads/Images/puzzles/AdorableAnimals/WL004028.jig
Images/ads/Images/puzzles/AdorableAnimals/categoryName.png
.png
Images/ads/Images/puzzles/AdorableAnimals/dv031125.jig
Images/ads/Images/puzzles/AdorableAnimals/dv032017.jig
Images/ads/Images/puzzles/AdorableAnimals/dv1549003.jig
Images/ads/Images/puzzles/AdorableAnimals/dv1549005.jig
Images/ads/Images/puzzles/AdorableAnimals/dv1549014.jig
Images/ads/Images/puzzles/AdorableAnimals/dv1909022.jig
Images/ads/Images/puzzles/AdorableAnimals/dv1909035.jig
Images/ads/Images/puzzles/AdorableAnimals/dv1909036.jig
Images/ads/Images/puzzles/AdorableAnimals/dv1909038.jig
Images/ads/Images/puzzles/AdorableAnimals/dv1910024.jig
Images/ads/Images/puzzles/AdorableAnimals/dv191005.jig
Images/ads/Images/puzzles/AdorableAnimals/dv413057.jig
Images/ads/Images/puzzles/AdorableAnimals/dv413085.jig
Images/ads/Images/puzzles/AdorableAnimals/dv413104.jig
Images/ads/Images/puzzles/AdorableAnimals/dv455006.jig
Images/ads/Images/puzzles/AdorableAnimals/dv455013.jig
Images/ads/Images/puzzles/AdorableAnimals/dv455050.jig
Images/ads/Images/puzzles/AdorableAnimals/dv455057.jig
Images/ads/Images/puzzles/AdorableAnimals/dv455065.jig
Images/ads/Images/puzzles/AdorableAnimals/loading.gif
.jpg
Images/ads/Images/puzzles/AdorableAnimals/readme.txt
Images/ads/Images/reminder.html
.html .js polyglot
Images/ads/Images/reminder_ad.html
.html
Images/ads/Images/secure_logo.gif
.gif
Images/ads/Images/seemoregames.gif
.gif
Images/ads/Images/splash.bmp
Images/ads/Images/start.html
.html .js polyglot
Images/ads/Images/stg_drm.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

713f5815959419d61fcdd3c72213c0ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:26:87:c7:30:6c:81:a2:7d:9c:1b:28:c9:cc:77:c1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/12/2007, 00:00

Not After

08/12/2009, 23:59

Subject

CN=SpinTop Media\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SpinTop Media\, Inc.,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:a0:28:3c:1e:a8:d5:69:d4:ca:90:e8:38:c8:bc:ae:6e:20:f0:32
Signer

Actual PE Digest

05:a0:28:3c:1e:a8:d5:69:d4:ca:90:e8:38:c8:bc:ae:6e:20:f0:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
SizeofResource
LoadLibraryExA
lstrcmpiA
FreeLibrary
FindResourceA
IsDBCSLeadByte
lstrcpynA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
lstrcatA
GetProcAddress
LoadLibraryA
GetShortPathNameA
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
ResumeThread
SetCurrentDirectoryA
Sleep
TerminateThread
WaitForSingleObject
GetFileSize
ReadFile
CloseHandle
GetTempPathA
GetTempFileNameA
GetModuleFileNameA
lstrlenA
MoveFileExA
GetLastError
MultiByteToWideChar
lstrlenW
ExitProcess
WriteFile
CreateFileA
InterlockedDecrement
InterlockedIncrement
lstrcpyA
DeleteFileA
TlsSetValue
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
CreateThread
GetFullPathNameA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
HeapSize
TerminateProcess
RaiseException
SetEndOfFile
GetOEMCP
GetACP
SetFilePointer
FlushFileBuffers
GetSystemTimeAsFileTime
RtlUnwind
SetStdHandle
HeapAlloc
HeapReAlloc
GetVersion
HeapFree
GetCommandLineA

user32

ShowWindow
SetFocus
SetWindowRgn
OffsetRect
SetWindowPos
EqualRect
GetParent
CharNextA
ReleaseDC
GetDC
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
IsChild
GetFocus
EndPaint
GetClientRect
BeginPaint
IntersectRect
SendMessageA
EnumWindows
InvalidateRect
GetKeyState
DestroyWindow
IsWindow
GetWindowTextA
GetWindowLongA
CreateWindowExA
CallWindowProcA
UnionRect
DefWindowProcA
SetWindowLongA
PtInRect

gdi32

RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateDCA
CreateRectRgnIndirect
DeleteDC

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CreateOleAdviseHolder
OleRegGetUserType
CoInitializeEx
CoUninitialize
OleRegGetMiscStatus
CoTaskMemAlloc
OleRegEnumVerbs
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadTypeLi
VariantClear
LoadRegTypeLi
SysFreeString
SysAllocString
RegisterTypeLi
OleCreatePropertyFrame
VarUI4FromStr
SysAllocStringLen
SysStringLen

wininet

InternetSetStatusCallback
GetUrlCacheEntryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetGetConnectedState
InternetOpenA

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Images/ads/Images/unlockpage.html
.html .js polyglot
Images/ads/Images/wndwbtm.gif
.gif
Images/ads/Images/wndwbtmleft.gif
.gif
Images/ads/Images/wndwbtmright.gif
.gif
Images/ads/Images/wndwleft.gif
.gif
Images/ads/Images/wndwright.gif
.gif
Images/ads/Images/wndwtop.gif
.gif
Images/ads/Images/wndwtopleft.gif
.gif
Images/ads/Images/wndwtopright.gif
.gif
Images/ads/agatha_christie_40x40.jpg
.jpg
Images/ads/amazing_adventures_100x75.jpg
.jpg
Images/ads/amazing_adventures_40x40.jpg
.jpg
Images/ads/amazing_adventures_main.jpg
.jpg
Images/ads/around_the_world_in_80days_40x40.jpg
.jpg
Images/ads/bca_sydney_40x40.jpg
.jpg
Images/ads/bckgrndtop_new.gif
.gif
Images/ads/bejeweled_2_100x75.jpg
.jpg
Images/ads/bejeweled_2_40x40.jpg
.jpg
Images/ads/big_city_adventure_100x75.jpg
.jpg
Images/ads/big_city_adventure_40x40.jpg
.jpg
Images/ads/big_city_adventure_main.jpg
.jpg
Images/ads/box.jpg
.jpg
Images/ads/btn_dlfree.gif
.gif
Images/ads/btn_purchase.gif
.gif
Images/ads/cate_west_40x40.jpg
.jpg
Images/ads/exit_ad.html
.html .js polyglot
Images/ads/expired_ad.html
.html .js polyglot
Images/ads/family_feud_ii_100x75.jpg
.jpg
Images/ads/fashion_boutique_40x40.jpg
.jpg
Images/ads/great_secrets_40x40.jpg
.jpg
Images/ads/jigsaw_platinum_100x75.jpg
.jpg
Images/ads/jigsaw_platinum_40x40.jpg
.jpg
Images/ads/little_shop_treasures_100x75.jpg
.jpg
Images/ads/little_shop_treasures_40x40.jpg
.jpg
Images/ads/logotop2.gif
.gif
Images/ads/lucy_q_100x75.jpg
.jpg
Images/ads/magic_academy_100x75.jpg
.jpg
Images/ads/magic_academy_40x40.jpg
.jpg
Images/ads/magic_match_adventures_40x40.jpg
.jpg
Images/ads/mahjong_escapeaj_100x75.jpg
.jpg
Images/ads/mahjong_escapeaj_40x40.jpg
.jpg
Images/ads/mahjong_world_100x75.jpg
.jpg
Images/ads/mahjong_world_40x40.jpg
.jpg
Images/ads/mahjong_world_main.jpg
.jpg
Images/ads/mariposa_100x75.jpg
.jpg
Images/ads/mcf_madame_fate_40x40.jpg
.jpg
Images/ads/mcf_ravenhearst_100x75.jpg
.jpg
Images/ads/monopoly_here_now_100x75.jpg
.jpg
Images/ads/monopoly_here_now_40x40.jpg
.jpg
Images/ads/monte_cristo_40x40.jpg
.jpg
Images/ads/mystery_pi_100x75.jpg
.jpg
Images/ads/mystery_solitaire_si_100x75.jpg
.jpg
Images/ads/mystery_solitaire_si_40x40.jpg
.jpg
Images/ads/new.jpg
.jpg
Images/ads/paradise_pet_salon_100x75.jpg
.jpg
Images/ads/peggle_100x75.jpg
.jpg
Images/ads/peggle_40x40.jpg
.jpg
Images/ads/reminder_ad.html
.html
Images/ads/rise_of_atlantis_100x75.jpg
.jpg
Images/ads/sallys_salon_40x40.jpg
.jpg
Images/ads/scrabble_gh_100x75.jpg
.jpg
Images/ads/scrabble_gh_40x40.jpg
.jpg
Images/ads/seemoregames.gif
.gif
Images/ads/spell_jam_100x75.jpg
.jpg
Images/ads/wndwbtm.gif
.gif
Images/ads/wndwbtmleft.gif
.gif
Images/ads/wndwbtmright.gif
.gif
Images/ads/wndwleft.gif
.gif
Images/ads/wndwright.gif
.gif
Images/ads/wndwtop.gif
.gif
Images/ads/wndwtopleft.gif
.gif
Images/ads/wndwtopright.gif
.gif
Images/ads/yahtzee_100x75.jpg
.jpg
Images/ads/yahtzee_40x40.jpg
.jpg
Images/ads/yahtzee_main.jpg
.jpg
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

b8f5180fdf5c2d5c5d3bcba1f06dad45

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

43:26:87:c7:30:6c:81:a2:7d:9c:1b:28:c9:cc:77:c1Certificate

Extended Key Usages

Key Usages

0c:ce:e3:64:b0:32:37:70:1a:fc:86:24:22:87:0c:40:8a:ac:86:e3Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 114KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

b3d296ff6f7abb1319ee006fcc6c4d98

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 990B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

aa911a57ef69e33e93666ad699a8d7be

Headers

File Characteristics

Imports

kernel32

crtdll

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 20B

.data Size: 52B - Virtual size: 52B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

43:26:87:c7:30:6c:81:a2:7d:9c:1b:28:c9:cc:77:c1
Certificate

0c:ce:e3:64:b0:32:37:70:1a:fc:86:24:22:87:0c:40:8a:ac:86:e3
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 114KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 990B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 20B

.data
Size: 52B - Virtual size: 52B

.idata
Size: 576B - Virtual size: 576B

.reloc
Size: 144B - Virtual size: 144B

.edata
Size: 76B - Virtual size: 76B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

43:26:87:c7:30:6c:81:a2:7d:9c:1b:28:c9:cc:77:c1
Certificate

bb:23:33:63:3c:71:ff:ac:bf:e7:56:32:82:db:1c:c0:a9:09:1c:84
Signer

.text
Size: - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: - Virtual size: 13KB

.reloc
Size: - Virtual size: 4KB

.text1
Size: 288KB - Virtual size: 320KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 44KB - Virtual size: 64KB

.reloc1
Size: 20KB - Virtual size: 64KB

.pdata
Size: 312KB - Virtual size: 320KB

.rsrc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 912KB - Virtual size: 911KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: - Virtual size: 529KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: - Virtual size: 219KB

.tls
Size: - Virtual size: 7B

.text1
Size: 264KB - Virtual size: 320KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 44KB - Virtual size: 128KB

.pdata
Size: 628KB - Virtual size: 640KB

.rsrc
Size: 204KB - Virtual size: 204KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate