ef816adf6e8ff8b341950847784770aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef816adf6e8ff8b341950847784770aa_JaffaCakes118
Size

4.6MB
MD5

ef816adf6e8ff8b341950847784770aa
SHA1

84593a4523de54d1245cde26a1f9a88a325cdb79
SHA256

f4c9c37d7b007e3f5ae08eee78422dccf2945802f1b3378999c59aaebf180026
SHA512

c4943db7c718ac9e94baa148db2966c97a32238eea6fb4e603448738943da051526cc8815d9155753204f07de071222a553abba9ee1fe515341b2902073d0161
SSDEEP

98304:hfjEDWiHl6gnQrTyFJNzux1zQmcK6Q2Oa6gVEFLOAkGkzdnEVomFHKnPd:hfb+XIE3mcK674wEFLOyomFHKnPd

Score

1^/10

Malware Config

Signatures

Files

ef816adf6e8ff8b341950847784770aa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d64c25b9df22f52c4d7bb94cf56f2d87

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/04/2016, 00:00

Not After

07/04/2019, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/03/2016, 00:00

Not After

28/03/2018, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:a3:b8:21:43:20:b5:82:47:a9:3c:0b:b5:65:2c:ab:c4:ad:79:e5:06:07:2c:84:7a:8a:5c:91:a7:73:08:5d
Signer

Actual PE Digest

4b:a3:b8:21:43:20:b5:82:47:a9:3c:0b:b5:65:2c:ab:c4:ad:79:e5:06:07:2c:84:7a:8a:5c:91:a7:73:08:5d

Digest Algorithm

sha256

PE Digest Matches

true

8a:68:67:a1:3c:b1:9f:ad:2a:d4:ab:cd:20:52:62:af:a5:52:52:8a
Signer

Actual PE Digest

8a:68:67:a1:3c:b1:9f:ad:2a:d4:ab:cd:20:52:62:af:a5:52:52:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\Proxifier\Program\Repo\ProxifierWin\Proxifier\Portable Release\Proxifier.pdb

Imports

kernel32

GetDriveTypeW
SetEnvironmentVariableA
HeapAlloc
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualFree
FreeLibraryAndExitThread
GetThreadTimes
WriteConsoleW
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
OutputDebugStringW
SetFilePointerEx
ReadConsoleW
UnregisterWait
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
RaiseException
GetLastError
HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
GetTickCount
GetCurrentThreadId
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceW
Sleep
ReadFile
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleW
LocalFree
ResumeThread
CreateFileW
WaitForSingleObject
CreateNamedPipeW
ConnectNamedPipe
InitializeCriticalSection
CreateEventW
GetModuleFileNameW
MultiByteToWideChar
GetVersionExW
GetCurrentProcess
ResetEvent
SetEvent
OpenMutexW
GetExitCodeProcess
GetCurrentProcessId
CreateMutexW
GetFileAttributesW
SuspendThread
OpenProcess
GetPrivateProfileSectionW
CreateDirectoryW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
ExpandEnvironmentStringsW
SetLastError
GetComputerNameA
GetPrivateProfileStringW
LoadLibraryW
FreeLibrary
CreateSemaphoreW
CreateProcessW
WaitForMultipleObjects
ReleaseSemaphore
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentThread
GetComputerNameW
GetSystemTime
LoadLibraryA
GetSystemDirectoryA
TerminateProcess
FormatMessageW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
CopyFileW
FreeResource
SetThreadPriority
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
CompareStringA
lstrcpyW
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
FileTimeToSystemTime
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrcmpiW
DeleteFileW
GetFileSize
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
MoveFileW
GetStringTypeExW
GetThreadLocale
GetDiskFreeSpaceW
GetFileTime
GetTempFileNameW
SetFileTime
ReplaceFileW
SystemTimeToFileTime
GetUserDefaultLCID
LocalAlloc
GlobalGetAtomNameW
GetCurrentDirectoryW
GlobalReAlloc
VerSetConditionMask
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetProfileIntW
SearchPathW
GetFileAttributesExW
GetFileSizeEx
LocalFileTimeToFileTime
SetErrorMode
GetWindowsDirectoryW
VirtualProtect
FindResourceExW
GetCommandLineW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
CreateThread
ExitThread
ExitProcess
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualQuery
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetStringTypeW
HeapReAlloc

user32

DrawTextW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
MonitorFromPoint
SetWindowRgn
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
GetWindowThreadProcessId
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
SystemParametersInfoW
IsZoomed
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
CallNextHookEx
GetNextDlgGroupItem
GetMenuItemInfoW
UnregisterClassW
DrawTextExW
DefWindowProcW
LoadIconW
LoadCursorW
SetWindowsHookExW
ValidateRect
GetKeyState
GetActiveWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
DestroyMenu
LoadAcceleratorsW
GetClassInfoW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
IsRectEmpty
DrawFrameControl
ReleaseCapture
WindowFromPoint
SetCapture
OffsetRect
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
PostThreadMessageW
WaitMessage
TrackMouseEvent
CharUpperW
GetAsyncKeyState
SetCursor
IntersectRect
NotifyWinEvent
SetParent
ShowOwnedPopups
CountClipboardFormats
IsClipboardFormatAvailable
SetRect
KillTimer
EnableMenuItem
GetSystemMenu
MessageBeep
HideCaret
IsChild
PtInRect
IsWindowVisible
InflateRect
FillRect
GetFocus
SetMenuDefaultItem
AppendMenuW
InSendMessage
BringWindowToTop
GetUpdateRect
LockWindowUpdate
UnionRect
GetSysColorBrush
SetClassLongW
CreatePopupMenu
GetKeyNameTextW
FindWindowW
SendMessageW
IsIconic
GetLastActivePopup
SetForegroundWindow
UpdateWindow
MessageBoxW
SetMenuItemInfoW
InsertMenuItemW
wsprintfW
UnhookWindowsHookEx
RegisterWindowMessageW
EnableWindow
SetRectEmpty
InvalidateRect
ClientToScreen
GetCursorPos
ScreenToClient
GetSysColor
DestroyIcon
GetParent
GetClientRect
LoadMenuW
GetSubMenu
SetTimer
LoadImageW
GetSystemMetrics
GetDC
ReleaseDC
CopyImage
GetIconInfo
UpdateLayeredWindow
CharNextW
EnableScrollBar
CreateIconIndirect
RedrawWindow
GetWindowRect
GetDesktopWindow
DeleteMenu
MapVirtualKeyW
DestroyAcceleratorTable
TranslateAcceleratorW
UnpackDDElParam
ReuseDDElParam
PostMessageW
IsMenu
GetMenuDefaultItem
DrawIconEx
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFocusRect
ModifyMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SendDlgItemMessageA
SendNotifyMessageW
CopyAcceleratorTableW
RealChildWindowFromPoint
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
EnumChildWindows
GetTabbedTextExtentW
InvertRect
GetWindowRgn
MapVirtualKeyExW
IsCharLowerW
DrawIcon
DestroyCursor
GetDoubleClickTime
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetComboBoxInfo
SubtractRect
CreateMenu
FrameRect
CopyIcon
SetCursorPos
InvalidateRgn
CharUpperBuffW

gdi32

SetPixelV
EnumFontFamiliesExW
GetTextFaceW
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
GetSystemPaletteEntries
GetNearestPaletteIndex
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
GetTextAlign
SetPaletteEntries
ExtFloodFill
LPtoDP
GetViewportOrgEx
GetPaletteEntries
CreatePalette
GetWindowOrgEx
GetCharWidthW
OffsetRgn
GetRgnBox
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
SetRectRgn
GetMapMode
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RoundRect
Polyline
Polygon
CreatePolygonRgn
GetBkColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
StretchBlt
RealizePalette
GetDIBits
CombineRgn
CreateDIBSection
PatBlt
CreateRectRgnIndirect
DPtoLP
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateRoundRectRgn
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
SetPixel
CreatePen
CreateFontIndirectW
GetObjectW
CreateFontW
GetStockObject
GetTextExtentPoint32W
GetTextColor
GetTextMetricsW
Rectangle
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
FreeSid
RegCreateKeyExW
RegSetValueExW
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidW
EqualSid
RegEnumValueW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueW
IsValidSid

shell32

DragAcceptFiles
ShellExecuteW
SHGetSpecialFolderPathW
ExtractIconExW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHAppBarMessage
ExtractIconW
SHAddToRecentDocs
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Draw
ImageList_AddMasked
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
InitCommonControlsEx

shlwapi

PathStripToRootW
SHCreateStreamOnFileW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
UrlUnescapeW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetWindowTheme
DrawThemeParentBackground
IsAppThemed
DrawThemeText
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
OpenThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
CloseThemeData

ole32

CreateItemMoniker
CoLockObjectExternal
CreateILockBytesOnHGlobal
RevokeDragDrop
CreateFileMoniker
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
StgCreateDocfile
OleRegEnumVerbs
OleRegGetMiscStatus
CoDisconnectObject
GetRunningObjectTable
OleRun
OleIsRunning
CreateStreamOnHGlobal
CoInitializeEx
OleSetMenuDescriptor
OleLockRunning
CoInitialize
CoGetClassObject
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
DoDragDrop
OleGetClipboard
CreateGenericComposite
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
CLSIDFromProgID

oleaut32

VariantClear
VariantChangeType
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantInit
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW
OleUIObjectPropertiesW
OleUIEditLinksW
OleUIPasteSpecialW
OleUIInsertObjectW
OleUIAddVerbMenuW

gdiplus

GdipBitmapLockBits
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdiplusShutdown
GdipCreateBitmapFromScan0

secur32

CompleteAuthToken
InitializeSecurityContextA
FreeContextBuffer
QuerySecurityPackageInfoA
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext

crypt32

CryptUnprotectData
CryptProtectData

iphlpapi

NotifyAddrChange

xmllite

CreateXmlWriter
CreateXmlReader

ws2_32

getservbyname
htonl
getservbyport
gethostbyaddr
ioctlsocket
__WSAFDIsSet
WSAAccept
connect
getsockname
getsockopt
setsockopt
WSASocketW
WSASetLastError
WSAEnumProtocolsW
select
WSAAddressToStringW
WSAStringToAddressW
inet_addr
WSAStartup
accept
listen
bind
htons
recv
send
closesocket
ntohl
inet_ntoa
gethostbyname
WSACreateEvent
ntohs
WSAGetLastError
socket

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

HttpQueryInfoW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d64c25b9df22f52c4d7bb94cf56f2d87

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78Certificate

Extended Key Usages

Key Usages

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

4b:a3:b8:21:43:20:b5:82:47:a9:3c:0b:b5:65:2c:ab:c4:ad:79:e5:06:07:2c:84:7a:8a:5c:91:a7:73:08:5dSigner

8a:68:67:a1:3c:b1:9f:ad:2a:d4:ab:cd:20:52:62:af:a5:52:52:8aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

secur32

crypt32

iphlpapi

xmllite

ws2_32

oleacc

wininet

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 528KB - Virtual size: 528KB

.data Size: 37KB - Virtual size: 125KB

.tls Size: 2KB - Virtual size: 1KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 174KB - Virtual size: 173KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

4b:a3:b8:21:43:20:b5:82:47:a9:3c:0b:b5:65:2c:ab:c4:ad:79:e5:06:07:2c:84:7a:8a:5c:91:a7:73:08:5d
Signer

8a:68:67:a1:3c:b1:9f:ad:2a:d4:ab:cd:20:52:62:af:a5:52:52:8a
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 528KB - Virtual size: 528KB

.data
Size: 37KB - Virtual size: 125KB

.tls
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 174KB - Virtual size: 173KB