fc1d1fe7a038af580168522c90097806_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc1d1fe7a038af580168522c90097806_JaffaCakes118
Size

374KB
MD5

fc1d1fe7a038af580168522c90097806
SHA1

d17e733f060fe42f76a56aadaabe113c6594e1f6
SHA256

4c64787e444b55bc40428c042bf86387332f226c29ab9c323b36791a8174bb03
SHA512

c80b3b6da26aef1d10b4ec09eb8ffc6018f16c57b402e05e46a50475cb8756fea557f2096be8fc592191263ab55b8be39d7c8328fc9c553cf680b5981ef03bee
SSDEEP

6144:/NyUngIuP/cgj/eZllifUESG0c4ahVPzASvi5QS9nqXLeE5GH2i3gmMrZ7MwOenJ:/JnO3c6eZllicY0ahNfvi5j9nk5W2iQZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/war3slcx/d3d8.dll
unpack001/war3slcx/es.dll
unpack001/war3slcx/slcx1.dll
unpack001/war3slcx/魔兽胜率查询器 -V5.1.exe

Files

fc1d1fe7a038af580168522c90097806_JaffaCakes118
.rar
war3slcx/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

fcc40667ac22e0c598518006de958259

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:3d:e6:b4:56:d1:a3:cc:c3:77:ec:dd:05:31:a7:25:62:28:b5:bc
Signer

Actual PE Digest

5b:3d:e6:b4:56:d1:a3:cc:c3:77:ec:dd:05:31:a7:25:62:28:b5:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

WideCharToMultiByte
GetVersion
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
DisableThreadLibraryCalls
lstrlenW
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
DeleteCriticalSection
FreeLibrary
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
LoadLibraryA
GetLastError
InterlockedIncrement
lstrcmpiA
FindResourceA
LockResource
LoadResource
HeapReAlloc

user32

EndDialog
DrawEdge
DialogBoxParamA
LoadCursorA
MessageBoxA
GetActiveWindow
GetDC
CharNextA
ReleaseDC
SetParent
GetWindowRect
ShowWindow
WinHelpA
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetWindowPos
LoadBitmapA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
GetSystemMetrics
GetDlgItemTextA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadStringA
IsWindow
CreateDialogIndirectParamA
GetParent
SetDlgItemTextA
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
SetWindowLongA
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SendDlgItemMessageA
GetDlgItemInt
SetDlgItemInt
SetFocus
MoveWindow
CreateWindowExA
wsprintfA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

VariantChangeType
SysAllocStringLen
SysAllocString
SafeArrayRedim
SysStringLen
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SetErrorInfo
SysFreeString
CreateErrorInfo
GetErrorInfo
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
SysAllocStringByteLen
SafeArrayCreate
SysStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
VariantInit
SafeArrayAccessData
SafeArrayGetDim

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
war3slcx/ReadMe.txt
war3slcx/d3d8.dll
.dll windows:4 windows x86 arch:x86

10577e8f4c2ead16d46640b2a5307ab6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dokumente und Einstellungen\miko\Eigene Dateien\Visual Studio Projects\gp_demo_1.3\gp_d3d8\Release\gp_d3d8.pdb

Imports

kernel32

CreateFileW
GetVersionExA
HeapFree
GetProcessHeap
GetModuleHandleA
CreateFileA
WriteFile
IsProcessorFeaturePresent
ReadFile
SetEndOfFile
CreateFileMappingA
GetFileSize
GetLastError
MultiByteToWideChar
WideCharToMultiByte
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
OutputDebugStringA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
Sleep
GetProcAddress
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
HeapAlloc
RaiseException
DebugBreak
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InterlockedExchange
VirtualQuery
SetFilePointer
SetStdHandle
FlushFileBuffers
InitializeCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
VirtualProtect
GetSystemInfo
HeapSize
LCMapStringA
LCMapStringW

user32

DrawTextA
LoadBitmapA
GetDC
ReleaseDC
DrawTextW

gdi32

SetBkMode
SetBkColor
SetTextColor
CreateFontIndirectA
GetDeviceCaps
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateDIBSection

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Exports

Exports

Direct3DCreate8

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
war3slcx/es.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4c965a5531f19f7f8c528c1a6ec0cb02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaObjVar
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaLateMemCall
_CIatan
_allmul
_CItan
_CIexp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
war3slcx/slcx1.dll
.dll windows:4 windows x86 arch:x86

04f7ae1af7f4ecf7e6103e798d522357

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dokumente und Einstellungen\miko\Eigene Dateien\Visual Studio Projects\gp_demo_1.3\gp_dll\Release\gp_dll.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapFree
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
DebugBreak
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcessHeap
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
RaiseException
GlobalFlags
InterlockedIncrement
WritePrivateProfileStringA
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
OutputDebugStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetSystemTimeAsFileTime
CloseHandle

user32

RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetSystemMetrics
PostQuitMessage
PostMessageA
SetCursor
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
wsprintfA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
DestroyMenu
SendMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA

gdi32

DeleteDC
ExtTextOutA
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
Escape

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

GPML_SetTextMultilineData
GPML_ShowText
GPPIC_LoadNewPicture
GPPIC_ShowPicturePos
GPSI_GetScreenSize
GPSL_SetTextLineData
GPSL_ShowText

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
war3slcx/魔兽胜率查询器 -V5.1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fcc40667ac22e0c598518006de958259

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

5b:3d:e6:b4:56:d1:a3:cc:c3:77:ec:dd:05:31:a7:25:62:28:b5:bcSigner

Headers

File Characteristics

Imports

wsock32

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 8KB - Virtual size: 4KB

10577e8f4c2ead16d46640b2a5307ab6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 254KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 20KB - Virtual size: 28KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 16KB - Virtual size: 12KB

4c965a5531f19f7f8c528c1a6ec0cb02

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 780B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 280B

04f7ae1af7f4ecf7e6103e798d522357

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

5b:3d:e6:b4:56:d1:a3:cc:c3:77:ec:dd:05:31:a7:25:62:28:b5:bc
Signer

.text
Size: 68KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 20KB - Virtual size: 28KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 780B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 280B

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 10KB - Virtual size: 12KB