00644e57416aa65eb809e63546c3f419_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00644e57416aa65eb809e63546c3f419_JaffaCakes118
Size

1.9MB
MD5

00644e57416aa65eb809e63546c3f419
SHA1

8d3c35992c84c9633f738efa1b465e23bf9583c1
SHA256

61464deadd53ca82920118097196b28fe19d89aa1b1e0f7cfe4759bdb20abef2
SHA512

3f153827b14986c05abcca6b480a116109f02cb1a412bd65a15c77ccee2355dbab8ff3fc4a5b0eb7b571256ceb28b249287eb0423e9ddacdcef318ac62ca9293
SSDEEP

49152:/bGy9StunUUoxtry9KKcUaXJ+T9oIbB4XWh7hRX3P2DUq:Tf9St3xt29KKMyFbjVF3P2DUq

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

00644e57416aa65eb809e63546c3f419_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$1
.exe windows:4 windows x86 arch:x86

fe755543f22accafed5183af7ec235a1

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sqlite3

sqlite3_exec
sqlite3_free
sqlite3_open16
sqlite3_close

qtquart

ord1
ord7
_QT_FindNextItemForCount@8
ord2
ord5

mfc42u

ord4124
ord6879
ord6667
ord6896
ord4119
ord4229
ord2371
ord6195
ord3087
ord6330
ord6898
ord3993
ord4155
ord2809
ord2637
ord1172
ord2634
ord3579
ord1143
ord543
ord803
ord3332
ord3806
ord6107
ord755
ord470
ord5798
ord6451
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord1771
ord6193
ord5568
ord5142
ord5949
ord326
ord6003
ord4197
ord1761
ord4050
ord3281
ord3296
ord4272
ord2281
ord3494
ord2507
ord355
ord4470
ord5945
ord4294
ord6871
ord6911
ord3568
ord6655
ord6376
ord4266
ord2115
ord6668
ord6880
ord3909
ord2644
ord668
ord4120
ord3176
ord4053
ord2773
ord2762
ord356
ord1662
ord4270
ord2385
ord665
ord1971
ord1560
ord5438
ord268
ord3313
ord5180
ord354
ord5706
ord798
ord1989
ord6868
ord5461
ord5188
ord533
ord2606
ord5679
ord5852
ord4199
ord6381
ord6918
ord2755
ord4128
ord4292
ord5784
ord3688
ord3084
ord2859
ord4395
ord2573
ord4214
ord3288
ord2854
ord2746
ord4279
ord692
ord795
ord3701
ord790
ord3541
ord5871
ord2855
ord1634
ord3614
ord656
ord809
ord3658
ord2099
ord2836
ord6390
ord5446
ord6379
ord5436
ord4166
ord3088
ord323
ord1633
ord5781
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord562
ord5778
ord816
ord804
ord3724
ord3389
ord289
ord2559
ord2372
ord283
ord2406
ord4118
ord613
ord3621
ord2111
ord2081
ord2085
ord2100
ord765
ord3605
ord3693
ord3393
ord693
ord6504
ord616
ord609
ord2092
ord6688
ord6238
ord2072
ord3991
ord2108
ord2070
ord2091
ord2105
ord6605
ord810
ord3711
ord6733
ord3635
ord3365
ord3569
ord4390
ord2567
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord3716
ord3728
ord4396
ord2574
ord3634
ord2016
ord2405
ord6362
ord1764
ord1230
ord2144
ord818
ord567
ord3737
ord3397
ord5286
ord1768
ord6051
ord922
ord927
ord537
ord940
ord942
ord5273
ord1569
ord6370
ord3792
ord324
ord641
ord3592
ord4419
ord4621
ord3356
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord2910
ord2717
ord540
ord538
ord2756
ord861
ord6921
ord823
ord6278
ord6279
ord6919
ord858
ord1131
ord2613
ord1165
ord1229
ord2810
ord925
ord2078
ord6211
ord535
ord4400
ord2579
ord4282
ord6726
ord2114
ord556
ord682
ord3625
ord4394
ord2572
ord1088
ord2444
ord6597
ord3566
ord2290
ord2350
ord2293
ord2362
ord3871
ord1972
ord2914
ord800
ord815
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord4269
ord4667
ord3173

msvcrt

strchr
_CIpow
strtod
_beginthread
_endthreadex
__RTDynamicCast
wcsncmp
wcsstr
time
wcsncpy
_purecall
_iob
fprintf
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
??0exception@@QAE@ABQBD@Z
_adjust_fdiv
_initterm
_controlfp
_wcmdln
exit
longjmp
tolower
_wfsopen
_snprintf
abort
isalpha
towlower
_wcsnicmp
_wfopen
__CxxLongjmpUnwind
_setjmp3
fseek
ftell
fread
memchr
_XcptFilter
_exit
??0exception@@QAE@XZ
memmove
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_beginthreadex
malloc
strncmp
wcscmp
_wtoi64
wcsrchr
__CxxFrameHandler
wcslen
free
_wcsdup
__dllonexit
_onexit
__p__commode
sscanf
_ftol
_wmakepath
_wsplitpath
?terminate@@YAXXZ
atoi
strstr
__wgetmainargs
__setusermatherr
_vsnwprintf
_wcsicmp
_vsnprintf
_wtoi
wcschr
wcsncat
fclose
fwrite
fopen
isspace
isalnum

kernel32

SetEndOfFile
GetFileSize
SuspendThread
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OutputDebugStringA
MultiByteToWideChar
WriteFile
ReadFile
CreateFileW
SetFilePointer
GetWindowsDirectoryW
CreateDirectoryW
GetDiskFreeSpaceW
GetModuleFileNameA
GetACP
WideCharToMultiByte
FindFirstChangeNotificationW
ReadDirectoryChangesW
FindCloseChangeNotification
ProcessIdToSessionId
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
FreeLibrary
CreateProcessW
OpenMutexW
lstrcpynW
GetLogicalDriveStringsW
ReleaseMutex
GetSystemTime
GlobalFree
ResetEvent
InterlockedCompareExchange
GetCurrentProcess
SetThreadPriority
FindFirstFileW
FindNextFileW
FindClose
GetTimeZoneInformation
Sleep
GetPrivateProfileIntA
WritePrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenW
CreateThread
WaitForMultipleObjects
SetEvent
CreateWaitableTimerW
GetSystemTimeAsFileTime
SetWaitableTimer
CreateEventW
InterlockedExchange
WaitForSingleObject
TerminateThread
GetSystemDirectoryW
GetVersionExW
LoadLibraryA
GetFileAttributesExW
GetTempFileNameW
CopyFileW
DeleteFileW
SetFileAttributesW
GetPrivateProfileStringW
GetTickCount
GetLongPathNameW
GetCommandLineW
CreateMutexW
GetLastError
InterlockedIncrement
GetModuleFileNameW
CloseHandle
LoadLibraryW
GetProcAddress
InterlockedDecrement
GetCurrentProcessId
OpenProcess
TerminateProcess
lstrlenA
LocalFree
GetTempPathW
SetProcessWorkingSetSize
CreateSemaphoreA
ReleaseSemaphore
QueryPerformanceCounter
SetNamedPipeHandleState
CreateFileA
ReadFileEx
SleepEx
CreateEventA
OutputDebugStringW
CreateMutexA
GetSystemWindowsDirectoryW
GetModuleHandleW
GetStartupInfoW
DeleteFileA
LockResource

user32

GetDesktopWindow
DrawIcon
IsIconic
IsWindowVisible
SetWindowPos
LoadMenuW
GetSubMenu
BringWindowToTop
SetForegroundWindow
GetWindow
GetWindowLongW
PostQuitMessage
LoadIconW
RedrawWindow
GetDlgItem
ShowWindow
SetWindowTextW
PostMessageW
SetTimer
SetCapture
ReleaseCapture
GetParent
IsWindow
GetWindowRect
OffsetRect
LoadCursorW
GetClientRect
EnableMenuItem
GetCursorPos
DeleteMenu
ExitWindowsEx
SetWindowLongW
WindowFromPoint
ModifyMenuW
GetMenuStringW
GetMenuItemID
GetMenuItemCount
PtInRect
EnumChildWindows
IsZoomed
IsRectEmpty
GetUpdateRgn
SetWindowRgn
ScreenToClient
SetCursor
DrawTextW
IntersectRect
TabbedTextOutW
GrayStringW
DrawIconEx
LoadImageW
SystemParametersInfoW
SetLayeredWindowAttributes
SetRect
ReleaseDC
GetDC
FrameRect
GetSystemMetrics
InvalidateRect
RegisterWindowMessageW
EnableWindow
SendMessageW
WaitForInputIdle
GetClassInfoW
FillRect
GetSysColor
KillTimer
CopyRect
FindWindowW

gdi32

CreateRectRgn
CombineRgn
RectInRegion
GetObjectW
CreateFontIndirectW
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteObject
GetTextColor
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
ExtCreateRegion
GetBitmapBits
CreateBitmap
GetStockObject
ExtCreatePen
GetDeviceCaps
CreateSolidBrush
GetDIBits
SetRectRgn
GetCurrentObject
SetStretchBltMode
StretchDIBits
CreateDIBSection
GetBkMode

advapi32

AdjustTokenPrivileges
RegQueryValueExW
GetUserNameW
StartServiceW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueW

shell32

SHBrowseForFolderW
ShellExecuteA
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
OleRun
CreateStreamOnHGlobal

olepro32

ord251

oleaut32

SafeArrayCreate
SysStringByteLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SafeArrayUnaccessData
SafeArrayDestroy
GetErrorInfo
SafeArrayAccessData

shlwapi

StrStrIW
StrCmpIW
PathAddBackslashW
PathRemoveFileSpecW
SHGetValueW
SHSetValueW
wnsprintfW
SHDeleteValueW
StrRChrW
PathCombineW
PathAppendW
StrCmpW
StrCmpNW
StrCmpNIW
PathFileExistsW

netapi32

NetUserGetInfo
NetApiBufferFree

wininet

InternetOpenUrlW
InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetCloseHandle

ws2_32

gethostbyname
inet_addr
inet_ntoa
WSAStartup

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ

Sections

.text
Size: 740KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
360rp.exe
.exe windows:4 windows x86 arch:x86

f1d180cc694441d1ed20700b81443c7a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

router

?StopListen2@Communicator@@YAXPAX@Z
?StartListen2@Communicator@@YAPAXPBD@Z

qtquart

ord2
ord3
ord1
ord8

mfc42u

ord858
ord825
ord861
ord823
ord538
ord925
ord540
ord3579
ord543
ord803
ord535
ord798
ord1989
ord6279
ord2810
ord1568
ord6278
ord5461
ord3313
ord5188
ord533
ord922
ord5706
ord2756
ord5679
ord942
ord927
ord4124
ord6867
ord6918
ord6919
ord2606
ord2755
ord6921
ord4197
ord5568
ord5852
ord537
ord4199
ord5438
ord665
ord5180
ord354
ord6381
ord801
ord6874
ord541
ord539
ord551
ord668
ord3176
ord2773
ord2762
ord356
ord1972
ord2910
ord2822
ord6868
ord6920
ord4053
ord3173
ord4166
ord800

msvcrt

_wcsicmp
wcsrchr
wcsstr
_wcsnicmp
__CxxFrameHandler
_wtoi64
wcscmp
wcsncpy
wcsncat
_vsnwprintf
_purecall
localtime
wcsncmp
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
memmove
??0exception@@QAE@ABQBD@Z
_vsnprintf
toupper
isspace
strstr
atoi
_wsplitpath
_beginthreadex
free
malloc
_stati64
mktime
time
sscanf
_ftol
printf
realloc
wcschr
strncmp
_snwprintf
strerror
wcscpy
wcstok
_errno
_endthreadex
_beginthread
_wcslwr
_exit
_XcptFilter
strncpy
qsort
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_iob
fgets
fseek
ftell
_setmode
fflush
fwrite
fread
fopen
fclose
fprintf
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
wcslen
memchr
swscanf
tolower
strcmp
abort
vfprintf
wcscat
swprintf

kernel32

SetEnvironmentVariableW
TlsFree
HeapFree
VirtualAlloc
VirtualFree
GetACP
SetFilePointerEx
GetFileSizeEx
FormatMessageW
lstrcmpA
GetFileType
ResetEvent
CreateEventA
SleepEx
TlsAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
TlsSetValue
OpenThread
TlsGetValue
GetVersion
GetStdHandle
GlobalMemoryStatus
ReadFileEx
SetNamedPipeHandleState
ReleaseSemaphore
CreateSemaphoreA
lstrlenA
SetThreadExecutionState
GetStartupInfoW
GetModuleHandleW
GetSystemTimeAsFileTime
GetSystemTime
QueryPerformanceCounter
FormatMessageA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameW
GetFullPathNameA
DeleteFileA
GetFileAttributesA
GetTempPathA
GetVersionExA
LockFileEx
LockFile
UnlockFile
AreFileApisANSI
GetFileInformationByHandle
FileTimeToLocalFileTime
SetPriorityClass
GetPrivateProfileIntW
SetLastError
GetWindowsDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetSystemWindowsDirectoryW
CreateDirectoryW
FileTimeToSystemTime
SystemTimeToFileTime
ReleaseMutex
SetEndOfFile
SetFilePointer
InterlockedExchange
OutputDebugStringW
GetTickCount
GetPrivateProfileStringW
GetLongPathNameW
GetModuleFileNameW
WritePrivateProfileStringW
GetSystemDirectoryW
GetCurrentProcessId
MoveFileExW
CopyFileW
GetFileAttributesExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetShortPathNameW
GetProcAddress
LoadLibraryW
DeleteFileW
CloseHandle
CreateFileW
InterlockedIncrement
CreateEventW
CreateProcessW
OpenProcess
Process32NextW
Sleep
Process32FirstW
CreateToolhelp32Snapshot
WaitForMultipleObjects
SetThreadPriority
GetCurrentThread
SetEvent
CreateThread
WaitForSingleObject
SetFileAttributesW
GetFileAttributesW
GetLastError
InterlockedCompareExchange
GetDriveTypeW
FindCloseChangeNotification
ReadDirectoryChangesW
FindFirstChangeNotificationW
ReadFile
GetFileSize
WriteFile
GetCurrentProcess
MoveFileW
FreeLibrary
LoadLibraryExW
SetErrorMode
LocalFree
LocalAlloc
TerminateProcess
GetCurrentThreadId
CreateMutexW
GetCommandLineW
SetProcessWorkingSetSize
GetTempPathW
FlushFileBuffers
CreateFileA
GetModuleFileNameA
GetLocalTime
GetExitCodeProcess
GetVersionExW
OutputDebugStringA
lstrcmpW
LoadLibraryA
GetModuleHandleA
FindFirstFileW
FindClose
FindNextFileW
TerminateThread
SuspendThread

user32

PostThreadMessageW
WindowFromPoint
GetWindowThreadProcessId
GetWindowRect
GetSystemMetrics
SendMessageW
CharLowerBuffW
LoadStringW
GetGUIThreadInfo
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
IsWindow

advapi32

ChangeServiceConfig2W
CreateServiceW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
RegCreateKeyW
RegRestoreKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ChangeServiceConfigW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
QueryServiceConfigW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

OleInitialize
CoInitializeEx
CoInitializeSecurity
CoInitialize
OleRun
CoUninitialize
OleUninitialize
CoCreateInstance

oleaut32

GetErrorInfo
VariantInit
SysAllocStringLen
SysStringByteLen
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

psapi

EnumProcessModules
GetModuleFileNameExW

shlwapi

PathFileExistsW
SHGetValueW
SHSetValueW
SHDeleteValueW
StrCmpNW
PathRemoveFileSpecW
PathAddBackslashW
PathIsPrefixW
PathCombineW
wnsprintfW
PathAppendW
StrCmpIW
StrCmpW
PathIsDirectoryW
StrCmpNIW
SHDeleteKeyW
PathRemoveBackslashW

bdfltlib

FlInvalidateCacheEntryOfFile
FlRegisterBypassPid
FlSetOptVarlen
FlStartScanner2
FlSetOpt
FlStopDriver
FlStopScanner
FlStartDriver
FlQueryDriver

scan

ThreatScanner_Uninitialize
ThreatScanner_CreateInstance
ThreatScanner_DestroyInstance
ThreatScanner_DeleteException

wrapper

?ThreatScanner_Initialize@@YAHPBG0@Z

wininet

InternetGetConnectedState

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mfc42

ord543

Sections

.text
Size: 612KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360sd.exe
.exe windows:4 windows x86 arch:x86

fe755543f22accafed5183af7ec235a1

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sqlite3

sqlite3_exec
sqlite3_free
sqlite3_open16
sqlite3_close

qtquart

ord1
ord7
_QT_FindNextItemForCount@8
ord2
ord5

mfc42u

ord4124
ord6879
ord6667
ord6896
ord4119
ord4229
ord2371
ord6195
ord3087
ord6330
ord6898
ord3993
ord4155
ord2809
ord2637
ord1172
ord2634
ord3579
ord1143
ord543
ord803
ord3332
ord3806
ord6107
ord755
ord470
ord5798
ord6451
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord1771
ord6193
ord5568
ord5142
ord5949
ord326
ord6003
ord4197
ord1761
ord4050
ord3281
ord3296
ord4272
ord2281
ord3494
ord2507
ord355
ord4470
ord5945
ord4294
ord6871
ord6911
ord3568
ord6655
ord6376
ord4266
ord2115
ord6668
ord6880
ord3909
ord2644
ord668
ord4120
ord3176
ord4053
ord2773
ord2762
ord356
ord1662
ord4270
ord2385
ord665
ord1971
ord1560
ord5438
ord268
ord3313
ord5180
ord354
ord5706
ord798
ord1989
ord6868
ord5461
ord5188
ord533
ord2606
ord5679
ord5852
ord4199
ord6381
ord6918
ord2755
ord4128
ord4292
ord5784
ord3688
ord3084
ord2859
ord4395
ord2573
ord4214
ord3288
ord2854
ord2746
ord4279
ord692
ord795
ord3701
ord790
ord3541
ord5871
ord2855
ord1634
ord3614
ord656
ord809
ord3658
ord2099
ord2836
ord6390
ord5446
ord6379
ord5436
ord4166
ord3088
ord323
ord1633
ord5781
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord562
ord5778
ord816
ord804
ord3724
ord3389
ord289
ord2559
ord2372
ord283
ord2406
ord4118
ord613
ord3621
ord2111
ord2081
ord2085
ord2100
ord765
ord3605
ord3693
ord3393
ord693
ord6504
ord616
ord609
ord2092
ord6688
ord6238
ord2072
ord3991
ord2108
ord2070
ord2091
ord2105
ord6605
ord810
ord3711
ord6733
ord3635
ord3365
ord3569
ord4390
ord2567
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord3716
ord3728
ord4396
ord2574
ord3634
ord2016
ord2405
ord6362
ord1764
ord1230
ord2144
ord818
ord567
ord3737
ord3397
ord5286
ord1768
ord6051
ord922
ord927
ord537
ord940
ord942
ord5273
ord1569
ord6370
ord3792
ord324
ord641
ord3592
ord4419
ord4621
ord3356
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord2910
ord2717
ord540
ord538
ord2756
ord861
ord6921
ord823
ord6278
ord6279
ord6919
ord858
ord1131
ord2613
ord1165
ord1229
ord2810
ord925
ord2078
ord6211
ord535
ord4400
ord2579
ord4282
ord6726
ord2114
ord556
ord682
ord3625
ord4394
ord2572
ord1088
ord2444
ord6597
ord3566
ord2290
ord2350
ord2293
ord2362
ord3871
ord1972
ord2914
ord800
ord815
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord4269
ord4667
ord3173

msvcrt

strchr
_CIpow
strtod
_beginthread
_endthreadex
__RTDynamicCast
wcsncmp
wcsstr
time
wcsncpy
_purecall
_iob
fprintf
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
??0exception@@QAE@ABQBD@Z
_adjust_fdiv
_initterm
_controlfp
_wcmdln
exit
longjmp
tolower
_wfsopen
_snprintf
abort
isalpha
towlower
_wcsnicmp
_wfopen
__CxxLongjmpUnwind
_setjmp3
fseek
ftell
fread
memchr
_XcptFilter
_exit
??0exception@@QAE@XZ
memmove
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_beginthreadex
malloc
strncmp
wcscmp
_wtoi64
wcsrchr
__CxxFrameHandler
wcslen
free
_wcsdup
__dllonexit
_onexit
__p__commode
sscanf
_ftol
_wmakepath
_wsplitpath
?terminate@@YAXXZ
atoi
strstr
__wgetmainargs
__setusermatherr
_vsnwprintf
_wcsicmp
_vsnprintf
_wtoi
wcschr
wcsncat
fclose
fwrite
fopen
isspace
isalnum

kernel32

SetEndOfFile
GetFileSize
SuspendThread
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OutputDebugStringA
MultiByteToWideChar
WriteFile
ReadFile
CreateFileW
SetFilePointer
GetWindowsDirectoryW
CreateDirectoryW
GetDiskFreeSpaceW
GetModuleFileNameA
GetACP
WideCharToMultiByte
FindFirstChangeNotificationW
ReadDirectoryChangesW
FindCloseChangeNotification
ProcessIdToSessionId
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
FreeLibrary
CreateProcessW
OpenMutexW
lstrcpynW
GetLogicalDriveStringsW
ReleaseMutex
GetSystemTime
GlobalFree
ResetEvent
InterlockedCompareExchange
GetCurrentProcess
SetThreadPriority
FindFirstFileW
FindNextFileW
FindClose
GetTimeZoneInformation
Sleep
GetPrivateProfileIntA
WritePrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenW
CreateThread
WaitForMultipleObjects
SetEvent
CreateWaitableTimerW
GetSystemTimeAsFileTime
SetWaitableTimer
CreateEventW
InterlockedExchange
WaitForSingleObject
TerminateThread
GetSystemDirectoryW
GetVersionExW
LoadLibraryA
GetFileAttributesExW
GetTempFileNameW
CopyFileW
DeleteFileW
SetFileAttributesW
GetPrivateProfileStringW
GetTickCount
GetLongPathNameW
GetCommandLineW
CreateMutexW
GetLastError
InterlockedIncrement
GetModuleFileNameW
CloseHandle
LoadLibraryW
GetProcAddress
InterlockedDecrement
GetCurrentProcessId
OpenProcess
TerminateProcess
lstrlenA
LocalFree
GetTempPathW
SetProcessWorkingSetSize
CreateSemaphoreA
ReleaseSemaphore
QueryPerformanceCounter
SetNamedPipeHandleState
CreateFileA
ReadFileEx
SleepEx
CreateEventA
OutputDebugStringW
CreateMutexA
GetSystemWindowsDirectoryW
GetModuleHandleW
GetStartupInfoW
DeleteFileA
LockResource

user32

GetDesktopWindow
DrawIcon
IsIconic
IsWindowVisible
SetWindowPos
LoadMenuW
GetSubMenu
BringWindowToTop
SetForegroundWindow
GetWindow
GetWindowLongW
PostQuitMessage
LoadIconW
RedrawWindow
GetDlgItem
ShowWindow
SetWindowTextW
PostMessageW
SetTimer
SetCapture
ReleaseCapture
GetParent
IsWindow
GetWindowRect
OffsetRect
LoadCursorW
GetClientRect
EnableMenuItem
GetCursorPos
DeleteMenu
ExitWindowsEx
SetWindowLongW
WindowFromPoint
ModifyMenuW
GetMenuStringW
GetMenuItemID
GetMenuItemCount
PtInRect
EnumChildWindows
IsZoomed
IsRectEmpty
GetUpdateRgn
SetWindowRgn
ScreenToClient
SetCursor
DrawTextW
IntersectRect
TabbedTextOutW
GrayStringW
DrawIconEx
LoadImageW
SystemParametersInfoW
SetLayeredWindowAttributes
SetRect
ReleaseDC
GetDC
FrameRect
GetSystemMetrics
InvalidateRect
RegisterWindowMessageW
EnableWindow
SendMessageW
WaitForInputIdle
GetClassInfoW
FillRect
GetSysColor
KillTimer
CopyRect
FindWindowW

gdi32

CreateRectRgn
CombineRgn
RectInRegion
GetObjectW
CreateFontIndirectW
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteObject
GetTextColor
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
ExtCreateRegion
GetBitmapBits
CreateBitmap
GetStockObject
ExtCreatePen
GetDeviceCaps
CreateSolidBrush
GetDIBits
SetRectRgn
GetCurrentObject
SetStretchBltMode
StretchDIBits
CreateDIBSection
GetBkMode

advapi32

AdjustTokenPrivileges
RegQueryValueExW
GetUserNameW
StartServiceW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueW

shell32

SHBrowseForFolderW
ShellExecuteA
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
OleRun
CreateStreamOnHGlobal

olepro32

ord251

oleaut32

SafeArrayCreate
SysStringByteLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SafeArrayUnaccessData
SafeArrayDestroy
GetErrorInfo
SafeArrayAccessData

shlwapi

StrStrIW
StrCmpIW
PathAddBackslashW
PathRemoveFileSpecW
SHGetValueW
SHSetValueW
wnsprintfW
SHDeleteValueW
StrRChrW
PathCombineW
PathAppendW
StrCmpW
StrCmpNW
StrCmpNIW
PathFileExistsW

netapi32

NetUserGetInfo
NetApiBufferFree

wininet

InternetOpenUrlW
InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetCloseHandle

ws2_32

gethostbyname
inet_addr
inet_ntoa
WSAStartup

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ

Sections

.text
Size: 740KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dep360.ini

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

fe755543f22accafed5183af7ec235a1

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

sqlite3

qtquart

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

shlwapi

netapi32

wininet

ws2_32

version

wtsapi32

msimg32

comctl32

msvcp60

Sections

.text Size: 740KB - Virtual size: 736KB

.rdata Size: 148KB - Virtual size: 146KB

.data Size: 48KB - Virtual size: 48KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 740KB - Virtual size: 736KB

.rdata
Size: 148KB - Virtual size: 146KB

.data
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 64KB - Virtual size: 60KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 612KB - Virtual size: 610KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 76KB - Virtual size: 80KB

.rsrc
Size: 28KB - Virtual size: 27KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate