0146239b75060a85aad6fa8f41d5775f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0146239b75060a85aad6fa8f41d5775f_JaffaCakes118
Size

315KB
MD5

0146239b75060a85aad6fa8f41d5775f
SHA1

a525806dc8a7dc1ca2d72bd655535b162e878bc7
SHA256

05b2f799f2c21fa1117996db69d943f06afba36f78fd58b5884525d6fa4d9340
SHA512

427e6302f41c4ec0b31d338266f35007b1ebffca37e1db8146f54939a85209efbf4b7cd9ae45249c7f0cac9ac85950dd336746431fa605af981d56d6172fe5dd
SSDEEP

6144:1f46N6xlbvxu6ZEPtpmXcc6V4kICS+7ph10MTk+znjtrRHQ75D76N:1fPN4vxfEP8vNkNHptznjt9kiN

Score

1^/10

Malware Config

Signatures

Files

0146239b75060a85aad6fa8f41d5775f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

edef11e60458798c7d52fd7603d02ee8

Code Sign

7d:f4:ef:ad:bd:9b:a2:b8:48:be:84:99:1f:f1:c2:37
Certificate

Issuer

CN=tordLfnwebbJAqlbQEeWIipr4QAfDiP38s9yTCaYhc27Nzcxp9bUUA67IoXNZJzADxW7R2diPEN1rhWEf1juXrDupkvNhTLPKGXNe1hr84cEeBxWov7mYPqEbSMIdPvLJm68BXoAVmFPUAd1lgUT5B9OxGcJxwaynp1kEbS4yQt5h8syclM9qwJpzLRE4Nov15df2TkkPjFu735swdxNdgqVSyIXBt65u4TosfA19R3Uh58MrKRbEpK9BVsM3dwSep8WFfQSn4dMDPXIEf9i2quRo8AUfA8H8DHIsPxTXQxe6SeBilANBII9sOmN87HtDAcdAQmaSCcZBFOX7bbZHAO8w3OwFajiLAZyV4jTB87y6wWsndERFfpaQjOQO4gn2kfxj7Hxay2WAH4UOmB1SLpJdtWcB1b8sUSCEz4D7tqW7oWjNVjJLd2uWPCC49X8CQCUSTfVxRBVIEDM9ESXLtKdU4ZRhsO6F4XaWtog4aCWvsrCeCeilnmRuh3imUaRdRaOQASHP7kJAGXhXoZXZFRyzYvWqjLtr1iUAqqpxXlD895lMRDShZBzD4RxFqD72Bcef4XKoj5FjvXAFqnBKScjDRtohT68get7RvLe7bJwlo4U7Lfm1Oxm67nvtgHZRNyDBGnu1Zhwtj6q9621G8Mt4TrAyZln9GBuzozmRBtFYE5jkVh6r6ow5NjULua4WDB3XlsN1dPBcLhYLfnNXS6zhJqttXA3CQhiZbqWluGDqRiY5qrXZzUOh3YT2Dkq3S9UTp74fu8I45WZqeo5ha9CfwXtNBmtFHyfVvsCDE2twsnSvQWiAwmvRh99dOYDrIygqLFcZQ49dV1EwSyrKsp9oU5vJdKuPH2AFuhxjlEHBmxsekvYCFrnzo5OOztLRSDx5N3z7O3HcwVDUzO25LSaG5hZZBhp6PN41L2lsmeox3sFoqkm3irEzMzCOWzrAAKLTmz5UsXFawDcZ7DqrC5azGCSQ825YysTesjaBZR6FqiYCg9jf749znSHGxCHnzIpsQ98difRH9xZFSZKsZXdZRBAYyyOtQ6Q7cfER2fQSWKl4q9b9qA7MzNJppn8u2TsL87BklLzT3AhiHkDlp3Mpjg1EeTt8ah7Y7sXOJvduyYdlY4PaVKiShzUs6cPFH7onzlT69VAoscILVCaIQlUJ97AzWDmUu6sAO4IuTjenGHwBz5DdULZ4U1SOGQmcNHdj5eTPJEeg3jwtpkXMOj7s3cgY3Njmja8gsG4uNNrRh5LthWsH8qX3nnQXJFOO4vo9ZBZmEki6Znqito8clWpua2qBkXEtyxOKErESeCTQKNR6GRDzOWtZ5rsRjrLMGRUTeS6ZUP43ZiACYji8SLkiaE2F5beKJPNovVCetUbE52i6Sw4dJ4iDUuT1XuiSoBi79TAz5BlFgvKki2yetLQPdytUaZmeM8OWGjBBjmi8GtZCua4y83FajhPoMBYmq5uOB2mpavq6sW7Nd2wEBqxwVNHxRuRodZ4HiaKB16NDwiqhAuw1KCphb6stk7TXu8ZA19OkHX8UL4nW8fk7hInkwT8j1d6gXxktXDIhoKK3ZbyeLIOuQ3J9TIqeENDYN4MreCODISJeTLJ7R9yJZcTHCRFqTcRmwlNxOlCcHvIG5iO79xLqc3svpqT8kYh95KnUDkMbLD3E3uTeLHkcLM8AofLCn2vFQufHun8rJZIqdmc2icLI1SOw7YAbptoJzwJ46BChR9miSb5DGngF62yqu3l8IKRHpzSe6onzMojBiw7EkoEM5hATTFEPtz4uXclqZmGJyOuKAfYfX9sOXUe95NNGKUgvcGsUhuYGCjx6Oux6OkOxDv2QcgK6z5SGu9c2eWSSQwI7SDNqsrxNSUEfOx5vNAwxEpc49h8kxUXfFpVZSJ6qqiV4T14qhjU5SaLqafCxkGQZVMg5vfBiR3PCQMBkGkXQMPRtlTqAjRCSlZgu7NQjISxJqKhNE4JVmD4EEBL3XdburByzW1hrpMjKPyinHbrV2xFpYX22di5pJqWdBhXEg2CzGHyHgEsZCmzg6TJcltveAxnN8IEVv95zWoAoFIhMnDlGHAAJ3SmDjmXiWlLliXtJ4Ez7bSCxUHfhnvplsp9i4xWaTPnVFBGxQjnzUYjWhG9ACoeg6J2VYZLofIaOzrOXvTvvW5kjVtBfQichRnRi4ZYvBhv7Sa7AFO7FfxPpIMOTnvBH8y99e2jB5CtXmHXsoc1RE19zU3CdpCWlBjZkhREg6yHBGjUa6XHUXqIFbwyU5wRBrsfDWB3AyKzfpuERDPiFQ1b6AeMIqn7mcAkZSAGhIC47225eghA2TehLCY8qnAD3N6mgBrVthmOwW3brEz1TBRY9an5NMTxDE88pz4iWjVbMsQ8dQLGemZlcvLLInj4CvD4n8GqTk75fL7hPlGl1tUDsljZ1P6D1ykfbyLaaerbiXJ65ZXphaggXNWdAINNnlHpOY3t1jfJk5Weh7XW2xVJioownujiNT5WouAviiDFM2cuhnTGmC7OzZ8GkwHZTAtUW4HxpjtBaEhOsSG1nmfmrYr8r7pUPeL2EAY2gSsLWGekJ95Wey5o34nVJq7gg1AEDQkzgV15HKmhy4Bc5YE58mMOgzLnpzlO5xSVpOn5Wpi7UWy77hfMTsic5xEL2Ucbdg62bhy1k6Vpix1HAYsY9gi5lfg5nta5hwHVDsmIrdqTKXPBJA9k89Xcbur9h5WwxJHRkVlKYYfsQKGbSrtDIRhSL1gU3X89keoekDRiBA6aHPXmlNQRgBYbjq7xzLZfXdkyjY4c482dVzSNsSZ9DVBI3gDifyEMQQnwnIQV6yjWIIrMCLTIhOqRgXLAZMYom9E1g3VFuMxUJroghqQ49FzAfRJ4hkEjV4z2axMd5BzLehjOQKnJHfTwkd2s7q5u3sQJPdF3GJwlXfuHOAktZM3XSbrEZLuwd6rrzrDheKPDdG5RICOdyRsRiP2KZrUDUBCDb4vGzcdM

Not Before

25-10-2012 08:35

Not After

31-12-2039 23:59

Subject

CN=tordLfnwebbJAqlbQEeWIipr4QAfDiP38s9yTCaYhc27Nzcxp9bUUA67IoXNZJzADxW7R2diPEN1rhWEf1juXrDupkvNhTLPKGXNe1hr84cEeBxWov7mYPqEbSMIdPvLJm68BXoAVmFPUAd1lgUT5B9OxGcJxwaynp1kEbS4yQt5h8syclM9qwJpzLRE4Nov15df2TkkPjFu735swdxNdgqVSyIXBt65u4TosfA19R3Uh58MrKRbEpK9BVsM3dwSep8WFfQSn4dMDPXIEf9i2quRo8AUfA8H8DHIsPxTXQxe6SeBilANBII9sOmN87HtDAcdAQmaSCcZBFOX7bbZHAO8w3OwFajiLAZyV4jTB87y6wWsndERFfpaQjOQO4gn2kfxj7Hxay2WAH4UOmB1SLpJdtWcB1b8sUSCEz4D7tqW7oWjNVjJLd2uWPCC49X8CQCUSTfVxRBVIEDM9ESXLtKdU4ZRhsO6F4XaWtog4aCWvsrCeCeilnmRuh3imUaRdRaOQASHP7kJAGXhXoZXZFRyzYvWqjLtr1iUAqqpxXlD895lMRDShZBzD4RxFqD72Bcef4XKoj5FjvXAFqnBKScjDRtohT68get7RvLe7bJwlo4U7Lfm1Oxm67nvtgHZRNyDBGnu1Zhwtj6q9621G8Mt4TrAyZln9GBuzozmRBtFYE5jkVh6r6ow5NjULua4WDB3XlsN1dPBcLhYLfnNXS6zhJqttXA3CQhiZbqWluGDqRiY5qrXZzUOh3YT2Dkq3S9UTp74fu8I45WZqeo5ha9CfwXtNBmtFHyfVvsCDE2twsnSvQWiAwmvRh99dOYDrIygqLFcZQ49dV1EwSyrKsp9oU5vJdKuPH2AFuhxjlEHBmxsekvYCFrnzo5OOztLRSDx5N3z7O3HcwVDUzO25LSaG5hZZBhp6PN41L2lsmeox3sFoqkm3irEzMzCOWzrAAKLTmz5UsXFawDcZ7DqrC5azGCSQ825YysTesjaBZR6FqiYCg9jf749znSHGxCHnzIpsQ98difRH9xZFSZKsZXdZRBAYyyOtQ6Q7cfER2fQSWKl4q9b9qA7MzNJppn8u2TsL87BklLzT3AhiHkDlp3Mpjg1EeTt8ah7Y7sXOJvduyYdlY4PaVKiShzUs6cPFH7onzlT69VAoscILVCaIQlUJ97AzWDmUu6sAO4IuTjenGHwBz5DdULZ4U1SOGQmcNHdj5eTPJEeg3jwtpkXMOj7s3cgY3Njmja8gsG4uNNrRh5LthWsH8qX3nnQXJFOO4vo9ZBZmEki6Znqito8clWpua2qBkXEtyxOKErESeCTQKNR6GRDzOWtZ5rsRjrLMGRUTeS6ZUP43ZiACYji8SLkiaE2F5beKJPNovVCetUbE52i6Sw4dJ4iDUuT1XuiSoBi79TAz5BlFgvKki2yetLQPdytUaZmeM8OWGjBBjmi8GtZCua4y83FajhPoMBYmq5uOB2mpavq6sW7Nd2wEBqxwVNHxRuRodZ4HiaKB16NDwiqhAuw1KCphb6stk7TXu8ZA19OkHX8UL4nW8fk7hInkwT8j1d6gXxktXDIhoKK3ZbyeLIOuQ3J9TIqeENDYN4MreCODISJeTLJ7R9yJZcTHCRFqTcRmwlNxOlCcHvIG5iO79xLqc3svpqT8kYh95KnUDkMbLD3E3uTeLHkcLM8AofLCn2vFQufHun8rJZIqdmc2icLI1SOw7YAbptoJzwJ46BChR9miSb5DGngF62yqu3l8IKRHpzSe6onzMojBiw7EkoEM5hATTFEPtz4uXclqZmGJyOuKAfYfX9sOXUe95NNGKUgvcGsUhuYGCjx6Oux6OkOxDv2QcgK6z5SGu9c2eWSSQwI7SDNqsrxNSUEfOx5vNAwxEpc49h8kxUXfFpVZSJ6qqiV4T14qhjU5SaLqafCxkGQZVMg5vfBiR3PCQMBkGkXQMPRtlTqAjRCSlZgu7NQjISxJqKhNE4JVmD4EEBL3XdburByzW1hrpMjKPyinHbrV2xFpYX22di5pJqWdBhXEg2CzGHyHgEsZCmzg6TJcltveAxnN8IEVv95zWoAoFIhMnDlGHAAJ3SmDjmXiWlLliXtJ4Ez7bSCxUHfhnvplsp9i4xWaTPnVFBGxQjnzUYjWhG9ACoeg6J2VYZLofIaOzrOXvTvvW5kjVtBfQichRnRi4ZYvBhv7Sa7AFO7FfxPpIMOTnvBH8y99e2jB5CtXmHXsoc1RE19zU3CdpCWlBjZkhREg6yHBGjUa6XHUXqIFbwyU5wRBrsfDWB3AyKzfpuERDPiFQ1b6AeMIqn7mcAkZSAGhIC47225eghA2TehLCY8qnAD3N6mgBrVthmOwW3brEz1TBRY9an5NMTxDE88pz4iWjVbMsQ8dQLGemZlcvLLInj4CvD4n8GqTk75fL7hPlGl1tUDsljZ1P6D1ykfbyLaaerbiXJ65ZXphaggXNWdAINNnlHpOY3t1jfJk5Weh7XW2xVJioownujiNT5WouAviiDFM2cuhnTGmC7OzZ8GkwHZTAtUW4HxpjtBaEhOsSG1nmfmrYr8r7pUPeL2EAY2gSsLWGekJ95Wey5o34nVJq7gg1AEDQkzgV15HKmhy4Bc5YE58mMOgzLnpzlO5xSVpOn5Wpi7UWy77hfMTsic5xEL2Ucbdg62bhy1k6Vpix1HAYsY9gi5lfg5nta5hwHVDsmIrdqTKXPBJA9k89Xcbur9h5WwxJHRkVlKYYfsQKGbSrtDIRhSL1gU3X89keoekDRiBA6aHPXmlNQRgBYbjq7xzLZfXdkyjY4c482dVzSNsSZ9DVBI3gDifyEMQQnwnIQV6yjWIIrMCLTIhOqRgXLAZMYom9E1g3VFuMxUJroghqQ49FzAfRJ4hkEjV4z2axMd5BzLehjOQKnJHfTwkd2s7q5u3sQJPdF3GJwlXfuHOAktZM3XSbrEZLuwd6rrzrDheKPDdG5RICOdyRsRiP2KZrUDUBCDb4vGzcdM

Extended Key Usages

ExtKeyUsageCodeSigning

b1:78:c5:c3:f8:f2:66:58:cc:84:24:0c:e7:0c:9a:db:00:45:04:06
Signer

Actual PE Digest

b1:78:c5:c3:f8:f2:66:58:cc:84:24:0c:e7:0c:9a:db:00:45:04:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetComputerNameA
GetConsoleAliasW
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDefaultCommConfigA
GetLastError
GetLocaleInfoW
GetNumberFormatW
GetNumberOfConsoleMouseButtons
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileSectionW
GetProcessAffinityMask
GetProcessHeap
GetProcessShutdownParameters
GetProcessWorkingSetSize
GetProfileSectionW
GetStartupInfoW
GetSystemInfo
GetSystemWindowsDirectoryA
GetTempFileNameW
GetThreadSelectorEntry
GetThreadTimes
GetUserDefaultUILanguage
GetVersionExA
GetWriteWatch
GlobalAlloc
GlobalFindAtomW
GlobalSize
Heap32ListFirst
HeapAlloc
HeapFree
HeapReAlloc
InitAtomTable
InitializeCriticalSection
InterlockedIncrement
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
LocalLock
GetBinaryType
MoveFileA
MoveFileExA
MultiByteToWideChar
OpenFileMappingA
OpenProcess
Process32FirstW
ReadConsoleInputA
ReadConsoleW
ReadFileEx
ReleaseMutex
ReplaceFileA
ReplaceFileW
RequestDeviceWakeup
ResetWriteWatch
SearchPathA
SearchPathW
SetCommBreak
SetCommMask
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleWindowInfo
SetDefaultCommConfigW
SetEvent
SetFileApisToOEM
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetProcessShutdownParameters
SetStdHandle
SetVolumeLabelA
SignalObjectAndWait
TerminateProcess
UnlockFile
UpdateResourceW
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFileGather
WriteProfileSectionA
WriteTapemark
_hwrite
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcpynW
lstrlen
lstrlenW
FreeLibrary
FormatMessageW
FoldStringA
FindResourceExA
FindNextFileW
FindFirstFileA
FillConsoleOutputAttribute
FileTimeToDosDateTime
FatalAppExitA
ExitProcess
EnumSystemLanguageGroupsA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateProcessW
CreateMutexW
CreateJobObjectW
CreateIoCompletionPort
CreateEventW
CompareFileTime
CommConfigDialogW
CloseHandle
ClearCommError
ChangeTimerQueueTimer
CallNamedPipeA
BackupWrite
GetModuleHandleA
GetSystemDirectoryA
lstrcatA
GetModuleHandleW
LockFile
GetProcAddress

user32

GetWindowWord
IMPGetIMEA
InternalGetWindowText
InvalidateRect
IsCharAlphaA
IsCharAlphaNumericA
IsDialogMessageW
IsDlgButtonChecked
IsHungAppWindow
IsIconic
IsRectEmpty
IsWindow
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsA
LoadAcceleratorsW
DdeQueryConvInfo
LoadImageW
LoadKeyboardLayoutW
LoadMenuW
LoadStringW
MapVirtualKeyExW
MapWindowPoints
MessageBeep
MessageBoxW
ModifyMenuW
MonitorFromRect
MoveWindow
MsgWaitForMultipleObjectsEx
OemKeyScan
OpenDesktopW
OpenIcon
OpenWindowStationW
PaintDesktop
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RealGetWindowClass
RegisterClassW
RegisterWindowMessageA
RegisterWindowMessageW
ReleaseDC
RemoveMenu
RemovePropA
RemovePropW
ReplyMessage
ScreenToClient
SendDlgItemMessageW
SendMessageA
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCaretPos
SetFocus
SetForegroundWindow
SetLastErrorEx
SetMenu
SetMenuDefaultItem
GetWindowThreadProcessId
SetProcessWindowStation
SetPropW
SetScrollRange
SetSysColors
SetThreadDesktop
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowCursor
ShowWindow
ShowWindowAsync
SwitchToThisWindow
SystemParametersInfoA
SystemParametersInfoW
TileWindows
ToUnicode
TrackPopupMenuEx
TranslateAcceleratorW
TranslateMessage
UpdateWindow
WinHelpA
WinHelpW
wsprintfW
DdeConnectList
DdeCmpStringHandles
CreateIconFromResource
CreateDialogParamW
CreateDialogIndirectParamA
CreateDesktopA
CopyIcon
CloseWindowStation
CloseDesktop
ClipCursor
ClientToScreen
ChildWindowFromPoint
CheckMenuRadioItem
CheckMenuItem
CheckDlgButton
CharToOemBuffW
CharPrevA
CharNextExA
CharLowerBuffW
CharLowerA
ChangeClipboardChain
CascadeWindows
CallWindowProcW
CallNextHookEx
BroadcastSystemMessageW
BringWindowToTop
BeginPaint
BeginDeferWindowPos
GetWindowRect
GetWindowModuleFileName
GetWindowLongW
GetWindowLongA
GetWindow
GetUpdateRgn
GetThreadDesktop
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetShellWindow
GetProcessWindowStation
GetMonitorInfoA
GetMessageW
GetMessageTime
GetMenuState
GetMenuItemInfoW
GetMenu
GetLastActivePopup
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetInputDesktop
GetGuiResources
GetForegroundWindow
GetDlgItem
GetDialogBaseUnits
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetClipboardViewer
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetAsyncKeyState
GetActiveWindow
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumWindowStationsW
EnumDesktopsW
EnumChildWindows
EndTask
EndPaint
EndDialog
EndDeferWindowPos
EnableWindow
EnableMenuItem
DrawTextExW
DrawMenuBar
DrawEdge
DispatchMessageW
LoadIconA
AllowSetForegroundWindow
AnimateWindow
AppendMenuW
ArrangeIconicWindows
DialogBoxParamW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcW
SetMessageExtraInfo
DdeSetUserHandle
LoadIconW

gdi32

SelectObject
Rectangle
MoveToEx
LineTo
GetStockObject
GetDeviceCaps
FillRgn
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
SetRectRgn
BitBlt

advapi32

RegQueryValueExW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
RegSetValueExW
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExW

shell32

SHEmptyRecycleBinW
Shell_NotifyIconW
Shell_NotifyIcon
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
ShellAboutW
ShellAboutA
CheckEscapesW
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryPoint
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
FindExecutableA
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHChangeNotify
SHCreateDirectoryExA
SHCreateProcessAsUserW
SHEmptyRecycleBinA
WOWShellExecute
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathW
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHLoadInProc
SHPathPrepareForWriteA
SHPathPrepareForWriteW

ole32

CoInitializeWOW
CoIsHandlerConnected
CoLoadLibrary
CoMarshalInterThreadInterfaceInStream
CoQueryAuthenticationServices
CoReactivateObject
CoRegisterPSClsid
CoRegisterSurrogateEx
CoReleaseServerProcess
CoRevertToSelf
CoRevokeClassObject
CoSetProxyBlanket
CoSwitchCallContext
CoTaskMemFree
CoTreatAsClass
CoUninitialize
CoUnloadingWOW
CreateAntiMoniker
CreateFileMoniker
CreateOleAdviseHolder
DoDragDrop
FmtIdToPropStgName
GetHGlobalFromILockBytes
HACCEL_UserFree
HACCEL_UserMarshal
HACCEL_UserSize
HBITMAP_UserMarshal
HBRUSH_UserSize
HDC_UserFree
HENHMETAFILE_UserFree
HENHMETAFILE_UserMarshal
HGLOBAL_UserFree
HGLOBAL_UserUnmarshal
HMENU_UserSize
HMETAFILEPICT_UserFree
HMETAFILE_UserSize
HPALETTE_UserMarshal
HWND_UserSize
IIDFromString
IsAccelerator
OleConvertIStorageToOLESTREAM
OleConvertIStorageToOLESTREAMEx
OleCreateEmbeddingHelper
OleCreateEx
OleCreateLinkEx
OleCreateLinkFromData
OleCreateLinkFromDataEx
OleDoAutoConvert
OleDuplicateData
OleGetAutoConvert
OleInitialize
OleInitializeWOW
OleIsCurrentClipboard
OleRegGetUserType
OleSetMenuDescriptor
OpenOrCreateStream
PropStgNameToFmtId
PropVariantCopy
ReadClassStm
ReadFmtUserTypeStg
SNB_UserMarshal
STGMEDIUM_UserMarshal
StgConvertPropertyToVariant
StgCreateDocfile
StgCreatePropSetStg
StgCreateStorageEx
StgIsStorageFile
StgOpenPropStg
UpdateDCOMSettings
UtConvertDvtd16toDvtd32
UtGetDvtd32Info
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserSize
CoGetObjectContext
CoGetInstanceFromFile
CoGetClassObject
CoGetCancelObject
CoGetCallerTID
CoGetCallContext
CoGetApartmentID
CoFreeLibrary
CoFileTimeToDosDateTime
CoDosDateTimeToFileTime
CoCreateInstance
CoBuildVersion
CoAddRefServerProcess
CLSIDFromString
BindMoniker
CoGetStandardMarshal

shlwapi

StrStrIA
StrStrA
StrRStrIW
StrRStrIA
StrRChrIW
StrCmpNW
StrCmpNIW
StrChrA
StrChrW

comctl32

ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
CreateStatusWindowW
ImageList_SetIconSize

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edef11e60458798c7d52fd7603d02ee8

Code Sign

7d:f4:ef:ad:bd:9b:a2:b8:48:be:84:99:1f:f1:c2:37Certificate

Extended Key Usages

b1:78:c5:c3:f8:f2:66:58:cc:84:24:0c:e7:0c:9a:db:00:45:04:06Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 266KB - Virtual size: 266KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 2KB

.data2 Size: 2KB - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 3KB

7d:f4:ef:ad:bd:9b:a2:b8:48:be:84:99:1f:f1:c2:37
Certificate

b1:78:c5:c3:f8:f2:66:58:cc:84:24:0c:e7:0c:9a:db:00:45:04:06
Signer

.text
Size: 266KB - Virtual size: 266KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 2KB

.data2
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 3KB