0962c229b3358c124ab0b1ee2c5f00da_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0962c229b3358c124ab0b1ee2c5f00da_JaffaCakes118
Size

517KB
MD5

0962c229b3358c124ab0b1ee2c5f00da
SHA1

7933fa620cb90b0e1ead970223ad1cb072daa276
SHA256

0ba19365ef2accc3e7a4d1d2fe211a649cd5e4ef257b191e0dca5112c432ba58
SHA512

2ee932632f9af7ccd2eb9457bdea436dcaead65e373f6b23f70df0791ecd2bfaa4f90425376873c973d66d9fa3b6681f415c8fcfa2c9de4a5ae94f90471f6bc6
SSDEEP

12288:jUgoZlURsjLQrMd668g2U6ttK0t0/ltirDutHtcNOtJC4Z6zS/hd5fBRP2ipK:4lURsjN5tiOIOK4Z6zS/hd5fBRtpK

Score

1^/10

Malware Config

Signatures

Files

0962c229b3358c124ab0b1ee2c5f00da_JaffaCakes118
.exe windows:6 windows x86 arch:x86

1925340fca94adf4227df066415dad12

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/04/2006, 00:00

Not After

22/06/2009, 23:59

Subject

CN=Nero AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LEGAL DEPARTMENT,O=Nero AG,L=Karlsbad,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

35:12:c6:d6:b9:2a:ac:99:8e:ce:3c:2d:da:3e:ed:b5:3f:d9:6c:57
Signer

Actual PE Digest

35:12:c6:d6:b9:2a:ac:99:8e:ce:3c:2d:da:3e:ed:b5:3f:d9:6c:57

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Build\CHILI\CHILI5_RELEASE\NeroMediaManager\MediaLibrary\src\NMIndexingService\Release Unicode\NMIndexingService.pdb

Imports

shfolder

SHGetFolderPathW

powrprof

CallNtPowerInformation

kernel32

lstrcmpiW
Sleep
GetModuleFileNameW
GetModuleHandleW
CreateThread
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
FreeConsole
SetConsoleTitleW
AllocConsole
CreateMutexW
DuplicateHandle
OpenProcess
GetCurrentProcessId
RaiseException
GetVolumeNameForVolumeMountPointW
WaitForMultipleObjects
DeviceIoControl
GetLogicalDrives
GetVolumeInformationW
SetErrorMode
QueryDosDeviceW
GetDriveTypeW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
FormatMessageW
GetModuleFileNameA
CreateFileW
InterlockedDecrement
GetCurrentThreadId
GetFileAttributesW
InterlockedIncrement
QueueUserWorkItem
ReleaseSemaphore
GetSystemTime
SystemTimeToFileTime
WaitForSingleObject
CreateEventW
CreateSemaphoreW
CreateDirectoryW
SetEvent
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
WideCharToMultiByte
GetCurrentThread
GetCurrentProcess
CloseHandle
GetLastError
lstrlenW
LocalFree
InterlockedCompareExchange
GetExitCodeThread
DeleteAtom
FindAtomW
AddAtomW
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedExchange
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW

user32

CreateWindowExW
RegisterClassW
DestroyWindow
SetWindowLongW
GetWindowLongW
UnregisterClassW
UnregisterClassA
DefWindowProcW
CharNextW
LoadStringW
CharUpperW
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
MessageBoxW
RegisterDeviceNotificationW
UnregisterDeviceNotification

advapi32

OpenThreadToken
RegDeleteKeyW
RegDeleteValueW
RegOpenCurrentUser
RegCloseKey
RegCreateKeyExW
GetTokenInformation
ConvertSidToStringSidW
RegDisablePredefinedCache
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ControlService
DeleteService
CreateServiceW
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken

shell32

ord644
SHGetPathFromIDListW
ord645
SHGetSpecialFolderPathW
ord4

ole32

CoInitializeEx
CoUninitialize
CoImpersonateClient
CoCreateInstance
CoTaskMemFree
CoResumeClassObjects
CoSetProxyBlanket
CoCopyProxy
CoTaskMemAlloc
CoDisconnectObject
CoTaskMemRealloc
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoSuspendClassObjects

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

shlwapi

PathCreateFromUrlW
PathIsURLW
UrlCreateFromPathW
UrlCanonicalizeW
UrlIsW
PathIsUNCW
PathAppendW

msvcp80

?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?fail@ios_base@std@@QBE_NXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
??Bios_base@std@@QBEPAXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Xran@_String_base@std@@SAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_WH@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??1locale@std@@QAE@XZ
??0?$codecvt@_WDH@std@@QAE@I@Z
?do_always_noconv@?$codecvt@_WDH@std@@MBE_NXZ
?do_unshift@?$codecvt@_WDH@std@@MBEHAAHPAD1AAPAD@Z
?do_length@?$codecvt@_WDH@std@@MBEHABHPBD1I@Z
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
??0_Lockit@std@@QAE@H@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??0_Locimp@locale@std@@AAE@ABV012@@Z
??1_Locimp@locale@std@@MAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?classic@locale@std@@SAABV12@XZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?to_int_type@?$char_traits@_W@std@@SAGAB_W@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?facet_Register@facet@locale@std@@CAXPAV123@@Z
?_Incref@facet@locale@std@@QAEXXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

ws2_32

inet_addr

msvcr80

memcpy
wcscpy_s
wcsncpy_s
wcscat_s
_putws
freopen
__iob_func
toupper
_beginthreadex
fread
ftell
fseek
fprintf
sscanf
fputs
_vsnprintf_s
fclose
isspace
tolower
isalpha
isalnum
strncmp
strchr
?before@type_info@@QBEHABV1@@Z
_wassert
fopen_s
sscanf_s
strcat_s
memmove
wcschr
iswdigit
_itow
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_wcsnicmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
atoi
atol
_wcsdup
memset
_ltoa
??8type_info@@QBE_NABV0@@Z
_vscwprintf
??_V@YAXPAX@Z
_wsplitpath_s
memmove_s
_recalloc
calloc
??2@YAPAXI@Z
_wcsicmp
malloc
_vsnwprintf_s
free
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
__CxxFrameHandler3
??0exception@std@@QAE@XZ
memcpy_s
_CxxThrowException
_purecall
??3@YAXPAX@Z

Exports

Exports

?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@UUriSelectionInfo@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@V?$set@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UCaseInsensitiveLess@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@V?$vector@UUriSelectionInfo@@V?$allocator@UUriSelectionInfo@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@VCUriSelectionAndFilterConfig@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1925340fca94adf4227df066415dad12

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34Certificate

Extended Key Usages

Key Usages

35:12:c6:d6:b9:2a:ac:99:8e:ce:3c:2d:da:3e:ed:b5:3f:d9:6c:57Signer

Headers

File Characteristics

PDB Paths

Imports

shfolder

powrprof

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp80

ws2_32

msvcr80

Exports

Exports

Sections

.text Size: 300KB - Virtual size: 296KB

.rdata Size: 140KB - Virtual size: 138KB

.data Size: 64KB - Virtual size: 64KB

.rsrc Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

35:12:c6:d6:b9:2a:ac:99:8e:ce:3c:2d:da:3e:ed:b5:3f:d9:6c:57
Signer

.text
Size: 300KB - Virtual size: 296KB

.rdata
Size: 140KB - Virtual size: 138KB

.data
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 4KB - Virtual size: 3KB