0e74a0eb4d6b30cbd5ecb171ca130199_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e74a0eb4d6b30cbd5ecb171ca130199_JaffaCakes118
Size

327KB
MD5

0e74a0eb4d6b30cbd5ecb171ca130199
SHA1

29cd5538af7bcad3776d024f05120f22f5da14c8
SHA256

b67ba427d4a44d4affa2578b21ab6dcc4239dba58c1581b4a45594356c974cb8
SHA512

531dd4dfc085af4e873791ba546bcf56b3097c017fe9dd87ea56023bda7be375c9ac6adcbc790070ddd3dd37168ccdc353824d85db7947b4def844915873ac23
SSDEEP

6144:qtYDP41ckmT+h5a5B/MfX3mqjK0wZzXbIZzchzoEEoCCADTVcdUDqJ6k5XorNZRw:kePJkC+h5EBEfX360wZg9AENCGWEqgkJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
0e74a0eb4d6b30cbd5ecb171ca130199_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll

Files

0e74a0eb4d6b30cbd5ecb171ca130199_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GetPrivateProfileIntW
lstrcmpiW
GetModuleHandleW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
GlobalLock
lstrcpynW

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
LoadCursorW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
CharNextW
wsprintfW
MessageBoxW
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyIcon

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/QQPinyinHelper.dll
.dll windows:4 windows x86 arch:x86

c610cf4be60575e1a27ee7e3767940a4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

54:e6:cc:5e:da:97:ff:04:72:ec:34:ab:48:4d:27:35:fc:4e:fa:cb
Signer

Actual PE Digest

54:e6:cc:5e:da:97:ff:04:72:ec:34:ab:48:4d:27:35:fc:4e:fa:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files\NSIS\plugins\QQPinyinHelper.pdb

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

imm32

ImmGetIMEFileNameW
ImmInstallIMEW
ImmIsIME
ImmGetDescriptionW

kernel32

ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
GetCurrentProcessId
RemoveDirectoryW
MoveFileExW
Sleep
GetFullPathNameW
QueryPerformanceCounter
WideCharToMultiByte
OpenProcess
TerminateProcess
GetPrivateProfileIntW
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
GetCPInfo
IsDBCSLeadByte
GetTickCount
SetFileAttributesW
GlobalLock
GlobalUnlock
Module32FirstW
Module32NextW
GetACP
GetTimeZoneInformation
GetCurrentDirectoryA
GetModuleFileNameA
GetStdHandle
HeapCreate
LCMapStringW
DeviceIoControl
IsValidCodePage
GetOEMCP
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
ExitProcess
GetModuleHandleA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
HeapSize
HeapReAlloc
ProcessIdToSessionId
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
QueryDosDeviceW
GetLogicalDrives
GetFileSize
CreateFileW
SetFilePointer
WriteFile
ReadFile
GetProcessHeap
HeapAlloc
GetConsoleOutputCP
FindNextFileW
GetFileAttributesW
DeleteFileW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
MulDiv
RaiseException
SetLastError
FlushInstructionCache
CopyFileW
CreateDirectoryW
LocalFree
FindClose
FindFirstFileW
GetDriveTypeW
CloseHandle
lstrlenW
lstrcpynW
GetSystemDefaultLangID
GetSystemInfo
GetModuleHandleW
GetLocaleInfoW
GetCurrentProcess
GetVersionExW
GlobalFree
GlobalAlloc
OutputDebugStringW
MultiByteToWideChar
GetSystemDirectoryW
LockResource
SizeofResource
FindResourceW
LoadLibraryW
GetModuleFileNameW
GetLastError
GetProcAddress
FindResourceExW
LoadResource
FreeLibrary
HeapFree
GetDiskFreeSpaceExW
CompareStringW
SetEnvironmentVariableA
LCMapStringA
WriteConsoleW
GetDriveTypeA
CompareStringA
CreateFileA
SetEndOfFile

user32

SetWindowsHookExW
SetDlgItemTextW
SendMessageTimeoutW
FindWindowExW
RegisterWindowMessageW
UnhookWindowsHookEx
RegisterClassExW
TranslateMessage
DispatchMessageW
UnregisterClassA
LoadIconW
DestroyIcon
GetClassInfoExW
PostMessageW
ShowScrollBar
GetMessageW
GetDesktopWindow
PostThreadMessageW
SetParent
EnableMenuItem
GetSystemMenu
EnableWindow
SetWindowPos
GetClientRect
SetWindowLongW
GetWindowLongW
CreateWindowExW
DrawTextW
ReleaseDC
CreateDialogParamW
LoadCursorW
GetDC
SetCursor
PtInRect
GetCursorPos
SetWindowTextW
LoadImageW
GetDlgItem
OffsetRect
KillTimer
GetParent
IsWindowVisible
DestroyWindow
CallWindowProcW
ScreenToClient
GetWindowRect
SendMessageW
IsWindow
DialogBoxParamW
ActivateKeyboardLayout
DefWindowProcW
MessageBoxW
EndDialog
SetTimer
ShowWindow
MoveWindow
SystemParametersInfoW
LoadKeyboardLayoutW
UnloadKeyboardLayout
GetKeyboardLayoutList
ClientToScreen

gdi32

AddFontResourceW
SetTextColor
SetBkMode
CreateSolidBrush
SetBkColor
SelectObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW
DeleteObject
GetStockObject

advapi32

LookupAccountNameW
RegOpenKeyW
AdjustTokenPrivileges
RegQueryValueExW
RegLoadKeyW
RegCloseKey
RegSaveKeyW
EqualSid
IsTextUnicode
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
BuildExplicitAccessWithNameW
GetSecurityInfo
RegDeleteValueW
ConvertSidToStringSidW
GetTokenInformation
LookupPrivilegeValueW
RegOpenKeyExA
RegQueryValueExA
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
RegCreateKeyExW
OpenProcessToken
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegDeleteKeyW
RegUnLoadKeyW

shell32

ShellExecuteExW
ExtractIconExW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
SHCreateDirectoryExW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
SHDeleteKeyW
PathIsDirectoryW

comctl32

ImageList_Remove
ImageList_SetBkColor
ImageList_Create
ImageList_ReplaceIcon

ws2_32

htonl
inet_addr
htons
WSAAsyncSelect
bind
WSAGetLastError
socket
sendto
recvfrom
closesocket
WSACancelAsyncRequest
WSACleanup
WSAAsyncGetHostByName
WSAStartup
ntohl

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

psapi

EnumProcesses
GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

API_ClearAllOldVersionOnInstall
API_ClearDiretoryDeleteFlag
API_MoveVersionFileFromBackup
AddCheckBoxCtrl
AddWarningCtrl
BackupSetupPack
CheckHKCUForceReboot
CheckQQPinyinDelete
ClearAllOldVersionOnInstall
ConvertSkinGUID2CurrentFile
CopyFileRightNow
CopyHistroyVersionSkinFileToCurUse
CoverOldSkinFileToSkinGUID
CreateBitmapCtrl
CreateUniqueDiretory
DelImeReg
DelImeReg2
DelQQPinyinAppdata
DelQQPinyinHKCU
DelRegHotKey
DeleteHKCUKey
DeleteHKCUValue
DeleteOldUnintallKey
DeleteSystem32FileTSETKP
ForceFirstInstallRecommendSkin
ForceRecommendSkin
FreeTxSSO
FreeTxSSO2
GetAppDataOwnDir
GetBindQQ
GetCmdParam
GetCurrentQQPinyinApp
GetEnumQQ
GetInstallPackInfo
GetLastVersion
GetLenovoLog
GetParaNeed
GetRawSupplyID
GetSupplyID
GetUniqueImeName
GetUniqueUninstallerName
HideStatusBar
InitSetupLog
InstallEUDC
InstallFor64
IsAdmin
IsExistOccupyExe
IsLenovoReqInstall
IsNeedRunQQPYWizard
IsQQPYLaunchWizard
IsQQPinyinDefaultIme
IsQQWubiRecommendEnable
IsVideoHelpEnable
IsWow64System
MergeUserDefinedFile
ModifyOccupyingProcessForm
MoveFileAfterReboot
MoveVersionFileFromBackup
NotifyHostSetupStatus
NotifyHostTerminateError
PackMoveWindow
PostInstall
PostUninstall
PreInstall
PreUninstall
QPCreateReboot
QPFindReboot
QQPinyinImeInstall
QQpinyinAddToAllUser
QQpinyinRape
QQpinyinRapeInit
ReadHKCUString
RecordOldDirFor64
RefreshImeList
RegQQPYProtocol
RegQQPinyinImeChecker
RegQQWbProtocol
RegQQWubiImeChecker
ReginsterHotKey
RemoveOldDatFileAfterReboot
RemoveOldFile
RenameAndDeleteFile
RollBackMingLiuTTX
SaveCmdLineSupplyId
SaveForceRawSupplyId
SaveInstallPackInfo
SaveWelcomeForm
SendInstallStat
SendMessageToLiveUp
SendUninstallReason
SendUnistallStat
SetAutoCheck
SetOnIonAutoCheck
SetPathEveryoneAccess
SetWindowText2
StatInit
TuningWindowPosition
TuningWindowPosition2
UnInstallQQPinyin
UnRegQQPYProtocol
UnRegQQPinyinImeChecker
UnRegQQWbProtocol
UnRegQQWubiImeChecker
UninstallEUDC
UninstallFor64
UpdateHandInputLibLastUpdateTime
WriteHKCUDWORD
WriteHKCUString
WriteSetupLog
add_recommend_wubi_ctrl
free_instfilespage_bitmap
kill_instfilespage_timer
load_instfilespage_bitmap
load_instfilespage_url
modify_reg_for_yulinmufeng
start_instfilespage_timer

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

bd0c5e2173fde31d22cb05fc3c2a33dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
GetLastError
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/iotemp.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.6MB

.rsrc Size: 22KB - Virtual size: 21KB

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

c610cf4be60575e1a27ee7e3767940a4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

54:e6:cc:5e:da:97:ff:04:72:ec:34:ab:48:4d:27:35:fc:4e:fa:cbSigner

Headers

File Characteristics

PDB Paths

Imports

wtsapi32

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

netapi32

psapi

version

Exports

Exports

Sections

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.6MB

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

54:e6:cc:5e:da:97:ff:04:72:ec:34:ab:48:4d:27:35:fc:4e:fa:cb
Signer

.text
Size: 396KB - Virtual size: 393KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 848B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 502B