1142486334a2e1617fc9c0e4544fc0dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1142486334a2e1617fc9c0e4544fc0dd_JaffaCakes118
Size

1.8MB
MD5

1142486334a2e1617fc9c0e4544fc0dd
SHA1

7bc33ba9349486ea1fce58e5edab1986b861bc04
SHA256

af22f850f4713aa642d728319a10596721fdca95dcbb8206974f0f9987f488cc
SHA512

6495e88b93660f30293acce8310a808171798c552fecdbf47f64693f0fddfd121265343f27641c0825163d256474599c7af7aadf16e826c66b0e77baae977352
SSDEEP

49152:LSbK4xkM8KQNfut3BHo6ztTlX6TNmc5lEzlLu:1hMhnBHzNyNm0Iu

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

1142486334a2e1617fc9c0e4544fc0dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b06c04388040741aaa206de9fe629f2

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
SetFileTime
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
RemoveDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
WaitForSingleObject
GetExitCodeProcess
GlobalFree
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
lstrcpyA
DeleteFileA
MulDiv
GlobalAlloc
lstrlenA
CopyFileA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
DialogBoxParamA
CheckDlgButton
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
GetSysColorBrush
RegisterClassExA
GetWindowLongA
LoadCursorA
SetCursor
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
CharNextA
ExitWindowsEx
CreateDialogParamA
DestroyWindow
SetTimer
GetClassInfoA
SetWindowTextA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
CreateWindowExA
SetWindowLongA
ShowWindow
UpdateWindow
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendDlgItemMessageA

gdi32

SetBkColor
TextOutA
GetStockObject
GetObjectA
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA

comctl32

ImageList_Destroy
ImageList_AddMasked
ord17
_TrackMouseEvent
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1024KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$TEMP/ppsdown/io.ini
.exe windows:4 windows x86 arch:x86

9882992449b6676af72a47da2618c4f0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PPStream-Vod-Work\XSearchNew\ppsvod\PPSAP\PPSAP\Release\PPSAP.pdb

Imports

kernel32

RaiseException
InterlockedIncrement
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpA
GlobalFlags
GetCPInfo
GetOEMCP
FlushFileBuffers
GetCurrentProcess
RtlUnwind
ExitProcess
ExitThread
CreateThread
TerminateProcess
HeapAlloc
InterlockedDecrement
VirtualProtect
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
SetLastError
GlobalLock
GlobalUnlock
FormatMessageA
GetPrivateProfileIntA
CopyFileA
CreateProcessA
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualQuery
GetFileTime
GetSystemTimeAsFileTime
GetSystemInfo
GlobalMemoryStatus
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetPrivateProfileStringA
WritePrivateProfileStringA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
MultiByteToWideChar
LoadLibraryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalFree
lstrcpynA
LoadLibraryExA
GetProcAddress
FreeLibrary
GetTickCount
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateFileA
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
WriteFile
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
lstrcpyA
LocalFree
LocalAlloc
lstrlenA
SetEvent
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
Sleep
CreateEventA
GetLastError
HeapFree
CloseHandle

user32

ValidateRect
ClientToScreen
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetDC
ReleaseDC
GetSysColorBrush
IsWindowEnabled
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessagePos
MapWindowPoints
TrackPopupMenu
EnableWindow
SetForegroundWindow
GetClientRect
GetMenu
GetSysColor
AdjustWindowRectEx
GetParent
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
CallWindowProcA
PostMessageA
DispatchMessageA
PeekMessageA
MessageBoxA
GetKeyState
wsprintfA
SetDlgItemTextA
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindow
GetMenuState
GetMenuItemID
GrayStringA
DrawTextExA
DrawTextA
GetMessageTime
TabbedTextOutA
SendDlgItemMessageA
UpdateWindow
LoadIconA
ShowWindow
CreateWindowExA
EndDialog
GetSubMenu
DestroyMenu
GetCursorPos
LoadMenuA
DialogBoxParamA
DefWindowProcA
GetDesktopWindow
DestroyWindow
PostQuitMessage
EndPaint
BeginPaint
RegisterClassExA
LoadCursorA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
SendMessageA
GetMenuItemCount

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
CreateBitmap
ExtTextOutA
SetBkColor
SetTextColor
GetClipBox

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyA
RegQueryValueExA

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetGetConnectedState

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Sound/file
.exe windows:4 windows x86 arch:x86

9882992449b6676af72a47da2618c4f0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PPStream-Vod-Work\XSearchNew\ppsvod\PPSAP\PPSAP\Release\PPSAP.pdb

Imports

kernel32

RaiseException
InterlockedIncrement
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpA
GlobalFlags
GetCPInfo
GetOEMCP
FlushFileBuffers
GetCurrentProcess
RtlUnwind
ExitProcess
ExitThread
CreateThread
TerminateProcess
HeapAlloc
InterlockedDecrement
VirtualProtect
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
SetLastError
GlobalLock
GlobalUnlock
FormatMessageA
GetPrivateProfileIntA
CopyFileA
CreateProcessA
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualQuery
GetFileTime
GetSystemTimeAsFileTime
GetSystemInfo
GlobalMemoryStatus
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetPrivateProfileStringA
WritePrivateProfileStringA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
MultiByteToWideChar
LoadLibraryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalFree
lstrcpynA
LoadLibraryExA
GetProcAddress
FreeLibrary
GetTickCount
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateFileA
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
WriteFile
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
lstrcpyA
LocalFree
LocalAlloc
lstrlenA
SetEvent
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
Sleep
CreateEventA
GetLastError
HeapFree
CloseHandle

user32

ValidateRect
ClientToScreen
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetDC
ReleaseDC
GetSysColorBrush
IsWindowEnabled
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessagePos
MapWindowPoints
TrackPopupMenu
EnableWindow
SetForegroundWindow
GetClientRect
GetMenu
GetSysColor
AdjustWindowRectEx
GetParent
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
CallWindowProcA
PostMessageA
DispatchMessageA
PeekMessageA
MessageBoxA
GetKeyState
wsprintfA
SetDlgItemTextA
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindow
GetMenuState
GetMenuItemID
GrayStringA
DrawTextExA
DrawTextA
GetMessageTime
TabbedTextOutA
SendDlgItemMessageA
UpdateWindow
LoadIconA
ShowWindow
CreateWindowExA
EndDialog
GetSubMenu
DestroyMenu
GetCursorPos
LoadMenuA
DialogBoxParamA
DefWindowProcA
GetDesktopWindow
DestroyWindow
PostQuitMessage
EndPaint
BeginPaint
RegisterClassExA
LoadCursorA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
SendMessageA
GetMenuItemCount

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
CreateBitmap
ExtTextOutA
SetBkColor
SetTextColor
GetClipBox

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyA
RegQueryValueExA

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetGetConnectedState

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Vista.jpg
.jpg
ppssg.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f081458843f2d19144c9ea849004741c

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetFileAttributesA
CreateFileA
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileA
FindClose
GetLastError
FindNextFileA
FindFirstFileA
MoveFileA
ReadFile
UnlockFile
WriteFile
LockFile
CreateDirectoryA
RemoveDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA
LeaveCriticalSection
GetProcessHeap
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryExA
lstrcpynA
HeapCreate
HeapDestroy
LoadLibraryA
GetTickCount
CreateEventA
GetVersionExA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SuspendThread
OpenMutexA
CreateMutexA
LocalFree
LocalAlloc
OutputDebugStringA
lstrcpyA
lstrlenA
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
HeapFree
GetExitCodeThread
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
IsBadWritePtr
ExitProcess
RaiseException
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapReAlloc
HeapSize
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree

user32

MsgWaitForMultipleObjects
TranslateMessage
wsprintfA
MessageBoxA
DispatchMessageA
PeekMessageA

advapi32

CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CryptCreateHash

ws2_32

inet_ntoa
WSACleanup
WSAStartup
gethostname
gethostbyname
inet_addr

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

DllRegisterServer
DllUnregisterServer
GetXML
IL
IsNeedUpdate
LSG
MDSKAMS
MENMS
MGBIMS
MNRMS
MP2PRMS
MPTMS
MQFBURLMS
MRCMS
MRDSMS
MRFBMS
MRFBMS2
MRURLIDMS
OUDPMR
PSGBF
SHF

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vodnet.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1608bae5534c917be4fa08ef589ad991

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PPStream-Vod-Work\XSearchNew\ppsvod\PPStreamVod\Release\PPStreamVod.pdb

Imports

kernel32

RaiseException
FindResourceExA
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitThread
TerminateProcess
GetFileType
VirtualAlloc
VirtualQuery
GetCommandLineA
HeapReAlloc
SetStdHandle
HeapSize
SetErrorMode
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetTimeZoneInformation
UnhandledExceptionFilter
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
FlushFileBuffers
FileTimeToLocalFileTime
MulDiv
GlobalAlloc
FormatMessageA
GlobalLock
GlobalUnlock
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GlobalFree
VirtualProtect
FileTimeToSystemTime
OpenFile
GetModuleHandleA
GlobalMemoryStatus
HeapCreate
HeapAlloc
HeapDestroy
GetProcessHeap
HeapFree
GetSystemInfo
lstrcpynA
CompareStringW
CompareStringA
GetVersion
GetFileTime
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
LoadLibraryExA
GetProcAddress
FreeLibrary
DeviceIoControl
CreateFileA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
LockFile
WriteFile
UnlockFile
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
CreateThread
ResumeThread
lstrcpyA
LocalFree
LocalAlloc
ResetEvent
SetEvent
WaitForSingleObject
GetExitCodeThread
MultiByteToWideChar
CreateEventA
GetLastError
SetLastError
CreateProcessA
GetModuleFileNameA
Sleep
DeleteFileA
RemoveDirectoryA
CloseHandle
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrcmpiA
InterlockedDecrement
InterlockedIncrement
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
InitializeCriticalSection

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
ValidateRect
SetCursor
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetWindow
MapDialogRect
ShowWindow
GetCapture
GetActiveWindow
SetActiveWindow
GetAsyncKeyState
GetFocus
SetFocus
GetDlgItem
IsWindowEnabled
CreateWindowExA
TranslateMessage
GetSystemMetrics
GetWindowLongA
GetCursorPos
GetSysColor
SetWindowPos
ScreenToClient
GetWindowRect
GetMessageA
wsprintfA
CharUpperA
IsWindow
PostMessageA
GetParent
PeekMessageA
DispatchMessageA
MessageBoxA
PostThreadMessageA
SetWindowLongA
SendMessageA
EnableWindow
SetTimer
IsWindowVisible

gdi32

TextOutA
EnumFontFamiliesExA
PtVisible
DeleteObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
GetObjectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
CryptReleaseContext
CryptAcquireContextA

comctl32

PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ord17
ImageList_Destroy

shlwapi

UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

ws2_32

inet_ntoa
WSAGetLastError
inet_addr
setsockopt
shutdown
send
recv
WSASocketA
select
ioctlsocket
gethostname
sendto
WSACleanup
recvfrom
WSAStartup
getpeername
closesocket
WSASetEvent
WSACloseEvent
WSAEventSelect
WSASend
WSASetLastError
WSACreateEvent
accept
WSAEnumNetworkEvents
WSAResetEvent
WSARecv
WSAWaitForMultipleEvents
listen
ntohs
getsockname
bind
htons
socket
connect
gethostbyname
__WSAFDIsSet

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree

oleaut32

VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocString

wininet

InternetReadFile
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetCookieA

winmm

timeGetTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

CreateVodInstance
CreateVodInstanceByPPSAP
DestroyVodInstance
Disconnect
DllRegisterServer
DllUnregisterServer
EventNotify
GetChannelName
GetChannelOnlineCount
GetHttpURL
GetPlayingURL
GetStatus
GetStreamingType
PlayURL
PlayURLForTest
SetEchoSvr
SetParam
ShowPropertyDlg
StopFile

Sections

.text
Size: 528KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b06c04388040741aaa206de9fe629f2

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 266KB

.ndata Size: - Virtual size: 1024KB

.rsrc Size: 32KB - Virtual size: 32KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

9882992449b6676af72a47da2618c4f0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 266KB

.ndata
Size: - Virtual size: 1024KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 12KB - Virtual size: 9KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 12KB - Virtual size: 9KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 784B

.reloc
Size: 12KB - Virtual size: 10KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate