30a569aab54545e82ace6eca251e777d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30a569aab54545e82ace6eca251e777d_JaffaCakes118
Size

325KB
MD5

30a569aab54545e82ace6eca251e777d
SHA1

cdbf0277eb95c2877663c9eb8b38b699690361e0
SHA256

67698bec1d4f5b0af05c22c113d3e1c9421d48183ec55d24b3b2d31f61326b65
SHA512

cf7a8cd04fcbe9ba4f39fb3dbfeba68c68db3164366bfc26f7b2db771d6123c2cbaffa6ebe47057c22c33afd8bfbb6aff4610a62af96c5fb4802725b81872333
SSDEEP

6144:Lsa8hA7TcaCGhS09HUrtuv6a6irkAZgAH/8CMxpYYMy:awIjt0irEv68AUD3MxMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack002/$PLUGINSDIR/nsProcess.dll
unpack001/$PLUGINSDIR/AccessControl.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsProcess.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$APPDATA/Anti-phishing Domain Advisor/uninstall.exe	nsis_installer_1
static1/unpack001/$APPDATA/Anti-phishing Domain Advisor/uninstall.exe	nsis_installer_2

Files

30a569aab54545e82ace6eca251e777d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:c7:4d:94:45:09:4b:fd:79:75:9f:7b:9c:af:d7:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/06/2010, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

bd:44:c2:6d:97:34:73:47:93:32:f0:d2:4a:ab:ed:ef:56:e4:c2:79
Signer

Actual PE Digest

bd:44:c2:6d:97:34:73:47:93:32:f0:d2:4a:ab:ed:ef:56:e4:c2:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Anti-phishing Domain Advisor/uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:c7:4d:94:45:09:4b:fd:79:75:9f:7b:9c:af:d7:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/06/2010, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

c2:d9:5a:19:df:ea:18:e2:1b:14:ad:b6:10:6f:a2:73:52:c2:1b:58
Signer

Actual PE Digest

c2:d9:5a:19:df:ea:18:e2:1b:14:ad:b6:10:6f:a2:73:52:c2:1b:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

8cf5dbc8faf0856e6ce0e1c3a196d197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
lstrcatA
FreeLibrary
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetModuleHandleA

user32

ShowWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EnableWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

54317f9e35e039c28fdb421cf518703e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strtol
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
_mbschr
strlen

kernel32

DeleteFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
CreateFileA
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
GetWindowLongA
IsWindow
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SetWindowTextA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Anti-phishing Domain Advisor/visicom_antiphishing.dll
.dll windows:5 windows x86 arch:x86

bcbfed0e20db0d95e09360c6af0df332

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:c7:4d:94:45:09:4b:fd:79:75:9f:7b:9c:af:d7:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/06/2010, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f9:94:f0:de:1c:a5:98:9e:29:96:4b:11:55:17:61:cd:d8:63:76:5c
Signer

Actual PE Digest

f9:94:f0:de:1c:a5:98:9e:29:96:4b:11:55:17:61:cd:d8:63:76:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

WSAGetLastError
inet_ntoa

kernel32

DeleteCriticalSection
CreateThread
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
OpenFileMappingA
VirtualFree
VirtualAlloc
LocalAlloc
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatW
WriteProcessMemory
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
TerminateThread
TerminateProcess
SetThreadPriority
SetLastError
SetEvent
ResumeThread
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
OpenProcess
OpenMutexW
OpenFileMappingW
EnterCriticalSection
OpenEventA
LoadLibraryExA
LoadLibraryW
LoadLibraryA
IsBadWritePtr
IsBadReadPtr
GetWindowsDirectoryW
GetVersionExW
GetThreadContext
GetSystemDirectoryW
GetSystemDirectoryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedExchange
FormatMessageA
DuplicateHandle
DeviceIoControl
CreateSemaphoreA
CreateProcessA
CreatePipe
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateEventW
CreateEventA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
LeaveCriticalSection
InitializeCriticalSection
LocalFree
CloseHandle
GetVersionExA
CreateMutexA
GetModuleFileNameA
OpenMutexA
GlobalFree
GetLastError
Sleep
GlobalAlloc
GetTickCount
CreateFileA
FlushFileBuffers
SetEndOfFile
GetProcessHeap
OpenEventW
CreateProcessW
FreeEnvironmentStringsA
HeapSize
SetFilePointer
GetFileType
SetHandleCount
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapCreate
HeapDestroy
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode

user32

CloseDesktop
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
MessageBoxA
GetKeyboardType
CallNextHookEx
SetWindowsHookExA
BroadcastSystemMessageA
UnhookWindowsHookEx
LoadStringA
TranslateMessage
PeekMessageA
DispatchMessageA

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
GetLengthSid
GetTokenInformation
InitializeSecurityDescriptor
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
GetKernelObjectSecurity

shell32

SHGetFolderPathA

oleaut32

SysAllocStringLen
SysReAllocStringLen
SysFreeString

Exports

Exports

Attach
Detach
GCL
GPL
GTI

Sections

CODE
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Anti-phishing Domain Advisor/visicom_antiphishing.exe
.exe windows:5 windows x86 arch:x86

3928297ae0b152954b6bc60c890c90bb

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:c7:4d:94:45:09:4b:fd:79:75:9f:7b:9c:af:d7:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/06/2010, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

c8:ac:be:9c:12:c7:70:2f:e9:b2:6f:db:56:c8:fc:bc:e5:05:53:b7
Signer

Actual PE Digest

c8:ac:be:9c:12:c7:70:2f:e9:b2:6f:db:56:c8:fc:bc:e5:05:53:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

HttpSendRequestA
InternetConnectA
HttpQueryInfoA
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpOpenRequestA

kernel32

UnmapViewOfFile
FreeLibrary
GetTickCount
WriteFile
InitializeCriticalSection
Sleep
CreateDirectoryA
FindFirstFileA
GetProcAddress
RemoveDirectoryA
CopyFileA
FindClose
LoadLibraryA
CreateFileMappingA
MoveFileA
FindNextFileA
DeleteCriticalSection
CloseHandle
DeleteFileA
GlobalAlloc
GetLastError
GlobalFree
OpenMutexA
GetModuleFileNameA
CreateMutexA
GetVersionExA
LocalFree
SetFilePointer
SystemTimeToFileTime
MapViewOfFile
GetFileAttributesA
ReadFile
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetFileTime
GetACP
GetCPInfo
HeapReAlloc
GetModuleHandleW
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
HeapSize
SetHandleCount
GetFileType
HeapCreate
VirtualFree
VirtualAlloc

user32

wsprintfA
IsDialogMessageA
TranslateMessage
PeekMessageA
GetLastInputInfo
DispatchMessageA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegOpenKeyA
GetSecurityDescriptorSacl
SetSecurityInfo
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

shell32

SHGetFolderPathA
ShellExecuteA

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

46e93a34138fb999d8d73f9ecb219652

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Program Files\NSIS\Contrib\AccessControl\Release\AccessControl.pdb

Imports

advapi32

LookupAccountNameA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
ConvertStringSidToSidA

shlwapi

StrDupA
wvnsprintfA

kernel32

GetFileAttributesA
GetLastError
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
LocalFree
LocalAlloc
lstrcmpiA

user32

FindWindowExA

Exports

Exports

??0CAccessControl@@QAE@XZ
??4CAccessControl@@QAEAAV0@ABV0@@Z
?fnAccessControl@@YAHXZ
?nAccessControl@@3HA
DenyOnFile
DenyOnRegKey
DisableInheritance
EnableInheritance
GrantOnFile
GrantOnRegKey
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 682B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

8cf5dbc8faf0856e6ce0e1c3a196d197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
lstrcatA
FreeLibrary
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetModuleHandleA

user32

ShowWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EnableWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

54317f9e35e039c28fdb421cf518703e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strtol
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
_mbschr
strlen

kernel32

DeleteFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
CreateFileA
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
GetWindowLongA
IsWindow
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SetWindowTextA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

73:c7:4d:94:45:09:4b:fd:79:75:9f:7b:9c:af:d7:30Certificate

Extended Key Usages

bd:44:c2:6d:97:34:73:47:93:32:f0:d2:4a:ab:ed:ef:56:e4:c2:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 11KB - Virtual size: 11KB

099c0646ea7282d232219f8807883be0

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

73:c7:4d:94:45:09:4b:fd:79:75:9f:7b:9c:af:d7:30Certificate

Extended Key Usages

c2:d9:5a:19:df:ea:18:e2:1b:14:ad:b6:10:6f:a2:73:52:c2:1b:58Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 11KB - Virtual size: 11KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

73:c7:4d:94:45:09:4b:fd:79:75:9f:7b:9c:af:d7:30
Certificate

bd:44:c2:6d:97:34:73:47:93:32:f0:d2:4a:ab:ed:ef:56:e4:c2:79
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 11KB - Virtual size: 11KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

73:c7:4d:94:45:09:4b:fd:79:75:9f:7b:9c:af:d7:30
Certificate

c2:d9:5a:19:df:ea:18:e2:1b:14:ad:b6:10:6f:a2:73:52:c2:1b:58
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

0a
Certificate