43ff8555772d9c19816d41448626cb7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43ff8555772d9c19816d41448626cb7f_JaffaCakes118
Size

406KB
MD5

43ff8555772d9c19816d41448626cb7f
SHA1

5a099a45f7d4e737e1fd17c41f2ab39a334f7d90
SHA256

cdfc0ad62f0f34bd1ee1415ad77d8a3bfda4097361078533c28a148056a0fdc9
SHA512

7ac862313839778fb62cf4be251c274a987ed77649fc06a97038625486cd607ff97fe5169dfa800638b60ec663d4d108b33b2bb28129c056dc6549aa04b93ce2
SSDEEP

6144:J5OnEYwYipS18KwkOzF70+vEg5F05KEXQHaK6LDS0r28CG:JYngpg8d0+vEL5TA6KsDriU

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/69a37357865b795b7af6cf385cedf1ee.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

43ff8555772d9c19816d41448626cb7f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:2a:06:c1:0c:32:41:2c:a9:21:4e:c1:43:b2:50:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/06/2012, 00:00

Not After

07/06/2013, 23:59

Subject

CN=Acquinity Interactive\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Acquinity Interactive\, LLC,L=Deerfield Beach,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fd:0e:c6:26:fc:8f:9c:8b:6a:d0:c1:56:49:1a:fe:a0:2c:aa:cc:ce
Signer

Actual PE Digest

fd:0e:c6:26:fc:8f:9c:8b:6a:d0:c1:56:49:1a:fe:a0:2c:aa:cc:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.build
.user
69a37357865b795b7af6cf385cedf1ee.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fe759c67b0bbb820ef73aa7875e3d5b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

kernel32

CloseHandle
CreateSemaphoreA
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadWritePtr
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte

msvcrt

_fdopen
_fstat
_lseek
_read
_write
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_filbuf
_flsbuf
_iob
_stricmp
abort
fclose
fflush
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
getwc
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putwc
realloc
setlocale
setvbuf
sprintf
strcmp
strcoll
strcpy
strerror
strftime
strlen
strxfrm
towlower
towupper
ungetc
ungetwc
wcscoll
wcsftime
wcslen
wcsxfrm

oleaut32

SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
VariantChangeType
VariantClear
VariantInit

wsock32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
htons
recv
send
socket

Exports

Exports

CLSID_CColorPropPage
CLSID_CFontPropPage
CLSID_CPicturePropPage
CLSID_IEPlugin
CLSID_Picture_Dib
CLSID_Picture_Metafile
CLSID_StaticDib
CLSID_StaticMetafile
CLSID_StdFont
CLSID_StdPicture
CLSID_WebBrowser
DIID_DWebBrowserEvents
DIID_DWebBrowserEvents2
DllCanUnloadNow
DllCanUnloadNow@0
DllGetClassObject
DllGetClassObject@12
DllRefCount
DllRegisterServer
DllRegisterServer@0
DllUnregisterServer
DllUnregisterServer@0
EventSink
GUID_NULL
IID_IAdviseSinkEx
IID_IClassFactory
IID_IClassFactory2
IID_IConnectionPoint
IID_IConnectionPointContainer
IID_IDebug
IID_IDebugStream
IID_IDispatch
IID_IEnumConnectionPoints
IID_IEnumConnections
IID_IEnumFORMATETC
IID_IEnumMoniker
IID_IEnumOLEVERB
IID_IEnumOleUndoUnits
IID_IEnumSTATDATA
IID_IEnumSTATSTG
IID_IEnumString
IID_IEnumUnknown
IID_IErrorLog
IID_IFont
IID_IFontDisp
IID_IHTMLAnchorElement
IID_IHTMLAppBehavior
IID_IHTMLAppBehavior2
IID_IHTMLAreaElement
IID_IHTMLAreasCollection
IID_IHTMLAreasCollection2
IID_IHTMLAttributeCollection
IID_IHTMLBGsound
IID_IHTMLBRElement
IID_IHTMLBaseElement
IID_IHTMLBaseFontElement
IID_IHTMLBlockElement
IID_IHTMLBodyElement
IID_IHTMLBodyElement2
IID_IHTMLBookmarkCollection
IID_IHTMLButtonElement
IID_IHTMLCommentElement
IID_IHTMLControlElement
IID_IHTMLControlRange
IID_IHTMLCurrentStyle
IID_IHTMLDDElement
IID_IHTMLDListElement
IID_IHTMLDOMAttribute
IID_IHTMLDOMChildrenCollection
IID_IHTMLDOMNode
IID_IHTMLDOMTextNode
IID_IHTMLDTElement
IID_IHTMLDataTransfer
IID_IHTMLDatabinding
IID_IHTMLDialog
IID_IHTMLDialog2
IID_IHTMLDivElement
IID_IHTMLDivPosition
IID_IHTMLDocument
IID_IHTMLDocument2
IID_IHTMLDocument3
IID_IHTMLDocumentFragment
IID_IHTMLElement
IID_IHTMLElement2
IID_IHTMLElementCollection
IID_IHTMLElementCollection2
IID_IHTMLEmbedElement
IID_IHTMLEventObj
IID_IHTMLEventObj2
IID_IHTMLFieldSetElement
IID_IHTMLFiltersCollection
IID_IHTMLFontElement
IID_IHTMLFontNamesCollection
IID_IHTMLFontSizesCollection
IID_IHTMLFormElement
IID_IHTMLFormElement2
IID_IHTMLFrameBase
IID_IHTMLFrameBase2
IID_IHTMLFrameBase3
IID_IHTMLFrameElement
IID_IHTMLFrameSetElement
IID_IHTMLFrameSetElement2
IID_IHTMLFramesCollection2
IID_IHTMLGenericElement
IID_IHTMLHRElement
IID_IHTMLHeaderElement
IID_IHTMLIFrameElement
IID_IHTMLIFrameElement2
IID_IHTMLImageElementFactory
IID_IHTMLImgElement
IID_IHTMLInputButtonElement
IID_IHTMLInputElement
IID_IHTMLInputFileElement
IID_IHTMLInputHiddenElement
IID_IHTMLInputImage
IID_IHTMLInputTextElement
IID_IHTMLIsIndexElement
IID_IHTMLLIElement
IID_IHTMLLabelElement
IID_IHTMLLegendElement
IID_IHTMLLinkElement
IID_IHTMLLinkElement2
IID_IHTMLListElement
IID_IHTMLLocation
IID_IHTMLMapElement
IID_IHTMLMarqueeElement
IID_IHTMLMetaElement
IID_IHTMLMimeTypesCollection
IID_IHTMLModelessInit
IID_IHTMLNextIdElement
IID_IHTMLNoShowElement
IID_IHTMLOListElement
IID_IHTMLObjectElement
IID_IHTMLObjectElement2
IID_IHTMLOpsProfile
IID_IHTMLOptionButtonElement
IID_IHTMLOptionElement
IID_IHTMLOptionElementFactory
IID_IHTMLOptionsHolder
IID_IHTMLParaElement
IID_IHTMLPersistData
IID_IHTMLPersistDataOM
IID_IHTMLPhraseElement
IID_IHTMLPluginsCollection
IID_IHTMLRect
IID_IHTMLRectCollection
IID_IHTMLRuleStyle
IID_IHTMLRuleStyle2
IID_IHTMLScreen
IID_IHTMLScriptElement
IID_IHTMLSelectElement
IID_IHTMLSelectElement2
IID_IHTMLSelectionObject
IID_IHTMLSpanElement
IID_IHTMLSpanFlow
IID_IHTMLStyle
IID_IHTMLStyle2
IID_IHTMLStyleElement
IID_IHTMLStyleFontFace
IID_IHTMLStyleSheet
IID_IHTMLStyleSheetRule
IID_IHTMLStyleSheetRulesCollection
IID_IHTMLStyleSheetsCollection
IID_IHTMLTable
IID_IHTMLTable2
IID_IHTMLTableCaption
IID_IHTMLTableCell
IID_IHTMLTableCol
IID_IHTMLTableRow
IID_IHTMLTableRow2
IID_IHTMLTableRowMetrics
IID_IHTMLTableSection
IID_IHTMLTableSection2
IID_IHTMLTextAreaElement
IID_IHTMLTextContainer
IID_IHTMLTextElement
IID_IHTMLTextRangeMetrics
IID_IHTMLTextRangeMetrics2
IID_IHTMLTitleElement
IID_IHTMLTxtRange
IID_IHTMLUListElement
IID_IHTMLUniqueName
IID_IHTMLUnknownElement
IID_IHTMLUrnCollection
IID_IHTMLUserDataOM
IID_IHTMLWindow2
IID_IHTMLWindow3
IID_IObjectWithSite
IID_IOleControl
IID_IOleControlSite
IID_IOleInPlaceSiteEx
IID_IOleLink
IID_IOleParentUndoUnit
IID_IOleUndoManager
IID_IOleUndoUnit
IID_IPSFactory
IID_IPerPropertyBrowsing
IID_IPersistMemory
IID_IPersistPropertyBag
IID_IPersistPropertyBag2
IID_IPersistStreamInit
IID_IPicture
IID_IPictureDisp
IID_IPointerInactive
IID_IPropertyBag
IID_IPropertyBag2
IID_IPropertyNotifySink
IID_IPropertyPage
IID_IPropertyPage2
IID_IPropertyPageSite
IID_IProvideClassInfo
IID_IProvideClassInfo2
IID_IQuickActivate
IID_IRpcChannel
IID_IRpcProxy
IID_IRpcStub
IID_ISimpleFrameSite
IID_ISpecifyPropertyPages
IID_IUnknown
IID_IWebBrowser
IID_IWebBrowser2
IID_IWebBrowserApp
IsEqualGUID
_Z11IsEqualGUIDRK5_GUIDS1_
_Z7DllMainP11HINSTANCE__mPv@12
_ZN10CEventSink11GetTypeInfoEjmPP9ITypeInfo@16
_ZN10CEventSink13GetIDsOfNamesERK5_GUIDPPwjmPl@24
_ZN10CEventSink14QueryInterfaceERK5_GUIDPPv@12
_ZN10CEventSink16GetTypeInfoCountEPj@8
_ZN10CEventSink21Event_BeforeNavigate2EPwlS0_PhlS0_b
_ZN10CEventSink24Event_OnDocumentCompleteEv
_ZN10CEventSink4GotoESs
_ZN10CEventSink4RecvEPcjj
_ZN10CEventSink5fetchESsSs
_ZN10CEventSink6AddRefEv@4
_ZN10CEventSink6InvokeElRK5_GUIDmtP13tagDISPPARAMSP10tagVARIANTP12tagEXCEPINFOPj@36
_ZN10CEventSink7ReleaseEv@4
_ZN10CEventSink8char2hexEc
_ZN10CEventSink9urlencodeERKSs
_ZN10CEventSinkC1Ev
_ZN10CEventSinkD1Ev
_ZN13CClassFactory10LockServerEi@8
_ZN13CClassFactory13SupportedIIDsE
_ZN13CClassFactory14CreateInstanceEP8IUnknownRK5_GUIDPPv@16
_ZN13CClassFactoryC1Ev
_ZN13CClassFactoryC2Ev
_ZN13CClassFactoryD0Ev
_ZN13CClassFactoryD1Ev
_ZN13CClassFactoryD2Ev
_ZN13IClassFactoryC2Ev
_ZN15CObjectWithSite13SupportedIIDsE
_ZN15CObjectWithSite16ConnectEventSinkEv
_ZN15CObjectWithSite19DisconnectEventSinkEv
_ZN15CObjectWithSite7GetSiteERK5_GUIDPPv@12
_ZN15CObjectWithSite7SetSiteEP8IUnknown@8
_ZN15CObjectWithSiteC1Ev
_ZN15CObjectWithSiteC2Ev
_ZN15CObjectWithSiteD0Ev
_ZN15CObjectWithSiteD1Ev
_ZN15CObjectWithSiteD2Ev
_ZN15IObjectWithSiteC2Ev
_ZN18DWebBrowserEvents2C2Ev
_ZN8CUnknownI13IClassFactoryE14QueryInterfaceERK5_GUIDPPv@12
_ZN8CUnknownI13IClassFactoryE6AddRefEv@4
_ZN8CUnknownI13IClassFactoryE7ReleaseEv@4
_ZN8CUnknownI13IClassFactoryEC2EPK5_GUIDi
_ZN8CUnknownI13IClassFactoryED0Ev
_ZN8CUnknownI13IClassFactoryED1Ev
_ZN8CUnknownI13IClassFactoryED2Ev
_ZN8CUnknownI15IObjectWithSiteE14QueryInterfaceERK5_GUIDPPv@12
_ZN8CUnknownI15IObjectWithSiteE6AddRefEv@4
_ZN8CUnknownI15IObjectWithSiteE7ReleaseEv@4
_ZN8CUnknownI15IObjectWithSiteEC2EPK5_GUIDi
_ZN8CUnknownI15IObjectWithSiteED0Ev
_ZN8CUnknownI15IObjectWithSiteED1Ev
_ZN8CUnknownI15IObjectWithSiteED2Ev
_ZN8IUnknownC2Ev
_ZN9IDispatchC2Ev
_ZN9__gnu_cxx17__is_null_pointerINS_17__normal_iteratorIPcSsEEEEbT_
_ZN9__gnu_cxx17__normal_iteratorIPcSsEppEv
_ZN9__gnu_cxxeqIPcSsEEbRKNS_17__normal_iteratorIT_T0_EES7_
_ZN9__gnu_cxxmiIPcSsEENS_17__normal_iteratorIT_T0_E15difference_typeERKS5_S8_
_ZN9__gnu_cxxneIPcSsEEbRKNS_17__normal_iteratorIT_T0_EES7_
_ZNK9__gnu_cxx17__normal_iteratorIPcSsE4baseEv
_ZNK9__gnu_cxx17__normal_iteratorIPcSsEdeEv
_ZNSbIwSt11char_traitsIwESaIwEE12_S_constructIN9__gnu_cxx17__normal_iteratorIPcSsEEEEPwT_S9_RKS1_
_ZNSbIwSt11char_traitsIwESaIwEE12_S_constructIN9__gnu_cxx17__normal_iteratorIPcSsEEEEPwT_S9_RKS1_St20forward_iterator_tag
_ZNSbIwSt11char_traitsIwESaIwEE13_S_copy_charsIN9__gnu_cxx17__normal_iteratorIPcSsEEEEvPwT_S9_
_ZNSbIwSt11char_traitsIwESaIwEE16_S_construct_auxIN9__gnu_cxx17__normal_iteratorIPcSsEEEEPwT_S9_RKS1_St12__false_type
_ZNSbIwSt11char_traitsIwESaIwEEC1IN9__gnu_cxx17__normal_iteratorIPcSsEEEET_S8_RKS1_
_ZNSt11char_traitsIwE6assignERwRKw
_ZSt10__distanceIN9__gnu_cxx17__normal_iteratorIPcSsEEENSt15iterator_traitsIT_E15difference_typeES5_S5_St26random_access_iterator_tag
_ZSt19__iterator_categoryIN9__gnu_cxx17__normal_iteratorIPcSsEEENSt15iterator_traitsIT_E17iterator_categoryERKS5_
_ZSt8distanceIN9__gnu_cxx17__normal_iteratorIPcSsEEENSt15iterator_traitsIT_E15difference_typeES5_S5_
_ZSteqIwEbRKSaIT_ES3_
_ZStorSt13_Ios_OpenmodeS_
_ZTI10CEventSink
_ZTI13CClassFactory
_ZTI13IClassFactory
_ZTI15CObjectWithSite
_ZTI15IObjectWithSite
_ZTI18DWebBrowserEvents2
_ZTI8CUnknownI13IClassFactoryE
_ZTI8CUnknownI15IObjectWithSiteE
_ZTI8IUnknown
_ZTI9IDispatch
_ZTS10CEventSink
_ZTS13CClassFactory
_ZTS13IClassFactory
_ZTS15CObjectWithSite
_ZTS15IObjectWithSite
_ZTS18DWebBrowserEvents2
_ZTS8CUnknownI13IClassFactoryE
_ZTS8CUnknownI15IObjectWithSiteE
_ZTS8IUnknown
_ZTS9IDispatch
_ZTV10CEventSink
_ZTV13CClassFactory
_ZTV13IClassFactory
_ZTV15CObjectWithSite
_ZTV15IObjectWithSite
_ZTV18DWebBrowserEvents2
_ZTV8CUnknownI13IClassFactoryE
_ZTV8CUnknownI15IObjectWithSiteE
_ZTV8IUnknown
_ZTV9IDispatch
_get_output_format
hInstance

Sections

.text
Size: 525KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 512B - Virtual size: 63B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 1024B - Virtual size: 1007B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/47
Size: 512B - Virtual size: 300B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 512B - Virtual size: 429B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 512B - Virtual size: 152B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/86
Size: 512B - Virtual size: 494B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

50:2a:06:c1:0c:32:41:2c:a9:21:4e:c1:43:b2:50:48Certificate

Extended Key Usages

Key Usages

fd:0e:c6:26:fc:8f:9c:8b:6a:d0:c1:56:49:1a:fe:a0:2c:aa:cc:ceSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 8KB - Virtual size: 7KB

.bss Size: - Virtual size: 150KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 40KB

.rsrc Size: 19KB - Virtual size: 18KB

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 572B

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

50:2a:06:c1:0c:32:41:2c:a9:21:4e:c1:43:b2:50:48
Certificate

fd:0e:c6:26:fc:8f:9c:8b:6a:d0:c1:56:49:1a:fe:a0:2c:aa:cc:ce
Signer

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 150KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 40KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

.text
Size: 525KB - Virtual size: 525KB

.data
Size: 25KB - Virtual size: 24KB

.rdata
Size: 31KB - Virtual size: 31KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 12KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 19KB

/4
Size: 512B - Virtual size: 32B

/19
Size: 512B - Virtual size: 63B

/35
Size: 1024B - Virtual size: 1007B

/47
Size: 512B - Virtual size: 300B

/61
Size: 512B - Virtual size: 429B

/73
Size: 512B - Virtual size: 152B

/86
Size: 512B - Virtual size: 494B