e92ceb10c0fdd9c2d254c3515b49589d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e92ceb10c0fdd9c2d254c3515b49589d_JaffaCakes118
Size

5.3MB
MD5

e92ceb10c0fdd9c2d254c3515b49589d
SHA1

213e53d4703d1d882208d1d1b54832aeff246d52
SHA256

47e72a53fc8094c4beb09acd8768b3f307d98c944313ea90622d90a09efc92f1
SHA512

67ed725be8c6e9258725f0337a6ca22d3f6c431b6a0cf24eca29ed445dc87413f972f06e34a359ba86892f862dc52208a5d203eb1cafc9077d2628ea5d19dbc9
SSDEEP

98304:MW2coE3GIbEiVAM3Rji5Nt2B4Xok8+IszIqUP6rAhndnyprWACoCOSz3CY4:D2cf3Yix0ok/0XP6rAh6WACokzf4

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/libeay32.dll
unpack001/mchset.dll
unpack001/pcre.dll
unpack001/temp/EWH32.CHS
unpack001/temp/EWH32.CHT
unpack001/temp/pddom.CHS
unpack001/temp/pddom.CHT
unpack001/藏头诗生成器.exe

Files

e92ceb10c0fdd9c2d254c3515b49589d_JaffaCakes118
.rar
config/emfriends.met
config/ipfilter.dat
config/key_index.dat
config/known2_64.met
config/load_index.dat
config/nodes.dat
config/qts-wq.dat
config/新云软件.url
.url
info/jupiter.htm
info/safelist.dat
info/satiter.dat
info/shareddir.dat
info/staticservers.dat
info/webservices.dat
libeay32.dll
.dll windows:4 windows x86 arch:x86

75e4a91d721ddc0f2a64314ac46cea9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

listen
WSACleanup
getservbyname
ntohs
WSACancelBlockingCall
htonl
closesocket
inet_ntoa
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
WSAStartup
htons
gethostbyname
bind
getsockopt
ntohl
accept

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDCA

advapi32

RegQueryValueExA

msvcrt

__mb_cur_max
strcmp
getenv
_stat
_fileno
_chmod
realloc
free
malloc
time
sprintf
localtime
_errno
fclose
fprintf
strchr
fflush
fputs
signal
_iob
fopen
_setjmp3
longjmp
_pctype
_adjust_fdiv
_isctype
strstr
fread
fwrite
_setmode
ftell
fseek
fgets
_ftol
_assert
atoi
strncpy
strncmp
bsearch
qsort
_close
_getch
_except_handler3
strerror
memmove
gmtime
strtoul
tolower
sscanf
_initterm
_write
_lseek
_read

kernel32

GetStdHandle
FreeLibrary
LoadLibraryA
GetProcAddress
GetCurrentThread
GetCurrentThreadId
DisableThreadLibraryCalls
GetLastError
SetLastError
CloseHandle
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
GetTickCount
QueryPerformanceCounter
GetThreadTimes
FlushConsoleInputBuffer

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_new
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_new
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_new
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_type
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_new
ASN1_TIME_free
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_new
ASN1_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2str
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIO_accept
BIO_callback_ctrl
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dump
BIO_dump_indent
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_ghbn_ctrl
BIO_int_ctrl
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_cipher
BIO_set_ex_data
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_free
BN_BLINDING_invert
BN_BLINDING_new
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_fasttest
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_rand
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_new
BUF_strdup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get_number
CONF_get_section
CONF_get_string
CONF_load
CONF_load_bio
CONF_load_fp
CONF_set_default_method
CRL_DIST_POINTS_free
CRL_DIST_POINTS_new
CRYPTO_add_lock
CRYPTO_dbg_free
CRYPTO_dbg_get_options
CRYPTO_dbg_malloc
CRYPTO_dbg_realloc
CRYPTO_dbg_set_options
CRYPTO_destroy_dynlockid
CRYPTO_dup_ex_data
CRYPTO_free
CRYPTO_free_ex_data
CRYPTO_free_locked
CRYPTO_get_add_lock_callback
CRYPTO_get_dynlock_create_callback
CRYPTO_get_dynlock_destroy_callback
CRYPTO_get_dynlock_lock_callback
CRYPTO_get_dynlock_value
CRYPTO_get_ex_data
CRYPTO_get_ex_new_index
CRYPTO_get_id_callback
CRYPTO_get_lock_name
CRYPTO_get_locked_mem_functions
CRYPTO_get_locking_callback
CRYPTO_get_mem_debug_functions
CRYPTO_get_mem_debug_options
CRYPTO_get_mem_functions
CRYPTO_get_new_dynlockid
CRYPTO_get_new_lockid
CRYPTO_is_mem_check_on
CRYPTO_lock
CRYPTO_malloc
CRYPTO_malloc_locked
CRYPTO_mem_ctrl
CRYPTO_mem_leaks
CRYPTO_mem_leaks_cb
CRYPTO_mem_leaks_fp
CRYPTO_new_ex_data
CRYPTO_num_locks
CRYPTO_pop_info
CRYPTO_push_info_
CRYPTO_realloc
CRYPTO_remalloc
CRYPTO_remove_all_info
CRYPTO_set_add_lock_callback
CRYPTO_set_dynlock_create_callback
CRYPTO_set_dynlock_destroy_callback
CRYPTO_set_dynlock_lock_callback
CRYPTO_set_ex_data
CRYPTO_set_id_callback
CRYPTO_set_locked_mem_functions
CRYPTO_set_locking_callback
CRYPTO_set_mem_debug_functions
CRYPTO_set_mem_debug_options
CRYPTO_set_mem_functions
CRYPTO_thread_id
DH_OpenSSL
DH_check
DH_compute_key
DH_free
DH_generate_key
DH_generate_parameters
DH_get_default_method
DH_get_ex_data
DH_get_ex_new_index
DH_new
DH_new_method
DH_set_default_method
DH_set_ex_data
DH_set_method
DH_size
DHparams_print
DHparams_print_fp
DIRECTORYSTRING_free
DIRECTORYSTRING_new
DISPLAYTEXT_free
DISPLAYTEXT_new
DIST_POINT_NAME_free
DIST_POINT_NAME_new
DIST_POINT_free
DIST_POINT_new
DSA_OpenSSL
DSA_SIG_free
DSA_SIG_new
DSA_do_sign
DSA_do_verify
DSA_dup_DH
DSA_free
DSA_generate_key
DSA_generate_parameters
DSA_get_default_method
DSA_get_ex_data
DSA_get_ex_new_index
DSA_new
DSA_new_method
DSA_print
DSA_print_fp
DSA_set_default_method
DSA_set_ex_data
DSA_set_method
DSA_sign
DSA_sign_setup
DSA_size
DSA_verify
DSAparams_print
DSAparams_print_fp
DSO_METHOD_dl
DSO_METHOD_dlfcn
DSO_METHOD_null
DSO_METHOD_openssl
DSO_METHOD_vms
DSO_METHOD_win32
DSO_bind_func
DSO_bind_var
DSO_ctrl
DSO_flags
DSO_free
DSO_get_default_method
DSO_get_method
DSO_load
DSO_new
DSO_new_method
DSO_set_default_method
DSO_set_method
DSO_up
ERR_add_error_data
ERR_clear_error
ERR_error_string
ERR_error_string_n
ERR_free_strings
ERR_func_error_string
ERR_get_err_state_table
ERR_get_error
ERR_get_error_line
ERR_get_error_line_data
ERR_get_next_error_library
ERR_get_state
ERR_get_string_table
ERR_lib_error_string
ERR_load_ASN1_strings
ERR_load_BIO_strings
ERR_load_BN_strings
ERR_load_BUF_strings
ERR_load_CONF_strings
ERR_load_CRYPTO_strings
ERR_load_DH_strings
ERR_load_DSA_strings
ERR_load_DSO_strings
ERR_load_ERR_strings
ERR_load_EVP_strings
ERR_load_OBJ_strings
ERR_load_PEM_strings
ERR_load_PKCS12_strings
ERR_load_PKCS7_strings
ERR_load_RAND_strings
ERR_load_RSA_strings
ERR_load_X509V3_strings
ERR_load_X509_strings
ERR_load_crypto_strings
ERR_load_strings
ERR_peek_error
ERR_peek_error_line
ERR_peek_error_line_data
ERR_print_errors
ERR_print_errors_fp
ERR_put_error
ERR_reason_error_string
ERR_remove_state

Sections

.text
Size: 488KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mchset.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Big5ToGB
GBToBig5

Sections

CODE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pcre.dll
.dll windows:4 windows x86 arch:x86

8ab23956411019860d27a62efef310fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_isctype
__mb_cur_max
toupper
tolower
free
malloc
memmove
_pctype
strncpy
sprintf
_initterm
_adjust_fdiv
strncmp
strchr

kernel32

DisableThreadLibraryCalls

Exports

Exports

pcre_callout
pcre_compile
pcre_config
pcre_copy_named_substring
pcre_copy_substring
pcre_exec
pcre_free
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_named_substring
pcre_get_stringnumber
pcre_get_substring
pcre_get_substring_list
pcre_info
pcre_maketables
pcre_malloc
pcre_study
pcre_version
regcomp
regerror
regexec
regfree

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
temp/EWH32.CHS
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
temp/EWH32.CHT
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
temp/pddom.CHS
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
temp/pddom.CHT
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
藏头诗生成器.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75e4a91d721ddc0f2a64314ac46cea9e

Headers

File Characteristics

Imports

wsock32

gdi32

advapi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 486KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 36KB - Virtual size: 42KB

.reloc Size: 24KB - Virtual size: 21KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 11KB - Virtual size: 10KB

DATA Size: 512B - Virtual size: 188B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 89B

.reloc Size: 1024B - Virtual size: 816B

.rsrc Size: 47KB - Virtual size: 47KB

8ab23956411019860d27a62efef310fc

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 1KB

.idata Size: 512B - Virtual size: 404B

.reloc Size: 2KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 8B

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 8B

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 8B

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 8B

Headers

File Characteristics

Sections

CODE Size: 624KB - Virtual size: 623KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.text
Size: 488KB - Virtual size: 486KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 36KB - Virtual size: 42KB

.reloc
Size: 24KB - Virtual size: 21KB

CODE
Size: 11KB - Virtual size: 10KB

DATA
Size: 512B - Virtual size: 188B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 89B

.reloc
Size: 1024B - Virtual size: 816B

.rsrc
Size: 47KB - Virtual size: 47KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 1KB

.idata
Size: 512B - Virtual size: 404B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 8B

CODE
Size: 624KB - Virtual size: 623KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 46KB - Virtual size: 46KB

.rsrc
Size: 147KB - Virtual size: 147KB