neshta | eb0606a39ce8bcdbc2ca052de3ee1f43_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb0606a39ce8bcdbc2ca052de3ee1f43_JaffaCakes118
Size

2.6MB
MD5

eb0606a39ce8bcdbc2ca052de3ee1f43
SHA1

227054e8b4fcf48239e13eb96b668157beca8d21
SHA256

e4c54831495a2717c6a8e1f6a67ae17f4b46e23a8d21836deb61dbff0b2256cd
SHA512

b861cb13077f0a764871c1055d8ef8fd163ec81cb7d94f102593935f2a33d27a876ef2d6267d470078efd627ed96b573a747bfb68a9186eac25da23970c08cac
SSDEEP

49152:/mSMxyQiJkxyQiJu2T1L6D0Vnj+GyxyQiJqxyQiJixyQiJSxyQiJu:/CxyQQkxyQQu2ZL6D0djMxyQQqxyQQir

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 7 IoCs

resource	yara_rule
static1/unpack001/RCX/RCX.exe	family_neshta
static1/unpack001/RCX/RCX/RCX/RCX.exe	family_neshta
static1/unpack001/RCX/RCXDraw.exe	family_neshta
static1/unpack001/RCX/trz4A49.tmp	family_neshta
static1/unpack001/RCX/trz6D30.tmp	family_neshta
static1/unpack001/RCX/trzBF87.tmp	family_neshta
static1/unpack001/RCX/trzDBC9.tmp	family_neshta

Neshta family
neshta

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RCX/RCX.exe
unpack001/RCX/RCX/RCX/RCX.exe
unpack001/RCX/RCXDraw.dll
unpack001/RCX/RCXDraw.exe
unpack001/RCX/RCXJPN.dll
unpack001/RCX/trz4A49.tmp
unpack001/RCX/trz6D30.tmp
unpack001/RCX/trzBF87.tmp
unpack001/RCX/trzDBC9.tmp

Files

eb0606a39ce8bcdbc2ca052de3ee1f43_JaffaCakes118
.rar
RCX/AccountCollector/sample.ini
RCX/AutoHotkey Script.ahk.bak
RCX/EnglishSettingFilePack/AccountCollector/sample.ini
RCX/EnglishSettingFilePack/JobClass.ini
RCX/EnglishSettingFilePack/RCX.ini
RCX/EnglishSettingFilePack/RagMap.ini
RCX/ExNGWords/US_Valkyrie.txt
RCX/Groupie/default.txt
RCX/JobClass.ini
RCX/KillCount/212.80.69.60_Deggial_8716F320.log
RCX/KillCount/212.80.69.60_Freak TH3 BEAST_E1802C76.log
RCX/KillCount/212.80.69.60_Freak THE BOUNCER_ E5758B8.log
RCX/KillCount/212.80.69.60_SiLver_88C5B253.log
RCX/KillCount/212.80.69.60_YSJF T3E BEAST_70005DEF.log
RCX/KillCount/212.80.69.60_YSJF TH3 BEAST_ E823538.log
RCX/KillCount/212.80.69.60_YSJF THE BEAST_813AD029.log
RCX/KillCount/212.80.69.60_Ya Suka Janne frisce_38B2A3AF.log
RCX/KillCount/46.38.58.29_SiLver_88C5B253.log
RCX/KillCount/46.38.58.29_YA SUKA KATYA_5A6CD416.log
RCX/KillCount/46.38.58.29_silver1_7F4A3CD3.log
RCX/KillCount/88.151.184.22_-SiLver-_FF0A0194.log
RCX/KillCount/88.151.184.22_Dark Messiah_CE82778C.log
RCX/KillCount/88.151.184.22_Dark Messiah_CE82778C.tmp
RCX/KillCount/88.151.184.22_SiLver_88C5B253.log
RCX/KillCount/88.151.184.22_SiLverok_CD2589B5.log
RCX/KillCount/88.151.184.22_Кеник_F364871C.log
RCX/KillCount/88.151.184.22_Кеник_F364871C.tmp
RCX/KillCount/91.218.231.156_SiLver_88C5B253.log
RCX/KillCount/Lumi_Acedia_66F8901A.log
RCX/KillCount/Lumi_Bony Yamz_B650A57A.log
RCX/KillCount/Lumi_Cast Control_5B3FEE2A.log
RCX/KillCount/Lumi_ChanterMe_32F7E086.log
RCX/KillCount/Lumi_Demi Moore_903FCB3E.log
RCX/KillCount/Lumi_FREAK THE BEAST_8E8FAE65.log
RCX/KillCount/Lumi_Freak In Love_16D36E3F.log
RCX/KillCount/Lumi_Freak Trade_5A97D57D.log
RCX/KillCount/Lumi_Fusion_2F12E387.log
RCX/KillCount/Lumi_GoodStyle_8FF4D944.log
RCX/KillCount/Lumi_Hertz_ EAF7B4A.log
RCX/KillCount/Lumi_I Bonnie I_93D8F4F1.log
RCX/KillCount/Lumi_Jaleo_D3B1F6FC.log
RCX/KillCount/Lumi_Jennifer Lopez_761EBF3A.log
RCX/KillCount/Lumi_Kamome_1743260F.log
RCX/KillCount/Lumi_Kitamina_749BD158.log
RCX/KillCount/Lumi_LETLE_C624D920.log
RCX/KillCount/Lumi_Lady Gaga_ F24325E.log
RCX/KillCount/Lumi_Linda Evangelista_ED4768A8.log
RCX/KillCount/Lumi_Marionette Control_C988B6D3.log
RCX/KillCount/Lumi_Marker_856325C8.log
RCX/KillCount/Lumi_Miss Bonvoyage_79AECC25.log
RCX/KillCount/Lumi_Must Be Alive_F1EDF3AE.log
RCX/KillCount/Lumi_Nicole Kidman_2AC5063A.log
RCX/KillCount/Lumi_Paranoia_E98514C4.log
RCX/KillCount/Lumi_Penelope Cruz_7923E7FC.log
RCX/KillCount/Lumi_Recidivistka_D51EC0C1.log
RCX/KillCount/Lumi_ShangTsung_4AA0A0EE.log
RCX/KillCount/Lumi_Umineko_ 2285788.log
RCX/KillCount/Lumi_VeeD_E8059CC2.log
RCX/KillCount/Lumi_Ya Suka Janne Frisce_3F1EA699.log
RCX/KillCount/Lumi_deadman_3C595902.log
RCX/KillCount/Lumi_inpeace_7E8B5338.log
RCX/KillCount/Lumi_Альтаир_ EA1939C.log
RCX/KillCount/Lumi_Гурд_41E594A1.log
RCX/KillCount/Lumi_Израил_5876A2A6.log
RCX/KillCount/Lumi_Лична_ Варилка_44A996BF.log
RCX/KillCount/Lumi_Пальто и Шляпа_ 6F53AFC.log
RCX/KillCount/Lumi_фокус в попус_6ACFEF23.log
RCX/RCX.exe
.exe windows:5 windows x86 arch:x86

bb95664a16f7834d8f8c54088bf4d4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

timeGetTime

wininet

InternetOpenA

user32

GetDC

gdi32

Escape

advapi32

RegEnumKeyA

shell32

DragFinish

ole32

OleInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

shlwapi

PathIsURLA

ws2_32

htons

oleacc

LresultFromObject

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

Sections

.MPRESS1
Size: 213KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RCX/RCX.exe.lnk
.lnk
RCX/RCX.ini
RCX/RCX/RCX.ini
RCX/RCX/RCX/RCX.exe
.exe windows:5 windows x86 arch:x86

bb95664a16f7834d8f8c54088bf4d4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

timeGetTime

wininet

InternetOpenA

user32

GetDC

gdi32

Escape

advapi32

RegEnumKeyA

shell32

DragFinish

ole32

OleInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

shlwapi

PathIsURLA

ws2_32

htons

oleacc

LresultFromObject

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

Sections

.MPRESS1
Size: 213KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RCX/RCXDraw.dll
.dll windows:5 windows x86 arch:x86

bb29f11a7204acea1115c906462c46fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrIA

winmm

timeGetTime

imm32

ImmGetContext

user32

GetDC

gdi32

BitBlt

advapi32

RegCloseKey

Exports

Exports

HookProc
InstallHook
RemoveHook

Sections

.MPRESS1
Size: 260KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RCX/RCXDraw.exe
.exe windows:5 windows x86 arch:x86

f1a799cc6a147c90e2722753dcd5d752

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetLastError
CreateMutexA
FlushFileBuffers
CloseHandle
FreeLibrary
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
ReleaseMutex
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

CreateWindowExA
SetTimer
MessageBoxA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
LoadIconA
LoadCursorA
RegisterClassExA
PostQuitMessage
DefWindowProcA
FindWindowA

gdi32

GetStockObject

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RCX/RCXJPN.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\RO\RCX_Build\Release\RCXJPN.pdb

Sections

.rdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RCX/RagMap.ini
RCX/ReadmeGroupie.txt
RCX/iconsort_source.txt
RCX/mobinfo.ini
RCX/readme_en.txt
RCX/readme_jp.txt
RCX/skin/Thumbs.db
RCX/skin/mobhp_bar.bmp
RCX/skin/mobhp_scale_green.bmp
RCX/skin/mobhp_scale_red.bmp
RCX/skin/mobhp_scale_violet.bmp
RCX/trz4A49.tmp
.exe windows:5 windows x86 arch:x86

bb95664a16f7834d8f8c54088bf4d4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

timeGetTime

wininet

InternetOpenA

user32

GetDC

gdi32

Escape

advapi32

RegEnumKeyA

shell32

DragFinish

ole32

OleInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

shlwapi

PathIsURLA

ws2_32

htons

oleacc

LresultFromObject

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

Sections

.MPRESS1
Size: 213KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RCX/trz6D30.tmp
.exe windows:5 windows x86 arch:x86

bb95664a16f7834d8f8c54088bf4d4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

timeGetTime

wininet

InternetOpenA

user32

GetDC

gdi32

Escape

advapi32

RegEnumKeyA

shell32

DragFinish

ole32

OleInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

shlwapi

PathIsURLA

ws2_32

htons

oleacc

LresultFromObject

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

Sections

.MPRESS1
Size: 213KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RCX/trzBF87.tmp
.exe windows:5 windows x86 arch:x86

bb95664a16f7834d8f8c54088bf4d4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

timeGetTime

wininet

InternetOpenA

user32

GetDC

gdi32

Escape

advapi32

RegEnumKeyA

shell32

DragFinish

ole32

OleInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

shlwapi

PathIsURLA

ws2_32

htons

oleacc

LresultFromObject

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

Sections

.MPRESS1
Size: 213KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RCX/trzDBC9.tmp
.exe windows:5 windows x86 arch:x86

bb95664a16f7834d8f8c54088bf4d4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

timeGetTime

wininet

InternetOpenA

user32

GetDC

gdi32

Escape

advapi32

RegEnumKeyA

shell32

DragFinish

ole32

OleInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

shlwapi

PathIsURLA

ws2_32

htons

oleacc

LresultFromObject

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

Sections

.MPRESS1
Size: 213KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
patch2.txt

Sharing

General

Malware Config

Signatures

Files

bb95664a16f7834d8f8c54088bf4d4d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

wininet

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

ws2_32

oleacc

winspool.drv

comdlg32

Sections

.MPRESS1 Size: 213KB - Virtual size: 580KB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 9KB

bb95664a16f7834d8f8c54088bf4d4d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

wininet

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

ws2_32

oleacc

winspool.drv

comdlg32

Sections

.MPRESS1 Size: 213KB - Virtual size: 580KB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 9KB

bb29f11a7204acea1115c906462c46fb

Headers

File Characteristics

Imports

kernel32

shlwapi

winmm

imm32

user32

gdi32

advapi32

Exports

Exports

Sections

.MPRESS1 Size: 260KB - Virtual size: 3.7MB

.MPRESS2 Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

f1a799cc6a147c90e2722753dcd5d752

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 35KB - Virtual size: 34KB

.MPRESS1
Size: 213KB - Virtual size: 580KB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB

.MPRESS1
Size: 213KB - Virtual size: 580KB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB

.MPRESS1
Size: 260KB - Virtual size: 3.7MB

.MPRESS2
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 96B

.rsrc
Size: 67KB - Virtual size: 66KB

.MPRESS1
Size: 213KB - Virtual size: 580KB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB

.MPRESS1
Size: 213KB - Virtual size: 580KB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB