ed098cfb65c780052686af2a772fa590_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ed098cfb65c780052686af2a772fa590_JaffaCakes118
Size

244KB
MD5

ed098cfb65c780052686af2a772fa590
SHA1

392f28c89c4a6b699ddb8f2fecd7d9264485b17d
SHA256

f673f18d4d86a0a0873e9eaa77ebc69d0b7963e821e5b9689bc0b063574c175a
SHA512

548ec60c0ec678652e95e54ea0de79da970449d23b05a64c5528aa1d26123ba9fe92efe500f4030e9f4ebd7aeabca57c842c95666f5cdabe187366e156fd8e23
SSDEEP

6144:vnE/VXwbPq7qu30wY73WpXXwSEX++ciwG5IwVt8:Pkxwbh1WpX/EXBML

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/choice.exe
unpack001/gpupdate.exe
unpack001/ipsec.exe
unpack001/ipseccmd.exe
unpack001/openport.exe
unpack001/polstore.dll
unpack001/sc.exe
unpack001/winipsec.dll

Files

ed098cfb65c780052686af2a772fa590_JaffaCakes118
.rar
choice.exe
.exe windows:5 windows x86 arch:x86

7a5b0e460faa058faaff468d7e3590d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetLastError
ReadFile
Beep
ReadConsoleW
PeekConsoleInputW
WaitForSingleObject
GetTickCount
SetConsoleCtrlHandler
FlushConsoleInputBuffer
SetConsoleMode
GetConsoleMode
GetStdHandle
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleFileNameW
GetConsoleOutputCP
ExitProcess
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
HeapReAlloc
HeapFree
WriteConsoleW
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetFileType
VerifyVersionInfoW
FormatMessageW
LocalFree

user32

LoadStringW
CharUpperW
CharUpperBuffW
CharNextW

ws2_32

WSACleanup

shlwapi

StrStrIW
StrChrW
StrChrIW
StrStrW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcrt

_initterm
__wgetmainargs
__winitenv
_get_osfhandle
wcstol
_controlfp
exit
wcschr
_iob
_vsnwprintf
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_cexit
_XcptFilter
_exit
_c_exit
fprintf
_errno
__setusermatherr
fflush
wcstoul
wcstod
_fileno
_except_handler3

ntdll

VerSetConditionMask

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gpupdate.exe
.exe windows:5 windows x86 arch:x86

59893350cea7c69190405e7339364268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

kernel32

LocalFree
LocalReAlloc
LocalAlloc
lstrlenW
FormatMessageW
CloseHandle
WaitForSingleObject
OpenEventW
GetLastError
GlobalFree
WaitForMultipleObjects
CreateThread
GetCurrentProcess
GetModuleHandleW
GetCommandLineW
GetModuleHandleA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
MultiByteToWideChar
HeapAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
ReadFile
FlushFileBuffers
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
SetFilePointer
SetStdHandle
GetLocaleInfoW
SetThreadUILanguage

user32

ExitWindowsEx
LoadStringW

userenv

ForceSyncFgPolicy
RefreshPolicyEx

shlwapi

wvnsprintfW

shell32

CommandLineToArgvW

ntdll

RtlCopySid
RtlLengthSid
NtQueryInformationToken
RtlConvertSidToUnicodeString

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ipsec.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ipseccmd.exe
.exe windows:5 windows x86 arch:x86

387feff0059b2e65b6cfd18e72d65d22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ipseccmd.pdb

Imports

msvcrt

printf
fwprintf
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcsncat
wcstoul
_wctime
_strdup
fopen
_iob
wprintf
wcsncpy
_flushall
fgets
realloc
isdigit
isalpha
strrchr
_stricmp
atoi
free
strchr
strncmp
atol
sprintf
fprintf
wcstol
wcschr
towlower
tolower
wcscpy
wcscat
wcsncmp
wcslen
swprintf
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z

msvcirt

??5istream@@QAEAAV0@AAD@Z
??6ostream@@QAEAAV0@PBD@Z
?cout@@3Vostream_withassign@@A
?cin@@3Vistream_withassign@@A
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?cerr@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z

advapi32

OpenSCManagerW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
StartServiceW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegConnectRegistryW

kernel32

Sleep
LocalFree
FormatMessageW
GetModuleHandleW
CreateFileW
MultiByteToWideChar
LocalAlloc
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
CloseHandle
GetTickCount
GetLastError

ws2_32

WSACleanup
inet_addr
inet_ntoa
gethostbyname
WSAStartup

rpcrt4

UuidCreateNil
UuidCreate
UuidIsNil
UuidCompare
UuidFromStringA

ole32

StringFromGUID2

crypt32

CertNameToStrW
CertStrToNameW

wldap32

ord122
ord224

userenv

GetAppliedGPOListW
FreeGPOListW

winipsec

ord29
ord34
ord64
ord24
ord39
ord30
ord49
ord35
ord65
ord73
ord25
ord63
ord46
ord51
ord45
ord22
ord71
ord40
ord69
ord74
ord72
ord70
ord79
ord80
ord78
ord62
ord55
ord61
ord47
ord33
ord56
ord23
ord38
ord48
ord28

polstore

IPSecClosePolicyStore
IPSecCreatePolicyData
IPSecExportPolicies
IPSecImportPolicies
IPSecAllocPolMem
IPSecDeleteNFAData
IPSecDeletePolicyData
IPSecAssignPolicy
IPSecGetAssignedPolicyData
IPSecUnassignPolicy
IPSecCreateNFAData
IPSecFreeFilterData
IPSecFreeNegPolData
IPSecFreeMulPolicyData
IPSecSetPolicyData
IPSecAllocPolStr
IPSecGetFilterData
IPSecGetNegPolData
IPSecGetISAKMPData
IPSecEnumNFAData
IPSecCopyPolicyData
IPSecEnumPolicyData
IPSecFreePolStr
IPSecFreePolicyData
IPSecOpenPolicyStore
IPSecDeleteISAKMPData
IPSecCreateISAKMPData
IPSecFreeISAKMPData
IPSecFreePolMem
IPSecDeleteNegPolData
IPSecDeleteFilterData
IPSecSetNFAData
IPSecCreateFilterData
IPSecCreateNegPolData

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
openport.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
polstore.dll
.dll regsvr32 windows:5 windows x86 arch:x86

348ef4414e10547f36d3b7667a786f16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

polstore.pdb

Imports

msvcrt

wcslen
_wtol
wcscat
_itow
wcsstr
time
wcscmp
_wcsicmp
wcschr
_wremove
wcsncpy
wcsncat
_snwscanf
mktime
_except_handler3
wcscpy

advapi32

RegDeleteKeyW
RegSaveKeyW
RegRestoreKeyW
GetSecurityDescriptorDacl
SetSecurityInfo
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
CloseServiceHandle
ControlService
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerW
RegSetValueExW
RegDeleteValueW
AdjustTokenPrivileges
RegConnectRegistryW

kernel32

LocalAlloc
CloseHandle
GetCurrentThread
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
DisableThreadLibraryCalls
FormatMessageW
GetModuleHandleW
LocalFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

netapi32

DsGetDcNameW
NetApiBufferFree

wldap32

ord69
ord142
ord77
ord140
ord97
ord27
ord26
ord16
ord208
ord210
ord145
ord14
ord88
ord73
ord13
ord41
ord36
ord224
ord79
ord157
ord113

Exports

Exports

DllRegisterServer
DllUnregisterServer
IPSecAllocPolMem
IPSecAllocPolStr
IPSecAssignPolicy
IPSecChooseDriverBootMode
IPSecClosePolicyStore
IPSecCopyAuthMethod
IPSecCopyFilterData
IPSecCopyFilterSpec
IPSecCopyISAKMPData
IPSecCopyNFAData
IPSecCopyNegPolData
IPSecCopyPolicyData
IPSecCreateFilterData
IPSecCreateISAKMPData
IPSecCreateNFAData
IPSecCreateNegPolData
IPSecCreatePolicyData
IPSecDeleteFilterData
IPSecDeleteISAKMPData
IPSecDeleteNFAData
IPSecDeleteNegPolData
IPSecDeletePolicyData
IPSecEnumFilterData
IPSecEnumISAKMPData
IPSecEnumNFAData
IPSecEnumNegPolData
IPSecEnumPolicyData
IPSecExportPolicies
IPSecFreeFilterData
IPSecFreeFilterSpec
IPSecFreeFilterSpecs
IPSecFreeISAKMPData
IPSecFreeMulFilterData
IPSecFreeMulISAKMPData
IPSecFreeMulNFAData
IPSecFreeMulNegPolData
IPSecFreeMulPolicyData
IPSecFreeNFAData
IPSecFreeNegPolData
IPSecFreePolMem
IPSecFreePolStr
IPSecFreePolicyData
IPSecGetAssignedDomainPolicyName
IPSecGetAssignedPolicyData
IPSecGetFilterData
IPSecGetISAKMPData
IPSecGetNegPolData
IPSecImportPolicies
IPSecIsDomainPolicyAssigned
IPSecIsLocalPolicyAssigned
IPSecOpenPolicyStore
IPSecReallocatePolMem
IPSecReallocatePolStr
IPSecRestoreDefaultPolicies
IPSecSetFilterData
IPSecSetISAKMPData
IPSecSetNFAData
IPSecSetNegPolData
IPSecSetPolicyData
IPSecUnassignPolicy

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sc.exe
.exe windows:5 windows x86 arch:x86

f07a9e50e4d00f09a736c0dd3fbe78fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_controlfp
_XcptFilter
_exit
_c_exit
wcsncmp
wcscmp
_getche
_wtol
wcscpy
_wcsicmp
wcslen
printf
_except_handler3
_cexit

advapi32

ChangeServiceConfig2W
OpenSCManagerW
StartServiceW
QueryServiceStatusEx
DeleteService
NotifyBootConfigStatus
GetServiceDisplayNameW
GetServiceKeyNameW
EnumServicesStatusW
EnumServiceGroupW
EnumServicesStatusExW
QueryServiceStatus
LockServiceDatabase
UnlockServiceDatabase
QueryServiceLockStatusW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetServiceObjectSecurity
QueryServiceObjectSecurity
ConvertSecurityDescriptorToStringSecurityDescriptorW
EnumDependentServicesW
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
ControlService
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW

kernel32

LocalFree
LocalAlloc
GetLastError
FormatMessageW
GetModuleHandleA

ntdll

RtlAdjustPrivilege

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winipsec.dll
.dll windows:5 windows x86 arch:x86

e14a846fab076c4c394d67bf59919765

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winipsec.pdb

Imports

msvcrt

_adjust_fdiv
wcscmp
malloc
_initterm
free
_except_handler3

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
DisableThreadLibraryCalls
LocalAlloc
LocalFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId

rpcrt4

RpcMgmtInqServerPrincNameW
RpcBindingSetOption
RpcEpResolveBinding
RpcBindingSetAuthInfoW
RpcBindingFree
RpcStringBindingComposeW
NdrClientCall2
RpcSsDestroyClientContext
RpcStringFreeW
RpcBindingFromStringBindingW
RpcRaiseException

ws2_32

ntohl
htonl

Exports

Exports

AddMMAuthMethods
AddMMFilter
AddMMPolicy
AddQMPolicy
AddSAs
AddTransportFilter
AddTunnelFilter
CloseIKENegotiationHandle
CloseIKENotifyHandle
CloseMMFilterHandle
CloseTransportFilterHandle
CloseTunnelFilterHandle
DeleteMMAuthMethods
DeleteMMFilter
DeleteMMPolicy
DeleteMMSAs
DeleteQMPolicy
DeleteQMSAs
DeleteTransportFilter
DeleteTunnelFilter
EnumIPSecInterfaces
EnumMMAuthMethods
EnumMMFilters
EnumMMPolicies
EnumMMSAs
EnumQMPolicies
EnumQMSAs
EnumTransportFilters
EnumTunnelFilters
GetConfigurationVariables
GetMMAuthMethods
GetMMFilter
GetMMPolicy
GetMMPolicyByID
GetQMPolicy
GetQMPolicyByID
GetTransportFilter
GetTunnelFilter
InitiateIKENegotiation
MatchMMFilter
MatchTransportFilter
MatchTunnelFilter
OpenMMFilterHandle
OpenTransportFilterHandle
OpenTunnelFilterHandle
QueryIKENegotiationStatus
QueryIKENotifyData
QueryIKEStatistics
QueryIPSecStatistics
QuerySpdPolicyState
RegisterIKENotifyClient
SPDApiBufferAllocate
SPDApiBufferFree
SetConfigurationVariables
SetMMAuthMethods
SetMMFilter
SetMMPolicy
SetQMPolicy
SetTransportFilter
SetTunnelFilter

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
使用说明.txt
图.jpg
.jpg
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7a5b0e460faa058faaff468d7e3590d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

shlwapi

version

msvcrt

ntdll

Sections

.text Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 376B

.rsrc Size: 16KB - Virtual size: 16KB

59893350cea7c69190405e7339364268

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

userenv

shlwapi

shell32

ntdll

Sections

.text Size: 42KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 16KB - Virtual size: 16KB

Headers

File Characteristics

Sections

CODE Size: 50KB - Virtual size: 49KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 4KB

.rsrc Size: 106KB - Virtual size: 105KB

387feff0059b2e65b6cfd18e72d65d22

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

msvcirt

advapi32

kernel32

ws2_32

rpcrt4

ole32

crypt32

wldap32

userenv

winipsec

polstore

Sections

.text Size: 94KB - Virtual size: 94KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 50KB - Virtual size: 49KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 4KB

.text
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 376B

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 42KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 16KB - Virtual size: 16KB

CODE
Size: 50KB - Virtual size: 49KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 4KB

.rsrc
Size: 106KB - Virtual size: 105KB

.text
Size: 94KB - Virtual size: 94KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 50KB - Virtual size: 49KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 4KB

.rsrc
Size: 98KB - Virtual size: 98KB

.text
Size: 93KB - Virtual size: 93KB

.data
Size: 512B - Virtual size: 244B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 88B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB