General

Malware Config

Signatures

Files

• f9747204ad8be4f83034a17715afcd2e_JaffaCakes118

  .rar
• AUTO ESTAGUE HOY 15-02-2011.exe

  .exe windows:5 windows x86 arch:x86

  ea1cbe7adee762859665f428214365eb

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetSystemDirectoryW

  LoadLibraryW

  SizeofResource

  GetModuleFileNameW

  CreateFileW

  lstrcatA

  GetProcAddress

  LockResource

  CloseHandle

  GetWindowsDirectoryW

  DeleteFileW

  LocalFree

  lstrcpyW

  lstrcpyA

  GetStartupInfoW

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetLastError

  HeapFree

  HeapAlloc

  RaiseException

  Sleep

  ExitProcess

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  DeleteCriticalSection

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  WriteFile

  InterlockedDecrement

  HeapCreate

  VirtualFree

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LeaveCriticalSection

  EnterCriticalSection

  VirtualAlloc

  HeapReAlloc

  HeapSize

  LoadLibraryA

  InitializeCriticalSectionAndSpinCount

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  RtlUnwind

  GetLocaleInfoA

  WideCharToMultiByte

  GetStringTypeA

  MultiByteToWideChar

  GetStringTypeW

  LCMapStringA

  LCMapStringW

  GetModuleHandleW

  CreateDirectoryW

  LoadResource

  FreeLibrary

  GetCurrentThreadId

  FindResourceW

  user32

  SendMessageW

  FindWindowW

  shlwapi

  StrCpyW

  PathFileExistsW

  PathRemoveFileSpecW

  PathAppendW

  advapi32

  AllocateAndInitializeSid

  SetSecurityInfo

  SetEntriesInAclW

  FreeSid

  GetSecurityInfo

  Sections

  .text

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• BouncyMelon2.DLL

  .dll windows:5 windows x86 arch:x86

  bdab58596a26acadb22c091c34fb8378

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  TerminateProcess

  GetModuleHandleA

  LoadLibraryA

  VirtualAlloc

  VirtualFree

  GetModuleFileNameA

  ExitProcess

  user32

  MessageBoxA

  MessageBoxA

  engine

  ?GetPlacement@CEntity@@QBEABVCPlacement3D@@XZ

  entitiesmp

  ??0EChangeMode@@QAE@XZ

  ws2_32

  htons

  msvcp90

  ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

  msvcr90

  strstr

  Exports

  Exports

  �r\<��Kݑ�0��ݽ%�t��O�}��7�JT>��N�Ja�<�_��}-~)�B´9Y��!BOP������G�� �
  "vm-����V>t��S|}o�7|��Lx��i/^���}<8`�����W�2�w�<, PF�:аo,�j� @���k� �����`�H%�:�BG{�\�� �#nHo��g�5嘢��;0�*is6�w)Q���%�:U Ծ�Үa`���� �z��|Nٚ�K�<�i$�t�N��m}a=��$�� ��ULJ9��۝�Y`:�(f#7ʽ����TO�}2{�b}�C�w2�:)xx�N�~� ����j��F���R�2��f[K�_�䔝�qQ���r������"���ˬU(�ߏ�ޖ쮳��g������k�E��'dž����<S���ǼM,�O�u��CF���.#�M���3X��������;��"b$������t�`V��1�����v����!�02Y�����s>h%�NT-_���!���Y���J}��1��wC��ע����-�{x�� ���n�^C��N�����D��(w�ʦ~3|�C����/��e�|,�|?�n�:��P5���H�#-?,.���hP���O�w��BU|@���8��3ǫ�H�)ˁ��n�P�_ʤha�?���n�f��i�υ�W<�eɈ�NK�;+%Fx��xL>1��o4AP�U��ី����ՙ�ڸsS�W �?D,%��γۮ��se�p��vtR�"4(��N@�l'�O>B |뽆�\�F�5K<a�bx�oT��U�-�:�ut�U������|<�)��I�����E���䠚k��L��W�Mdd4�����
  g1c���U$��q������5�L��+���RG<JKM�"Tï�˖L����ѳ�����H������xl)�Yɣ�M�D��\%�]Bj���yΥ3г [�xa���
  k�4/�]B�e��&�����0�1*Ѧrz��+����p�r�}}`�C�O���77���܌���a$k�I�������ģ�L?<���Ȧ��m坚����;��w�o8��q9x�zy���{��$�$��l�΁���e"��yhi�0 J�.҈�0��e�D��ȏWp�̕���� R���o�#��e#��XD�����n�b$OW�w�{x�\�� ��n�j�����W��U%�9��J>y����V��t "��Dn�R�Cl@�U� dF6���6GhU��<��Ql�'�A�.�/��m�~ش� ������������I@�G����/ܦ����7����W[�6:4��h|\z�����������R�E9�dU �Ǒ�a�-�'#��Ⱦd������e�fdgH�1��"lXK���`���A��'����K��O��u� ��m�Z����!���?�)j֡H��2�>��$�RiL��w�!4IT��s�8'mi8�<]Y��Eo��s�>U 遬� |��L��Խ!q�}��)\��=�i�@V�9+�L�𭋮��T�P���怘d�s\h�mXp��tL]'7>�g鱆���Pg��!�Qj�Lt�l�/@W�{ W�o�2u �r�#��d��3�@0E�������u��Q���e��O���T�@�9�� �-�����h
  �
  ����16��%�R�h,O9��F
  <�y�v�/���!T�fT��f���S��}��'T���L����+��Y��9�7�Qܡ�2=Y�M�8����@�5�/ѲI����:�)l��F�̧�EYZ(Q�3ۊ�fJ�ZT�=��2�sC�B�����1O��ꛉ"��]c���эzᦷ�>�� �0}�d�����ya����̈́t��Ϲ��rZUkH�}GS��!��C�����4�/�H|�Ju<�o�,���9� �8q�ă:E����ϲ+I x�I:��l�L�Y t�d=��� ��W���-Th�N�m���>�[�K��CE�[�/ ��Im���n���ø���*��2����s����p�}іH���G�tV}9tsj�^4)��x����Ю,�<�jG��c^汙�1���0s��q��'��(���a�`����y��B�����q��*F�U�*�Ґ��|��}���V���W=��E�����O2<��d�3��X�����ۗ�Ʋ ��R ��7��l� m;��$h�~�|0�Ӑ��;;'D��B��T8����j�n�.���j�#����78��j���r���7 �YU`��-��<ƫGg�T�3ʺ8I�t�D���M��@��e��DU��7X"7�Q1K�&j aG�������mk�=i7so����X�9���e����BǃA���m�y��D�����e����ȫh�Q�퉸�?M�R�j�pTf7;���3m���A�3o�Y3!4����cP�zS=b��b�b���Ǥ�7[ܓ=D�}����R�q^�kSW��o���0 ~Z��*��њ����n����s�t�U&2TU_`|�j������ �Lޖ�z�$����;����3��[�}.]��u�H�0�/j�?���_6Z��ÇQ�1�<n*v�A�Ҽ��V��^T��N�)��>bR/u�t�
  ȟT��sZs�
  �&C� ��jd;�T��!�F��L*�KL4oDOIY�m ��iC*�1�o��gn$|ݗM������)�$p�_|�|k����_=D��|cU 2��b�kj�z�n6>�mڷ� NI�f w`o�硊D��z���lz����`o�j���ӾK�cE�~��!D��;�D.I����f��8 �aW���g�5_� E���k]��L8_V�����hgZ�C� �V�V�Au1�`'�b�q���g�j_o�݊@
  g��o�|�ďt�8Cџ���b�T�����ˮ��<���*4���5قڟ�JI������'L��\R=���6Dڀ*��� _}^d��:���rX�����1vB�$Z˜����5a���͞9?ɖ~����V_ .e����E��p�\�&)���@���3�_8\ᆰ�Q�oMΛ�'G��\p��b��5z_IY�/�Y�,��OJ�d;��D�h3��?K��=w�rR )V�BQ�t�0c3
  w�����咽�;��rhSm��6�

  Sections

  .text

  Size: - Virtual size: 12KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .UPX0

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .UPX1

  Size: - Virtual size: 182KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .UPX2

  Size: 216KB - Virtual size: 216KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 216B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• ogg.dll

  .dll windows:4 windows x86 arch:x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Exports

  Exports

  ogg_page_bos

  ogg_page_continued

  ogg_page_eos

  ogg_page_granulepos

  ogg_page_packets

  ogg_page_pageno

  ogg_page_serialno

  ogg_page_version

  ogg_stream_clear

  ogg_stream_destroy

  ogg_stream_eos

  ogg_stream_flush

  ogg_stream_init

  ogg_stream_packetin

  ogg_stream_packetout

  ogg_stream_packetpeek

  ogg_stream_pagein

  ogg_stream_pageout

  ogg_stream_reset

  ogg_sync_buffer

  ogg_sync_clear

  ogg_sync_destroy

  ogg_sync_init

  ogg_sync_pageout

  ogg_sync_pageseek

  ogg_sync_reset

  ogg_sync_wrote

  oggpack_adv

  oggpack_adv1

  oggpack_adv_huff

  oggpack_bits

  oggpack_bytes

  oggpack_get_buffer

  oggpack_look

  oggpack_look1

  oggpack_look_huff

  oggpack_read

  oggpack_read1

  oggpack_readinit

  oggpack_reset

  oggpack_write

  oggpack_writeclear

  oggpack_writeinit

  Sections

  .text

  Size: 8KB - Virtual size: 5KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 4KB - Virtual size: 170B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .Silvana

  Size: 118B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  WebManix

  Size: 1KB - Virtual size:

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE