fc6140505aba6b43db48e7aad2d91f00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc6140505aba6b43db48e7aad2d91f00_JaffaCakes118
Size

1.4MB
MD5

fc6140505aba6b43db48e7aad2d91f00
SHA1

76170dff09f918206dbdabae429bbc1750574f9b
SHA256

6f85dbdf27644da13d959b2c879bd11b9b3d7f27bf71f565de21d018ec2de6ed
SHA512

56fcd181b9103d6993f1061ec854ee18794945f4fb1a5b3276a2ef5e5ca870bea607b9c2a73740653c6c0963b007640a961d90c54932894dc7b014651e94d175
SSDEEP

24576:keYqpOQro9AboPa5q+CFTbqbGgw6VQs7/Dq6+JCrrbNbbhjOi7yhioxySP:keYqpCuUbqrw6VQBor1bV6i7GQQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VirtualDub.exe
unpack001/auxsetup.exe
unpack001/vdicmdrv.dll
unpack001/vdremote.dll
unpack001/vdsvrlnk.dll
unpack001/vdub.exe

Files

fc6140505aba6b43db48e7aad2d91f00_JaffaCakes118
.rar
VirtualDub.chm
.chm
VirtualDub.exe
.exe windows:4 windows x86 arch:x86

1954614c5dba38ec2be3c51ed9a8a44e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\p4root\stable19\out\Release\VirtualDub.pdb

Imports

winmm

waveInGetDevCapsA
mixerOpen
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInUnprepareHeader
waveInClose
mixerSetControlDetails
mixerClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveOutOpen
waveOutPrepareHeader
waveOutPause
waveOutGetPosition
waveOutWrite
waveOutRestart
timeGetTime
timeBeginPeriod
timeSetEvent
timeEndPeriod
timeKillEvent
timeGetDevCaps
waveOutGetDevCapsA
waveOutGetNumDevs
DefDriverProc

msvfw32

ICImageDecompress
ICDecompress
ICCompress
ICRemove
ICGetInfo
ICSendMessage
ICOpen
ICClose
ICInfo

avifil32

AVIFileInit
AVIFileExit
AVIFileOpenA
AVIFileGetStream
AVIFileRelease
AVIStreamBeginStreaming
AVIStreamEndStreaming
AVIStreamInfoA
AVIStreamFindSample
AVIStreamRead
AVIStreamStart
AVIStreamLength
AVIStreamReadFormat

msacm32

acmStreamOpen
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize
acmDriverID
acmStreamClose
acmMetrics
acmDriverEnum
acmDriverOpen
acmFormatTagEnumA
acmDriverClose
acmDriverDetailsA
acmFormatEnumA
acmFormatSuggest
acmFormatDetailsA

comctl32

ImageList_Destroy
ImageList_Add
ord16
ord17
ord6
ImageList_Create

kernel32

TerminateProcess
GetVersionExA
UnhandledExceptionFilter
ResumeThread
SuspendThread
SetUnhandledExceptionFilter
ExitProcess
ReleaseSemaphore
GetLastError
SetFilePointer
GetStdHandle
SetPriorityClass
FindClose
FindNextFileA
FindFirstFileA
GetComputerNameA
OpenProcess
GetSystemTimeAsFileTime
CreateFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCommandLineW
DeleteFileA
LoadLibraryW
GetProcessTimes
GetVolumeInformationA
GetVolumeInformationW
FindResourceExA
CreateProcessA
CreateProcessW
DeleteFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MapViewOfFile
OpenFileMappingA
GetCurrentThreadId
IsDebuggerPresent
GetThreadPriority
GetPriorityClass
GetWindowsDirectoryA
OutputDebugStringA
RaiseException
SetEvent
WaitForMultipleObjects
CreateSemaphoreA
GetThreadContext
CreateEventA
MultiByteToWideChar
SetLastError
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileAttributesA
GetFileAttributesW
FindFirstFileW
GetModuleFileNameW
FindNextFileW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetDriveTypeW
SetEndOfFile
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetOverlappedResult
FlushInstructionCache
EnumResourceNamesA
SetStdHandle
HeapSize
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetProcessHeap
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
HeapFree
HeapAlloc
RtlUnwind
CreateFileMappingA
InterlockedIncrement
GetCurrentThread
DuplicateHandle
InterlockedDecrement
GetSystemInfo
ReadProcessMemory
WriteFile
GetCurrentProcess
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetThreadSelectorEntry
CreateFileA
GetFileSize
ReadFile
CloseHandle
VirtualQuery
GetModuleFileNameA
GetFullPathNameA
GetModuleHandleA
GetProcAddress
VirtualProtect
GetTickCount
GetCurrentProcessId
MoveFileW
MoveFileA
GetVersion
VirtualAlloc
VirtualFree
LoadLibraryA
FreeLibrary
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetThreadPriority
Sleep
MulDiv
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
UnmapViewOfFile
FreeEnvironmentStringsA

user32

GetCursorPos
SetCursor
GetWindow
SystemParametersInfoA
ReleaseCapture
SetCapture
GetMessagePos
GetDialogBaseUnits
SetScrollInfo
GetScrollInfo
ScrollWindow
HideCaret
ShowCaret
SetScrollRange
SetScrollPos
SetCaretPos
DestroyCaret
CreateCaret
GetWindowTextLengthA
GetFocus
ShowCursor
SetCursorPos
IsWindowEnabled
GetDCEx
GetWindowThreadProcessId
GetForegroundWindow
AppendMenuA
AppendMenuW
SetMenuItemInfoW
CallWindowProcW
DrawTextW
GetWindowTextW
GetWindowTextLengthW
GetMenuItemInfoW
LockWindowUpdate
GetCapture
InvertRect
GetNextDlgTabItem
CopyAcceleratorTableA
GetKeyNameTextA
GetKeyNameTextW
MapVirtualKeyA
CreateAcceleratorTableA
CreateDialogIndirectParamA
CreateDialogIndirectParamW
DefDlgProcA
DefDlgProcW
DrawFrameControl
CreateMenu
SetRect
DestroyAcceleratorTable
GetAsyncKeyState
CreatePopupMenu
SetMenuItemInfoA
SetMenu
CheckMenuRadioItem
RegisterHotKey
DeleteMenu
IsWindowUnicode
GetMenu
GetMenuItemInfoA
RemoveMenu
InsertMenuItemA
InsertMenuItemW
DrawMenuBar
EnableMenuItem
CheckMenuItem
EnumDisplaySettingsA
RedrawWindow
GetMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ExitWindowsEx
InflateRect
GetWindowLongW
SetWindowLongW
SendMessageW
GetDlgItemTextA
PostThreadMessageA
SetForegroundWindow
WaitMessage
CreateWindowExW
SetWindowsHookExA
CallNextHookEx
TranslateAcceleratorA
DialogBoxParamW
SetWindowTextW
LoadImageA
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
IsZoomed
GetWindowPlacement
UnhookWindowsHookEx
IsWindow
IsDialogMessageA
GetKeyState
AdjustWindowRectEx
GetCursorInfo
PtInRect
ClientToScreen
TrackMouseEvent
GetSysColor
DrawTextA
LoadAcceleratorsA
GetClassLongA
LoadStringA
LoadCursorA
RegisterClassA
AdjustWindowRect
CreateWindowExA
UnregisterClassA
DrawEdge
UnregisterHotKey
CallWindowProcA
GetWindowTextA
ScrollWindowEx
RegisterClassW
DefWindowProcW
GetMenuItemCount
GetSystemMenu
GetIconInfo
SendDlgItemMessageW
DefWindowProcA
DispatchMessageA
PeekMessageA
TranslateMessage
MapWindowPoints
CreateDialogParamW
IsIconic
CreateDialogParamA
KillTimer
ScreenToClient
MapDialogRect
ScrollDC
ReleaseDC
IntersectRect
DestroyWindow
MsgWaitForMultipleObjects
PostQuitMessage
wvsprintfA
SetDlgItemInt
GetDlgItemInt
MessageBeep
GetSubMenu
TrackPopupMenu
LoadMenuA
DestroyMenu
SetWindowTextA
MessageBoxA
CheckDlgButton
SetTimer
SetFocus
GetParent
GetWindowRect
GetSystemMetrics
SetWindowPos
DialogBoxParamA
SendDlgItemMessageA
EnableWindow
IsDlgButtonChecked
OffsetRect
UnionRect
InvalidateRect
EndDialog
GetDlgItem
wsprintfA
SetDlgItemTextA
SendMessageA
UpdateWindow
GetClientRect
GetDC
EnumChildWindows
LoadIconA
FillRect
DrawIcon
SetWindowLongA
BeginPaint
EndPaint
PostMessageA
GetWindowLongA
ShowWindow
SetWindowPlacement

gdi32

ExcludeClipRect
SaveDC
StretchDIBits
SetDIBitsToDevice
LineTo
MoveToEx
SetTextAlign
GetTextMetricsA
Polygon
RestoreDC
SetBkMode
SetTextColor
CreateSolidBrush
SetStretchBltMode
OffsetViewportOrgEx
GetClipBox
ExtTextOutW
RectVisible
GetTextExtentExPointW
Ellipse
PolylineTo
CreateFontIndirectA
GetObjectA
ExtSelectClipRgn
OffsetClipRgn
CreateBitmap
GetSystemPaletteEntries
Polyline
CreatePalette
GetNearestPaletteIndex
GetDIBits
RealizePalette
SelectPalette
ExtTextOutA
CreateFontA
GdiFlush
SelectObject
DeleteObject
DeleteDC
GetStockObject
GetDeviceCaps
CreateCompatibleBitmap
StretchBlt
SwapBuffers
SetPixelFormat
ChoosePixelFormat
CreatePen
GetTextExtentPoint32W
GetTextExtentPoint32A
SetBkColor
TextOutA
CreateCompatibleDC
CreateDIBSection
BitBlt
PolyPolyline

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseColorA

advapi32

RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegQueryValueExW
RegEnumValueA
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileW
DragQueryFileA
DragFinish
ShellExecuteA
DragAcceptFiles
SHGetMalloc

ole32

CreateItemMoniker
GetRunningObjectTable
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetObject
CoUninitialize
CoInitialize

oleaut32

SysFreeString
OleCreatePropertyFrame

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.const
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VirtualDub.vdi
auxsetup.exe
.exe windows:4 windows x86 arch:x86

2710d61398df754a051cc1694b6a509f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerInstallFileA

kernel32

FlushFileBuffers
CloseHandle
CreateFileA
HeapSize
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
GetWindowsDirectoryA
GetModuleFileNameA
FormatMessageA
GetLastError
GetFullPathNameA
DeleteFileA
GetLocaleInfoA
SetHandleCount
WriteConsoleA
SetStdHandle
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind

user32

GetMessageA
DispatchMessageA
TranslateMessage
LoadIconA
LoadCursorA
RegisterClassA
CreateDialogParamA
ShowWindow
UpdateWindow
DefWindowProcA
DialogBoxParamA
DestroyWindow
PostQuitMessage
SetDlgItemTextA
EndDialog
GetDlgItem
MessageBoxA
SendMessageA
SetWindowTextA

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aviproxy/proxyoff.reg
aviproxy/proxyon.reg
aviproxy/readme.txt
aviproxy/新云软件.url
.url
copying
plugins/readme.txt
vdicmdrv.dll
.dll windows:4 windows x86 arch:x86

2f03b88ab0371fb3ca034497f3692f5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\p4root\stable19\out\Release\vdicmdrv.pdb

Imports

winmm

DefDriverProc

kernel32

GetEnvironmentStrings
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringW
LCMapStringA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
RaiseException
Sleep
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
GetStringTypeA
GetStringTypeW

user32

DialogBoxParamA
EndDialog

Exports

Exports

DriverProc

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdremote.dll
.dll windows:4 windows x86 arch:x86

02d18d48ef138820b899f45c19af4028

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\p4root\stable19\out\Release\vdremote.pdb

Imports

winmm

mmioSeek
mmioClose
mmioRead
mmioOpenA
mmioDescend

avifil32

IID_IAVIStream

kernel32

HeapSize
GetOEMCP
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
AreFileApisANSI
InitializeCriticalSection
GetLocaleInfoA
HeapAlloc
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
GetLastError
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

vdsvrlnk

GetDubServerInterface

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdsvrlnk.dll
.dll windows:4 windows x86 arch:x86

4b466ce9389bee1b3c04bbde67277aad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\p4root\stable19\out\Release\vdsvrlnk.pdb

Imports

kernel32

GetTickCount
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
CreateMutexA
CloseHandle
MapViewOfFile
GetLastError
CreateFileMappingA
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
lstrcpyA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
RtlUnwind

user32

wsprintfA
SendMessageA

Exports

Exports

GetDubServerInterface

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdub.exe
.exe windows:4 windows x86 arch:x86

1f261e01f868bd1bf8372a2b9d31147b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\p4root\stable19\out\Release\vdub.pdb

Imports

kernel32

lstrlenA
CreatePipe
LeaveCriticalSection
GetModuleFileNameA
GetExitCodeProcess
SetErrorMode
CreateProcessA
DeleteCriticalSection
ReadFile
CloseHandle
WaitForSingleObject
LocalFree
CreateThread
lstrcpyA
SleepEx
GetStdHandle
WaitForSingleObjectEx
GetLastError
EnterCriticalSection
FormatMessageA
WriteFile
GetFullPathNameA
GetCommandLineA
GetConsoleScreenBufferInfo
InitializeCriticalSection
SetConsoleCtrlHandler
CreateFileA

user32

PostThreadMessageA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1954614c5dba38ec2be3c51ed9a8a44e

Headers

File Characteristics

PDB Paths

Imports

winmm

msvfw32

avifil32

msacm32

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.const Size: 512B - Virtual size: 53B

.rdata Size: 387KB - Virtual size: 386KB

.data Size: 16KB - Virtual size: 128KB

.tls Size: 512B - Virtual size: 169B

.rsrc Size: 295KB - Virtual size: 294KB

2710d61398df754a051cc1694b6a509f

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 6KB

2f03b88ab0371fb3ca034497f3692f5d

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

02d18d48ef138820b899f45c19af4028

Headers

File Characteristics

PDB Paths

Imports

winmm

avifil32

kernel32

ole32

vdsvrlnk

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

4b466ce9389bee1b3c04bbde67277aad

Headers

.text
Size: 1.9MB - Virtual size: 1.9MB

.const
Size: 512B - Virtual size: 53B

.rdata
Size: 387KB - Virtual size: 386KB

.data
Size: 16KB - Virtual size: 128KB

.tls
Size: 512B - Virtual size: 169B

.rsrc
Size: 295KB - Virtual size: 294KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 29B

.rsrc
Size: 4KB - Virtual size: 3KB