100636c5832e64f40743fd75913ec22c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

100636c5832e64f40743fd75913ec22c_JaffaCakes118
Size

599KB
MD5

100636c5832e64f40743fd75913ec22c
SHA1

7ef1161e769f5755ace81d8320abd4054c424962
SHA256

995cecb4bc409c36816e204b6113868b2366e3eaaf51bce426bc5188a1455b3e
SHA512

73a051c5b37b1bed652686ef527750e1a32b4eced1cbc8f463de4cb27c032af3a978ca92e49c474290721a74932723c6704e3969f4c3c4f4de721a16e26892a4
SSDEEP

12288:B0g/AJLY+qkuF35fGnefxcZTdyYIpl3Xkh88gHK5v8KUDIsWQY:uiAlYvkqhmoHkh5zuIsWQY

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
100636c5832e64f40743fd75913ec22c_JaffaCakes118
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/NotifyIcon.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/__b76b57dfda4144e6baaad60ffaf071cf.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisunz.dll

Files

100636c5832e64f40743fd75913ec22c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NotifyIcon.dll
.dll windows:5 windows x86 arch:x86

78155e3314922676e9dbf9f4fff8568c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcpynW

user32

ShowWindow
OpenIcon
KillTimer
IsIconic
CallWindowProcW
wsprintfW
GetDlgItem
FindWindowExW
GetWindowLongW
SetTimer
LoadImageW
SendMessageW
SetWindowLongW

shell32

Shell_NotifyIconW

Exports

Exports

Icon

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/__b76b57dfda4144e6baaad60ffaf071cf.dll
.dll windows:5 windows x86 arch:x86

4941d0b27ca647e4bed9d27e5ed64cad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LoadLibraryW
MultiByteToWideChar
lstrlenW
GetSystemDefaultUILanguage
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
Sleep
LeaveCriticalSection
GetLastError
EnterCriticalSection
CreateMutexA
GetCurrentDirectoryA
ReleaseMutex
GetSystemTime
SetFilePointer
SetFileTime
WriteFile
CreateFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
WriteConsoleW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
CreateFileA
GetFullPathNameA
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
CloseHandle
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
ExitProcess
GetModuleHandleW
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
SetHandleCount
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
FindFirstFileExA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
ExpandEnvironmentStringsA
VirtualQuery
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
SleepEx
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
VerSetConditionMask
GetUserDefaultUILanguage
GetFileSizeEx
GetACP
ReadFile
GetUserDefaultLangID
TlsFree
VerifyVersionInfoA
FormatMessageA
GetFileSize
SetLastError

user32

CallWindowProcW
IsCharAlphaW
SetTimer
SendMessageW
CreateWindowExW
SetWindowPos
SetParent
KillTimer
wsprintfW
BringWindowToTop
UpdateWindow
GetWindowRect
GetMessageW
TranslateMessage
MessageBoxA
MapWindowPoints
MoveWindow
ShowWindow
SetWindowLongW
GetParent
DestroyWindow
DefWindowProcW
GetWindowLongW
RegisterClassExW
GetClientRect
GetPropW
SetPropW
LoadCursorW
RemovePropW
SetCursor
DispatchMessageW
SetFocus

ws2_32

WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
send

wldap32

ord50
ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord60
ord143
ord211
ord22
ord46

normaliz

IdnToAscii

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

Exports

Exports

__01d3d5a65f714b548fae7fe71fefc4de
__02258e72ca2b43fd8c5fca24ab129ad0
__02ac529d7b074df99558168b40fb003f
__02cb62c540c1489c9a5edb1a1cfb9f53
__03eecd8192b34ef4996990c378599761
__042954cdb5c34fcb98882aa132d6d5fb
__056329d825e84cc2ad1e2c4edcf4f7d8
__077bd1c9322a48f7b45431a042bdd150
__0adb7ecca1804823a4b34dc28d9a4513
__0e0ea4a37efb41918751a3f6f3a71053
__0ec80515e5a541ffaab8de26f7dfe3b6
__0fad746db4a94cf2919e9089451eb141
__10903d42d1ef49b69bde18ef8a4202d5
__14da2a0a3e614c13aea0bbfaa9fa4c87
__16c19b7c8f044cf58eed4ac2f7dabf60
__171d9de695bf4418b054b679bf55a29c
__180f469514944a9595c2bf98b17c0391
__18fa8b10bdd34fa0943bcdca25614e78
__1ab01ec7a15941e9a5c3a6ef71949630
__1bdcf11c82414c1d97559b424ded7597
__206d832d2a454ed78925d3badec90503
__2156b4c1ec394e43a2f3fd243a334441
__2164d7875ac64afc8599c1c48f0cc8f8
__22d706266ee2450f8f5e30a2ee360475
__2328fd58808e4688bd86b7c1b67041d9
__23f6c9964b774dbd88b9df3ecf480610
__2536447e6f3243de803d43f2364f6940
__281a9feff4be44619a04345954f6847d
__29bfe99a8f244f1c9d62ea77b7f5c5a6
__2c20dbc7ab374b9f96fcfff0323cf1e8
__2e43f2432ce6483cb1c96e9c2afcd838
__2fdbcfd2d75542f0b481ddee71680aec
__3055c4234e264b5f869ce3e1421cfb33
__305ad8360b214918b54349756fdbd62c
__332bc8f3a64543e1b984b4f8fe70d057
__379d8f11c6be486a973b10c924873402
__3aedb98d8345413b83289c7ace65a807
__3bd54027c59a4165a370d76bc5e1932b
__3e8d67e29bc14d168793687bda0a896e
__3f9a52d40fe34fbabb125a2c95134239
__401301f6378b4eb3af720fed58d64fda
__43109398a0a84b30a4bf17a06ad3ed90
__45f435a6255c42a3aad477540f041415
__4657ca42ab78440b9a008c1b8969e616
__46fcceeff3404274aeec4ae13f37a477
__48220d1a7aa94169a2f7e7a57b18a2f9
__4a1c904f430d4bc09c56bc425ea74660
__4acbe24f05564770bdc3eee47c09ace6
__4b709015fd46400197e62bb9f4f58023
__4cccac48af6741f9bba6ff8681ecd5c2
__4dbd198e37f8435db4437598ffb9ff17
__50d6b08a2ea74bd6a1ab1f3d0c30ecca
__531e0c201a6842769c7cac4494baecb8
__55346cfce8c84dacbde336315f37af6f
__55b8c71247844787b844d38f67bb69bb
__5624d11ff5b4454caecf45f106c1afc6
__59375c3cf5564d348fed5e8368c0f7e5
__5988981fa76c4092aa3882fc1fa47826
__5c684f84b53945219b3140548c7a7830
__5d80109e80814bb2b5ef99141ff11ab8
__5d8fb28a7e4a42eea7d0c370da2c2d7a
__64ae64ad04d740c8a154d193720ed8a0
__6ed9e37308b04196ae9352f368c9b8a9
__6f030dbc55fa4cb1b9c377fa70fd1a9e
__733b12070f684cd0a65b248abeec224e
__75e20eef35f14d77b64412e612f588aa
__78a46c7c8f5d4df9bc08300e6675b8bf
__7d313b7dc29e466c83d155c1bd54f54e
__7fc07dcaea8e4c0db1fb46fc25de6b25
__80f5a5b09287437b8cabfe12704f8b6f
__84bb485889874eb8aad218ac0f236dc1
__85a0f63c3e8d4dbaa701fe0b205608c1
__8a86c5813e1344f0b198ee15dba1ee71
__8a87b0faf888459da8421768012bbd53
__8c21552f0f6e45139f817cc0edd1d8c2
__8ca164b5dc1541fda77f0eff0742c2f0
__8d3d3aeb2c4d47b3a665c11327fe910a
__8f2a227c781f42eaa86bc5e9fdfe9152
__8fc1d5b8dcbc40b8a7d3e6a76b14e3cb
__90c7ca1a55ee4add8299a525c209660d
__94b4269b68894542b4152faffb78722a
__9b85cab4a111489680ecfbc9b9720aa2
__9baf60a3870743fd917caccfa9241a56
__9e3e7908fcdc41cc956f5b7000cfd72e
__9ed361322c9f4744afc6757d2c5a2a73
__a12d5667050e46e78b2ec49740988329
__a24a56d922e041c1b4a0f5303c6d12f2
__a454dd101c034e1780dd61ea6ae2eed5
__a4fa52e07daa49149b30436493cce055
__a86d985a85174be4bcb6d8470cf5c503
__afbb8735484641c091ae40c79ae6ecfc
__b07f9aa1b6a64225a59a4bc66130b1f9
__b148928f132e43af94b4cd8cd38c83ae
__b26c4f1918d140818ae7a25288985de2
__b6f283c950e94b788dbeb08fc6cdbc18
__b73ef135a3994e2ea08128227dc48425
__b9fa9763400741e3b61eecabe32e9945
__bcc9e9cf07d34dde85e025db35b24f2d
__c0deff027cce4344adf0356d25cba8fd
__c166ce08ba9144669dcfe9a8fab95e29
__c1d202b9fcf94a4b810415463b70910d
__c4e6d31384d94426b99113e558487b01
__caa733fb7fb14418a4a433dce78aff8b
__cc2dc3d058da48b698cf70b23376b1c5
__cdb598c6ae01431fbeecf6e75d2bbefd
__cde91c90b2614f179ebeb35e1da8449c
__ce813ac92dfc4a9380651f3edd812230
__d16f6c65d3564bc395a3865cd70e5f6f
__d1905506003b460db61c10c4df61e406
__d3194b28624e40bdb6fa135993d6b7af
__d798922544764202ae8ab36905e861e7
__d831a0c29b74434f8a02c43722e27db8
__daa736e90ed44c76883e004206edae2f
__dfe9f27a04144d49bf978e72079711c0
__e07a8da7e34642a69b852dd4a1dfec44
__e54b78150354453a9b52e672c25aaaa4
__ee3a438a63b9487f892fa638a82812de
__f08cd933ecbe4428ac06213caae9c3d1
__f25f191a214b4b7bb1f470ed253852ac
__f378206ee38f4cc69c407bca6443fae1
__f6b1391a3c1e409db55769125ada7ba2
__fb9d05eb73ad4b538442118fb72500fe

Sections

.text
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

86cdacc6fa5e3ff4938d358350751516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcstol
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
wcsstr
wcschr
memset
_chkesp

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
CreateFileW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
GetFileSize
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
DestroyWindow
KillTimer
UpdateWindow
RedrawWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpAddRequestHeadersW
HttpOpenRequestW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:5 windows x86 arch:x86

1b37562e8104552588ae892e11fcdff2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
lstrcpyW
GetVersion
lstrlenW
lstrcatW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
lstrcmpiW
lstrcmpW
GlobalFree
GlobalAlloc
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
SetEndOfFile
GetProcessHeap
GetLocaleInfoA

user32

MessageBoxW
CharPrevW
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
GetDlgItem
SendMessageW
wsprintfW

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 3.6MB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 729B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 350B

78155e3314922676e9dbf9f4fff8568c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 774B

.data Size: - Virtual size: 72B

.reloc Size: 1024B - Virtual size: 516B

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

4941d0b27ca647e4bed9d27e5ed64cad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

wldap32

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 3.6MB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 350B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 774B

.data
Size: - Virtual size: 72B

.reloc
Size: 1024B - Virtual size: 516B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 660KB - Virtual size: 659KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 43KB - Virtual size: 42KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB