411bccf2141e02375384e023baf3c734_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

411bccf2141e02375384e023baf3c734_JaffaCakes118
Size

7.0MB
MD5

411bccf2141e02375384e023baf3c734
SHA1

4b2266b2f247be3d0cd1037328164706119af7a5
SHA256

209758821b3b264068b18ac556dabdd002ec51a924ae1e4ebe95e12880d000f5
SHA512

490743cebb2bd70b6c7c41a9bc3e0b3ec40156566c5697bf43d2d059cbcac7d483dad2cfc7391212b9775ea15710f360d4c3d3a3fb28e54660c6dac690f080bc
SSDEEP

196608:sYhWCwfBcxFRiqgDXJArEkcK4GLxiS5vscqDMf:sCYB+0XJQEkRgSicWMf

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
411bccf2141e02375384e023baf3c734_JaffaCakes118
unpack001/$PLUGINSDIR/HREwBseNfKx.dll
unpack001/$PLUGINSDIR/RjMDUoEpIoZ.dll
unpack001/$PLUGINSDIR/VmTlIHfhwNs.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

411bccf2141e02375384e023baf3c734_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 15.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/HREwBseNfKx.dll
.dll windows:5 windows x86 arch:x86

fe61a445c3c4273e32f9cf7560e31a9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDefaultLangID
CreateFileA
GetThreadIOPendingFlag
CreateMutexW
GetConsoleAliasExesA
LoadLibraryExW
OpenJobObjectA
WaitForSingleObject
GetSystemTimeAdjustment
LeaveCriticalSection
GetFileAttributesA
GetExitCodeProcess
CreateSemaphoreA
FileTimeToSystemTime
GetCompressedFileSizeA
MultiByteToWideChar
GetCPInfoExW
VirtualAlloc
OpenThread
OpenMutexA
FoldStringW
FoldStringA
GetModuleHandleA
LoadLibraryExA
OpenFileMappingW
GetUserDefaultUILanguage
GetSystemRegistryQuota
FileTimeToLocalFileTime
OpenFileMappingA
GetConsoleSelectionInfo
LocalFileTimeToFileTime
GetTickCount
GetConsoleAliasExesLengthW
WinExec
GlobalAlloc
WideCharToMultiByte
lstrcpynW
GlobalFree
lstrcpyW
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetFileSize
FindResourceA
GetCPInfo
GetUserDefaultLCID
GetCurrentThread
GetPrivateProfileIntA
ReadFile
CreateFileW
GetStartupInfoW
GetPrivateProfileIntW
GetProcessVersion
GetSystemInfo
GetProcessShutdownParameters
GetFileTime
CloseHandle
GetCurrentProcessId
GetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCommandLineA
RaiseException
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetTimeZoneInformation
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameW
RtlUnwind

user32

CreateIconIndirect
AppendMenuW
wsprintfW
DestroyAcceleratorTable
DlgDirListW
CountClipboardFormats
DestroyMenu
CreateWindowExW
CreateIconFromResource

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringLen
VarBstrCmp
SysAllocStringByteLen
SysAllocString

Exports

Exports

DRHsIWbHzSPyTNzZp
HmwCMSKTrbPKqWW
JmcmSIYITTPPWc
JpwGetYaOXzKbzwHOD
MWnLxHuVLUIUZQkgj
UpirgZkLFa
VrptfAsfqXETCr
XjQwSeCaxh
YimwS
ffcoU
iRCHXqewCucieA
jlENbpGo
lNmpjkmsmueBlg
mLTgHLAu
urpKYz
zlvaDfufwpP
zmJImLK

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/RjMDUoEpIoZ.dll
.dll windows:5 windows x86 arch:x86

cbe0b57bce45dc8148fe1e4e529072a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
IsValidCodePage
WriteFile
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
SetLastError
ExitProcess
IsProcessorFeaturePresent
LoadLibraryExW
ExitThread
CreateThread
GetOEMCP
GlobalFree
MultiByteToWideChar
lstrcpynW
WideCharToMultiByte
GetCPInfo
WriteConsoleW
CompareStringW
GetFileType
GetStdHandle
RtlUnwind
LCMapStringW
EncodePointer
ResumeThread
TlsFree
TlsAlloc
GetCurrentThreadId
CreateWaitableTimerW
GetSystemTimeAsFileTime
Sleep
GetStringTypeW
GetDateFormatW
GetTimeZoneInformation
GetTimeFormatW
SetEvent
WaitForSingleObject
GetCurrentProcessId
ResetEvent
ReleaseSemaphore
WaitForMultipleObjects
GetTickCount
OpenEventA
TlsSetValue
SystemTimeToFileTime
SetWaitableTimer
TlsGetValue
LocalFree
FormatMessageA
CreateEventA
LoadLibraryW
FreeLibrary
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetModuleFileNameW
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetCommandLineA
GetConsoleMode
SetStdHandle
SetFilePointerEx
GetModuleHandleExW
CreateFileW
SetEnvironmentVariableA
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

user32

CreatePopupMenu
VkKeyScanA

gdi32

MoveToEx
ResizePalette
RoundRect
GetSystemPaletteEntries
SetDCPenColor
GetTextCharacterExtra
CheckColorsInGamut
GetRasterizerCaps
SetRectRgn

winspool.drv

ReadPrinter
ConnectToPrinterDlg
AddPortA
WritePrinter
AddPrinterDriverA
GetJobA
DeletePrinterConnectionA
GetPrintProcessorDirectoryA
DeletePrintProcessorW
AddFormA
DeleteMonitorA
SetFormW
AdvancedDocumentPropertiesA

shell32

CommandLineToArgvW
Shell_NotifyIconA
DragQueryFileA
DoEnvironmentSubstW
DoEnvironmentSubstA
SHFileOperationA
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ExtractIconExW
SHGetFileInfoW

ole32

CoDosDateTimeToFileTime
OleMetafilePictFromIconAndLabel
StringFromCLSID
ReadFmtUserTypeStg
OleLoadFromStream
CreateGenericComposite
CoGetStandardMarshal

oleaut32

VarUI1FromR8
VarI2FromUI2
VarR8FromDate

comdlg32

ChooseColorW
GetFileTitleA
FindTextW
GetSaveFileNameW
FindTextA
PageSetupDlgW
PageSetupDlgA

mprapi

MprInfoDelete
MprConfigInterfaceTransportEnum
MprAdminInterfaceDisconnect
MprAdminInterfaceGetCredentials
MprAdminUserReadProfFlags
MprConfigInterfaceEnum
MprConfigTransportCreate
MprAdminEstablishDomainRasServer
MprPortSetUsage
MprAdminRegisterConnectionNotification
MprAdminUserOpen
MprConfigServerRefresh
RasPrivilegeAndCallBackNumber
MprAdminInterfaceSetInfo
MprInfoBlockQuerySize

imgutil

ComputeInvCMAP
SniffStream
IdentifyMIMEType
DecodeImage
CreateDDrawSurfaceOnDIB

version

VerQueryValueA
VerInstallFileW
GetFileVersionInfoA
VerFindFileW
GetFileVersionInfoSizeA
GetFileVersionInfoW

p2pgraph

PeerGraphRegisterEvent
PeerGraphSetProperties
PeerGraphSetPresence
PeerGraphUnregisterEvent
PeerGraphShutdown
PeerGraphStartup
PeerGraphImportDatabase
PeerGraphDeleteRecord
PeerGraphGetNodeInfo
PeerGraphEnumNodes
PeerGraphListen
PeerGraphUpdateRecord
PeerGraphOpen

secur32

RevertSecurityContext
EncryptMessage
QueryContextAttributesW
EnumerateSecurityPackagesW
AddCredentialsW

resutils

ResUtilStopService
ResUtilFreeEnvironment
ResUtilGetDwordProperty
ResUtilDupString
ResUtilFindExpandSzProperty
ResUtilGetDwordValue
ResUtilGetResourceNameDependency
ResUtilGetPropertiesToParameterBlock
ResUtilGetAllProperties
ResUtilSetExpandSzValue
ResUtilSetPrivatePropertyList
ResUtilTerminateServiceProcessFromResDll
ResUtilGetResourceDependency
ResUtilGetResourceDependentIPAddressProps

oledlg

ord6
ord8
OleUIPasteSpecialW
ord7
OleUIUpdateLinksW
ord9
OleUIAddVerbMenuW
OleUIInsertObjectW

comctl32

ord329
ImageList_Add
ImageList_Read
ImageList_GetImageRect
CreateStatusWindow
ord323
ImageList_EndDrag
ImageList_Create
CreatePropertySheetPageW
ord8

powrprof

IsPwrShutdownAllowed
ReadPwrScheme
IsPwrHibernateAllowed
SetActivePwrScheme
EnumPwrSchemes
GetPwrDiskSpindownRange
ValidatePowerPolicies
GetCurrentPowerPolicies
CallNtPowerInformation
IsAdminOverrideActive
GetActivePwrScheme
WriteProcessorPwrScheme
IsPwrSuspendAllowed
WritePwrScheme
GetPwrCapabilities

snmpapi

SnmpUtilPrintOid
SnmpUtilOctetsCpy
SnmpUtilAsnAnyCpy
SnmpUtilVarBindListFree
SnmpSvcGetUptime
SnmpUtilOidNCmp
SnmpTfxClose
SnmpSvcGetUptimeFromTime
SnmpSvcSetLogLevel

crypt32

CertIsRDNAttrsInCertificateName
CertSerializeCTLStoreElement
CryptUnregisterDefaultOIDFunction
CertStrToNameW
CertVerifySubjectCertificateContext
CryptDecryptAndVerifyMessageSignature
CertEnumCRLContextProperties
CryptMsgOpenToDecode
CryptRegisterDefaultOIDFunction
PFXExportCertStoreEx
CryptFindCertificateKeyProvInfo

uxtheme

DrawThemeText
OpenThemeData

rtutils

RouterLogEventStringW
RouterLogEventW
RouterLogRegisterW
TracePutsExA
RouterLogEventDataA
RouterGetErrorStringA
TraceGetConsoleA
RouterLogEventValistExA

setupapi

CM_Move_DevNode_Ex
SetupGetTargetPathW
SetupDiGetClassDevsA
SetupDiGetHwProfileListExA
SetupAddToSourceListW
SetupDiSetSelectedDriverA
CM_Get_Depth
SetupDiGetDeviceInstallParamsA
SetupSetFileQueueAlternatePlatformW

winfax

FaxRegisterServiceProviderW
FaxSendDocumentW
FaxSetRoutingInfoW
FaxSendDocumentA
FaxSetJobA
FaxSetRoutingInfoA
FaxGetPortA
FaxAccessCheck
FaxSetLoggingCategoriesA
FaxEnableRoutingMethodA
FaxEnumGlobalRoutingInfoW
FaxEnableRoutingMethodW
FaxSendDocumentForBroadcastW
FaxGetConfigurationW
FaxAbort

Exports

Exports

AqrmkHBLzUZbKsJWmC
DkAdRNSRakilg
GIOgLTLYohV
IikVlcsBSgR
JPbAhvRe
KfgHSFHv
LqzChYFwYgip
PmlaWHZQgIXjfr
QtLjlpVebdKG
RglTnPEX
RisnVCEcujiMiONMvfQ
TcGPXWXy
TvQrTcGPqwbLzBIql
WyLGwaWg
XRmHHgWFvzqrnHCOA
bBiaQbqRIklRXNrjiuh
cWYqBfoOOerRqMaLLpl
dDWJspJR
fFCfRUYmEadcM
jfwDbw
lRqWstoNE
mZigowS
muutFkXlcFeGACBK
pYEdarfYkueWVu
rkIMdWRal
sjEYTZMrVDmBCowgRFma
wfIcB
wyWRjVIWnmLRkNcxDwmA
zkQItRlPDIzvwDst
znzfPMZJCJuIYpWIiCa

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/VmTlIHfhwNs.dll
.dll windows:5 windows x86 arch:x86

80973ead2768680593ae329d2f8eec58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
GetModuleFileNameW
WriteFile
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
CloseHandle
TerminateProcess
GetCurrentProcess
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetStdHandle
SetLastError
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
EncodePointer
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
CreateFileW
ReadFile
ReadConsoleW
WideCharToMultiByte
DecodePointer
MultiByteToWideChar
lstrcpyW
lstrcpynW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
TlsAlloc
SetEndOfFile

user32

DefDlgProcA
wsprintfW
ClientToScreen
SendInput
ScreenToClient

winspool.drv

PrinterMessageBoxA
GetPrinterDataW
ConnectToPrinterDlg
AddFormA
EndDocPrinter

p2p

PeerGroupEnumMembers
PeerIdentityDelete
PeerGroupGetRecord
PeerFreeData
PeerGroupPeerTimeToUniversalTime
PeerIdentityGetDefault

secur32

QuerySecurityContextToken
InitializeSecurityContextW
LsaDeregisterLogonProcess
ImpersonateSecurityContext
LsaRegisterLogonProcess
EncryptMessage
QueryContextAttributesW
LsaRegisterPolicyChangeNotification
LsaConnectUntrusted

snmpapi

SnmpUtilUTF8ToUnicode
SnmpTfxClose
SnmpUtilOctetsFree
SnmpUtilOctetsCmp
SnmpSvcAddrIsIpx
SnmpUtilOidFree

oleacc

GetRoleTextA
GetStateTextW
CreateStdAccessibleProxyW
CreateStdAccessibleProxyA
GetStateTextA
AccessibleObjectFromPoint
GetOleaccVersionInfo
ObjectFromLresult
WindowFromAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
AccessibleChildren
CreateStdAccessibleObject

rtutils

RouterLogEventValistExA
RouterGetErrorStringW
MprSetupProtocolFree
RouterLogRegisterW
MprSetupProtocolEnum
TraceVprintfExW
RouterLogEventA
LogErrorW
RouterLogEventStringA
TracePutsExW
TraceDeregisterA
RouterLogEventW
TraceRegisterExW
TraceRegisterExA

resutils

ResUtilSetMultiSzValue
ResUtilGetResourceDependency
ResUtilGetDwordValue

authz

AuthzCachedAccessCheck
AuthzEnumerateSecurityEventSources
AuthzReportSecurityEventFromParams
AuthzFreeResourceManager
AuthzUninstallSecurityEventSource
AuthzAddSidsToContext
AuthzFreeContext
AuthzOpenObjectAudit
AuthzRegisterSecurityEventSource
AuthzInitializeContextFromSid
AuthzFreeAuditEvent

imm32

ImmGetDescriptionW
ImmConfigureIMEW
ImmRegisterWordA
ImmGetConversionListW
ImmGetContext
ImmDestroyContext
ImmUnregisterWordW
ImmGetDescriptionA
ImmUnregisterWordA
ImmGetCandidateListA
ImmGetIMEFileNameW
ImmGetDefaultIMEWnd

setupapi

CM_Get_Class_Key_NameW
SetupInstallFromInfSectionA
SetupQueryFileLogA
SetupDeleteErrorW
CM_Get_Child_Ex
SetupOpenFileQueue
CM_Is_Version_Available
CM_Uninstall_DevNode_Ex
SetupFreeSourceListW

powrprof

GetActivePwrScheme
IsPwrHibernateAllowed
GetPwrCapabilities
IsAdminOverrideActive

loadperf

SetServiceAsTrustedA
LoadPerfCounterTextStringsW
BackupPerfRegistryToFileW
SetServiceAsTrustedW
RestorePerfRegistryFromFileW
UpdatePerfNameFilesA
UnloadPerfCounterTextStringsW

winhttp

WinHttpGetProxyForUrl
WinHttpOpen
WinHttpSetStatusCallback
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryHeaders
WinHttpSetOption
WinHttpConnect
WinHttpTimeToSystemTime
WinHttpSendRequest
WinHttpDetectAutoProxyConfigUrl
WinHttpReceiveResponse

imagehlp

SplitSymbols
ImageAddCertificate
ImageDirectoryEntryToData
GetImageUnusedHeaderBytes

Exports

Exports

EbapGehHsBcDCDLzcDaz
EvAgKhIKgDfdNneftqdQ
GDtbxtUIMzRovgWKXNia
GVPgL
HiyamSlcDimJpMZyH
KrscrIZOyITpIt
Nvijw
PLrfZ
PvRBFSknezYs
QhkMaC
QisJIC
RafdWnJbYSrmTiVI
SWZTkLS
VBZxmtKqQgVp
WdebdhUdGhSXUeOcmL
bEnBhNiDZzsVrAqWZ
bQsAbyLFq
cgpnoxYTUijJDgWoeqbv
cypyVGzXVWtCiCxjRox
gEgexvBIzyHNBhPu
ilpsjRdVoitbqTnRJpjs
kgwQsXFcasIErvuhtLgM
lREGaTlcJLXLlV
rlgtSUkiClz
wYpBLur
wwdFp
zCnmSXvvfCvVKGXDG

Sections

.text
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ZrPGdo.wav
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.9MB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 4KB - Virtual size: 15.3MB

fe61a445c3c4273e32f9cf7560e31a9b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 21KB - Virtual size: 20KB

cbe0b57bce45dc8148fe1e4e529072a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

shell32

ole32

oleaut32

comdlg32

mprapi

imgutil

version

p2pgraph

secur32

resutils

oledlg

comctl32

powrprof

snmpapi

crypt32

uxtheme

rtutils

setupapi

winfax

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 487KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 12KB - Virtual size: 21KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 27KB - Virtual size: 26KB

80973ead2768680593ae329d2f8eec58

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.9MB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 4KB - Virtual size: 15.3MB

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 21KB - Virtual size: 20KB

.text
Size: 488KB - Virtual size: 487KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 12KB - Virtual size: 21KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 27KB - Virtual size: 26KB

.text
Size: 502KB - Virtual size: 501KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 592KB - Virtual size: 592KB

.reloc
Size: 30KB - Virtual size: 30KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 454B