484507321ebf6611d8f2a6761c230246_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

484507321ebf6611d8f2a6761c230246_JaffaCakes118
Size

6.1MB
MD5

484507321ebf6611d8f2a6761c230246
SHA1

f34c7af99acc695d90fb71a90502e91693cd2069
SHA256

694a0a4c1eb0b180680efb14257b130c9235b4124053a7487d3910806f09a93c
SHA512

e28290fe4500fbcfad2d9c9b21e6132ecdf12df3660e5703c43f0db53012442f087cac03c0ce68eed8068e54b8a7ff3ec01e06b4af6df46534d01fc2b07af7a9
SSDEEP

196608:GabygAp6frFaRNJFHI2TIj55L0HCKSrlSEW:jX5JaRNJFHI2TIj55MulI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/Koda/FD.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Au3Stripper/AU3Stripper.exe
unpack001/Koda/FD.exe
unpack001/SciLexer.dll
unpack001/SciTE.exe
unpack001/Tidy/Tidy.exe

Files

484507321ebf6611d8f2a6761c230246_JaffaCakes118
.zip
Au3Stripper/AU3Stripper.exe
.exe windows:4 windows x86 arch:x86

6ec214cf0456b82fe58994e3c8a38024

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
CopyFileA
GetCommandLineA
GetCurrentDirectoryA
GetTempPathA
GetEnvironmentVariableA
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
GetTempFileNameA
FindFirstFileA
FindClose
GetFileAttributesA
GetTickCount
GetPrivateProfileStringA
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
CloseHandle
GetLastError
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoA
GetFileType
GetStdHandle
GetCurrentProcess
DuplicateHandle
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualAlloc
VirtualQuery
GetConsoleMode
GetConsoleOutputCP
WriteFile
ReadFile
GetConsoleCP
SetStdHandle
SetConsoleCtrlHandler
CreateFileA
MultiByteToWideChar
SetFilePointer
WideCharToMultiByte
SetEndOfFile
SetCurrentDirectoryA
SetEnvironmentVariableA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

GetDesktopWindow
GetWindowRect
SetWindowPos
UnhookWindowsHookEx
SetWindowsHookExA
CharLowerA
GetActiveWindow
MessageBoxA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Au3Stripper/Au3Stripper.dat
AutoIt3Wrapper/AutoIt3Wrapper.au3
.ps1
AutoIt3Wrapper/AutoIt3Wrapper.ico
AutoIt3Wrapper/AutoIt3Wrapper.ini.example
AutoIt3Wrapper/Directives.au3
CodeWizard/CodeWizard.au3
.ps1
CodeWizard/CodeWizard.chm
.chm
CodeWizard/ReadMe.txt
.vbs
CodeWizard/colors.ini
Koda/Extras/Control Templates/control_templates.xml
Koda/Extras/Control Templates/readme.txt
Koda/Extras/Default Names Fix/def_names_fix.au3
Koda/Extras/Import/Form Captor.au3
Koda/Extras/Import/Form Captor.kxf
.xml
Koda/Extras/Import/readme.txt
Koda/FD.chm
.chm
Koda/FD.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 548KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Koda/Language/help_eng.chm
.chm
Koda/Language/lang_bg.xml
.xml
Koda/Language/lang_bra.xml
.xml
Koda/Language/lang_cze.xml
.xml
Koda/Language/lang_fra.xml
.xml
Koda/Language/lang_ger.xml
.xml
Koda/Language/lang_ita.xml
.xml
Koda/Language/lang_pol.xml
.xml
Koda/Language/lang_rus.xml
.xml
Koda/Language/lang_spa.xml
.xml
Koda/Language/lang_zhcn.xml
.xml
Koda/Language/lang_zhtw.xml
.xml
Koda/Templates/About Box.kxf
.xml
Koda/Templates/Dialog with help (vertical).kxf
.xml
Koda/Templates/Dialog with help.kxf
.xml
Koda/Templates/Dual ListBox.kxf
.xml
Koda/Templates/Form.kxf
Koda/Templates/Password Dialog.kxf
.xml
Koda/Templates/Standard Dialog (vertical).kxf
.xml
Koda/Templates/Standard Dialog.kxf
.xml
Koda/Templates/Tabbed Pages.kxf
.xml
Koda/history.txt
Koda/styles.xml
License.txt
Lua/AutoHScroll.lua
Lua/AutoItAutoComplete.lua
Lua/AutoItGotoDefinition.lua
Lua/AutoItIndentFix.lua
Lua/AutoItPixmap.lua
Lua/AutoItTools.lua
Lua/Class.lua
.js
Lua/Common.lua
Lua/EdgeMode.lua
Lua/LUAAutoComplete.lua
Lua/SciTEStartup.lua
Lua/SciTE_extras.lua
Lua/SmartAutoCompleteHide.lua
Lua/Tools.lua
PersonalTools.lua
SciLexer.dll
.dll windows:5 windows x86 arch:x86

a0f826d66576e4ccbdfb6f921136c35d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Development\AutoIt3\trunk\scite4AutoIt3\scintilla\bin\SciLexer.pdb

Imports

kernel32

GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
HeapAlloc
HeapFree
HeapReAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
EnterCriticalSection
CloseHandle
CreateFileW
GlobalUnlock
GetTickCount
WideCharToMultiByte
LCMapStringW
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
Sleep
GetLocaleInfoA
MulDiv
FreeLibrary
DeleteCriticalSection
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleHandleA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExA
GetCurrentProcessId
WriteConsoleW

user32

GetCursorPos
ReleaseCapture
RegisterClassExA
BeginPaint
GetKeyState
ReleaseDC
EndPaint
SetScrollInfo
InvalidateRect
GetUpdateRgn
HideCaret
PostMessageA
ScreenToClient
NotifyWinEvent
GetScrollInfo
MsgWaitForMultipleObjects
RegisterClassExW
SetCaretPos
OpenClipboard
SetTimer
GetDlgCtrlID
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
ValidateRect
TrackMouseEvent
GetKeyboardLayout
GetMessageTime
SetFocus
GetClipboardData
DestroyCaret
SetClipboardData
AppendMenuA
IsClipboardFormatAvailable
GetCaretBlinkTime
ShowCaret
KillTimer
PtInRect
RegisterClipboardFormatA
AdjustWindowRectEx
MonitorFromPoint
GetWindowRect
LoadCursorA
DestroyWindow
InflateRect
GetDC
SetWindowPos
MonitorFromRect
FillRect
GetIconInfo
GetSystemMetrics
CreatePopupMenu
DestroyCursor
TrackPopupMenu
ShowWindow
DrawTextA
SetWindowLongA
CreateIconIndirect
ClientToScreen
CallWindowProcA
MapWindowPoints
GetWindowLongA
GetDoubleClickTime
FrameRect
GetMonitorInfoA
GetSysColor
DefWindowProcA
DestroyMenu
CreateWindowExA
SendMessageA
SetCapture
SetCursor
SystemParametersInfoA
GetClientRect
DrawTextW
UnregisterClassA
GetParent

gdi32

GetTextExtentPoint32W
GetObjectA
ExtTextOutW
RoundRect
SetTextAlign
CreateFontIndirectW
GetTextMetricsA
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateBitmap
CombineRgn
GetNearestColor
BitBlt
CreateCompatibleBitmap
ExtTextOutA
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
GetTextExtentExPointW
StretchBlt
GetStockObject
GetTextExtentExPointA
GetDeviceCaps
CreatePatternBrush
DeleteDC
SetTextColor
SetBkMode
LineTo
CreatePen
Rectangle
GetObjectW
Polygon
MoveToEx
SetBkColor
Ellipse
DeleteObject
IntersectClipRect

imm32

ImmSetCompositionStringW
ImmEscapeW
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmNotifyIME
ImmReleaseContext
ImmGetContext
ImmSetCompositionFontW

ole32

RevokeDragDrop
RegisterDragDrop
OleInitialize
DoDragDrop
OleUninitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

msimg32

AlphaBlend

Exports

Exports

Scintilla_DirectFunction

Sections

.text
Size: 847KB - Virtual size: 846KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SciTE Jump/Bin/Monitor.a3x
SciTE Jump/HelpFile.chm
.chm
SciTE Jump/Includes/WM_COPYDATA.au3
.ps1
SciTE Jump/Includes/_CRC32ForFile.au3
SciTE Jump/Includes/_Functions.au3
.ps1
SciTE Jump/Includes/_GUIDisable.au3
SciTE Jump/Includes/_Language.au3
SciTE Jump/Includes/_PreProcessor.au3
.ps1
SciTE Jump/Includes/_SciTE.au3
.ps1
SciTE Jump/Includes/_SciTE_GetSciTEDefaultHome.au3
SciTE Jump/Includes/_SciTE_Send_Command.au3
SciTE Jump/Languages/Dutch.lng
SciTE Jump/Languages/English.lng
SciTE Jump/Languages/Finnish.lng
SciTE Jump/Languages/French.lng
SciTE Jump/Languages/German.lng
SciTE Jump/Languages/Greek.lng
SciTE Jump/Languages/Hungarian.lng
SciTE Jump/Languages/Italian.lng
SciTE Jump/Languages/LangChanges.txt
SciTE Jump/Languages/Persian.lng
SciTE Jump/Languages/Polish.lng
SciTE Jump/Languages/Romanian.lng
SciTE Jump/Languages/Russian.lng
SciTE Jump/Languages/Translate.txt
SciTE Jump/License.txt
SciTE Jump/Monitor.au3
SciTE Jump/Readme.txt
SciTE Jump/SciTE Jump.au3
.ps1
SciTE.exe
.exe windows:5 windows x86 arch:x86

d13786acd6ee46c128a2c48a25cc9c61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Development\AutoIt3\trunk\scite4AutoIt3\scite\bin\SciTE.pdb

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
GetCommandLineW
GetStdHandle
GetCPInfo
TerminateProcess
GetModuleFileNameW
GetTempPathW
FreeResource
IsValidCodePage
MultiByteToWideChar
FormatMessageW
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
PeekConsoleInputW
GlobalLock
LocalFree
VerSetConditionMask
WideCharToMultiByte
VerifyVersionInfoW
GlobalUnlock
GetExitCodeProcess
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
SetEndOfFile
HeapSize
GetProcessHeap
GetCommandLineA
FindNextFileA
FindFirstFileExA
MoveFileExW
HeapReAlloc
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetCurrentThreadId
GetACP
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
CreateProcessA
DuplicateHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
DeleteFileW
SystemTimeToTzSpecificLocalTime
GetFileType
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetStringTypeW
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceFrequency
QueryPerformanceCounter
CreateMutexW
FreeLibrary
MulDiv
Beep
LoadLibraryW
GetLastError
GetLocaleInfoW
GetFileTime
EnterCriticalSection
WriteConsoleW
FileTimeToLocalFileTime
GetDateFormatA
FileTimeToSystemTime
GetFileAttributesW
CreateFileW
GetTimeFormatA
WriteFile
Sleep
IsDBCSLeadByteEx
GetModuleHandleW
CreateProcessW
LCMapStringW
GetProcAddress
CloseHandle
GetFileAttributesExW
WaitForSingleObject
FindClose
PeekNamedPipe
CreatePipe
FindNextFileW
GetFullPathNameW
CompareStringW
SetHandleInformation
FindFirstFileW
GetDateFormatW
ReadFile

user32

PeekMessageW
SetWindowPlacement
WinHelpW
TranslateAcceleratorW
TranslateMessage
LoadIconW
FindWindowW
SetClipboardData
EmptyClipboard
DestroyAcceleratorTable
CloseClipboard
SendMessageTimeoutW
GetThreadDesktop
EnumWindows
FlashWindow
GetUserObjectInformationW
SetForegroundWindow
IsIconic
GetWindowTextLengthW
ClientToScreen
VkKeyScanW
DispatchMessageW
OpenClipboard
LoadAcceleratorsW
GetWindowPlacement
RegisterClipboardFormatW
GetMessageW
UpdateWindow
MessageBoxW
RegisterWindowMessageW
SetWindowLongW
RegisterClassW
SendMessageW
CreateWindowExW
DestroyWindow
GetSystemMetrics
GetDlgCtrlID
IsChild
TrackMouseEvent
DrawFocusRect
GetSysColor
GetClassNameW
AppendMenuW
DrawTextW
DrawFrameControl
LoadImageW
BeginPaint
GetNextDlgTabItem
EndPaint
GetWindowTextW
GetWindowLongW
CreateDialogParamW
GetKeyState
PostQuitMessage
FillRect
EndDialog
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItemInt
GetDlgItem
CheckDlgButton
DialogBoxParamW
EnableWindow
DeferWindowPos
GetMenuItemInfoW
GetMenuState
ModifyMenuW
CallWindowProcW
PostMessageW
CheckMenuRadioItem
GetWindow
GetMenu
GetDC
GetMenuItemCount
DeleteMenu
ScreenToClient
GetSubMenu
GetClassInfoW
BeginDeferWindowPos
SetTimer
SetMenuItemInfoW
GetTopWindow
SetFocus
LoadCursorW
DrawMenuBar
SetCapture
EndDeferWindowPos
InsertMenuW
SetCursor
CheckMenuItem
KillTimer
EnableMenuItem
SystemParametersInfoW
GetParent
ReleaseCapture
ReleaseDC
GetCursorPos
GetWindowRect
GetFocus
SetWindowPos
SetWindowTextW
CreatePopupMenu
TrackPopupMenu
ShowWindow
DestroyMenu
GetClientRect
InvalidateRect
DefWindowProcW

gdi32

StartDocW
ExtTextOutW
SetTextAlign
SetBkColor
MoveToEx
LineTo
SetTextColor
DeleteDC
DPtoLP
GetDeviceCaps
GetStockObject
EndDoc
StartPage
CreateFontA
GetDIBits
CreateCompatibleDC
TranslateCharsetInfo
EndPage
GetNearestColor
CreateFontIndirectW
CreateSolidBrush
Polygon
DeleteObject
GetTextMetricsW
SelectObject
CreatePen

msimg32

TransparentBlt

comdlg32

PageSetupDlgW
GetSaveFileNameW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameW

comctl32

InitCommonControlsEx

shell32

DragQueryFileW
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
DragAcceptFiles
Shell_NotifyIconW
DragFinish
SHGetPathFromIDListW

uxtheme

CloseThemeData
GetThemePartSize
DrawThemeBackground
OpenThemeData
GetThemeBackgroundContentRect
DrawThemeParentBackground

Exports

Exports

luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_buffinitsize
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_error
luaL_execresult
luaL_fileresult
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkstack
lua_close
lua_compare
lua_concat
lua_copy
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_getuservalue
lua_iscfunction
lua_isinteger
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_resume
lua_rotate
lua_setallocf
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setuservalue
lua_status
lua_stringtonumber
lua_toboolean
lua_tocfunction
lua_tointegerx
lua_tolstring
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yieldk
luaopen_base
luaopen_bit32
luaopen_coroutine
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
luaopen_utf8

Sections

.text
Size: 599KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SciTE4AutoIt3.chm
.chm
SciTEConfig/AbbrevMan.au3
.ps1
SciTEConfig/Get_AU3_RegistrySettings.au3
SciTEConfig/MSDEV.SciTEConfig
SciTEConfig/MSDEV2.SciTEConfig
SciTEConfig/Monokai.SciTEConfig
SciTEConfig/OLD_LCD.SciTEConfig
SciTEConfig/SciTEConfig.ico
SciTEConfig/SciteConfig.au3
.ps1
SciTEConfig/Scite_Reload_Props.au3
SciTEConfig/StringSize.au3
.ps1
SciTEConfig/Twilight.SciTEConfig
SciTEConfig/UCTMan.au3
.ps1
SciTEConfig/_OldSciTE4AutoIt3.SciTEConfig
SciTEConfig/__SciTE4AutoIt3.SciTEConfig
SciTEConfig/__SciTE4AutoIt3_Dark.SciTEConfig
SciTEConfig/li.txt
SciTEGlobal.properties
Tidy/Tidy.exe
.exe windows:4 windows x86 arch:x86

2e76bcc6c24325dd6a1e5b9d5169fb45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetCurrentDirectoryA
GetTempPathA
GetEnvironmentVariableA
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
GetTempFileNameA
FindFirstFileA
FindClose
GetFileAttributesA
GetTickCount
CreateProcessA
Sleep
CloseHandle
ExitProcess
DeleteFileA
CopyFileA
MoveFileA
GetPrivateProfileStringA
CompareFileTime
OpenFile
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFileTime
GetStartupInfoA
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
GetLastError
RtlUnwind
GetSystemTimeAsFileTime
GetFileType
GetStdHandle
GetCurrentProcess
DuplicateHandle
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualAlloc
VirtualQuery
ReadFile
GetConsoleMode
GetConsoleCP
GetConsoleOutputCP
WriteFile
SetStdHandle
SetConsoleCtrlHandler
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
SetEndOfFile
SetCurrentDirectoryA
SetEnvironmentVariableA
CreateDirectoryA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

LoadIconA
GetActiveWindow
IsWindow
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetMessageA
GetDesktopWindow
GetWindowRect
SetWindowPos
UnhookWindowsHookEx
SetWindowsHookExA
CharLowerA
MessageBoxA
WaitForInputIdle
MsgWaitForMultipleObjects
PeekMessageA
PostQuitMessage
CreateWindowExA
SendMessageA
MapDialogRect
GetClassInfoExA
UnregisterClassA
RegisterClassExA
LoadCursorA
DefWindowProcA
FindWindowA
DestroyWindow

gdi32

GetStockObject

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tidy/TidyV2_Example.ini
Tidy/Tidy_Example.ini
Tidy/au3.api
Tidy/functions.tbl
Tidy/keywords.tbl
Tidy/macros.tbl
abbrev.properties
api/au3.api
api/au3.autoit3wrapper.api
api/iface.api
api/lua.api
au3abbrev.properties
defs/Beta/Tidy/au3.api
defs/Beta/api/au3.api
defs/Beta/au3.keywords.properties
defs/Beta/au3.properties
defs/Production/Tidy/au3.api
defs/Production/api/au3.api
defs/Production/au3.keywords.properties
defs/Production/au3.properties
defs/UpdateDefs.au3
defs/Update_AbbrevProp.au3
defs/versioninfo.ini
example-SciTEUser.properties
example-au3.UserUdfs.properties
example-au3UserAbbrev.properties
properties/Embedded.properties
properties/abaqus.properties
properties/ada.properties
properties/asl.properties
properties/asm.properties
properties/asn1.properties
properties/au3.keywords.abbreviations.properties
properties/au3.keywords.properties
properties/au3.pixmap.properties
properties/au3.properties
properties/au3_Old.properties
properties/autoit3wrapper.keywords.properties
properties/ave.properties
properties/avs.properties
properties/baan.properties
properties/bcx.properties
properties/blitzbasic.properties
properties/bullant.properties
properties/caml.properties
properties/cmake.properties
.vbs
properties/cobol.properties
properties/coffeescript.properties
properties/conf.properties
properties/cpp.properties
properties/csound.properties
properties/css.properties
properties/d.properties
properties/ecl.properties
properties/eiffel.properties
properties/erlang.properties
properties/escript.properties
properties/flagship.properties
properties/forth.properties
properties/fortran.properties
properties/freebasic.properties
properties/gap.properties
properties/haskell.properties
properties/hex.properties
properties/html.properties
properties/inno.properties
properties/json.properties
properties/kix.properties
.vbs
properties/latex.properties
properties/lisp.properties
properties/lot.properties
properties/lout.properties
properties/lua.properties
properties/matlab.properties
.vbs
properties/metapost.properties
properties/mmixal.properties
properties/modula3.properties
properties/nimrod.properties
properties/nncrontab.properties
properties/nsis.properties
properties/opal.properties
properties/oscript.properties
properties/others.properties
properties/pascal.properties
properties/perl.properties
properties/pov.properties
properties/powerpro.properties
properties/powershell.properties
.ps1
properties/ps.properties
properties/purebasic.properties
properties/python.properties
properties/r.properties
properties/rebol.properties
properties/registry.properties
properties/ruby.properties
properties/rust.properties
properties/scriptol.properties
properties/smalltalk.properties
properties/sorcins.properties
properties/specman.properties
properties/spice.properties
properties/sql.properties
properties/tacl.properties
properties/tal.properties
properties/tcl.properties
properties/tex.properties
properties/txt2tags.properties
properties/vb.properties
properties/verilog.properties
properties/vhdl.properties
properties/yaml.properties

Sharing

General

Malware Config

Signatures

Files

6ec214cf0456b82fe58994e3c8a38024

Headers

File Characteristics

Imports

kernel32

advapi32

user32

comdlg32

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 3.9MB

.rsrc Size: 27KB - Virtual size: 27KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 548KB - Virtual size: 552KB

.rsrc Size: 73KB - Virtual size: 76KB

a0f826d66576e4ccbdfb6f921136c35d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

imm32

ole32

oleaut32

msimg32

Exports

Exports

Sections

.text Size: 847KB - Virtual size: 846KB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 19KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 35KB - Virtual size: 34KB

d13786acd6ee46c128a2c48a25cc9c61

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

comctl32

shell32

uxtheme

Exports

Exports

Sections

.text Size: 599KB - Virtual size: 598KB

.rdata Size: 232KB - Virtual size: 232KB

.data Size: 40KB - Virtual size: 43KB

.rsrc Size: 81KB - Virtual size: 80KB

.reloc Size: 35KB - Virtual size: 35KB

2e76bcc6c24325dd6a1e5b9d5169fb45

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

comctl32

comdlg32

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 14KB - Virtual size: 14KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 3.9MB

.rsrc
Size: 27KB - Virtual size: 27KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 548KB - Virtual size: 552KB

.rsrc
Size: 73KB - Virtual size: 76KB

.text
Size: 847KB - Virtual size: 846KB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 19KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 35KB - Virtual size: 34KB

.text
Size: 599KB - Virtual size: 598KB

.rdata
Size: 232KB - Virtual size: 232KB

.data
Size: 40KB - Virtual size: 43KB

.rsrc
Size: 81KB - Virtual size: 80KB

.reloc
Size: 35KB - Virtual size: 35KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 6KB - Virtual size: 4.2MB

.rsrc
Size: 28KB - Virtual size: 27KB