4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118
Size

14.3MB
MD5

4cbc50b0f7d5bd24c6f9ab3139af9e39
SHA1

53d1fd3d74c547cfe5af27dc887783cc4b21339b
SHA256

619af4a455d2f08be2d92d5d59fbd3737278b8746a6162d995be1263eea9add2
SHA512

915f5d0073bf853786ae55535e3f4e1df168c2cb9ab8df4e3f7691fbfbb5831fb0edd21eef5442389117292fa982001454a54fb8e4b95c89df160ea0067078ea
SSDEEP

393216:uSgdVRLcqFuq7Oy0o2ZYcfQZgHO5FU+2JNFOwNreA6F915:uFDRLkg0o267GS2JnO0rfq9f

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118
unpack001/$1/1337/Alexandr.exe
unpack001/$1/1337/ExtrimHack [free][17.08.2020].exe
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetFileAttributesA
SetFileAttributesA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
GetCurrentProcess
GetFullPathNameA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
SetErrorMode
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$1/1337/Alexandr.exe
.exe windows:4 windows x86 arch:x86

a1a66d588dcf1394354ebf6ec400c223

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetParent
ScreenToClient
CreateWindowExW
GetDesktopWindow
GetWindowTextLengthW
SetWindowPos
SetTimer
GetMessageW
CopyImage
KillTimer
CharUpperW
SendMessageW
ShowWindow
BringWindowToTop
wsprintfW
MessageBoxW
EndDialog
ReleaseDC
GetWindowDC
GetMenu
GetWindowLongW
GetClassNameA
wsprintfA
DispatchMessageW
SetWindowTextW
GetSysColor
DestroyWindow
MessageBoxA
GetKeyState
IsWindow
GetDlgItem
GetClientRect
GetSystemMetrics
SetWindowLongW
UnhookWindowsHookEx
SetFocus
SystemParametersInfoW
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
GetWindowTextW
GetWindowRect

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
OleLoadPicture
SysAllocString

kernel32

SetFileTime
SetEndOfFile
GetFileInformationByHandle
VirtualFree
GetModuleHandleA
WaitForMultipleObjects
VirtualAlloc
ReadFile
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetEnvironmentVariableW
GetDriveTypeW
CreateFileW
LoadLibraryA
SetThreadLocale
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
WideCharToMultiByte
GetTempPathW
GetCurrentDirectoryW
GetEnvironmentVariableW
lstrcmpiW
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
GetModuleHandleW
FindFirstFileW
lstrcmpW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetStdHandle
WriteFile
lstrlenA
CreateDirectoryW
GetFileAttributesW
SetCurrentDirectoryW
GetLocalTime
SystemTimeToFileTime
CreateThread
GetExitCodeThread
Sleep
SetFileAttributesW
GetDiskFreeSpaceExW
SetLastError
GetTickCount
lstrlenW
ExitProcess
lstrcatW
GetProcAddress
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetQueuedCompletionStatus
ResumeThread
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
CreateJobObjectW
GetLastError
CreateProcessW
GetStartupInfoW
GetCommandLineW
GetStartupInfoA

msvcrt

_purecall
??2@YAPAXI@Z
_wtol
memset
memmove
memcpy
_wcsnicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
malloc
realloc
free
wcsstr
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
strncmp
wcsncmp
wcsncpy
strncpy
??3@YAXPAX@Z

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$1/1337/ExtrimHack [free][17.08.2020].exe
.exe windows:6 windows x86 arch:x86

7ec7db240e417ba419ce41075f049790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EmptyClipboard
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

imm32

ImmGetContext

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

kernel32

HeapSize
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

SHGetFolderPathA

ole32

CoCreateInstance

advapi32

RegQueryValueExW

shlwapi

SHDeleteKeyW

wtsapi32

WTSSendMessageW

Exports

Exports

6c�w�"�:OD��yzx�Z&�l��vC�Ƴ@a��25t�0dra��<��|J��x�)�'G��xr `��L*:�G�♃��[s�|�� 9f�I�81H@WҨh��^��s�,��@�;��&=|vJ��Se��+�U�c,�PA6x1�Y�0^յ{p�x�q��`�]��"w�+_[� ^��p10q��q�=��J��JJ'��s�'�t�(�G ,yi\��&٠�S`�ۨ'kf�>�� s��k�E�-�J�7R!]L�*K��[��ڔ�<��]~"|鉡/�8��nG�Y��d�F�zN��L�W n�W6D� Z��3 9|I ��2f��f:��3�}��p�Z�=4ҟV��]>i^�I��o�3�2eЊ�*)=�hSJ��SV#�B�0��N7��_�Ao�=jS^��U��v�W�8��eM��:��a�ɂ��ԓ�x��E�5v�[��z?\pXA�� g�3~��Bϱ�)��G��U~��8��J欔�V�?�+��'��Y��o�E�u�2��i�� A��vWcw�c�/}�y(��C��E�m�fyO�� X�oH��~�)�)��)�1K��Z��ʴY��[~\�G\4c��9J��r��'3��0 e�b�.P`��{d�V�K-�[�}� ��Bw�@��8�^IG�4��-�ud��BeX��\�*yB�Ѷ��##�6�$�L((`�;��'V#V��jL[�V0�)��e�{widR�5|�f�">&��I�% ٛhbc��j��Ǧ|�6>�f��_��-��{��6�M�^9u%Ϋ�4?�rE�|0N�Z��jd�PѝX��šL��t� �~<��{͍� Eq��T��XGm��=R�D1!~%m"��U��m!��I}�� -�vz��9曹z�`mt�p��ZZ_��W�s��s0 ��` QѰi"��9c0,�)ܕSo��Bu��(Ā�֑2E�I~j�]�h�]z� *�2�=]T RP�Q4��Ĉ-ų� �D�LIE�y�Q.�fֹ��<K��;s�~�6 �wc��ĺ K @�^��4!��Jd|�s��#�Hz�o��+��"Է�(��Pٺ)W��[G�� 2l3�H/�0�y��o��\�~��I�Ц<�S��y�t>�Q��X�D�K��4Eӟ �4~F/�he7��6P�l��no��/��3�W��ty��;^0'Q_&{�p�.1��g�k3�� zJ�vu��qG��G��.C�[��,X��]��`��"��O��?eI��G9�%��F�w��@��y"Y'�}O��(�zט5�r1��{��s!i0rAG��@��#�=}:��8}c�� &i��8�Y�$��m�s�p��٧��x�p�ު�E\ooF�BE��c�+��,f�Q��;?>/� ?�:r��}ʉZ��z�t%��m?6ZB*)��hBHsV�f[ڏzy��i��z�po��N��+�vZ�E>�fLÛb�F��P��6�'�x��b��ꑏʈ��*?A�`AF� ��g��]��]1܈ADU�_��(��M��o��i�-/��=�,:l��]��]9�t��v�3�<�6�& �-��$ݙ��E%��*�.�^�k��ʬ�ʱ� ��'��V3��CH�HJ�Ʒ`8�1�ApCX��̴��+i�Q-2��c4��nB��K��D��d�n_�$ӣ��1��`C��ԺK�I�wg�I,Rl��0�rC��v7�){�|��߱�9��r�X��+�`1�d7.�sBH�9�;"e�C5�ĺ�pBw��Ĥ-�=�=��g��$.�q��K텍ؙ�m��zpj�6��B�{�]瀼7��2�=j��B��C%)�i��c�'��7��P??�\�BlÃ�6�nЦ:`5]4-H�_�iDL�n_�#m]��@ȶ�<�Y ��?a�|��1�ܔNH6�YL�Y�x��O:���"�Ԗ1x}:��2�Y��[G>�֓��c�1e��k�_�|x�`Щ��>��U�&hNg:��wɜ+��+ �}{�A|�ExF (]��񦛫��<r��$FN�;�V ��K�lEC<��5��̀�#낦��y r��p��yWʰ> Z!i��&4��*�\��I��y)��Q�a��9D��)�K��'*c�OA_/u��(�! ?��r &��#H撠u<�t�]��[Z�Uw��\!2�A��ӺV(P�#\�07t��Ek��n�b��Sbfk��úQ��xJ�m�$��M�,{r��2��[;�9�tx�K ��`�+��: �/@� .�OΌ��$�P��-�xO��B�W��;/9z"��AQ��[(>��|X�ཾ��;Xl�$� �q��#/��d��Ü�G��'buP-3a�40e��W4�}[~�])�� G�,d{ߪ?��(�JV�87#p��m ��Re6y��6j�I�v�� ʍ��T��h�P��3��Bk`��k��C�X�cjSqG6�d��q�>nja�,O�K��&B�F�f[%\y��;P��5S�1"��^�{"w��^��=ϖN��}�1~�,��q��z8D�Q��+�C/��rK�H-:t��]dDi�'��!/�v��?�"��<��r��9wm�5�:�g��< ��krcm�?�/��GL�J��)#`j�[��x֓�{6��;��76&FQk��\�Hf7��Q�gyI�V�Df;6�j_2&��P�#��~��YWl{4��gl0MA+��"Z�KV�&e/�JDpL
??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.abc0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.abc1
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 19KB - Virtual size: 18KB

a1a66d588dcf1394354ebf6ec400c223

Headers

File Characteristics

Imports

comctl32

shell32

gdi32

advapi32

user32

ole32

oleaut32

kernel32

msvcrt

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 93KB - Virtual size: 92KB

7ec7db240e417ba419ce41075f049790

Headers

DLL Characteristics

File Characteristics

Imports

user32

imm32

d3d9

d3dx9_43

kernel32

shell32

ole32

advapi32

shlwapi

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 520KB

.rdata Size: - Virtual size: 148KB

.data Size: - Virtual size: 6.4MB

.abc0 Size: - Virtual size: 2.9MB

.abc1 Size: 11.3MB - Virtual size: 11.3MB

.rsrc Size: 1KB - Virtual size: 1KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 93KB - Virtual size: 92KB

.text
Size: - Virtual size: 520KB

.rdata
Size: - Virtual size: 148KB

.data
Size: - Virtual size: 6.4MB

.abc0
Size: - Virtual size: 2.9MB

.abc1
Size: 11.3MB - Virtual size: 11.3MB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B