506eef67316cec6ccd7fe494ae7d1c91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

506eef67316cec6ccd7fe494ae7d1c91_JaffaCakes118
Size

5.6MB
MD5

506eef67316cec6ccd7fe494ae7d1c91
SHA1

8be2ae93334e37d2c8be2711096fb20f8d745e16
SHA256

165891f840cb6518715b67067027711624e29e97f866c7562af29d5f70a95f74
SHA512

25248cb3f43612c84fc1649960129478fcf2b7378b2b1c017a923229baeb3063ac00ccbacab4b8839bc0344a0d5c73fce8ce8104c43de4e6f592a06adb426402
SSDEEP

98304:IWwawoN1946liWHlgFjPu3hiKOP9NKcehNt8Z/hS2EKeJVmcXEwmHS:IwJN1qWHSBm3AVP9N6hNy1hHRKm9wZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
506eef67316cec6ccd7fe494ae7d1c91_JaffaCakes118

Files

506eef67316cec6ccd7fe494ae7d1c91_JaffaCakes118
.dll windows:6 windows x86 arch:x86

a11a7ee529c26cbe2ce2fcd1b1d2bad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dskfile

?etlWriteBinFile@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBXH@Z

ylstl

?yl_strcmp@yl@@YAHPBD0_N@Z

kernel32

UnhandledExceptionFilter
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

??Bid@locale@std@@QAEIXZ

shlwapi

PathFileExistsW

ws2_32

htonl

dbghelp

MiniDumpWriteDump

netapi32

Netbios

vcruntime140

strchr

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

fclose

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-math-l1-1-0

_CIfmod

wtsapi32

WTSSendMessageW

Exports

Exports

??0?$ipcObjectFrame@VchSystemNamedObject@@VchMapFile_Local@@VchMutex_Local@@@@QAE@XZ
??0?$ipcObjectFrame@VchSystemTracerManager@@VchMapFile_Local@@VchMutex_Local@@@@QAE@XZ
??0?$list_chain@Vpointer_chain_pNext@@Vpointer_chain_pPrev@@@@QAE@XZ
??0?$polymorphic_frame@VchFileStdio@@@@QAE@ABV0@@Z
??0?$polymorphic_frame@VchFileStdio@@@@QAE@XZ
??0aLawSample@@QAE@$$QAV0@@Z
??0aLawSample@@QAE@ABV0@@Z
??0aLawSample@@QAE@XZ
??0aesEncrypt@@QAE@PBEH@Z
??0apiHooker@@QAE@PBD0P6GHXZPAP6GHXZ@Z
??0baseDymicAlloc@@QAE@XZ
??0baseDynamicNodeAlloc_block@@IAE@XZ
??0basePoolAlloc@@QAE@XZ
??0baseShareStringA@@QAE@XZ
??0chCriticalSection@@QAE@XZ
??0chDynamicModule@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0chDynamicModule@@QAE@XZ
??0chEthernetSocket@@QAE@ABV0@@Z
??0chEthernetSocket@@QAE@XZ
??0chEvent@@QAE@XZ
??0chEvent_Socket@@QAE@XZ
??0chException@@QAE@XZ
??0chFD_SET@@QAE@H@Z
??0chFD_SET@@QAE@XZ
??0chFileFilter@@QAE@$$QAV0@@Z
??0chFileFilter@@QAE@ABV0@@Z
??0chFileFilter@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0chFileTrace@@QAE@$$QAV0@@Z
??0chFileTrace@@QAE@ABV0@@Z
??0chFileTrace@@QAE@XZ
??0chInAddr@@QAE@ABUin6_addr@@@Z
??0chInAddr@@QAE@ABUin_addr@@@Z
??0chInAddr@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0chInAddr@@QAE@XZ
??0chLocalTime@@QAE@XZ
??0chMapFile@@QAE@XZ
??0chMapFile_Local@@QAE@XZ
??0chMutex@@QAE@XZ
??0chMutex_Local@@QAE@XZ
??0chNamedObjectManager@@QAE@XZ
??0chPathWalker@@QAE@ABV0@@Z
??0chPathWalker@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0chPoint@@QAE@HH@Z
??0chPoint@@QAE@XZ
??0chPointF@@QAE@NN@Z
??0chPointF@@QAE@XZ
??0chPointerSnap@@QAE@PBX@Z
??0chRect@@QAE@ABV0@@Z
??0chRect@@QAE@ABVchPoint@@ABVchSize@@@Z
??0chRect@@QAE@HHHH@Z
??0chRect@@QAE@XZ
??0chSize@@QAE@HH@Z
??0chSize@@QAE@XZ
??0chSocket@@QAE@XZ
??0chSocketAddr@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
??0chSocketAddr@@QAE@ABVchInAddr@@H@Z
??0chSocketAddr@@QAE@XZ
??0chSocketPacketTCP@@QAE@XZ
??0chSocketStream@@QAE@$$QAV0@@Z
??0chSocketStream@@QAE@ABV0@@Z
??0chSocketStream@@QAE@XZ
??0chSocketTCP@@QAE@XZ
??0chSocketTCPServer@@QAE@XZ
??0chSocketUDP@@QAE@XZ
??0chStdInput@@QAE@XZ
??0chStream@@QAE@ABV0@@Z
??0chStream@@QAE@XZ
??0chTick@@QAE@HH@Z
??0chTickTimer@@QAE@XZ
??0chTime@@QAE@HH@Z
??0chTime@@QAE@HHHHHHH@Z
??0chTime@@QAE@XZ
??0chTime@@QAE@_JH@Z
??0chTimeout@@QAE@H@Z
??0chTraceStack@@QAA@HPBD0ZZ
??0chVarArgs@@QAE@ABV?$vector@EV?$allocator@E@std@@@std@@@Z
??0chVarArgs@@QAE@PBXH@Z
??0chXmlAttributeObject@@QAE@$$QAV0@@Z
??0chXmlAttributeObject@@QAE@ABV0@@Z
??0chXmlAttributeObject@@QAE@XZ
??0chXmlDeclaration@@QAE@$$QAV0@@Z
??0chXmlDeclaration@@QAE@ABV0@@Z
??0chXmlDeclaration@@QAE@XZ
??0chXmlDocument@@QAE@$$QAV0@@Z
??0chXmlDocument@@QAE@ABV0@@Z
??0chXmlDocument@@QAE@XZ
??0chXmlElement@@QAE@$$QAV0@@Z
??0chXmlElement@@QAE@ABV0@@Z
??0chXmlElement@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0chXmlElement@@QAE@ABVchXmlObject@@@Z
??0chXmlElement@@QAE@XZ
??0chXmlFile@@QAE@$$QAV0@@Z
??0chXmlFile@@QAE@ABV0@@Z
??0chXmlFile@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0chXmlObject@@AAE@PAUxmlNodeData@0@@Z
??0chXmlObject@@QAE@ABV0@@Z
??0chXmlObject@@QAE@W4xmlType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0chXmlObject@@QAE@XZ
??0ipcObjectHeader@@QAE@XZ
??0list_chain_pointer@@QAE@XZ
??0pcm16Sample@@QAE@$$QAV0@@Z
??0pcm16Sample@@QAE@ABV0@@Z
??0pcm16Sample@@QAE@XZ
??0pointer_chain_pChild@@QAE@XZ
??0pointer_chain_pLeft@@QAE@XZ
??0pointer_chain_pNext@@QAE@XZ
??0pointer_chain_pParent@@QAE@XZ
??0pointer_chain_pPrev@@QAE@XZ
??0pointer_chain_pRight@@QAE@XZ
??0share_pointer@@QAE@PBX@Z
??0simpStackTracer@@QAA@PBD0ZZ
??0uCSystemNamedObjectHelper@@AAE@XZ
??0uCTraceHelper@@AAE@XZ
??0uLawSample@@QAE@$$QAV0@@Z
??0uLawSample@@QAE@ABV0@@Z
??0uLawSample@@QAE@XZ
??1?$ipcObjectFrame@VchSystemNamedObject@@VchMapFile_Local@@VchMutex_Local@@@@QAE@XZ
??1?$ipcObjectFrame@VchSystemTracerManager@@VchMapFile_Local@@VchMutex_Local@@@@QAE@XZ
??1?$polymorphic_frame@VchFileStdio@@@@QAE@XZ
??1aLawSample@@QAE@XZ
??1apiHooker@@QAE@XZ
??1baseDynamicNodeAlloc_block@@IAE@XZ
??1basePoolAlloc@@QAE@XZ
??1chCriticalSection@@QAE@XZ
??1chDynamicModule@@QAE@XZ
??1chEthernetSocket@@QAE@XZ
??1chEvent@@QAE@XZ
??1chEvent_Socket@@QAE@XZ
??1chException@@QAE@XZ
??1chFD_SET@@QAE@XZ
??1chFileFilter@@QAE@XZ
??1chFileTrace@@QAE@XZ
??1chMapFile@@QAE@XZ
??1chMapFile_Local@@QAE@XZ
??1chMutex@@QAE@XZ
??1chMutex_Local@@QAE@XZ
??1chPathWalker@@QAE@XZ
??1chSocket@@QAE@XZ
??1chSocketPacketTCP@@QAE@XZ
??1chSocketStream@@UAE@XZ
??1chSocketTCP@@QAE@XZ
??1chSocketTCPServer@@QAE@XZ
??1chSocketUDP@@QAE@XZ
??1chStdInput@@QAE@XZ
??1chStream@@UAE@XZ
??1chTraceStack@@QAE@XZ
??1chXmlAttributeObject@@QAE@XZ
??1chXmlDeclaration@@QAE@XZ
??1chXmlDocument@@QAE@XZ
??1chXmlElement@@QAE@XZ
??1chXmlFile@@QAE@XZ
??1chXmlObject@@QAE@XZ
??1pcm16Sample@@QAE@XZ
??1simpStackTracer@@QAE@XZ
??1uCSystemNamedObjectHelper@@AAE@XZ
??1uCTraceHelper@@AAE@XZ
??1uLawSample@@QAE@XZ
??4?$chArgbleT@$0HCHEHD@@@QAEAAU0@$$QAU0@@Z
??4?$chArgbleT@$0HCHEHD@@@QAEAAU0@ABU0@@Z
??4?$list_chain@Vpointer_chain_pNext@@Vpointer_chain_pPrev@@@@QAEAAV0@$$QAV0@@Z
??4?$list_chain@Vpointer_chain_pNext@@Vpointer_chain_pPrev@@@@QAEAAV0@ABV0@@Z
??4?$polymorphic_frame@VchFileStdio@@@@QAEAAV0@ABV0@@Z
??4aLawSample@@QAEAAV0@$$QAV0@@Z
??4aLawSample@@QAEAAV0@ABV0@@Z
??4aesEncrypt@@QAEAAV0@$$QAV0@@Z
??4aesEncrypt@@QAEAAV0@ABV0@@Z
??4apiHooker@@QAEAAV0@ABV0@@Z
??4baseDymicAlloc@@QAEAAV0@$$QAV0@@Z
??4baseDymicAlloc@@QAEAAV0@ABV0@@Z
??4baseDynamicNodeAlloc_block@@QAEAAV0@ABV0@@Z
??4basePoolAlloc@@QAEAAV0@ABV0@@Z
??4baseShareStringA@@QAEAAV0@$$QAV0@@Z
??4baseShareStringA@@QAEAAV0@ABV0@@Z
??4chDynamicModule@@QAEAAV0@ABV0@@Z
??4chEthernetSocket@@QAEAAV0@ABV0@@Z
??4chEvent@@QAEAAV0@ABV0@@Z
??4chEvent_Socket@@QAEAAV0@ABV0@@Z
??4chException@@QAEAAV0@ABV0@@Z
??4chFD_SET@@QAEAAV0@ABV0@@Z
??4chFileFilter@@QAEAAV0@$$QAV0@@Z
??4chFileFilter@@QAEAAV0@ABV0@@Z
??4chFileTrace@@QAEAAV0@$$QAV0@@Z
??4chFileTrace@@QAEAAV0@ABV0@@Z
??4chInAddr@@QAEAAV0@$$QAV0@@Z
??4chInAddr@@QAEAAV0@ABUin6_addr@@@Z
??4chInAddr@@QAEAAV0@ABUin_addr@@@Z
??4chInAddr@@QAEAAV0@ABV0@@Z
??4chLocalTime@@QAEAAV0@$$QAV0@@Z
??4chLocalTime@@QAEAAV0@ABV0@@Z
??4chMutex_Local@@QAEAAV0@ABV0@@Z
??4chNamedObjectManager@@QAEAAV0@$$QAV0@@Z
??4chNamedObjectManager@@QAEAAV0@ABV0@@Z
??4chPathWalker@@QAEAAV0@ABV0@@Z
??4chPoint@@QAEAAV0@$$QAV0@@Z
??4chPoint@@QAEAAV0@ABV0@@Z
??4chPointF@@QAEAAV0@$$QAV0@@Z
??4chPointF@@QAEAAV0@ABV0@@Z
??4chPointerSnap@@QAEAAV0@$$QAV0@@Z
??4chPointerSnap@@QAEAAV0@ABV0@@Z
??4chRect@@QAEAAV0@ABV0@@Z
??4chSize@@QAEAAV0@$$QAV0@@Z
??4chSize@@QAEAAV0@ABV0@@Z
??4chSocketAddr@@QAEAAV0@$$QAV0@@Z
??4chSocketAddr@@QAEAAV0@ABV0@@Z
??4chSocketStream@@QAEAAV0@$$QAV0@@Z
??4chSocketStream@@QAEAAV0@ABV0@@Z
??4chStdInput@@QAEAAV0@ABV0@@Z
??4chStream@@QAEAAV0@ABV0@@Z
??4chTick@@QAEAAV0@ABV0@@Z
??4chTickTimer@@QAEAAV0@$$QAV0@@Z
??4chTickTimer@@QAEAAV0@ABV0@@Z
??4chTime@@QAEAAV0@$$QAV0@@Z
??4chTime@@QAEAAV0@ABV0@@Z
??4chTimeout@@QAEAAV0@$$QAV0@@Z
??4chTimeout@@QAEAAV0@ABV0@@Z
??4chTimer@@QAEAAV0@$$QAV0@@Z
??4chTimer@@QAEAAV0@ABV0@@Z
??4chTraceStack@@QAEAAV0@ABV0@@Z
??4chVarArgs@@QAEAAV0@$$QAV0@@Z
??4chVarArgs@@QAEAAV0@ABV0@@Z
??4chXmlAttributeObject@@QAEAAV0@$$QAV0@@Z
??4chXmlAttributeObject@@QAEAAV0@ABV0@@Z
??4chXmlDeclaration@@QAEAAV0@$$QAV0@@Z
??4chXmlDeclaration@@QAEAAV0@ABV0@@Z
??4chXmlDocument@@QAEAAV0@$$QAV0@@Z
??4chXmlDocument@@QAEAAV0@ABV0@@Z
??4chXmlElement@@QAEAAV0@$$QAV0@@Z
??4chXmlElement@@QAEAAV0@ABV0@@Z
??4chXmlFile@@QAEAAV0@$$QAV0@@Z
??4chXmlFile@@QAEAAV0@ABV0@@Z
??4chXmlObject@@QAEAAV0@ABV0@@Z
??4ipcObjectHeader@@QAEAAV0@$$QAV0@@Z
??4ipcObjectHeader@@QAEAAV0@ABV0@@Z
??4list_chain_pointer@@QAEAAV0@$$QAV0@@Z
??4list_chain_pointer@@QAEAAV0@ABV0@@Z
??4pcm16Sample@@QAEAAV0@$$QAV0@@Z
??4pcm16Sample@@QAEAAV0@ABV0@@Z
??4pointer_chain_pChild@@QAEAAV0@$$QAV0@@Z
??4pointer_chain_pChild@@QAEAAV0@ABV0@@Z
??4pointer_chain_pLeft@@QAEAAV0@$$QAV0@@Z
??4pointer_chain_pLeft@@QAEAAV0@ABV0@@Z
??4pointer_chain_pNext@@QAEAAV0@$$QAV0@@Z
??4pointer_chain_pNext@@QAEAAV0@ABV0@@Z
??4pointer_chain_pParent@@QAEAAV0@$$QAV0@@Z
??4pointer_chain_pParent@@QAEAAV0@ABV0@@Z
??4pointer_chain_pPrev@@QAEAAV0@$$QAV0@@Z
??4pointer_chain_pPrev@@QAEAAV0@ABV0@@Z
??4pointer_chain_pRight@@QAEAAV0@$$QAV0@@Z
??4pointer_chain_pRight@@QAEAAV0@ABV0@@Z
??4pool_chain@@QAEAAV0@$$QAV0@@Z
??4pool_chain@@QAEAAV0@ABV0@@Z
??4share_pointer@@QAEAAV0@ABV0@@Z
??4simpStackTracer@@QAEAAV0@ABV0@@Z
??4uLawSample@@QAEAAV0@$$QAV0@@Z
??4uLawSample@@QAEAAV0@ABV0@@Z
??8?$polymorphic_frame@VchFileStdio@@@@QBE_NABV0@@Z
??8baseShareStringA@@QBE_NABV0@@Z
??8chInAddr@@QBE_NABV0@@Z
??8chPoint@@QBEHABV0@@Z
??8chPointF@@QBEHABV0@@Z
??8chRect@@QBEHABV0@@Z
??8chSize@@QBEHABV0@@Z
??8chSocketAddr@@QBE_NABV0@@Z
??8chTime@@QBE_NABV0@@Z
??8share_pointer@@QBE_NABV0@@Z
??9baseShareStringA@@QBE_NABV0@@Z
??9chInAddr@@QBE_NABV0@@Z
??9chPoint@@QBEHABV0@@Z
??9chPointF@@QBEHABV0@@Z
??9chRect@@QBEHABV0@@Z
??9chSize@@QBEHABV0@@Z
??9chTime@@QBE_NABV0@@Z
??AchXmlObject@@QBE?AVchXmlElement@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??C?$polymorphic_frame@VchFileStdio@@@@QBEPAVchFileStdio@@XZ
??EchXmlElement@@QAEAAV0@XZ
??EchXmlObject@@QAEAAV0@XZ
??GchPoint@@QBE?AV0@XZ
??GchPointF@@QBE?AV0@XZ
??GchSize@@QBE?AV0@XZ
??GchTick@@QBE?AV0@ABV0@@Z
??GchTime@@QBE?AV0@ABV0@@Z
??HchRect@@QBE?AV0@ABVchPoint@@@Z
??HchRect@@QBE?AV0@ABVchSize@@@Z
??HchTick@@QBE?AV0@ABV0@@Z
??HchTime@@QBE?AV0@ABV0@@Z
??IchRect@@QBE?AV0@ABV0@@Z
??MbaseShareStringA@@QBE_NABV0@@Z
??MchTick@@QBE_NABV0@@Z
??MchTime@@QBE_NABV0@@Z
??NchTime@@QBE_NABV0@@Z
??ObaseShareStringA@@QBE_NABV0@@Z
??OchTick@@QBE_NABV0@@Z
??OchTime@@QBE_NABV0@@Z
??PchTime@@QBE_NABV0@@Z
??UchRect@@QBE?AV0@ABV0@@Z
??YchTick@@QAEAAV0@ABV0@@Z
??YchTime@@QAEAAV0@ABV0@@Z
??ZchTime@@QAEAAV0@ABV0@@Z
??_4chRect@@QAEAAV0@ABV0@@Z
??_5chRect@@QAEAAV0@ABV0@@Z
??_7chSocketStream@@6B@
??_7chStream@@6B@
??_7chXmlAttributeObject@@6B@
??_7chXmlDeclaration@@6B@
??_7chXmlDocument@@6B@
??_7chXmlElement@@6B@
??_7chXmlFile@@6B@
??_7chXmlObject@@6B@
??_FaesEncrypt@@QAEXXZ
??_FchFileFilter@@QAEXXZ
??_FchPathWalker@@QAEXXZ
??_FchTick@@QAEXXZ
??_FchXmlFile@@QAEXXZ
??_Fshare_pointer@@QAEXXZ
?AcceptOnSocket@chSocketTCPServer@@QAE_NAAVchSocketTCP@@PAVchSocketAddr@@H@Z
?AddChildElement@chXmlObject@@QAE?AVchXmlElement@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AddChildObject@chXmlObject@@QAE?AV1@ABV1@@Z
?AddChildObject@chXmlObject@@QAE?AV1@W4xmlType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AllocHashBlock@baseDynamicNodeAlloc_block@@AAEPAVlist_chain_pointer@@HH@Z
?AllocSampleBuffer@aLawSample@@QAEXH@Z
?AllocSampleBuffer@pcm16Sample@@QAEXH@Z
?AllocSampleBuffer@uLawSample@@QAEXH@Z
?AppendMuteSample@aLawSample@@QAEXH@Z
?AppendMuteSample@pcm16Sample@@QAEXH@Z
?AppendMuteSample@uLawSample@@QAEXH@Z
?AppendSample@aLawSample@@QAEXN@Z
?AppendSample@pcm16Sample@@QAEXN@Z
?AppendSample@uLawSample@@QAEXN@Z
?ApplyAfterMoudleLoaded@apiHooker@@SAXXZ
?AssertHeader@ipcObjectHeader@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
?Bind@chSocket@@QAE_NABVchSocketAddr@@@Z
?BottomRight@chRect@@QBE?AVchPoint@@XZ
?CenterPoint@chRect@@QBE?AVchPoint@@XZ
?Clear@aLawSample@@QAEXXZ
?Clear@pcm16Sample@@QAEXXZ
?Clear@uLawSample@@QAEXXZ
?ClearGhostTracerLevel@uCTraceHelper@@AAEXXZ
?CloseDynamicModule@chDynamicModule@@QAEXXZ
?CloseEvent@chEvent@@QAEXXZ
?CloseEvent@chEvent_Socket@@QAEXXZ
?CloseMapFile@chMapFile@@QAEXXZ
?CloseMapFile@chMapFile_Local@@QAEXXZ
?CloseMutex@chMutex@@QAEXXZ
?CloseMutex@chMutex_Local@@QAEXXZ
?ClosePath@chPathWalker@@QAEXXZ
?CloseShareObject@?$ipcObjectFrame@VchSystemNamedObject@@VchMapFile_Local@@VchMutex_Local@@@@QAEXXZ
?CloseShareObject@?$ipcObjectFrame@VchSystemTracerManager@@VchMapFile_Local@@VchMutex_Local@@@@QAEXXZ
?ConnectTo@chSocketTCP@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
?ConnectTo@chSocketTCP@@QAE_NABVchSocketAddr@@H@Z
?CreateSocket@chEthernetSocket@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?CreateSocket@chSocket@@QAE_NHHH@Z
?CreateSocket@chSocketTCP@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?CreateSocket@chSocketTCP@@QAE_NABVchSocketAddr@@@Z
?CreateSocket@chSocketTCP@@QAE_NH@Z
?CreateSocket@chSocketUDP@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?CreateSocket@chSocketUDP@@QAE_NABVchSocketAddr@@@Z
?CreateSocket@chSocketUDP@@QAE_NH@Z
?CreateSocketAddr@chSocketAddr@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?CreateSocketAddr@chSocketAddr@@QAE_NABVchInAddr@@H@Z
?Decrypt@aesEncrypt@@QBE?AV?$vector@EV?$allocator@E@std@@@std@@PBEHW4PaddingMode@@@Z
?DeflateRect@@YA?AVchRect@@ABV1@HHHH@Z
?DeflateRect@chRect@@QAEAAV1@HH@Z
?DeflateRect@chRect@@QAEAAV1@HHHH@Z
?DestroyEvent@chEvent@@QAEXXZ
?DestroyMapFile@chMapFile@@QAEXXZ
?DestroyMapFile@chMapFile_Local@@QAEXXZ
?DestroyMutex@chMutex@@QAEXXZ
?DestroyMutex@chMutex_Local@@QAEXXZ
?DestroyShareObject@?$ipcObjectFrame@VchSystemNamedObject@@VchMapFile_Local@@VchMutex_Local@@@@QAEXXZ
?DestroyShareObject@?$ipcObjectFrame@VchSystemTracerManager@@VchMapFile_Local@@VchMutex_Local@@@@QAEXXZ
?DestroySocket@chEthernetSocket@@QAEXXZ
?DestroySocket@chSocket@@QAEXXZ
?DestroySocket@chSocketTCP@@QAEXXZ
?Disconnect@chSocketTCP@@QAEXXZ
?Encrypt@aesEncrypt@@QBE?AV?$vector@EV?$allocator@E@std@@@std@@PBEHW4PaddingMode@@@Z
?ExportAttributes@chXmlObject@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?ExportChildren@chXmlObject@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?ExportElement@chXmlObject@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?ExportToText@chXmlObject@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?FastRemoveAttributeValue@chXmlAttributeObject@@QAEXPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FindAttributeValue@chXmlAttributeObject@@QBEPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?FindChildAttribute@chXmlElement@@QBE?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?FindChildElement@chXmlObject@@QBE?AVchXmlElement@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FindNamedObject@chNamedObjectManager@@QAEPAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FindNextAttribute@chXmlElement@@QBE?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?FindNextElement@chXmlObject@@QBE?AVchXmlElement@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Flush@chFileTrace@@QAEHXZ
?Flush@chMapFile@@QAEXXZ
?Flush@chMapFile_Local@@QAEXXZ
?Format@chTime@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?FreeNamedObject@chNamedObjectManager@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FreeObject@chNamedObjectManager@@IAEXPAX@Z
?GetAttributeCount@chXmlAttributeObject@@QBEHXZ
?GetAttributeData@chXmlAttributeObject@@QBEABV?$list@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@XZ
?GetAttributeValue@chXmlAttributeObject@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@0@Z
?GetBufferSize@aLawSample@@QAEHXZ
?GetBufferSize@pcm16Sample@@QAEHXZ
?GetBufferSize@uLawSample@@QAEHXZ
?GetDay@chTime@@QBEHXZ
?GetDayOfWeek@chTime@@QBEHXZ
?GetEventPort@chEvent_Socket@@QAEHXZ
?GetEventSocket@chEvent_Socket@@QAEIXZ
?GetFileName@chFileTrace@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?GetHour@chTime@@QBEHXZ
?GetLeftMillisecond@chTimeout@@QAEHXZ
?GetMethod@chDynamicModule@@QAEPAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetMicrosecond@chTickTimer@@QAEHXZ
?GetMillsSecond@chTime@@QBEHXZ
?GetMinute@chTime@@QBEHXZ
?GetMonth@chTime@@QBEHXZ
?GetNamedObject@chNamedObjectManager@@QAEPAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HPAH@Z
?GetOption@chXmlElement@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@0@Z
?GetOutputLevel@uCTraceHelper@@QAEHXZ
?GetOutputMethod@uCTraceHelper@@QAEHXZ
?GetProcessTraceOption@uCTraceHelper@@AAEAAUTraceOutputOption@@XZ
?GetSecond@chTime@@QBEHXZ
?GetTickFromBoot@chTimer@@SA?AVchTick@@XZ
?GetTimeFromBoot_ms@chTimer@@SA_KXZ
?GetYear@chTime@@QBEHXZ
?Height@chRect@@QBEHXZ
?InflateRect@@YA?AVchRect@@ABV1@HHHH@Z
?InflateRect@chRect@@QAEAAV1@HH@Z
?InflateRect@chRect@@QAEAAV1@HHHH@Z
?InitHeader@ipcObjectHeader@@QAEHHH@Z
?IsAcceptFileName@chFileFilter@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsCreateByMe@chEvent@@QAEHXZ
?IsCreateByMe@chMapFile@@QAEHXZ
?IsCreateByMe@chMapFile_Local@@QAEHXZ
?IsCreateByMe@chMutex@@QAEHXZ
?IsCreateByMe@chMutex_Local@@QAEHXZ
?IsDenyFileName@chFileFilter@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsLocked@chCriticalSection@@QAEHXZ
?IsLockedByThisThread@chCriticalSection@@QAEHXZ
?IsLockedByThisThread@chMutex@@QAEHXZ
?IsLockedByThisThread@chMutex_Local@@QAEHXZ
?IsSameSize@chRect@@QBEHABV1@@Z
?IsTimeout@chTimeout@@QAEHXZ
?IsValidPointer@baseDynamicNodeAlloc_block@@AAE_NPAX@Z
?KillProcessAppByName@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?LoadFromFile@chXmlFile@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Lock@chCriticalSection@@QAEHXZ
?Lock@chMutex@@QAEHH@Z
?Lock@chMutex_Local@@QAEHH@Z
?OffsetPoint@chPoint@@QAEXHH@Z
?OffsetPoint@chPointF@@QAEXNN@Z
?OffsetRect@@YA?AVchRect@@ABV1@HH@Z
?OffsetRect@chRect@@QAEAAV1@ABVchSize@@@Z
?OffsetRect@chRect@@QAEAAV1@HH@Z
?OpenDynamicModule@chDynamicModule@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OpenEventA@chEvent@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OpenEventA@chEvent_Socket@@QAEHXZ
?OpenFileTrace@chFileTrace@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
?OpenMapFile@chMapFile@@QAEPAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OpenMapFile@chMapFile@@QAEPAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?OpenMapFile@chMapFile_Local@@QAEPAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?OpenMapFileObject@?$ipcObjectFrame@VchSystemNamedObject@@VchMapFile_Local@@VchMutex_Local@@@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?OpenMapFileObject@?$ipcObjectFrame@VchSystemTracerManager@@VchMapFile_Local@@VchMutex_Local@@@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?OpenMutexA@chMutex@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OpenMutexA@chMutex_Local@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OpenPath@chPathWalker@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OpenShareObject@?$ipcObjectFrame@VchSystemNamedObject@@VchMapFile_Local@@VchMutex_Local@@@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?OpenShareObject@?$ipcObjectFrame@VchSystemTracerManager@@VchMapFile_Local@@VchMutex_Local@@@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?ParseDocument@chXmlDocument@@SA?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PtInRect@chRect@@QBEHABVchPoint@@@Z
?ReadFileName@chPathWalker@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ReadShareMemoryString@uCTraceHelper@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Receive@chEthernetSocket@@QAE_NPAX0PAGAAV?$vector@EV?$allocator@E@std@@@std@@H@Z
?Receive@chSocketTCP@@QAEHPAXHH@Z
?ReceiveFrom@chSocketUDP@@QAEHAAV?$vector@EV?$allocator@E@std@@@std@@PAVchSocketAddr@@H@Z
?ReceiveOnePacket@chSocketPacketTCP@@QAE_NAAV?$vector@EV?$allocator@E@std@@@std@@H@Z
?ReceiveStream@chSocketTCP@@QAEHAAV?$vector@EV?$allocator@E@std@@@std@@H@Z
?ReceiveToBuffer@chSocketTCP@@QAEHH@Z
?ReceiveToBuffer@chSocketUDP@@QAEHH@Z
?RedirectToConsole@uCTraceHelper@@QAEHXZ
?RedirectToFileTrace@uCTraceHelper@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
?RedirectToNull@uCTraceHelper@@QAEHXZ
?RedirectToShareMemory@uCTraceHelper@@QAEHXZ
?RemoveChildObject@chXmlObject@@QAEXABV1@@Z
?ReplaceApi4Module@apiHooker@@AAEXPAUHINSTANCE__@@PBDP6GHXZ2@Z
?ReplaceApi4Modules@apiHooker@@AAEXABVapiModules@@PBDP6GHXZ2@Z
?ResetEvent@chEvent@@QAEXXZ
?ResetEvent@chEvent_Socket@@QAEXXZ
?ResetSocket@chEvent_Socket@@AAEXXZ
?ResetTickTimer@chTickTimer@@QAEHXZ
?ResetTraceLevel@uCTraceHelper@@QAEHH@Z
?Resize@@YA?AVchRect@@ABV1@HH@Z
?Resize@chRect@@QAEAAV1@HH@Z
?ResizeHeight@@YA?AVchRect@@ABV1@H@Z
?ResizeHeight@chRect@@QAEAAV1@H@Z
?ResizeWidth@@YA?AVchRect@@ABV1@H@Z
?ResizeWidth@chRect@@QAEAAV1@H@Z
?SaveToFile@chXmlFile@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Send@chEthernetSocket@@QAE_NPBXG0H@Z
?Send@chSocketTCP@@QAE_NPBXH@Z
?SendEvent@chEvent_Socket@@QAEHH@Z
?SendOnePacket@chSocketPacketTCP@@QAE_NPBXH@Z
?SendTo@chSocketUDP@@QAE_NPBXHABVchSocketAddr@@@Z
?SetAttributeValue@chXmlAttributeObject@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?SetEmpty@chRect@@QAEAAV1@XZ
?SetEvent@chEvent@@QAEHXZ

Sections

.text
Size: - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a11a7ee529c26cbe2ce2fcd1b1d2bad2

Headers

DLL Characteristics

File Characteristics

Imports

dskfile

ylstl

kernel32

user32

msvcp140

shlwapi

ws2_32

dbghelp

netapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 190KB

.rdata Size: - Virtual size: 81KB

.data Size: - Virtual size: 36KB

.gfids Size: - Virtual size: 72B

.tls Size: - Virtual size: 9B

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 190KB

.rdata
Size: - Virtual size: 81KB

.data
Size: - Virtual size: 36KB

.gfids
Size: - Virtual size: 72B

.tls
Size: - Virtual size: 9B

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B