5e5662fa3ad9b7541c73f13fe08f7a60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e5662fa3ad9b7541c73f13fe08f7a60_JaffaCakes118
Size

591KB
MD5

5e5662fa3ad9b7541c73f13fe08f7a60
SHA1

d583270683de5b23b6b03ed9657c4efa5bea090a
SHA256

ff8b9f9528f707a310c97a2e5602cd1bbd49079391a9f4731817c366a1f98cdd
SHA512

eb7fb2e0fbc5b1aec34a105316fc3f3227fb23548d3b72e0a19b7bd2edb06c8854d8971d90da27a49e65e97921c326fe1f4b858fd0749116aad3acce3272fb0c
SSDEEP

12288:Z0g/ACJ+qkuF35fG6edHIKXRFrSsGapUTJXfCqxnbyxC2C9qdQPVd:2iACJvkqodoKjrz4qiGrdOd

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
5e5662fa3ad9b7541c73f13fe08f7a60_JaffaCakes118
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/NotifyIcon.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/__6b4773839d4148c6b6caeb38a007846d.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisunz.dll

Files

5e5662fa3ad9b7541c73f13fe08f7a60_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NotifyIcon.dll
.dll windows:5 windows x86 arch:x86

78155e3314922676e9dbf9f4fff8568c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcpynW

user32

ShowWindow
OpenIcon
KillTimer
IsIconic
CallWindowProcW
wsprintfW
GetDlgItem
FindWindowExW
GetWindowLongW
SetTimer
LoadImageW
SendMessageW
SetWindowLongW

shell32

Shell_NotifyIconW

Exports

Exports

Icon

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/__6b4773839d4148c6b6caeb38a007846d.dll
.dll windows:5 windows x86 arch:x86

3eb961e5a963375ed944db5f7dcbadb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
LoadLibraryW
MultiByteToWideChar
lstrlenW
GetSystemDefaultUILanguage
SystemTimeToFileTime
GetTickCount
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateProcessA
CreateDirectoryA
SetCurrentDirectoryA
GetLastError
CopyFileA
EnterCriticalSection
CreateMutexA
GetCurrentDirectoryA
ReleaseMutex
GetSystemTime
DeleteFileA
SetFilePointer
CreateDirectoryW
SetFileTime
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
WriteConsoleW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
CreateFileA
GetFullPathNameA
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
InterlockedDecrement
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
ExitProcess
GetModuleHandleW
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
SetHandleCount
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
FindFirstFileExA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
InterlockedExchange
VirtualQuery
DecodePointer
EncodePointer
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
SleepEx
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
VerSetConditionMask
InterlockedIncrement
CloseHandle
WaitForSingleObject
GetUserDefaultUILanguage
Sleep
IsValidCodePage
VerifyVersionInfoA
FormatMessageA
GetUserDefaultLangID
SetLastError

user32

CallWindowProcW
IsCharAlphaW
SetTimer
SendMessageW
CreateWindowExW
SetWindowPos
SetParent
KillTimer
wsprintfW
BringWindowToTop
UpdateWindow
GetWindowRect
GetMessageW
TranslateMessage
MessageBoxA
MapWindowPoints
MoveWindow
ShowWindow
SetWindowLongW
GetParent
DestroyWindow
DefWindowProcW
GetWindowLongW
RegisterClassExW
GetClientRect
GetPropW
SetPropW
LoadCursorW
RemovePropW
SetCursor
DispatchMessageW
SetFocus

ws2_32

WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
send

wldap32

ord30
ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord26
ord50
ord60
ord143
ord211
ord22
ord46

normaliz

IdnToAscii

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

Exports

Exports

__05a972612ebe4249af04ebe13755b8ee
__0ac7a9a3bce2467fb6bcebb157f702eb
__0b7ca1760e144dd6a396655a2868204e
__0be862c01b9648ea8dfa7732b082157b
__1099b75bee5b4c5986087eb792fab340
__1852cc0c59a841b393c810c84f90a75e
__18e7513103a94ad7b207bdfa54cf3280
__1a5a02e618ec4fdfb238ef44c7692e58
__1e287ab3823541af988f81458da571a4
__1ed7045db2fe41648ede65d207918116
__230a2c4798ae42e880e5b0b814e7c8d3
__2455101fe35f4ab5a7ccc492f4e4bbc9
__25b2efbc50aa4a80baea53293436ce92
__25fa3ad8b88a45e0b24dc82e398d152f
__2e7edfe418f8497380b543978b0ce12a
__2f447df817b04597bf956b8bf7721803
__2f5d33770181445aab65b18c4fc4a9af
__34c74f2ab0d44e80a373473d8558e8f3
__3801bca0a7614614b027c4262a7b65b1
__3afb5abbbc1a404998b99396ae8f7780
__3b12749f89b746dbaa6d5ad44ed2e550
__3b58b717918344e5af223a7a6b13a01c
__3cbff8d42f7e4566ba10410859f0f2b3
__3d01195d15984759b463b88c8b21ad32
__3df4b6b4135549a997b0df7f005e0468
__407c20ca62f9434290860da3b165630f
__463d6fa092504492a63ef6bdd163c0b0
__4a552902090342438ab1cd2e8a3fd054
__4e04a36288df45adadbaeb2df94f1634
__4ef8f1a3a1d841b884837814a5856d56
__4f4ca5ec3f694464b566713417ad6603
__5063d24659f84cee8674509df2630d52
__50746770eeb1439aa590dedf4b2b3757
__51040bc7c65e469c980ee878c3cab4bd
__522dc21e407345a2a58d16271105b2c1
__53c0c52d678840a39f89030135cbf226
__5409790732ad47b484210ce3be738251
__5504e3aa6c9147dca67fd297d7e8915b
__555d1ebf0d73468ba417e1cd73b9a348
__5a43bc0844844c6abb917554e9cb42da
__5fd0ce5eead14b1c890c5512603791c5
__616524fcb3da479fba80159a469dfe0a
__63a152a11e4c4ab695a49f0fcf555b15
__6823a44ee0214604b7640716ddd4fda8
__69ee7eceb33040faa97ee1621055be79
__69fa578578c848979e2e65e19a983c0e
__6d00ca1b727247e1990df876904a3fe1
__6ed51c94baac45e1931da4b6f991e880
__77d04cdf5d8d458fb31ac4f5d73bb004
__7c7c66b0a9ee4ef78a1062cd5b7765ef
__7d0f7e7d745d4e9baac03fb173cc9b9e
__7e18aa42e0824b2abdf7378f1af2294c
__7f606075ca524ae0bef1749b67c30005
__83bc9a2a8a6b489d8521df514b9721b8
__84f23d33652d442bad70a553f380814e
__8590d513f82745bb9fe09b1cacddba8d
__87ac647ad08e4965bae1b7192ae8d0e4
__89ce4b2a80a34b4cab9991ec950062f5
__89ffcbecf1ee46f4b8754fc28b05a5a6
__8aca13ab17694ae5a087e92ffaaf65ba
__8b06fcf233254e84a4b7935e81af4565
__95991343fdae43f7aca4ac627fbcf9c9
__9683ea35018143fd909fa77459fea088
__97b83a0e8f4542f7b0b16834e1eabcc7
__9aaf0bc32676472989201815f40df569
__a11a239ebf17438799212ec3466ccd2e
__a1513b3d96da4e588072ca7cce3a2e23
__a174d5ebb60847c8b4a6fb055418c57f
__a6bbf44f834540c9afa71c4686427b5d
__a9b9e966097b43acb86bf1a683e2448c
__ad3d0389103e49e79591209e95ec2f44
__b094fe844e444a0a872f8fd690219579
__b2ad9ec1c15f4900a60203e7842b8d3c
__b37bc4abbad9416fa05a84c4d1fbab64
__b49ad3235f024bbf8beef4012cad7af1
__b76b2af6057445af9f3a83422024e9fc
__b882ef5f562d497ba653a35433073d40
__ba19b30d520d40af823347b21c40d03e
__beefe552eac6483bb016e5098a3b081c
__c158ac7ac6e6472682a720d777c66209
__c1b2f36d954444c5a61f08b53b3ae774
__c51cee357d8a46518c2dc893b077a731
__c584cc481ec04c3cb9c8453f9bfb0d4d
__c7b8e93099494c599412c6a7af14995d
__c84fbcb763254db192febab061a8edab
__c8d6f602309841e9a7c31f61fc533caa
__c9ad9fa437924ab8b9026b480514324b
__ce52f647171f42ebb1e61986c5e74773
__d0806c8597534499a625d7d6ec6ee550
__d5957890fa0f4c13a132febf473c5750
__d644041f15c74f779fdda6b7c124c579
__d69371ab0001416a830b129f599721bb
__d6f87c8a127445858bcc2fb7dfc5be0f
__d7386a4dd6764355ab6362f29c767511
__dd5ec00d67f442b2a455241f51d45ec7
__e130ff71ab1f46c58de3a39e251ab374
__e45dcfa86599497ebd5d0549044fcce9
__ea4fc1a9ccee499f9fd5b5315f303a9a
__ea9b56d3bdd6479496aae06369f1ef91
__eb39c9d8e4754ef4a3c98d7dfaabf7d0
__ed59886015ee4f52a4bc3a2be192025a
__f1350ccda5cc41f6a0aed98a394706f4
__f4bf69c67a24407f91150770d22cd96c
__f6e9053a22ad46e3be213e521c4dedc3
__f8b9efdeef044c41a255da71b91d64f2
__f8bfcfc041614c079cff5236f9d5f674
__ffd1c5be27fd4c68a80dee0ef794d122

Sections

.text
Size: 658KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

86cdacc6fa5e3ff4938d358350751516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcstol
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
wcsstr
wcschr
memset
_chkesp

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
CreateFileW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
GetFileSize
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
DestroyWindow
KillTimer
UpdateWindow
RedrawWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpAddRequestHeadersW
HttpOpenRequestW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:5 windows x86 arch:x86

1b37562e8104552588ae892e11fcdff2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
lstrcpyW
GetVersion
lstrlenW
lstrcatW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
lstrcmpiW
lstrcmpW
GlobalFree
GlobalAlloc
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
SetEndOfFile
GetProcessHeap
GetLocaleInfoA

user32

MessageBoxW
CharPrevW
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
GetDlgItem
SendMessageW
wsprintfW

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 3.6MB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 729B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 350B

78155e3314922676e9dbf9f4fff8568c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 774B

.data Size: - Virtual size: 72B

.reloc Size: 1024B - Virtual size: 516B

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

3eb961e5a963375ed944db5f7dcbadb5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

wldap32

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 3.6MB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 350B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 774B

.data
Size: - Virtual size: 72B

.reloc
Size: 1024B - Virtual size: 516B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 658KB - Virtual size: 657KB

.rdata
Size: 157KB - Virtual size: 156KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 42KB - Virtual size: 41KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB