6533dde9ee3dd0482afa56afeda2a358_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6533dde9ee3dd0482afa56afeda2a358_JaffaCakes118
Size

821KB
MD5

6533dde9ee3dd0482afa56afeda2a358
SHA1

50723389c7603ccd828e2333ada33e1b72e24e24
SHA256

3ae9757722650d7947c840eddd1b1cc30e0fd92161d5519239fcd71bbd989680
SHA512

7ccf49d5bb67c7f885ba97860b5b3b6f6f48407f7238b9dbacb91ad60e10793e43ae21c40d7bb25540afa88c0ebf139743cdd0c80fc618e1a4153497c643741b
SSDEEP

12288:yAD9657MLOGuc511drykc2upq9lJLujqacL17muhorb7Vlh/JLvCypL8N:5A7MwWHc2upq9TLYa7muhylhxLaqm

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EXAMPLES/BEER/BEER.EXE
unpack001/EXAMPLES/DDRAW/DDRAW.EXE
unpack001/EXAMPLES/DIALOG/DIALOG.EXE
unpack001/EXAMPLES/DLL/ERRORMSG.DLL
unpack001/EXAMPLES/DLL/LASTERR.EXE
unpack001/EXAMPLES/HELLO/HELLO.EXE
unpack001/EXAMPLES/MINIPAD/MINIPAD.EXE
unpack001/EXAMPLES/OPENGL/OPENGL.EXE
unpack001/EXAMPLES/PEDEMO/PEDEMO.EXE
unpack001/EXAMPLES/TEMPLATE/TEMPLATE.EXE
unpack001/EXAMPLES/USECOM/USECOM.EXE
unpack001/EXAMPLES/WIN64/MANDEL/MANDEL.EXE
unpack001/EXAMPLES/WIN64/PE64DEMO/PE64DEMO.EXE
unpack001/EXAMPLES/WIN64/TEMPLATE/TEMPLATE.EXE
unpack001/EXAMPLES/WIN64/USECOM/USECOM.EXE
unpack001/FASM.EXE
unpack001/FASMW.EXE

Files

6533dde9ee3dd0482afa56afeda2a358_JaffaCakes118
.zip
EXAMPLES/BEER/BEER.ASM
EXAMPLES/BEER/BEER.EXE
.exe windows:1 windows x86 arch:x86

0749058ba700a3fa12632f1bd5ade924

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

winmm

mciSendStringA

Sections

.flat
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXAMPLES/DDRAW/DDRAW.ASM
EXAMPLES/DDRAW/DDRAW.EXE
.exe windows:1 windows x86 arch:x86

5ae27f9d700588c36445de1e0cd2446d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CreateFileA
ReadFile
CloseHandle
GetTickCount
ExitProcess

user32

RegisterClassA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
LoadIconA
SetCursor
MessageBoxA
PostQuitMessage
WaitMessage

ddraw

DirectDrawCreate

Sections

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 286KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EXAMPLES/DDRAW/DDRAW.GIF
EXAMPLES/DDRAW/DDRAW.INC
EXAMPLES/DDRAW/GIF87A.INC
EXAMPLES/DIALOG/DIALOG.ASM
EXAMPLES/DIALOG/DIALOG.EXE
.exe windows:1 windows x86 arch:x86

8aacc01df3ced48ca616041a310a5fdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess

user32

DialogBoxParamA
CheckRadioButton
GetDlgItemTextA
IsDlgButtonChecked
MessageBoxA
EndDialog

Sections

.data
Size: - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EXAMPLES/DLL/ERRORMSG.ASM
EXAMPLES/DLL/ERRORMSG.DLL
.dll windows:1 windows x86 arch:x86

fbeea5f767fc7565441ecfdbe059e072

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
FormatMessageA
LocalFree

user32

MessageBoxA

Exports

Exports

ShowErrorMessage
ShowLastError

Sections

.code
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
EXAMPLES/DLL/LASTERR.ASM
EXAMPLES/DLL/LASTERR.EXE
.exe windows:1 windows x86 arch:x86

42c1e01cdd3321f609cae3393f3c1d34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

errormsg

ShowLastError

Sections

.code
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXAMPLES/HELLO/HELLO.ASM
EXAMPLES/HELLO/HELLO.EXE
.exe windows:1 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXAMPLES/MINIPAD/MINIPAD.ASM
EXAMPLES/MINIPAD/MINIPAD.EXE
.exe windows:1 windows x86 arch:x86

91a660509a048aad39cb90911a24ff4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess

user32

RegisterClassA
CreateWindowExA
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
LoadCursorA
LoadIconA
LoadMenuA
GetClientRect
MoveWindow
SetFocus
MessageBoxA
PostQuitMessage

gdi32

CreateFontA
DeleteObject

Sections

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 1024B - Virtual size: 619B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EXAMPLES/MINIPAD/MINIPAD.ICO
EXAMPLES/MSCOFF/MSCOFF.ASM
EXAMPLES/MSCOFF/MSCOFF.OBJ
EXAMPLES/OPENGL/OPENGL.ASM
EXAMPLES/OPENGL/OPENGL.EXE
.exe windows:1 windows x86 arch:x86

89544af51849e232ee630961bf315f0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess

user32

RegisterClassA
CreateWindowExA
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
LoadIconA
GetClientRect
InvalidateRect
GetDC
ReleaseDC
PostQuitMessage

gdi32

ChoosePixelFormat
SetPixelFormat
SwapBuffers

opengl32

glBegin
glClear
glColor3f
glEnd
glRotatef
glVertex3f
glViewport
wglCreateContext
wglDeleteContext
wglMakeCurrent

Sections

.data
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 1024B - Virtual size: 843B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXAMPLES/OPENGL/OPENGL.INC
EXAMPLES/PEDEMO/PEDEMO.ASM
EXAMPLES/PEDEMO/PEDEMO.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EXAMPLES/TEMPLATE/TEMPLATE.ASM
EXAMPLES/TEMPLATE/TEMPLATE.EXE
.exe windows:1 windows x86 arch:x86

f606f2847ef294ac331bdf2fec9365fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleW

user32

CreateWindowExW
DefWindowProcW
DispatchMessageW
GetMessageW
LoadCursorW
LoadIconW
MessageBoxW
PostQuitMessage
RegisterClassW
TranslateMessage

Sections

.data
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 249B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 398B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXAMPLES/USECOM/USECOM.ASM
EXAMPLES/USECOM/USECOM.EXE
.exe windows:1 windows x86 arch:x86

e77ffa2679af0a443162e33a13c2a29c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess

user32

DialogBoxParamA
EndDialog

ole32

CoInitialize
CoCreateInstance

Sections

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 214B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EXAMPLES/WIN64/MANDEL/DDRAW64.INC
EXAMPLES/WIN64/MANDEL/MANDEL.ASM
EXAMPLES/WIN64/MANDEL/MANDEL.EXE
.exe windows:1 windows x64 arch:x64

3b884df888b6f704f8d513e0d7d08c30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetModuleHandleA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PeekMessageA
PostQuitMessage
RegisterClassExA
TranslateMessage
WaitMessage
wsprintfA

ddraw

DirectDrawCreate

Sections

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 580B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EXAMPLES/WIN64/PE64DEMO/PE64DEMO.ASM
EXAMPLES/WIN64/PE64DEMO/PE64DEMO.EXE
.exe windows:1 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.code
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXAMPLES/WIN64/TEMPLATE/TEMPLATE.ASM
EXAMPLES/WIN64/TEMPLATE/TEMPLATE.EXE
.exe windows:1 windows x64 arch:x64

e0a8c42e82f781c5e7e2b2d15cb86f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetModuleHandleA

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
TranslateMessage

Sections

.data
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 477B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXAMPLES/WIN64/USECOM/USECOM.ASM
EXAMPLES/WIN64/USECOM/USECOM.EXE
.exe windows:1 windows x64 arch:x64

e77ffa2679af0a443162e33a13c2a29c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
ExitProcess

user32

DialogBoxParamA
EndDialog

ole32

CoInitialize
CoCreateInstance

Sections

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 439B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FASM.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.flat
Size: 70KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 317B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FASM.PDF
.pdf
- http://015ags.Rulesfortheoperandsarethesameasfortheaddinstruction.bt
- http://015oatingpointvalues.pf
- http://134kernel32.inc
- http://134user32.inc
- http://134win1250.inc
- http://assemblergeneratestheoptimalformautomatically.mov
- http://debug.inc
- http://first.inc
- http://macros.inc
- http://onlylowwordsofeachdoublewordinsourceoperandareused.pf
- http://second.inc
- http://start.inc
- http://thenumbershouldbeinrangefrom0to255.Theinterruptserviceroutineterminateswithaniretinstructionthatreturnscontroltotheinstructionthatfollowsint.int
- http://theoperandshouldbegeneralregisterormemory.Seealso1.2.5forsomemoredetails.jmp
- http://win32a.inc
- Show all
FASMW.EXE
.exe windows:1 windows x86 arch:x86

cb18a13c471d1a66bd4c0fe1c474abd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetFullPathNameA
SetCurrentDirectoryA
CreateFileA
GetFileSize
ReadFile
WriteFile
SetFilePointer
CloseHandle
lstrcmpiA
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
VirtualAlloc
VirtualFree
CreateThread
SetThreadPriority
TerminateThread
ExitThread
GetExitCodeThread
WaitForSingleObject
CreateProcessA
GetEnvironmentVariableA
GetSystemTime
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
ExitProcess

user32

RegisterClassA
CreateCaret
ShowCaret
HideCaret
SetCaretPos
DestroyCaret
BeginPaint
EndPaint
GetDC
GetUpdateRect
ReleaseDC
DrawTextA
FillRect
InvalidateRect
GetKeyboardState
ToAscii
GetScrollInfo
SetScrollInfo
SetCapture
ReleaseCapture
GetCursorPos
ClientToScreen
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
LoadCursorA
LoadIconA
LoadBitmapA
LoadMenuA
EnableMenuItem
CheckMenuItem
GetSubMenu
TrackPopupMenu
LoadAcceleratorsA
IsClipboardFormatAvailable
CharUpperA
wsprintfA
wvsprintfA
MessageBoxA
WinHelpA
DialogBoxParamA
GetDlgItem
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageA
EndDialog
FindWindowA
SetForegroundWindow
CreateWindowExA
DestroyWindow
GetWindowLongA
SetWindowLongA
DefWindowProcA
GetClientRect
GetWindowRect
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
ShowWindow
EnableWindow
UpdateWindow
SetFocus
GetSystemMetrics
GetSysColor
SendMessageA
GetMessageA
TranslateAccelerator
TranslateMessage
DispatchMessageA
PostMessageA
PostQuitMessage

gdi32

SetBkColor
SetTextColor
CreateSolidBrush
CreateFontA
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
GetObjectA
DeleteObject

comctl32

CreateStatusWindowA
ImageList_Create
ImageList_Add
ImageList_Destroy

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseFontA
ChooseColorA

shell32

DragAcceptFiles
DragQueryFile
DragFinish
ShellExecuteA

Sections

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.udata
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.flat
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INCLUDE/API/ADVAPI32.INC
INCLUDE/API/COMCTL32.INC
INCLUDE/API/COMDLG32.INC
INCLUDE/API/GDI32.INC
INCLUDE/API/KERNEL32.INC
.vbs
INCLUDE/API/SHELL32.INC
INCLUDE/API/USER32.INC
INCLUDE/API/WSOCK32.INC
INCLUDE/ENCODING/UTF8.INC
INCLUDE/ENCODING/WIN1250.INC
.vbs
INCLUDE/ENCODING/WIN1251.INC
.vbs
INCLUDE/ENCODING/WIN1252.INC
.vbs
INCLUDE/ENCODING/WIN1253.INC
.vbs
INCLUDE/ENCODING/WIN1254.INC
.vbs
INCLUDE/ENCODING/WIN1255.INC
.vbs
INCLUDE/ENCODING/WIN1256.INC
.vbs
INCLUDE/ENCODING/WIN1257.INC
.vbs
INCLUDE/ENCODING/WIN1258.INC
.vbs
INCLUDE/ENCODING/WIN874.INC
.vbs
INCLUDE/EQUATES/COMCTL32.INC
INCLUDE/EQUATES/COMCTL64.INC
INCLUDE/EQUATES/COMDLG32.INC
INCLUDE/EQUATES/COMDLG64.INC
INCLUDE/EQUATES/GDI32.INC
INCLUDE/EQUATES/KERNEL32.INC
INCLUDE/EQUATES/KERNEL64.INC
INCLUDE/EQUATES/SHELL32.INC
INCLUDE/EQUATES/SHELL64.INC
INCLUDE/EQUATES/USER32.INC
INCLUDE/EQUATES/USER64.INC
INCLUDE/EQUATES/WSOCK32.INC
INCLUDE/MACRO/COM32.INC
.vbs
INCLUDE/MACRO/COM64.INC
INCLUDE/MACRO/EXPORT.INC
.vbs
INCLUDE/MACRO/IF.INC
.vbs
INCLUDE/MACRO/IMPORT32.INC
.vbs
INCLUDE/MACRO/IMPORT64.INC
.vbs
INCLUDE/MACRO/MASM.INC
INCLUDE/MACRO/PROC32.INC
.vbs
INCLUDE/MACRO/PROC64.INC
.vbs
INCLUDE/MACRO/RESOURCE.INC
.vbs
INCLUDE/MACRO/STRUCT.INC
.vbs
INCLUDE/PCOUNT/ADVAPI32.INC
INCLUDE/PCOUNT/COMCTL32.INC
INCLUDE/PCOUNT/COMDLG32.INC
INCLUDE/PCOUNT/GDI32.INC
INCLUDE/PCOUNT/KERNEL32.INC
INCLUDE/PCOUNT/SHELL32.INC
INCLUDE/PCOUNT/USER32.INC
INCLUDE/PCOUNT/WSOCK32.INC
INCLUDE/WIN32A.INC
INCLUDE/WIN32AX.INC
.vbs
INCLUDE/WIN32AXP.INC
.vbs
INCLUDE/WIN32W.INC
INCLUDE/WIN32WX.INC
.vbs
INCLUDE/WIN32WXP.INC
.vbs
INCLUDE/WIN64A.INC
INCLUDE/WIN64W.INC
LICENSE.TXT
SOURCE/ASSEMBLE.INC
SOURCE/DOS/FASM.ASM
SOURCE/DOS/MODES.INC
SOURCE/DOS/SYSTEM.INC
SOURCE/ERRORS.INC
SOURCE/EXPRESSI.INC
SOURCE/FORMATS.INC
SOURCE/IDE/BLOCKS.INC
SOURCE/IDE/EDIT.INC
SOURCE/IDE/FASMD/FASMD.ASM
SOURCE/IDE/FASMW/ASMEDIT.ASH
SOURCE/IDE/FASMW/ASMEDIT.INC
SOURCE/IDE/FASMW/FASM.INC
SOURCE/IDE/FASMW/FASMW.ASM
SOURCE/IDE/FASMW/RESOURCE/ASSIGN.BMP
SOURCE/IDE/FASMW/RESOURCE/FASMW.ICO
SOURCE/IDE/MEMORY.INC
SOURCE/IDE/NAVIGATE.INC
SOURCE/IDE/SEARCH.INC
SOURCE/IDE/UNDO.INC
SOURCE/IDE/VARIABLE.INC
SOURCE/LIBC/FASM.ASM
SOURCE/LIBC/SYSTEM.INC
SOURCE/LINUX/FASM.ASM
SOURCE/LINUX/SYSTEM.INC
SOURCE/PARSER.INC
SOURCE/PREPROCE.INC
SOURCE/TABLES.INC
SOURCE/VARIABLE.INC
SOURCE/VERSION.INC
SOURCE/WIN32/FASM.ASM
SOURCE/WIN32/SYSTEM.INC
SOURCE/X86_64.INC
WHATSNEW.TXT
.vbs

Sharing

General

Malware Config

Signatures

Files

0749058ba700a3fa12632f1bd5ade924

Headers

File Characteristics

Imports

kernel32

user32

winmm

Sections

.flat Size: 512B - Virtual size: 408B

5ae27f9d700588c36445de1e0cd2446d

Headers

File Characteristics

Imports

kernel32

user32

ddraw

Sections

.data Size: 512B - Virtual size: 140B

.bss Size: - Virtual size: 286KB

.code Size: 2KB - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 642B

8aacc01df3ced48ca616041a310a5fdb

Headers

File Characteristics

Imports

kernel32

user32

Sections

.data Size: - Virtual size: 324B

.code Size: 512B - Virtual size: 370B

.idata Size: 512B - Virtual size: 304B

.rsrc Size: 1024B - Virtual size: 696B

fbeea5f767fc7565441ecfdbe059e072

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 95B

.idata Size: 512B - Virtual size: 194B

.edata Size: 512B - Virtual size: 104B

.reloc Size: 512B - Virtual size: 16B

42c1e01cdd3321f609cae3393f3c1d34

Headers

File Characteristics

Imports

kernel32

errormsg

Sections

.code Size: 512B - Virtual size: 16B

.idata Size: 512B - Virtual size: 150B

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 512B - Virtual size: 72B

.idata Size: 512B - Virtual size: 146B

91a660509a048aad39cb90911a24ff4d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.data Size: 512B - Virtual size: 204B

.code Size: 1024B - Virtual size: 619B

.idata Size: 1024B - Virtual size: 592B

.rsrc Size: 2KB - Virtual size: 1KB

.flat
Size: 512B - Virtual size: 408B

.data
Size: 512B - Virtual size: 140B

.bss
Size: - Virtual size: 286KB

.code
Size: 2KB - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 642B

.data
Size: - Virtual size: 324B

.code
Size: 512B - Virtual size: 370B

.idata
Size: 512B - Virtual size: 304B

.rsrc
Size: 1024B - Virtual size: 696B

.code
Size: 512B - Virtual size: 95B

.idata
Size: 512B - Virtual size: 194B

.edata
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 16B

.code
Size: 512B - Virtual size: 16B

.idata
Size: 512B - Virtual size: 150B

.text
Size: 512B - Virtual size: 72B

.idata
Size: 512B - Virtual size: 146B

.data
Size: 512B - Virtual size: 204B

.code
Size: 1024B - Virtual size: 619B

.idata
Size: 1024B - Virtual size: 592B

.rsrc
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 172B

.code
Size: 1024B - Virtual size: 843B

.idata
Size: 1024B - Virtual size: 836B

.code
Size: 512B - Virtual size: 28B

.data
Size: 512B - Virtual size: 36B

.idata
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 16B

.data
Size: 512B - Virtual size: 166B

.code
Size: 512B - Virtual size: 249B

.idata
Size: 512B - Virtual size: 398B

.data
Size: 512B - Virtual size: 36B

.code
Size: 512B - Virtual size: 214B

.idata
Size: 512B - Virtual size: 288B

.rsrc
Size: 512B - Virtual size: 292B

.data
Size: 512B - Virtual size: 200B

.bss
Size: 512B - Virtual size: 580B

.code
Size: 2KB - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 716B

.code
Size: 512B - Virtual size: 45B

.data
Size: 512B - Virtual size: 36B

.idata
Size: 512B - Virtual size: 144B

.data
Size: 512B - Virtual size: 173B

.code
Size: 512B - Virtual size: 477B