639d36dd040e5918ccfb0229624dd3e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

639d36dd040e5918ccfb0229624dd3e6_JaffaCakes118
Size

2.3MB
MD5

639d36dd040e5918ccfb0229624dd3e6
SHA1

66925757cb8b197d0a5d89ed9d47c26502660389
SHA256

e9b0a763db6885234fd8b83fb7ce91113e60f2d19eb1d43590229279cc9ebcec
SHA512

7bbecbe242f2c9b831983125ea510cd7407a2612bf500a21a8496516029437ec008be5345aeb4aad65ea02bb7616a0a2949c20278a31691f82480db13688febb
SSDEEP

49152:eF/6KMXW7W2UMGm7YcYEFXNu1h4tdrwaCbJ11BHpZgB4ZYD8rui2:kFMXWJU8Ts1hOdrwaoJ5vgCYD072

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
639d36dd040e5918ccfb0229624dd3e6_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$TEMP/xmlUpdater.exe
unpack001/SciLexer.dll
unpack001/notepad++.exe
unpack001/nppcm.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

639d36dd040e5918ccfb0229624dd3e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

d23fbd09100caad5e10f17163f511668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GetACP

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/config.model.xml
.xml
$TEMP/configModel.xml
.xml
$TEMP/langs.model.xml
.js .xml polyglot
$TEMP/langsModel.xml
.xml
$TEMP/stylers.model.xml
.xml
$TEMP/stylesGlobalModel.xml
.xml
$TEMP/stylesLexerModel.xml
.xml
$TEMP/xmlUpdater.exe
.exe windows:4 windows x86 arch:x86

933ababfdb1840a76f6a03ad7da5f793

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CreateMutexA
ExitProcess
FindAtomA
GetAtomNameA
GetLastError
InterlockedIncrement
ReleaseMutex
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
WaitForSingleObject

msvcrt

_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_fileno
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
atof
atoi
fclose
fgets
fopen
fprintf
fputs
free
fseek
ftell
malloc
memset
printf
signal
sprintf
sscanf
strcmp
strcpy
strlen
strncmp
tolower

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LINEDRAW.TTF
SciLexer.dll
.dll windows:4 windows x86 arch:x86

edfd6c8cfc18d2241b424b66121fcc9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
GetLastError
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
ExitProcess
HeapAlloc
HeapFree
GetVersion
GetCommandLineA
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
VirtualFree
VirtualAlloc
SetFilePointer
GetStringTypeA
GetStringTypeW
RtlUnwind
GetOEMCP
SetStdHandle
FlushFileBuffers
CloseHandle
GlobalFree
GlobalAlloc
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalUnlock
IsValidCodePage
GetCPInfo
GetTickCount
GetLocaleInfoA
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetACP
IsDBCSLeadByteEx
MulDiv
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
WideCharToMultiByte

user32

HideCaret
DestroyCaret
CreateCaret
ShowCaret
RegisterClassExW
EmptyClipboard
SetClipboardData
SystemParametersInfoA
AppendMenuA
OpenClipboard
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
GetScrollInfo
CharUpperA
CharUpperW
CharLowerA
FillRect
FrameRect
DestroyWindow
SetScrollInfo
SetCaretPos
ScrollWindow
UpdateWindow
SetTimer
KillTimer
IsChild
GetDlgCtrlID
ScreenToClient
ClientToScreen
IsWindowUnicode
GetMessageTime
SetFocus
MsgWaitForMultipleObjects
PostMessageA
GetKeyboardLayout
GetUpdateRgn
RegisterClipboardFormatA
RegisterClassExA
GetKeyState
GetDoubleClickTime
TrackPopupMenu
DestroyMenu
CreatePopupMenu
UnregisterClassA
SetWindowLongA
ReleaseCapture
CallWindowProcA
GetParent
BeginPaint
EndPaint
DefWindowProcA
SetCapture
GetCursorPos
AdjustWindowRectEx
GetSysColor
InflateRect
DrawTextW
DrawTextA
DrawFocusRect
GetDC
ReleaseDC
GetSystemMetrics
CreateWindowExA
MapWindowPoints
LoadCursorA
SetCursor
SendMessageA
InvalidateRect
ShowWindow
GetClientRect
GetWindowLongA
SetWindowPos
GetWindowRect

gdi32

CreateFontIndirectA
GetTextExtentPoint32W
BitBlt
Ellipse
CreateDIBSection
RoundRect
CreatePatternBrush
SetBkColor
ExtTextOutA
Rectangle
Polygon
LineTo
MoveToEx
GetDeviceCaps
GetNearestColor
CreateSolidBrush
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
SetTextAlign
SelectObject
SelectPalette
DeleteDC
CreatePalette
DeleteObject
GetTextExtentPoint32A
SetTextColor
SetBkMode
GetTextExtentExPointA
GetTextExtentExPointW
GetTextMetricsA
RealizePalette
IntersectClipRect
GetObjectA
GetStockObject
CreateRectRgn
TranslateCharsetInfo
CombineRgn
CreateBitmap
ExtTextOutW

ole32

DoDragDrop
RevokeDragDrop
OleUninitialize
OleInitialize
RegisterDragDrop

imm32

ImmNotifyIME
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmGetContext
ImmSetCompositionFontA
ImmReleaseContext

Exports

Exports

_Scintilla_DirectFunction@16

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arabic.xml
.xml
brazilian_portuguese.xml
.xml
bulgarian.xml
.xml
catalan.xml
.xml
change.log
chinese.xml
.xml
chineseSimplified.xml
.xml
config.model.xml
.xml
contextMenu.xml
croatian.xml
.xml
czech.xml
.xml
danish.xml
.xml
dutch.xml
.xml
farsi.xml
.xml
finnish.xml
.xml
french.xml
.xml
german.xml
.xml
greek.xml
.xml
hebrew.xml
.xml
hungarian.xml
.xml
indonesian.xml
.xml
italian.xml
.xml
japanese.xml
.xml
korean.xml
.xml
langs.model.xml
.js .xml polyglot
langs.xml
.js .xml polyglot
license.txt
lithuanian.xml
.xml
norwegian.xml
.xml
notepad++.exe
.exe windows:4 windows x86 arch:x86

9b26f0db07cf937e74b05e155902788a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Don\source\notepad++\PowerEditor\bin\npp.pdb

Imports

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_SetIconSize
ord17
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_Draw

shlwapi

PathIsRelativeW
PathCompactPathExW
PathIsDirectoryW
PathAppendW
PathRemoveExtensionW
PathMatchSpecW
PathAddExtensionW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

shell32

DragFinish
Shell_NotifyIconW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
DragQueryFileW
DragQueryPoint

kernel32

TerminateThread
CreateThread
lstrcpynW
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetVersionExW
ExpandEnvironmentStringsW
LoadLibraryW
GetTimeFormatW
GetDateFormatW
GetLocalTime
MulDiv
WaitForMultipleObjects
WaitForSingleObject
OpenEventW
SetEvent
GetExitCodeProcess
ReadFile
PeekNamedPipe
Sleep
ResumeThread
CloseHandle
CreateEventW
CreateProcessW
CreatePipe
GetOEMCP
GetACP
SizeofResource
LockResource
LoadResource
FindResourceW
LocalLock
LocalAlloc
GetTempPathW
CreateMutexW
SetLastError
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
HeapReAlloc
VirtualAlloc
FindFirstFileW
HeapCreate
HeapDestroy
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
ExitProcess
HeapSize
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentDirectoryA
IsValidCodePage
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
FindNextFileW
FindClose
CopyFileW
GlobalSize
CreateDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalUnlock
FreeLibrary
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentThreadId
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetLastError
FormatMessageW
LocalFree
GetFileAttributesW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLongPathNameW
lstrcmpiW
DeleteFileW
lstrcpyW
lstrlenW
GetModuleFileNameW
lstrcatW
lstrcmpW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoA
GetUserDefaultLCID
SetEnvironmentVariableA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateFileW
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
VirtualFree

user32

RegisterWindowMessageW
IsWindow
CreateCursor
ScrollWindow
SetScrollInfo
SetMenuItemInfoW
InsertMenuItemW
LoadStringW
LoadMenuW
IsDialogMessageA
IsDialogMessageW
TranslateAcceleratorW
GetMessageA
GetMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetKeyState
PeekMessageW
RealChildWindowFromPoint
IsIconic
IsZoomed
ModifyMenuW
GetSubMenu
DrawMenuBar
IsClipboardFormatAvailable
GetClipboardData
EndDialog
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow
SetWindowPlacement
DialogBoxIndirectParamW
GetMenuStringW
CheckMenuRadioItem
GetMenuState
DestroyCursor
CheckMenuItem
EnableMenuItem
DestroyAcceleratorTable
DialogBoxParamW
RemoveMenu
DestroyIcon
mouse_event
WindowFromPoint
PtInRect
SetDlgItemInt
MapWindowPoints
LoadImageW
CreatePopupMenu
InsertMenuW
DestroyMenu
TrackPopupMenu
GetWindowTextW
SetCapture
GetActiveWindow
IsChild
GetDlgCtrlID
AppendMenuW
DragDetect
GetCapture
CreateDialogIndirectParamW
RegisterClassExW
SetParent
RedrawWindow
GetCursorPos
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowTextW
LoadBitmapW
CallNextHookEx
ScreenToClient
GetDlgItemTextW
ReleaseCapture
FindWindowW
CreateAcceleratorTableW
SetDlgItemTextW
MessageBoxW
GetDlgItemInt
CreateDialogParamW
DrawFocusRect
FillRect
FrameRect
SendDlgItemMessageW
SetWindowLongW
GetWindowLongW
GetSysColor
InflateRect
ClientToScreen
CallWindowProcW
SetWindowPos
IsWindowVisible
GetWindowRect
ShowWindow
RegisterClassW
BeginPaint
EndPaint
GetFocus
PostMessageW
LoadCursorW
SetCursor
DestroyWindow
CreateCaret
DestroyCaret
GetSystemMetrics
GetWindowPlacement
MoveWindow
CreateWindowExW
SetFocus
GetScrollPos
GetScrollRange
UpdateWindow
DefWindowProcW
DrawFrameControl
GetMenu
ShowCaret
MessageBeep
DrawTextW
SetCaretPos
HideCaret
GetParent
ShowScrollBar
SetScrollRange
InvalidateRect
SetScrollPos
GetKeyboardState
ToAscii
wsprintfW
GetDC
DrawEdge
DrawTextExW
ReleaseDC
GetClientRect
LoadIconW
DrawIcon
GetDlgItem
SendMessageW
EnableWindow
IsWindowUnicode
SetWindowLongA
CallWindowProcA
CharUpperW
CharLowerW
TranslateMessage
DispatchMessageW
CreateMenu
GetMenuItemID
SystemParametersInfoW
DeleteMenu
GetMenuItemCount
PostQuitMessage
GetClassNameW
SetMenu

gdi32

CreateFontW
GetTextMetricsW
CreateHatchBrush
LineTo
MoveToEx
RestoreDC
DeleteDC
BitBlt
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
SetTextColor
SetWindowOrgEx
OffsetWindowOrgEx
PatBlt
SetBrushOrgEx
CreatePatternBrush
CreateBitmap
GetTextExtentPointW
RemoveFontResourceW
EnumFontFamiliesExW
AddFontResourceW
EndDoc
EndPage
ExtTextOutW
SetTextAlign
SetBkColor
StartPage
StartDocW
DPtoLP
GetDeviceCaps
CreateFontIndirectW
GetPixel
CreateSolidBrush
GetTextExtentPoint32W
GetROP2
SetROP2
GetStockObject
CreatePen
Rectangle
DeleteObject
SetBkMode
SaveDC
SelectObject

comdlg32

ChooseColorW
GetOpenFileNameW
PrintDlgW
GetSaveFileNameW

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 700KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nppcm.dll
.dll regsvr32 windows:4 windows x64 arch:x64

dfd44a768addb0ec62a76e7c670dfc33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\Programming\Projects\NPP\Plugin\NppCM\build_x64\NppCM.pdb

Imports

shell32

SHGetMalloc
DragQueryFileW

shlwapi

StrRChrW

kernel32

GetModuleFileNameW
lstrlenW
lstrcatW
lstrcpyW
CreateProcessW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
SearchPathW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
TerminateProcess
Sleep
GetCurrentProcess

user32

wsprintfW
InsertMenuW
SetMenuItemBitmaps
MessageBoxW
LoadBitmapW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

msvcr80

_malloc_crt
_initterm
memset
_encoded_null
free
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_encode_pointer
_initterm_e

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
polish.xml
.xml
portuguese.xml
.xml
readme.txt
romanian.xml
.xml
russian.xml
.xml
shortcuts.xml
slovak.xml
.xml
slovenian.xml
.xml
spanish.xml
.xml
stylers.model.xml
.xml
swedish.xml
.xml
turkish.xml
.xml
ukrainian.xml
.xml

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 34KB - Virtual size: 33KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

d23fbd09100caad5e10f17163f511668

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 290B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 741B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 34KB - Virtual size: 33KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 290B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 657B

.data
Size: 512B - Virtual size: 85B

.reloc
Size: 512B - Virtual size: 154B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 386B

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 16KB

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 328KB - Virtual size: 328KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 17KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 700KB - Virtual size: 696KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 24KB - Virtual size: 93KB

.rsrc
Size: 308KB - Virtual size: 307KB