68baae0975bd545195b20ccd4fbc782f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68baae0975bd545195b20ccd4fbc782f_JaffaCakes118
Size

18.2MB
MD5

68baae0975bd545195b20ccd4fbc782f
SHA1

c3e4d2d76359458c5a5cc2f8ebb9d460279c442e
SHA256

261d00d826bdea12f7f6956ae71cd7b2fb09d6a00424506522c673e60abbeccc
SHA512

6032834dc05ea48574758d0e75280c9caadd5ea4dd89681aba43910274b6a00e2a88ba54dbbc95d3ad6870668324c7f573a94475c78da4320b77b6fad80cbbfb
SSDEEP

393216:yILVEryoZrcSRkCTb4Rl0x1ZEtJK5ZqFBZn8Gb:yILyr3oSRkWgQ1o8gnZnj

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CustomPath1/AddOnPack.exe
unpack001/TargetDir/CTNet.exe
unpack001/TargetDir/CTSUSDKu.dll
unpack001/TargetDir/Client/CTMTBSvc.dll
unpack001/TargetDir/Client/HookWnd.dll
unpack001/TargetDir/Client/ScsInstall.exe
unpack001/TargetDir/Toolbox.exe

Files

68baae0975bd545195b20ccd4fbc782f_JaffaCakes118
.cab
CustomPath1/AddOnPack.exe
.exe windows:4 windows x86 arch:x86

e09a63881401ee998f528580198edb32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
ExitProcess

advapi32

RegCreateKeyA

gdi32

CreateCompatibleDC

user32

MessageBoxA

version

GetFileVersionInfoA

shell32

SHBrowseForFolderA

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

stxt774
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

stxt371
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TargetDir/CTNet.exe
.exe windows:4 windows x86 arch:x86

38e49ce5493b0d28dfd792605d86ed82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateThread
SetEndOfFile
CreateFileA
GetTempPathA
Sleep
GetProcAddress
LoadLibraryA
GetLastError
UnmapViewOfFile
CloseHandle
MapViewOfFile
OpenFileMappingA
CreateMutexA
ReleaseMutex
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
DeleteFileA
InterlockedDecrement
InterlockedIncrement
RaiseException
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
HeapValidate
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
GetModuleFileNameA
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
GetFileAttributesA
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetFilePointer
FlushFileBuffers
HeapAlloc
HeapReAlloc
VirtualAlloc
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
ReadFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange

rpcrt4

UuidCreate

user32

wsprintfA
GetDesktopWindow

shell32

ShellExecuteA

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TargetDir/CTSUAppu.exe
.exe windows:4 windows x86 arch:x86

84a50470620446b85fbb397eefc4daa1

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:d4:3f:59:9e:d3:73:7f:8d:4c:fe:d6:ed:ed:14:6f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

02/08/2006, 00:00

Not After

25/08/2008, 23:59

Subject

CN=Creative Technology Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Creative Technology Ltd,L=Singapore,ST=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fd:08:e0:39:9c:49:ab:70:db:0e:33:f4:8c:4d:40:01:53:09:ee:d0
Signer

Actual PE Digest

fd:08:e0:39:9c:49:ab:70:db:0e:33:f4:8c:4d:40:01:53:09:ee:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord6372
ord3744
ord5059
ord1720
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord825
ord4270
ord1230
ord755
ord470
ord5214
ord3658
ord800
ord617
ord861
ord540
ord296
ord535
ord538
ord858
ord4273
ord6655
ord2756
ord2810
ord823
ord6589
ord6642
ord6583
ord6798
ord6848
ord6814
ord6846
ord6823
ord6850
ord6858
ord6838
ord6805
ord6830
ord6837
ord6849
ord6807
ord6806
ord6803
ord6836
ord6847
ord6826
ord4583
ord4582
ord4893
ord4364
ord4886
ord6808
ord5070
ord4334
ord4714
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord5277
ord3743
ord1718
ord6683
ord4426
ord6475
ord6510
ord6791
ord4341
ord2371
ord5256
ord3000
ord2127
ord6799
ord942
ord2047
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord6193
ord6375
ord6195
ord1143
ord6796
ord6113
ord4155
ord5208
ord2613
ord1131
ord824
ord5431
ord1676
ord1666
ord2620
ord5976
ord2633
ord4117
ord6210
ord6192
ord4293
ord5944
ord3083
ord3866
ord3869
ord3868
ord6194
ord4281
ord4278
ord3132
ord3791
ord5715
ord6088
ord3519
ord4027
ord6091
ord4030
ord2541
ord2425
ord3348
ord3574
ord426
ord726
ord826
ord2717
ord6445
ord2719
ord6466
ord2722
ord2721
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord674
ord366
ord4451
ord5248
ord5977
ord4421
ord5024
ord1569
ord2640
ord4435
ord4831
ord3793
ord4347
ord6370
ord5157
ord2377
ord4401
ord1768
ord4073
ord4269
ord6051
ord1165

msvcrt

__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_XcptFilter
__CxxFrameHandler
_wtol
_wcsicoll
_wcsicmp
__p__commode
exit
_exit
wcscmp

kernel32

GetStartupInfoW
GetModuleHandleW
CompareStringW
GetLocaleInfoW

user32

LoadIconW
GetClientRect
EnableWindow
GetWindowRect
UpdateWindow
SendMessageW
GetSystemMetrics

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

oleaut32

VariantInit
SysAllocString

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TargetDir/CTSUSDKu.dll
.dll windows:4 windows x86 arch:x86

81bd80fd6620dc78b672b301b9de70f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetLocaleInfoW
CloseHandle
GetLastError
GetFileAttributesW
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

shlwapi

PathRemoveFileSpecW

Exports

Exports

CTCheckClientExist
CTCheckUpdateForSingleApp

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TargetDir/Client/CTMTBSvc.dll
.dll windows:4 windows x86 arch:x86

3546f294cb62e13e7fcfbe57249b492d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

CreateServiceA
CloseServiceHandle
RegDeleteValueA
RegEnumValueA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
ControlService
QueryServiceConfigA
ChangeServiceConfigA
DeleteService
StartServiceA
SetServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
GetAclInformation
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
RegCreateKeyExA
RegSetValueExA

kernel32

DeviceIoControl
CloseHandle
CreateFileA
GetLastError
GetShortPathNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
lstrcmpiA
Sleep
CopyFileA
SetFileAttributesA
DeleteFileA
GetTempFileNameA
MoveFileExA
GetWindowsDirectoryA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
ReadFile
SetFilePointer
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetDriveTypeA
GetLogicalDrives
FindClose
FindNextFileA
FindFirstFileA
lstrlenA
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
CallNamedPipeA
LocalFree
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExA
GetSystemDirectoryA
SetEndOfFile
CreateMutexA
WaitForSingleObject
ReleaseMutex
RtlUnwind
RaiseException
GetCurrentDirectoryA
GetFullPathNameA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers

user32

EndDialog
SetTimer
GetDlgItem
SetWindowTextA
DialogBoxParamA
KillTimer

Exports

Exports

CdaSysGetCurrentBranding
CdaSysGetLastError
CdaSysGetTrackedErrors
CdaSysInstall
CdaSysInstallByShell
CdaSysInstallEx
CdaSysInstallExAdv
CdaSysInstallForProduct
CdaSysInstallForProductEx
CdaSysLicenseUninstall
CdaSysLicenseUninstallType
CdaSysModifyConfig
CdaSysModifyServiceDescription
CdaSysQueryInstalledProducts
CdaSysUnInstall
CdaSysUnInstallLicense
CdaSysUninstallExAdv
CdaSysUninstallForProduct
CdaSysUninstallLicenseType
UninstInitialize
UninstUnInitialize

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TargetDir/Client/CTSWS.bff
TargetDir/Client/HookWnd.dll
.dll windows:4 windows x86 arch:x86

a4222482e8f00424addc565ee53a8b73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord567
ord818
ord4275
ord6379
ord2152
ord1233
ord2864
ord6442
ord5981
ord6215
ord2575
ord4396
ord3402
ord3574
ord609
ord6320
ord6377
ord6242
ord3873
ord4123
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2642
ord6880
ord6741
ord6508
ord3610
ord656
ord2580
ord4400
ord3630
ord682
ord2582
ord4402
ord3370
ord3640
ord693
ord4243
ord6696
ord686
ord2408
ord2096
ord2862
ord384
ord3293
ord640
ord1640
ord2859
ord323
ord6675
ord3754
ord6762
ord3698
ord765
ord6734
ord3742
ord790
ord3719
ord793
ord3721
ord795
ord3394
ord2587
ord4406
ord3729
ord804
ord4267
ord4271
ord6605
ord3092
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord6467
ord809
ord2122
ord556
ord6380
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord1116
ord269
ord4424
ord5290
ord1776
ord6055
ord823
ord6374
ord6453
ord2645
ord2379
ord470
ord755
ord6197
ord1168
ord4234
ord825
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord5163
ord2385
ord5241
ord4407
ord4078
ord3716

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
strtod
__CxxFrameHandler
memset
free
memcpy
malloc
floor
ceil
fabs
cos
sin
_ftol
strlen
atoi
strcpy
fread
fwrite
fseek
calloc
fopen
fclose
realloc
ftell
sprintf
sscanf
_mbsrchr
atan2
abs
strcat
_mbsicmp
_mbscmp
memmove
memcmp
_stricmp
_mbsnbcpy
_mbschr
_splitpath
_setjmp3
longjmp
vsprintf
exit
getenv
abort
_CIpow
strncpy
fprintf
_iob
strchr

kernel32

LocalAlloc
LocalFree
OutputDebugStringA
GetPrivateProfileStringA
GetLocalTime
WriteFile
DeleteFileA
GetTempFileNameA
GetTempPathA
GetPrivateProfileIntA
GetModuleFileNameA
Sleep
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceA
GetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
ReadFile
CreateFileA
GetFileSize
SetFilePointer

user32

GetClassNameA
GetWindow
DrawEdge
GetWindowDC
GetFocus
ValidateRect
IsZoomed
GetDlgItem
LoadStringA
ChildWindowFromPoint
GetSystemMetrics
SetWindowRgn
WindowFromPoint
GetNextDlgGroupItem
SetCursor
GetWindowRgn
GetIconInfo
OffsetRect
DrawFocusRect
GetClientRect
SetWindowLongA
GetSysColor
SetCapture
PeekMessageA
TranslateMessage
DispatchMessageA
ReleaseCapture
BeginPaint
EndPaint
ClientToScreen
GetParent
ScreenToClient
PostMessageA
GetCursorPos
PtInRect
SendMessageA
DefWindowProcA
LoadCursorA
RegisterClassExA
RegisterWindowMessageA
LoadImageA
LoadCursorFromFileA
DrawTextA
IsWindow
GetWindowLongA
IsWindowVisible
SetWindowPos
DrawIconEx
CopyRect
EnableWindow
InvalidateRect
UpdateWindow
KillTimer
GetWindowRect
GetDC
ReleaseDC
SetTimer
EnumChildWindows

gdi32

Rectangle
CreateCompatibleBitmap
GetDIBits
StretchBlt
CreateDIBSection
CreateRoundRectRgn
OffsetRgn
CreateFontIndirectA
SelectClipRgn
GetObjectA
GetTextExtentPoint32A
GetStockObject
CreateSolidBrush
SetTextColor
SetBkMode
SetBkColor
BitBlt
CreateRectRgn
CombineRgn
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreatePen

comctl32

ImageList_GetImageInfo
ImageList_Draw

Exports

Exports

CallHookWnd

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TargetDir/Client/ScsInstall.exe
.exe windows:4 windows x86 arch:x86

26ffe1241c062d8c1d31628e9b75c288

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryA
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetLastError
FlushFileBuffers
SetFilePointer
SetStdHandle
CloseHandle

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TargetDir/Toolbox.bmp
TargetDir/Toolbox.exe
.exe windows:4 windows x86 arch:x86

e7943ba6dab77f1d3bba449c2481351a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
ExitProcess

advapi32

RegCreateKeyA

gdi32

CreateCompatibleDC

user32

MessageBoxA

version

GetFileVersionInfoA

iphlpapi

GetAdaptersInfo

shlwapi

PathGetDriveNumberA

mfc42u

ord2977

msvcrt

_controlfp

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize

oleaut32

GetErrorInfo

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

stxt774
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

stxt371
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TargetDir/Toolbox.swf
TargetDir/Toolbox48.bmp
TargetDir/Toolbox_48.bmp

Sharing

General

Malware Config

Signatures

Files

e09a63881401ee998f528580198edb32

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

version

shell32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 12KB - Virtual size: 9KB

stxt774 Size: 12KB - Virtual size: 8KB

stxt371 Size: 16KB - Virtual size: 12KB

38e49ce5493b0d28dfd792605d86ed82

Headers

File Characteristics

Imports

kernel32

rpcrt4

user32

shell32

Sections

.text Size: 192KB - Virtual size: 189KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 1008B

84a50470620446b85fbb397eefc4daa1

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

05:d4:3f:59:9e:d3:73:7f:8d:4c:fe:d6:ed:ed:14:6fCertificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

fd:08:e0:39:9c:49:ab:70:db:0e:33:f4:8c:4d:40:01:53:09:ee:d0Signer

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 72KB - Virtual size: 70KB

81bd80fd6620dc78b672b301b9de70f5

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 12KB - Virtual size: 9KB

stxt774
Size: 12KB - Virtual size: 8KB

stxt371
Size: 16KB - Virtual size: 12KB

.text
Size: 192KB - Virtual size: 189KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 1008B

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

05:d4:3f:59:9e:d3:73:7f:8d:4c:fe:d6:ed:ed:14:6f
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

fd:08:e0:39:9c:49:ab:70:db:0e:33:f4:8c:4d:40:01:53:09:ee:d0
Signer

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 72KB - Virtual size: 70KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 14KB - Virtual size: 21KB

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 16KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 488KB - Virtual size: 486KB

stxt774
Size: 12KB - Virtual size: 8KB

stxt371
Size: 16KB - Virtual size: 13KB