665293fb4f635ea307028cd429b85352_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

665293fb4f635ea307028cd429b85352_JaffaCakes118
Size

906KB
MD5

665293fb4f635ea307028cd429b85352
SHA1

606508be4d3bbbcea2a0f839a1ce836191e26025
SHA256

a51ea9e28b5c10ac4dad4f5a29670409182ebef940a0859677097977dad2a0ce
SHA512

18bfadcc71eb1704d9fbe44d3e21c605f8de077a55f018e30e63bcf9f5ac08228816dff3dd2a1edb9041adec198ee1c4d233e86fb517b5d1ee2beb78ac7e9fcf
SSDEEP

24576:NesQDT9HDzdrr7yvbA5YefwQ5ggQeXc2JNdWuwebs:UsQDTdDWGL4Q5W2JnWuwebs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/C:/bsh/EVZS/genqr.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack008/out.upx	autoit_exe

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
665293fb4f635ea307028cd429b85352_JaffaCakes118
unpack001/C:/bsh/EVZS/genqr.exe
unpack008/out.upx
unpack001/C:/bsh/EVZS/quricol32.dll
unpack001/C:/bsh/EVZS/wsystem5/UNZIP32.EXE
unpack001/C:/bsh/EVZS/wsystem5/ZIP32.EXE
unpack001/C:/bsh/EVZS/wsystem5/aescrypt.exe
unpack001/C:/bsh/EVZS/wsystem5/blat.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

665293fb4f635ea307028cd429b85352_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
C:/bsh/EVZS/EVMS2PP.CRT
C:/bsh/EVZS/EVZS.crt
C:/bsh/EVZS/EVZSMNU.crt
C:/bsh/EVZS/EVZSY4.crt
C:/bsh/EVZS/OPRAVA.crt
C:/bsh/EVZS/TT49991.crt
C:/bsh/EVZS/UTZZ.crt
C:/bsh/EVZS/fr3/qrtt91n2.fr3
.gz
1.fr3
.xml
C:/bsh/EVZS/fr3/y4n1.fr3
.gz
1.fr3
.xml
C:/bsh/EVZS/fr3/zzn1.fr3
.gz
1.fr3
.xml
C:/bsh/EVZS/fr3/zzn2.fr3
.gz
1.fr3
.xml
C:/bsh/EVZS/fr3/zzn3.fr3
.gz
1.fr3
.xml
C:/bsh/EVZS/fr3/zzn4.fr3
.gz
1.fr3
.xml
C:/bsh/EVZS/genqr.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 345KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/bsh/EVZS/quricol32.dll
.dll windows:5 windows x86 arch:x86

f44ea95867dfd4a725b69e9377af75fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Development\quricol\Win32\Release\quricol32.pdb

Imports

kernel32

GlobalFree
LocalFree
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
lstrlenA
WriteFile
CreateFileW
GlobalAlloc
ExitProcess
LocalAlloc
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
Sleep
GetProcAddress
RtlUnwind
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
RaiseException
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
SetStdHandle
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile
CreateFileA

user32

GetDC
ReleaseDC

gdi32

DeleteObject
GetDIBits
GetObjectW
CreateDIBSection

Exports

Exports

DestroyBuffer
GenerateBMPA
GenerateBMPW
GeneratePNGA
GeneratePNGW
GetHBitmapA
GetHBitmapW
GetPNGA
GetPNGW

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/bsh/EVZS/upgrade.txt
C:/bsh/EVZS/wsystem5/UNZIP32.EXE
.exe windows:4 windows x86 arch:x86

87541b013cd772185d6fccf8af96da30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
GetLastError
CreateFileA
GetCurrentProcess
GetVersion
SetEndOfFile
SetFilePointer
SetFileTime
SetFileAttributesA
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetFullPathNameA
FindFirstFileA
HeapFree
FindClose
SetVolumeLabelA
GetLocaleInfoA
GetConsoleScreenBufferInfo
GetStdHandle
GetFileAttributesA
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
SetConsoleMode
GetConsoleMode
GetCurrentDirectoryA
SetEnvironmentVariableW
CreateDirectoryA
CreateMutexA
InterlockedExchange
CloseHandle
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
lstrlenA
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
lstrcmpiA
GetVolumeInformationA
GetDriveTypeA
FindNextFileA
MultiByteToWideChar
ExitProcess
TerminateProcess
GetTimeZoneInformation
GetSystemTime
SetConsoleCtrlHandler
SetStdHandle
GetFileType
HeapReAlloc
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
SetHandleCount
GetStartupInfoA
FlushFileBuffers
WriteFile
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
LoadLibraryA
GetLocaleInfoW
DeleteFileA

user32

OemToCharA
CharToOemA

advapi32

GetSecurityDescriptorControl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
C:/bsh/EVZS/wsystem5/ZIP32.EXE
.exe windows:4 windows x86 arch:x86

3ce955144fa0e1bc01921705b0874af4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
InterlockedExchange
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
CreateFileA
GetCurrentProcess
EnterCriticalSection
FindClose
FindFirstFileA
GetVersion
GetFileType
GetFileTime
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
SetConsoleMode
GetConsoleMode
FindNextFileA
LeaveCriticalSection
lstrcmpiA
GetVolumeInformationA
GetDriveTypeA
GetFileAttributesA
lstrcpynA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MultiByteToWideChar
ExitProcess
TerminateProcess
MoveFileA
SetStdHandle
HeapReAlloc
SetConsoleCtrlHandler
GetCommandLineA
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
WriteFile
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WideCharToMultiByte
FlushFileBuffers
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetEndOfFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetCurrentProcessId
DeleteFileA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileInformationByHandle
PeekNamedPipe
RemoveDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableW
GetExitCodeProcess
CreateProcessA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorLength
GetKernelObjectSecurity
OpenProcessToken

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
C:/bsh/EVZS/wsystem5/aescrypt.exe
.exe windows:5 windows x86 arch:x86

a7e4e0adbe41c592e0329c5ab16bd8f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb

Imports

kernel32

GetLastError
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetCommandLineW
HeapSetInformation
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
FindNextFileW
FindFirstFileExW
FindClose
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
SetHandleCount
GetStdHandle
GetStartupInfoW
DeleteCriticalSection
HeapFree
FlushFileBuffers
RtlUnwind
MultiByteToWideChar
ReadFile
CloseHandle
CreateFileW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
HeapAlloc
HeapReAlloc
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
HeapSize
LCMapStringW
GetStringTypeW
SetEndOfFile
GetProcessHeap

advapi32

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/bsh/EVZS/wsystem5/blat.exe
.exe windows:4 windows x86 arch:x86

e0430138f400efe220878b0cbf1db846

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
WSAStartup
gethostname
closesocket
send
select
recv
htons
getservbyname
ioctlsocket
gethostbyname
socket
setsockopt
connect
WSAGetLastError
inet_ntoa
getsockopt
ntohl
htonl

kernel32

SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
WriteFile
ReadFile
GetStdHandle
CloseHandle
GetLastError
CreateFileW
GetVersionExW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
GetVersion
GetFileType
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
lstrcmpiW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetComputerNameW
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetSystemTime
WideCharToMultiByte
HeapReAlloc
RaiseException
HeapSize
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStartupInfoA
FlushFileBuffers
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetCPInfo
LoadLibraryA
GetStringTypeA

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 3KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 596KB

UPX1 Size: 345KB - Virtual size: 348KB

.rsrc Size: 80KB - Virtual size: 84KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 28KB - Virtual size: 28KB

f44ea95867dfd4a725b69e9377af75fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

87541b013cd772185d6fccf8af96da30

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 88KB

3ce955144fa0e1bc01921705b0874af4

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 28KB - Virtual size: 333KB

a7e4e0adbe41c592e0329c5ab16bd8f4

Headers

DLL Characteristics

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 3KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 596KB

UPX1
Size: 345KB - Virtual size: 348KB

.rsrc
Size: 80KB - Virtual size: 84KB

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 88KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 28KB - Virtual size: 333KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 81KB

.rsrc
Size: 4KB - Virtual size: 1KB