69fbc6a70b315d827c524bea4b899c44_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

69fbc6a70b315d827c524bea4b899c44_JaffaCakes118
Size

574KB
MD5

69fbc6a70b315d827c524bea4b899c44
SHA1

38ea7bae684864714599fb0d1e7f702967c5a35a
SHA256

fb07fb7cb7b15ecb86920b74be2ec2b955ae356b464baa7415a7f257b0c02e98
SHA512

9ad9c936bf869c30b2b0ecda4f362dbc43647ab6c9c0a8ed6a7ce12e7c42e6281340d93262a01c9ceb55765c05ea6ee043104ce9f178e3185c1fed3f18efa043
SSDEEP

12288:6OB1TEjQo/2aEZLGr78fkQ9CKn0yF8SjKzYiLX05yIp4qrh8djKQru:6OvTMQoOvQ8fkGlRGLo4u8d/u

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Backdoor.MSIL.Tyupkin.a.ViR
unpack001/Backdoor.MSIL.Tyupkin.c.ViR
unpack001/Backdoor.Win32.Tyupkin.c2.ViR
unpack001/Backdoor.Win32.Tyupkin.d.ViR
unpack001/Backdoor.Win32.Tyupkin.h.exe.ViR

Files

69fbc6a70b315d827c524bea4b899c44_JaffaCakes118
.zip

Password: infected
Backdoor.MSIL.Tyupkin.a.ViR
.exe windows:4 windows x86 arch:x86

d7215245c5a8122001563a492aaf79f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

rand
printf
_strdup
exit
wcstombs
mbstowcs
remove
wprintf
_cexit
_amsg_exit
__FrameUnwindFilter
srand
_time64
_localtime64
_invalid_parameter_noinfo
__CxxUnregisterExceptionObject
__CxxQueryExceptionSize
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
_CxxThrowException
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??2@YAPAXI@Z
memmove_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??_U@YAPAXI@Z
?what@exception@std@@UBEPBDXZ

msvcp80

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?good@ios_base@std@@QBE_NXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?width@ios_base@std@@QAEHH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ

kernel32

LoadLibraryW
GetProcAddress
FreeLibrary
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetFileAttributesW
GetLastError
Sleep
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle

user32

SetFocus
GetActiveWindow
GetSystemMetrics
ShowWindow

msxfs

WFSCancelBlockingCall
WFSStartUp
WFSExecute
WFSIsBlocking
WFSFreeResult
WFSGetInfo
WFSClose
WFSCleanUp
WFSOpen

shell32

ShellExecuteW
SHGetFolderPathW

advapi32

RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

msvcm80

?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?_beginthreadex@@YAIPAXIP6MI0@Z0IPAI@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Backdoor.MSIL.Tyupkin.c.ViR
.exe windows:4 windows x86 arch:x86

8c88f3b40d30af1bb7b9ff30f1d44842

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

rand
printf
_strdup
exit
wcstombs
mbstowcs
remove
wprintf
_cexit
_amsg_exit
__FrameUnwindFilter
srand
_time64
_localtime64
_invalid_parameter_noinfo
__CxxUnregisterExceptionObject
__CxxQueryExceptionSize
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
_CxxThrowException
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memmove_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ

msvcp80

?length@?$char_traits@D@std@@SAIPBD@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?width@ios_base@std@@QAEHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
SetFileAttributesW
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW

user32

SetFocus
GetActiveWindow
GetSystemMetrics
ShowWindow

msxfs

WFSStartUp
WFSExecute
WFSIsBlocking
WFSFreeResult
WFSGetInfo
WFSClose
WFSCleanUp
WFSOpen

shell32

ShellExecuteW
SHGetFolderPathW

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

msvcm80

?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?_beginthreadex@@YAIPAXIP6MI0@Z0IPAI@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Backdoor.Win32.Tyupkin.c2.ViR
.exe windows:4 windows x86 arch:x86

645cd3b2a1d49725ff0dac84a894f57a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_strdup
exit
wcstombs
mbstowcs
remove
wprintf
_cexit
_amsg_exit
__FrameUnwindFilter
printf
rand
srand
_time64
_localtime64
_invalid_parameter_noinfo
__CxxUnregisterExceptionObject
__CxxQueryExceptionSize
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
_CxxThrowException
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??2@YAPAXI@Z
memmove_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??_U@YAPAXI@Z
?what@exception@std@@UBEPBDXZ

msvcp80

?length@?$char_traits@D@std@@SAIPBD@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?good@ios_base@std@@QBE_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?width@ios_base@std@@QAEHH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?uncaught_exception@std@@YA_NXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
SetFileAttributesW
Sleep
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryW

user32

SetFocus
GetActiveWindow
GetSystemMetrics
ShowWindow

msxfs

WFSCancelBlockingCall
WFSStartUp
WFSExecute
WFSIsBlocking
WFSFreeResult
WFSGetInfo
WFSClose
WFSCleanUp
WFSOpen

shell32

ShellExecuteW
SHGetFolderPathW

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

msvcm80

?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?_beginthreadex@@YAIPAXIP6MI0@Z0IPAI@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Backdoor.Win32.Tyupkin.d.ViR
.exe windows:4 windows x86 arch:x86

552bc4b754816adec0ce8079c17dd7cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LCMapStringW
LCMapStringA
ReadFile
GetStringTypeW
CreateFileA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CloseHandle
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
CopyFileW
SetFileAttributesW
Sleep
GetCurrentProcess
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LoadLibraryA
InterlockedExchange
GetModuleFileNameA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
WideCharToMultiByte
DeleteFileA
MultiByteToWideChar
GetModuleHandleA
ExitProcess
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RaiseException
InterlockedIncrement
InterlockedDecrement
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetTimeZoneInformation
HeapSize
GetCPInfo
GetACP
GetOEMCP
WriteFile

user32

GetDesktopWindow
GetWindowRect
ShowWindow
SetWindowTextW
ReleaseDC
DispatchMessageW
TranslateMessage
GetMessageW
GetDC
UpdateWindow
CreateWindowExW
MessageBoxW
RegisterClassExW
LoadCursorW
LoadIconW
DefWindowProcW
PostQuitMessage
EndPaint
BeginPaint
DestroyWindow
SendMessageW
SystemParametersInfoW
wsprintfW

gdi32

SetTextColor
SetBkColor
CreateFontIndirectW
CreateSolidBrush

shell32

SHGetFolderPathW
ShellExecuteW

msxfs

WFSClose
WFSCleanUp
WFSGetInfo
WFSExecute
WFSOpen
WFSStartUp
WFSFreeResult

advapi32

RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Backdoor.Win32.Tyupkin.h.exe.ViR
.exe windows:4 windows x86 arch:x86

dce35d5cbbd93b3804f789439733cd0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

srand
rand
printf
_strdup
exit
wcstombs
mbstowcs
remove
wprintf
_cexit
_amsg_exit
__FrameUnwindFilter
_time64
_localtime64
_invalid_parameter_noinfo
__CxxUnregisterExceptionObject
__CxxQueryExceptionSize
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
_CxxThrowException
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
memmove_s
?what@exception@std@@UBEPBDXZ

msvcp80

?length@?$char_traits@D@std@@SAIPBD@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?width@ios_base@std@@QAEHH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
SetFileAttributesW
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW

user32

SetFocus
ExitWindowsEx
ShowWindow
GetSystemMetrics
GetActiveWindow

msxfs

WFSOpen
WFSStartUp
WFSExecute
WFSFreeResult
WFSGetInfo
WFSCleanUp
WFSClose
WFSIsBlocking

shell32

SHGetFolderPathW
ShellExecuteW

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

msvcm80

?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?_beginthreadex@@YAIPAXIP6MI0@Z0IPAI@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDK320.msi
.msi

Sharing

General

Malware Config

Signatures

Files

Password: infected

d7215245c5a8122001563a492aaf79f6

Headers

File Characteristics

Imports

msvcr80

msvcp80

kernel32

user32

msxfs

shell32

advapi32

ole32

msvcm80

mscoree

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

8c88f3b40d30af1bb7b9ff30f1d44842

Headers

File Characteristics

Imports

msvcr80

msvcp80

kernel32

user32

msxfs

shell32

advapi32

ole32

msvcm80

mscoree

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

645cd3b2a1d49725ff0dac84a894f57a

Headers

File Characteristics

Imports

msvcr80

msvcp80

kernel32

user32

msxfs

shell32

advapi32

ole32

msvcm80

mscoree

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

552bc4b754816adec0ce8079c17dd7cf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msxfs

advapi32

ole32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 28KB - Virtual size: 26KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB