6a19fabf1d8a937394a323b89a5e163b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a19fabf1d8a937394a323b89a5e163b_JaffaCakes118
Size

487KB
MD5

6a19fabf1d8a937394a323b89a5e163b
SHA1

03a219b73315e19fdced8ff7958ca217a73c2780
SHA256

a54e2a6b72a07afb589609d5ef297660c872a70675a7b60f83c467f55c0983f5
SHA512

5f75e4b3d55c251025beffba64d753e9ed6df1a15881b199ff4689d4f7bcab575674a2a06a060873cf539a6503c95efa690f35c969f8267de6ac52b221c27bbb
SSDEEP

12288:DGpqUHpfQ2DDnUrMl1vL3pQS9QQYaWfLIjVaaAYxe:Ih5QmTUrMl1T3GSmQYPEjIHYU

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dssock32.ocx
unpack001/Tabctl32.ocx
unpack001/aenima.exe
unpack001/chk4upg.exe
unpack001/comctl32.ocx
unpack001/comdlg32.ocx
unpack001/smtpc.exe
unpack001/testserv.exe

Files

6a19fabf1d8a937394a323b89a5e163b_JaffaCakes118
.zip
Dssock32.ocx
.dll regsvr32 windows:1 windows x86 arch:x86

64a007cb191c82c7ea9c238ab3095f90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSASetLastError
send
setsockopt
sendto
accept
recvfrom
recv
WSAIsBlocking
WSACancelBlockingCall
inet_ntoa
WSACleanup
WSAStartup
getsockname
listen
socket
bind
connect
closesocket
getservbyname
ntohs
htons
ioctlsocket
gethostbyaddr
WSAAsyncSelect
gethostname
gethostbyname
WSAGetLastError
inet_addr

mfcans32

ord79
ord107
ord110
ord78

oc30

ord2800
ord2948
ord2033
ord1521
ord1538
ord1684
ord512
ord1760
ord866
ord873
ord1429
ord1060
ord1427
ord2128
ord2127
ord2194
ord2121
ord2274
ord2069
ord2051
ord2090
ord2310
ord2283
ord2286
ord2289
ord2119
ord2146
ord2330
ord2125
ord2118
ord1968
ord2201
ord2120
ord2115
ord2114
ord2356
ord2083
ord1977
ord1972
ord2171
ord2173
ord2170
ord1995
ord2096
ord2323
ord1176
ord1566
ord2064
ord1858
ord1994
ord2416
ord1138
ord2953
ord2442
ord1743
ord2234
ord2013
ord2958
ord1720
ord963
ord1164
ord1052
ord1511
ord361
ord1516
ord2108
ord2708
ord643
ord681
ord698
ord1803
ord563
ord503
ord1631
ord1661
ord1678
ord659
ord2630
ord1062
ord927
ord830
ord921
ord521
ord2477
ord2461
ord2474
ord2479
ord1200
ord1298
ord2312
ord2296
ord605
ord1187
ord459
ord2425
ord2539
ord939
ord2794
ord2910
ord418
ord1137
ord2216
ord1152
ord650
ord396
ord340
ord1530
ord2949
ord868
ord2077
ord2135
ord2237
ord2324
ord1979
ord2246
ord2318
ord2159
ord2954
ord2437
ord2011
ord1522
ord2109
ord2005
ord652
ord513
ord1100
ord1118
ord1103
ord1115
ord1129
ord1121
ord1089
ord1135
ord1109
ord1110
ord1116
ord1131
ord1105
ord1378
ord1336
ord1892
ord1498
ord1404
ord590
ord437
ord823
ord822
ord329
ord2765
ord2545
ord1305
ord2645
ord247
ord839
ord902
ord468
ord849
ord901
ord371
ord846
ord403
ord434
ord394
ord1470
ord2768
ord875
ord874
ord877
ord838
ord869
ord2946
ord580
ord689
ord2004
ord2106
ord1563
ord1457
ord1512
ord2029
ord1510
ord2647
ord2440
ord2154
ord2453
ord2449
ord1535
ord1145
ord2458
ord1859
ord2397
ord803
ord1792
ord2656
ord1185
ord1208
ord2040
ord2957
ord2030

msvcrt20

malloc
_initterm
??2@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z
_adjust_fdiv
__dllonexit
free
_onexit

kernel32

TlsSetValue
LocalAlloc
LocalFree
lstrcmpA
Sleep
TlsFree
TlsGetValue
GlobalFree
GlobalAlloc
TlsAlloc
GetModuleFileNameA
GlobalUnlock
GlobalLock
GetVersion

user32

GetDlgItem
SetWindowPos
PostMessageA
LoadBitmapA
wsprintfA
SendMessageA
ShowWindow

gdi32

DeleteObject
GetObjectA

oleaut32

SysAllocStringByteLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 464B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMPORTANT.txt
Tabctl32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

91dd387f15b154094f6d8ea3f46faf8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc40

ord3346
ord3340
ord2694
ord3580
ord4096
ord3345
ord3906
ord3202
ord651
ord403
ord1043
ord1071
ord1035
ord1084
ord2135
ord1464
ord4973
ord881
ord3827
ord4154
ord4113
ord5023
ord1873
ord4314
ord4375
ord5001
ord3611
ord4133
ord4132
ord4230
ord4124
ord4360
ord4024
ord3997
ord4070
ord4441
ord4380
ord4385
ord4390
ord4156
ord4473
ord4127
ord4060
ord3854
ord3840
ord4202
ord4204
ord4201
ord3892
ord4079
ord4459
ord3898
ord4432
ord2177
ord2963
ord4015
ord5363
ord3578
ord1540
ord3890
ord4657
ord2086
ord4608
ord5643
ord3837
ord3314
ord4296
ord3922
ord2323
ord1785
ord5649
ord3268
ord4510
ord1494
ord2140
ord1850
ord4691
ord2618
ord2755
ord2844
ord3946
ord2851
ord2621
ord2695
ord3581
ord4098
ord5160
ord632
ord2312
ord3452
ord381
ord3838
ord1394
ord569
ord2106
ord1425
ord314
ord481
ord4737
ord4735
ord4739
ord2223
ord2378
ord4403
ord4649
ord2199
ord4685
ord570
ord4677
ord4444
ord4262
ord4268
ord3320
ord2696
ord4435
ord4123
ord4241
ord5296
ord4198
ord2081
ord4448
ord2620
ord2916
ord4498
ord4219
ord4223
ord5648
ord3963
ord2234
ord2197
ord5070
ord3431
ord965
ord4627
ord2097
ord2909
ord4713
ord4715
ord2389
ord3579
ord4165
ord4719
ord4703
ord5053
ord3458
ord2845
ord2960
ord3192
ord721
ord504
ord5630
ord1075
ord1085
ord375
ord5568
ord3620
ord2595
ord5748
ord2894
ord5638
ord1073
ord4999
ord4141
ord4302
ord4462
ord4681
ord3859
ord4312
ord4450
ord5360
ord1539
ord5644
ord4700
ord3919
ord2861
ord4099
ord3907
ord654
ord406
ord1986
ord5405
ord2004
ord2064
ord1989
ord2007
ord1975
ord2072
ord1995
ord3080
ord5273
ord5139
ord4176
ord2707
ord626
ord4953
ord883
ord3804
ord4741
ord760
ord4723
ord4931
ord5647
ord4694
ord4101
ord3134
ord315
ord3724
ord3786
ord4173
ord3630
ord3784
ord421
ord1647
ord3714
ord5370
ord3656
ord3028
ord615
ord362
ord810
ord4952
ord3684
ord5550
ord978
ord979
ord665
ord731
ord3335
ord2510
ord2317
ord483
ord2557
ord1786
ord1387
ord5389
ord1456
ord3049
ord3523
ord2795
ord1097
ord762
ord3098
ord5241
ord2635
ord1366
ord3945
ord2860
ord2744
ord2617
ord2843
ord2754
ord2358
ord3952
ord5637
ord265
ord2176
ord3738
ord5200
ord1633
ord2548
ord2801
ord2792
ord5299
ord4206
ord5301
ord3524
ord5352
ord5461
ord2451
ord4961
ord1400
ord3010
ord5341
ord957
ord2434
ord1395
ord3530
ord5560
ord763
ord836
ord486
ord974
ord485
ord4742
ord4740
ord706
ord4736
ord5121
ord4724
ord1426
ord3110
ord2115
ord3158
ord426
ord3185
ord729
ord1882
ord1875
ord1881
ord3844
ord1868
ord4111
ord4110
ord4046
ord671
ord733
ord711
ord1370
ord988
ord269
ord1367
ord1046
ord5681
ord1042
ord1369
ord328
ord999
ord1000
ord1105

msvcrt40

__CxxFrameHandler
_mbslen
_itoa
memmove
_mbsncpy
_mbsicmp
modf
wcslen
_ftol
mbstowcs
wcstombs
_mbsrev
_EH_prolog
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

MulDiv
lstrlenA
Sleep
LoadResource
LockResource
FindResourceA
GetPrivateProfileStringA
GetModuleFileNameA
SizeofResource
lstrcpyA
lstrcmpiA
lstrcmpA
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
LocalAlloc
GlobalReAlloc
LocalUnlock
LocalFree
LocalLock
GetVersion

user32

CharNextA
ScreenToClient
GetSystemMetrics
GetSysColor
EnableWindow
InvalidateRect
IsWindow
SetWindowPos
GetClientRect
ClientToScreen
PtInRect
FillRect
GetWindowRect
DrawTextA
ReleaseDC
GetDC
EqualRect
LockWindowUpdate
MessageBoxA
MessageBeep
CharUpperA
SendMessageA
GetCursorPos
DestroyCursor
SetCursor
LoadCursorA
CreateAcceleratorTableA
GetFocus
GetParent
GetDlgItem
MoveWindow
GetClassNameA
DrawIcon
GetKeyState
ShowWindow
WinHelpA
IntersectRect
SetWindowTextA
SetRectEmpty
GetWindowDC
wsprintfA
CallWindowProcA
SetWindowLongA
DrawFocusRect
UpdateWindow
GrayStringA
CopyRect
OffsetRect

gdi32

DeleteObject
SetBkMode
SetTextColor
SelectObject
RealizePalette
SelectPalette
SetBkColor
TextOutA
CreatePen
CreateRectRgn
LineTo
MoveToEx
GetTextColor
DeleteDC
SetTextAlign
GetTextExtentPoint32A
GetCharWidthA
GetCurrentPositionEx
GetStockObject
CreateCompatibleDC
GetObjectA
CreateFontIndirectA
BitBlt
StretchBlt
GetOutlineTextMetricsA
PlayMetaFile
SetViewportOrgEx
RestoreDC
SetMapMode
SaveDC
SetViewportExtEx
CreateSolidBrush
StretchDIBits
IntersectClipRect
GetPaletteEntries
GetSystemPaletteEntries
CreateBitmap
CombineRgn
OffsetRgn
FrameRgn
FillRgn
SetBrushOrgEx
UnrealizeObject
SelectClipRgn
GetDeviceCaps
CreateDCA
CreatePolygonRgn
CreateCompatibleBitmap
CreateICA
EnumFontFamiliesA
GetDIBits

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyA

ole32

CoTaskMemFree
CoGetMalloc

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
SysFreeString
SysReAllocString
LoadRegTypeLi
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aenima.exe
.exe windows:4 windows x86 arch:x86

ac0204d8122de7845d05a18d9e2b54de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

vb40032

ord618
ord616
ord631
ord648
ord652
ord689
ord690
ord100
ord187
ord199
ord519
ord520
ord537
ord571
ord581
ord594
ord593
ord598
ord595
ord600

Sections

.text
Size: 411KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chk4upg.exe
.exe windows:4 windows x86 arch:x86

9b919b2588c8735b6fa902f9f6b65997

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

vb40032

ord631
ord652
ord685
ord689
ord100
ord187
ord199
ord520
ord581
ord598
ord595

Sections

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comctl32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

03611592dba0b5074596d15eb5f9fe9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comctl32

ImageList_Create
ImageList_Remove
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
ImageList_SetBkColor
ImageList_SetOverlayImage
ImageList_DrawEx
ord16
ImageList_GetIconSize
ImageList_GetIcon
ImageList_ReplaceIcon
ord17
ImageList_Add

kernel32

lstrcmpA
GetProcAddress
GlobalSize
GetFileSize
ReadFile
CloseHandle
IsDBCSLeadByte
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetLastError
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
MultiByteToWideChar
GetModuleFileNameA
lstrcatA
OpenFile
DeleteCriticalSection
GetVersion
InitializeCriticalSection
GetProcessHeap
DisableThreadLibraryCalls
GetDateFormatA
GetTimeFormatA
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpynA
EnterCriticalSection
GetVersionExA
InterlockedDecrement
InterlockedIncrement
FreeLibrary
HeapFree
WideCharToMultiByte
HeapAlloc
lstrlenW
lstrlenA
HeapReAlloc
IsBadWritePtr
lstrcpyA
LeaveCriticalSection
CompareStringA

user32

CreateAcceleratorTableA
VkKeyScanA
GetMessagePos
MessageBeep
TranslateMessage
CharUpperA
EndDialog
RedrawWindow
SetCursor
RegisterWindowMessageA
GetClipboardFormatNameA
DispatchMessageA
PeekMessageA
EqualRect
DialogBoxParamA
UpdateWindow
InvalidateRect
SetCapture
GetWindowTextA
GetCursorPos
ScreenToClient
GetDC
ReleaseDC
IsRectEmpty
GetAsyncKeyState
ClientToScreen
GetWindowRect
MapVirtualKeyA
CreateWindowExA
GetSysColorBrush
GetParent
PtInRect
IntersectRect
GetActiveWindow
OffsetRect
SetWindowRgn
IsWindowVisible
BeginPaint
EndPaint
GetNextDlgTabItem
SetWindowPos
WinHelpA
SetParent
GetWindow
IsDialogMessageA
UnregisterClassA
SetRect
CharNextA
KillTimer
MessageBoxA
UnhookWindowsHookEx
CallNextHookEx
SetTimer
SetWindowLongA
SetFocus
SetActiveWindow
CheckRadioButton
DestroyIcon
DrawIcon
LoadCursorA
DestroyWindow
GetWindowDC
wsprintfA
RegisterClipboardFormatA
SetCursorPos
IsChild
PostMessageA
DrawEdge
GetSysColor
FrameRect
FillRect
InflateRect
DrawTextA
GetClientRect
CallWindowProcA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
LoadIconA
GetSystemMetrics
CopyImage
MapDialogRect
GetWindowLongA
GetFocus
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
LoadStringA
DefWindowProcA
SendMessageA
IsWindowEnabled
CreateDialogIndirectParamA
SetWindowsHookExA
ShowWindow

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA

oleaut32

SafeArrayCopy
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayPutElement
SafeArrayCreate
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayDestroy
VariantCopy
SafeArrayUnaccessData
GetErrorInfo
OleCreatePropertyFrame
OleCreateFontIndirect
SetErrorInfo
LoadRegTypeLi
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
SysAllocStringLen
RegisterTypeLi
SysAllocStringByteLen
SysStringLen
SysStringByteLen
OleCreatePictureIndirect
VariantCopyInd
OleTranslateColor
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocString
SafeArrayRedim

comdlg32

GetOpenFileNameA

gdi32

Rectangle
SetBkColor
CreateICA
GetViewportExtEx
TextOutA
CreateRectRgn
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
RealizePalette
GetDIBits
SelectPalette
GetPaletteEntries
CopyMetaFileA
CopyEnhMetaFileA
GetObjectA
DeleteObject
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
SelectObject
CreateSolidBrush
GetDeviceCaps
SelectClipRgn
ExcludeClipRect
GetClipRgn
CreateRectRgnIndirect
GetClipBox
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
PatBlt
CreatePatternBrush
CreateBitmap
CreateDCA
LPtoDP
GetWindowExtEx
StretchBlt
GetStockObject
SetTextColor
SetBkMode
GetTextExtentPoint32A

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comdlg32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

73d0f7fc038703e3caf277db87f7a43d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
InterlockedDecrement
GetLocaleInfoA
InterlockedIncrement
FindResourceA
lstrcmpA
GetWindowsDirectoryA
DeleteCriticalSection
GetVersion
InitializeCriticalSection
GetProcessHeap
DisableThreadLibraryCalls
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
lstrcpyA
lstrcatA
lstrcmpiA
GlobalLock
WriteProfileStringA
GlobalUnlock
GlobalFree
GetProfileStringA
LoadResource
LockResource
lstrcpynA
OpenFile
HeapFree
WideCharToMultiByte
HeapAlloc
lstrlenW
FreeLibrary
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
MultiByteToWideChar

user32

PtInRect
IsDialogMessageA
IsChild
GetClientRect
GetParent
CreateDialogIndirectParamA
BeginPaint
WinHelpA
EnableWindow
SendMessageA
CharNextA
GetDlgItem
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
GetDesktopWindow
IsWindowEnabled
EndPaint
SetParent
IsWindowVisible
SetDlgItemInt
EqualRect
GetFocus
SetWindowRgn
SetWindowPos
CharUpperA
RegisterClipboardFormatA
GetWindow
SetDlgItemTextA
GetDlgItemTextA
GetDlgItemInt
DestroyWindow
SetFocus
GetNextDlgTabItem
GetKeyState
wsprintfA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
GetSystemMetrics
LoadStringA
DefWindowProcA
UnregisterClassA
OffsetRect
EndDialog
IntersectRect

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA

oleaut32

CreateErrorInfo
VariantChangeType
LoadRegTypeLi
OleCreatePropertyFrame
LoadTypeLi
OleLoadPicture
VariantClear
VariantInit
GetErrorInfo
OleTranslateColor
SysStringLen
SysAllocStringLen
LoadTypeLibEx
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysAllocString
SetErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetSystemPaletteEntries
GetDIBits
StretchDIBits
LPtoDP
GetWindowExtEx
GetViewportExtEx
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
SetMapMode
CreateRectRgnIndirect
EnumFontFamiliesA
CreateDCA
GetObjectA
GetDeviceCaps
DeleteDC
DeleteObject
SelectObject
CreateBitmap
CreateCompatibleDC

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
from.lst
insult.lst
mailer.lst
readme.1st
remailer.lst
server.lst
smtpc.exe
.exe windows:4 windows x86 arch:x86

e1f04abbd8195030c7567b9e4a9cce35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

vb40032

ord652
ord685
ord100
ord199
ord520
ord595

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
testserv.exe
.exe windows:4 windows x86 arch:x86

6a49196c62975f8a3a48349a1c2c8f71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

vb40032

ord616
ord648
ord652
ord669
ord100
ord187
ord189
ord188
ord190
ord199
ord571
ord581
ord598

Sections

.text
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
to.lst

Sharing

General

Malware Config

Signatures

Files

64a007cb191c82c7ea9c238ab3095f90

Headers

File Characteristics

Imports

wsock32

mfcans32

oc30

msvcrt20

kernel32

user32

gdi32

oleaut32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.bss Size: - Virtual size: 464B

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 165B

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 2KB - Virtual size: 2KB

91dd387f15b154094f6d8ea3f46faf8c

Headers

File Characteristics

Imports

mfc40

msvcrt40

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 6KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 6KB - Virtual size: 5KB

ac0204d8122de7845d05a18d9e2b54de

Headers

File Characteristics

Imports

vb40032

Sections

.text Size: 411KB - Virtual size: 412KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

9b919b2588c8735b6fa902f9f6b65997

Headers

File Characteristics

Imports

vb40032

Sections

.text Size: 9KB - Virtual size: 12KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

03611592dba0b5074596d15eb5f9fe9c

Headers

File Characteristics

Imports

comctl32

kernel32

user32

ole32

advapi32

.text
Size: 18KB - Virtual size: 17KB

.bss
Size: - Virtual size: 464B

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 165B

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 6KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 411KB - Virtual size: 412KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 12KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 279KB - Virtual size: 279KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 13KB - Virtual size: 13KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 210KB - Virtual size: 209KB

.reloc
Size: 23KB - Virtual size: 22KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 50KB - Virtual size: 49KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 8KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 22KB - Virtual size: 24KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB