799ee1035b075cb9e23b51c6bf7cc1b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

799ee1035b075cb9e23b51c6bf7cc1b9_JaffaCakes118
Size

213KB
MD5

799ee1035b075cb9e23b51c6bf7cc1b9
SHA1

27ab08241b5b34c87f975d8cf4d12706e6a3b490
SHA256

a02b4fb2858c41774c1932a955b15e11952872adf431f7ae32d687b6a716fbfb
SHA512

893a3501df7d6380ed97255130352096ed41474522aeda316bd2ddb0b514739dd4229f832b62c69305863c3f87f3d4917a2afacb6a6327d3dbb906197daf5a6c
SSDEEP

6144:zdw9Ouzl7DI59Iet/0WonmdzzbO7DUU1+lLeuO4tl4:2vpPc9IG/K0VcMi+/4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

799ee1035b075cb9e23b51c6bf7cc1b9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f73bfa6d7910419b5d37b1b0de8202e2

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/07/2014, 00:00

Not After

29/07/2017, 23:59

Subject

CN=FortCloud Security Info Tech Co.\,Ltd.,OU=R&D dept.,O=FortCloud Security Info Tech Co.\,Ltd.,L=Xiamen,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:78:3f:ad:66:e3:b8:74:00:ed:41:32:d9:fe:e6:5d:4c:2c:1a:74
Signer

Actual PE Digest

6a:78:3f:ad:66:e3:b8:74:00:ed:41:32:d9:fe:e6:5d:4c:2c:1a:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp90

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?max@?$numeric_limits@_J@std@@SA_JXZ
?min@?$numeric_limits@_J@std@@SA_JXZ
?max@?$numeric_limits@I@std@@SAIXZ
?min@?$numeric_limits@I@std@@SAIXZ
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
??1locale@std@@QAE@XZ
??0locale@std@@QAE@XZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?classic@locale@std@@SAABV12@XZ
?uncaught_exception@std@@YA_NXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
?terminate@@YAXXZ
_vsnprintf
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CxxThrowException
__CxxFrameHandler3
strncmp
_time64
??_V@YAXPAX@Z
memmove_s
??3@YAXPAX@Z
_purecall
_invalid_parameter_noinfo
tolower
_snprintf
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
memset
memcpy

kernel32

InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

??0cIdsLog@@QAE@XZ
??0cRuleBase@@QAE@ABV0@@Z
??0cRuleBase@@QAE@XZ
??0cRuleFtp@@QAE@ABV0@@Z
??0cRuleFtp@@QAE@PAVcProtocolFtp@@@Z
??0cRuleFtpSend@@QAE@ABV0@@Z
??0cRuleFtpSend@@QAE@PAVcProtocolFtpSend@@@Z
??0cRuleIcmpFlow@@QAE@ABV0@@Z
??0cRuleIcmpFlow@@QAE@PAVcProtocolIcmp@@@Z
??0cRuleMgr@@QAE@ABV0@@Z
??0cRuleMgr@@QAE@XZ
??0cRuleMysql@@QAE@ABV0@@Z
??0cRuleMysql@@QAE@PAVcProtocolMysql@@@Z
??0cRuleProxyMax@@QAE@ABV0@@Z
??0cRuleProxyMax@@QAE@PAVcProtocolHttp@@@Z
??0cRuleRdp@@QAE@ABV0@@Z
??0cRuleRdp@@QAE@PAVcProtocolRdp@@@Z
??0cRuleSpider@@QAE@ABV0@@Z
??0cRuleSpider@@QAE@PAVcProtocolHttp@@@Z
??0cRuleTcpPortScan@@QAE@ABV0@@Z
??0cRuleTcpPortScan@@QAE@PAVcProtocolTcp@@@Z
??0cRuleTcpSynCount@@QAE@ABV0@@Z
??0cRuleTcpSynCount@@QAE@PAVcProtocolTcp@@@Z
??0cRuleUdpFlow@@QAE@ABV0@@Z
??0cRuleUdpFlow@@QAE@PAVcProtocolUdp@@@Z
??0cRuleUrlFollow@@QAE@ABV0@@Z
??0cRuleUrlFollow@@QAE@PAVcProtocolHttp@@@Z
??1cIdsLog@@QAE@XZ
??1cRuleBase@@UAE@XZ
??1cRuleFtp@@UAE@XZ
??1cRuleFtpSend@@UAE@XZ
??1cRuleIcmpFlow@@UAE@XZ
??1cRuleMgr@@QAE@XZ
??1cRuleMysql@@UAE@XZ
??1cRuleProxyMax@@UAE@XZ
??1cRuleRdp@@UAE@XZ
??1cRuleSpider@@UAE@XZ
??1cRuleTcpPortScan@@UAE@XZ
??1cRuleTcpSynCount@@UAE@XZ
??1cRuleUdpFlow@@UAE@XZ
??1cRuleUrlFollow@@UAE@XZ
??4cIdsLog@@QAEAAV0@ABV0@@Z
??4cRuleBase@@QAEAAV0@ABV0@@Z
??4cRuleFtp@@QAEAAV0@ABV0@@Z
??4cRuleFtpSend@@QAEAAV0@ABV0@@Z
??4cRuleIcmpFlow@@QAEAAV0@ABV0@@Z
??4cRuleMgr@@QAEAAV0@ABV0@@Z
??4cRuleMysql@@QAEAAV0@ABV0@@Z
??4cRuleProxyMax@@QAEAAV0@ABV0@@Z
??4cRuleRdp@@QAEAAV0@ABV0@@Z
??4cRuleSpider@@QAEAAV0@ABV0@@Z
??4cRuleTcpPortScan@@QAEAAV0@ABV0@@Z
??4cRuleTcpSynCount@@QAEAAV0@ABV0@@Z
??4cRuleUdpFlow@@QAEAAV0@ABV0@@Z
??4cRuleUrlFollow@@QAEAAV0@ABV0@@Z
??_7cRuleBase@@6B@
??_7cRuleFtp@@6B@
??_7cRuleFtpSend@@6B@
??_7cRuleIcmpFlow@@6B@
??_7cRuleMysql@@6B@
??_7cRuleProxyMax@@6B@
??_7cRuleRdp@@6B@
??_7cRuleSpider@@6B@
??_7cRuleTcpPortScan@@6B@
??_7cRuleTcpSynCount@@6B@
??_7cRuleUdpFlow@@6B@
??_7cRuleUrlFollow@@6B@
?AddFtpTempWhiteIp@cRuleFtpSend@@AAEXXZ
?AddHttpWhiteIp@cRuleUrlFollow@@AAEXXZ
?CheckFirstVerify@cRuleUrlFollow@@AAE_NIK@Z
?Deny@cRuleFtp@@AAEXXZ
?Deny@cRuleMysql@@AAEXXZ
?Deny@cRuleProxyMax@@AAEXXZ
?Deny@cRuleUrlFollow@@AAEXXZ
?IsNeedCheckAppProtocol@cRuleMgr@@QAE_NPAX@Z
?_id2str@cRuleMgr@@AAEPBDK@Z
?checkParam@cRuleFtp@@UAE_NXZ
?checkParam@cRuleFtpSend@@UAE_NXZ
?checkParam@cRuleIcmpFlow@@UAE_NXZ
?checkParam@cRuleMysql@@UAE_NXZ
?checkParam@cRuleProxyMax@@UAE_NXZ
?checkParam@cRuleRdp@@UAE_NXZ
?checkParam@cRuleSpider@@UAE_NXZ
?checkParam@cRuleTcpPortScan@@UAE_NXZ
?checkParam@cRuleTcpSynCount@@UAE_NXZ
?checkParam@cRuleUdpFlow@@UAE_NXZ
?checkParam@cRuleUrlFollow@@UAE_NXZ
?clearAllRuleHistoryData@cRuleMgr@@QAEHXZ
?clearHistoryData@cRuleFtp@@UAEHXZ
?clearHistoryData@cRuleFtpSend@@UAEHXZ
?clearHistoryData@cRuleIcmpFlow@@UAEHXZ
?clearHistoryData@cRuleMysql@@UAEHXZ
?clearHistoryData@cRuleProxyMax@@UAEHXZ
?clearHistoryData@cRuleRdp@@UAEHXZ
?clearHistoryData@cRuleSpider@@UAEHXZ
?clearHistoryData@cRuleTcpPortScan@@UAEHXZ
?clearHistoryData@cRuleTcpSynCount@@UAEHXZ
?clearHistoryData@cRuleUdpFlow@@UAEHXZ
?clearHistoryData@cRuleUrlFollow@@UAEHXZ
?copySetting@cIdsLog@@QAEHPBV1@@Z
?getEnabled@cRuleFtp@@UAE_NXZ
?getEnabled@cRuleFtpSend@@UAE_NXZ
?getEnabled@cRuleIcmpFlow@@UAE_NXZ
?getEnabled@cRuleMysql@@UAE_NXZ
?getEnabled@cRuleProxyMax@@UAE_NXZ
?getEnabled@cRuleRdp@@UAE_NXZ
?getEnabled@cRuleSpider@@UAE_NXZ
?getEnabled@cRuleTcpPortScan@@UAE_NXZ
?getEnabled@cRuleTcpSynCount@@UAE_NXZ
?getEnabled@cRuleUdpFlow@@UAE_NXZ
?getEnabled@cRuleUrlFollow@@UAE_NXZ
?getId@cRuleBase@@QAEHXZ
?getLogLevel@cIdsLog@@QAEEXZ
?getMysqlPort@cRuleMgr@@QAEABV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@XZ
?getProtocol@cRuleMgr@@QAEPAVcProtocolBase@@KAAK@Z
?getRuleFtp@cRuleMgr@@QAE?AVcParamFtp@@XZ
?getRuleFtpSend@cRuleMgr@@QAE?AVcParamFtpSend@@XZ
?getRuleIcmpFlow@cRuleMgr@@QAE?AVcParamIcmpFlow@@XZ
?getRuleMysql@cRuleMgr@@QAE?AVcParamMysql@@XZ
?getRuleProxyMax@cRuleMgr@@QAE?AVcParamProxyMax@@XZ
?getRuleRdp@cRuleMgr@@QAE?AVcParamRdp@@XZ
?getRuleSpider@cRuleMgr@@QAE?AVcParamSpider@@XZ
?getRuleTcpPortScan@cRuleMgr@@QAE?AVcParamTcpPortScan@@XZ
?getRuleTcpSynCount@cRuleMgr@@QAE?AVcParamTcpSynCount@@XZ
?getRuleUdpFlow@cRuleMgr@@QAE?AVcParamUdpFlow@@XZ
?getRuleUrlFollow@cRuleMgr@@QAE?AVcParamUrlFollow@@XZ
?handleByAllRules@cRuleMgr@@QAEHK@Z
?handlePkt@cRuleFtp@@UAEHKK@Z
?handlePkt@cRuleFtpSend@@UAEHKK@Z
?handlePkt@cRuleIcmpFlow@@UAEHKK@Z
?handlePkt@cRuleMysql@@UAEHKK@Z
?handlePkt@cRuleProxyMax@@UAEHKK@Z
?handlePkt@cRuleRdp@@UAEHKK@Z
?handlePkt@cRuleSpider@@UAEHKK@Z
?handlePkt@cRuleTcpPortScan@@UAEHKK@Z
?handlePkt@cRuleTcpSynCount@@UAEHKK@Z
?handlePkt@cRuleUdpFlow@@UAEHKK@Z
?handlePkt@cRuleUrlFollow@@UAEHKK@Z
?handlePktEntry@cRuleMgr@@QAEHKPBDKK_N@Z
?handleSendPktByRules@cRuleMgr@@QAEHK@Z
?ids_hton32@@YAII@Z
?ids_htons@@YAGG@Z
?ids_ntoh32@@YAII@Z
?ids_ntohs@@YAGG@Z
?initProtocol@cRuleMgr@@QAEHXZ
?initRule@cRuleMgr@@QAEHXZ
?isIcmpFloodNow@cRuleMgr@@QAEHXZ
?isTcpFloodNow@cRuleMgr@@QAEHXZ
?isUdpFloodNow@cRuleMgr@@QAEHXZ
?log@cIdsLog@@QAAHPBDK0I00ZZ
?pStrFtp@cRuleMgr@@0PBDB
?pStrFtpSend@cRuleMgr@@0PBDB
?pStrHttp@cRuleMgr@@0PBDB
?pStrIcmp@cRuleMgr@@0PBDB
?pStrIp@cRuleMgr@@0PBDB
?pStrMysql@cRuleMgr@@0PBDB
?pStrRdp@cRuleMgr@@0PBDB
?pStrTcp@cRuleMgr@@0PBDB
?pStrUdp@cRuleMgr@@0PBDB
?pStrUndefine@cRuleMgr@@0PBDB
?pStrUnkown@cRuleMgr@@0PBDB
?refresh@cRuleFtp@@UAEHK@Z
?refresh@cRuleFtpSend@@UAEHK@Z
?refresh@cRuleIcmpFlow@@UAEHK@Z
?refresh@cRuleMysql@@UAEHK@Z
?refresh@cRuleProxyMax@@UAEHK@Z
?refresh@cRuleRdp@@UAEHK@Z
?refresh@cRuleSpider@@UAEHK@Z
?refresh@cRuleTcpPortScan@@UAEHK@Z
?refresh@cRuleTcpSynCount@@UAEHK@Z
?refresh@cRuleUdpFlow@@UAEHK@Z
?refresh@cRuleUrlFollow@@UAEHK@Z
?refreshAllRulesData@cRuleMgr@@QAEHXZ
?setAddHttpWhiteIp@cRuleMgr@@QAEHP6AHABU__DENYINO@@@Z@Z
?setAddHttpWhiteIp@cRuleUrlFollow@@QAEHP6AHABU__DENYINO@@@Z@Z
?setAddTempWhiteIp@cRuleFtpSend@@QAEHP6AHABU__DENYINO@@@Z@Z
?setAddTempWhiteIp@cRuleMgr@@QAEHP6AHABU__DENYINO@@@Z@Z
?setAddToQuery@cRuleMgr@@QAEHP6AHIPBD@Z@Z
?setAddToQuery@cRuleSpider@@QAEHP6AHIPBD@Z@Z
?setDenyFun@cRuleMgr@@QAEHP6AHABU__DENYINO@@@Z@Z
?setDenyIp@cRuleBase@@QAEHP6AHABU__DENYINO@@@Z@Z
?setFtpPort@cRuleMgr@@QAEHABV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z
?setFunWriteFileName@cIdsLog@@QAEHP6AHPBD0I@Z@Z
?setFunWriteFileName@cRuleMgr@@QAEHP6AHPBD0I@Z@Z
?setFunWriteNoFile@cIdsLog@@QAEHP6AHPBDI@Z@Z
?setFunWriteNoFile@cRuleMgr@@QAEHP6AHPBDI@Z@Z
?setGetQuery@cRuleMgr@@QAEHP6AHI@Z@Z
?setGetQuery@cRuleSpider@@QAEHP6AHI@Z@Z
?setIcmpFloodNotice@cRuleMgr@@QAEHP6AH_N@Z@Z
?setId@cRuleBase@@IAEHH@Z
?setIsWhite@cRuleMgr@@QAEHP6A_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?setIsWhiteUrl@cRuleMgr@@QAEHP6A_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?setIsWhiteUrl@cRuleProxyMax@@QAEHP6A_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?setIsWhiteUrl@cRuleUrlFollow@@QAEHP6A_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?setLogFilePath@cIdsLog@@QAEHPBD@Z
?setLogFilePath@cRuleMgr@@QAEHPBD@Z
?setLogLevel@cIdsLog@@QAEHE@Z
?setLogLevel@cRuleMgr@@QAEHE@Z
?setMysqlPort@cRuleMgr@@QAEHABV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z
?setRDPPort@cRuleMgr@@QAEHABV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z
?setRuleFtp@cRuleMgr@@QAEHABVcParamFtp@@@Z
?setRuleFtpSend@cRuleMgr@@QAEHABVcParamFtpSend@@@Z
?setRuleIcmpFlow@cRuleMgr@@QAEHABVcParamIcmpFlow@@@Z
?setRuleMysql@cRuleMgr@@QAEHABVcParamMysql@@@Z
?setRuleProxyMax@cRuleMgr@@QAEHABVcParamProxyMax@@@Z
?setRuleRdp@cRuleMgr@@QAEHABVcParamRdp@@@Z
?setRuleSpider@cRuleMgr@@QAEHABVcParamSpider@@@Z
?setRuleTcpPortScan@cRuleMgr@@QAEHABVcParamTcpPortScan@@@Z
?setRuleTcpSynCount@cRuleMgr@@QAEHABVcParamTcpSynCount@@@Z
?setRuleUdpFlow@cRuleMgr@@QAEHABVcParamUdpFlow@@@Z
?setRuleUrlFollow@cRuleMgr@@QAEHABVcParamUrlFollow@@@Z
?setTcpFloodNotice@cRuleMgr@@QAEHP6AH_N@Z@Z
?setUdpFloodNotice@cRuleMgr@@QAEHP6AH_N@Z@Z
?setUrlPort@cRuleMgr@@QAEHABV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z
?setVerifyFirstFlag@cRuleMgr@@QAEH_N@Z
?setVerifyFlag@cRuleMgr@@QAEH_N@Z
?setVerifyFun@cRuleMgr@@QAEHP6AHABU__DENYINO@@@Z@Z
?setVerifyIp@cRuleBase@@QAEHP6AHABU__DENYINO@@@Z@Z
?setVerifyRealFirstFlag@cRuleMgr@@QAEH_N@Z
?showRule@cRuleFtp@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleFtpSend@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleIcmpFlow@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleMysql@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleProxyMax@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleRdp@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleSpider@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleTcpPortScan@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleTcpSynCount@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleUdpFlow@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?showRule@cRuleUrlFollow@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?updateRule@cRuleMgr@@QAEHXZ

Sections

.text
Size: - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f73bfa6d7910419b5d37b1b0de8202e2

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6a:78:3f:ad:66:e3:b8:74:00:ed:41:32:d9:fe:e6:5d:4c:2c:1a:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcp90

msvcr90

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 226KB

.rdata Size: - Virtual size: 51KB

.data Size: - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.vmp0 Size: - Virtual size: 13KB

.vmp1 Size: - Virtual size: 65KB

.vmp2 Size: 203KB - Virtual size: 203KB

.reloc Size: 512B - Virtual size: 184B

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

2c:04:31:65:2e:96:26:64:83:35:97:1f:60:13:a3:46
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6a:78:3f:ad:66:e3:b8:74:00:ed:41:32:d9:fe:e6:5d:4c:2c:1a:74
Signer

.text
Size: - Virtual size: 226KB

.rdata
Size: - Virtual size: 51KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: - Virtual size: 13KB

.vmp1
Size: - Virtual size: 65KB

.vmp2
Size: 203KB - Virtual size: 203KB

.reloc
Size: 512B - Virtual size: 184B