806f6d32670941011893896069bcedd8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

806f6d32670941011893896069bcedd8_JaffaCakes118
Size

422KB
MD5

806f6d32670941011893896069bcedd8
SHA1

35707652d59a7bad8ace752711a56b393d315342
SHA256

8d83cc02582a4549afa69341e5ad6a82533652d065cca5114b5cded5191a7ab2
SHA512

104dd3ddfd7ccc0df3cb4f263f7d25b2138feb26aae2bb53c14a76e58c4ed9515cd5c5bf5e8998aaeb74465eaad49cad1ccd6d829b0583d430316c96125237c1
SSDEEP

12288:uyx+95VDkhf9cZ5p1dpPyvwobI8m9MCTIA:v+vVDkR9I3lyHbBm9MCsA

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/decrypted_inj_services_Win32.dll
unpack001/decrypted_inj_services_x64.dll
unpack001/decrypted_inj_snake_Win32.dll
unpack001/decrypted_inj_snake_x64.dll
unpack001/decrypted_rkctl_Win32.dll
unpack001/decrypted_rkctl_x64.dll

Files

806f6d32670941011893896069bcedd8_JaffaCakes118
.zip

Password: infected
decrypted_inj_services_Win32.dll
.dll windows:4 windows x86 arch:x86

263ed0882aefdd66d38d24ad5f8d1b4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_snwprintf
strncpy
atoi
_initterm
_adjust_fdiv
vfprintf
_vsnprintf
fclose
wcscat
wcsncpy
fopen
_wopen
wcsncat
_filelength
free
_read
_close
strrchr
strlen
strncmp
wcschr
mbstowcs
_wcsnicmp
wcslen
wcsncmp
memcpy
wcscpy
memcmp
_except_handler3
malloc
memset
wcsrchr
_wcsicmp

ntdll

ZwSetContextThread
ZwDuplicateObject
ZwResumeThread
ZwGetContextThread
ZwTerminateProcess
ZwSetInformationProcess
RtlInitUnicodeString
ZwCreateFile
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwWaitForSingleObject
ZwTerminateThread
ZwWriteVirtualMemory
ZwReadVirtualMemory
ZwOpenThread
ZwQueryInformationThread
ZwFreeVirtualMemory
ZwQueryInformationProcess
ZwQueryValueKey
ZwOpenKey
ZwClose
RtlQueryRegistryValues
RtlNtStatusToDosError
ZwQuerySystemInformation
ZwAllocateVirtualMemory

kernel32

OpenProcess
GetProcAddress
LoadLibraryA
GetCurrentProcess
SetErrorMode
GetCurrentProcessId
WriteProcessMemory
VirtualProtectEx
CloseHandle
GetVersionExW
TerminateThread
GetExitCodeThread
WaitForSingleObject
GetModuleHandleA
CreateProcessW
GetSystemDirectoryW
Sleep
FreeLibrary
ExpandEnvironmentStringsW
ReadProcessMemory
GetLastError

user32

wsprintfW

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Exports

Exports

ModuleCommand
ModuleStart
ModuleStop

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decrypted_inj_services_x64.dll
.dll windows:4 windows x64 arch:x64

3f92e7bc1781683461b6460d4dde23c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
_snwprintf
wcschr
malloc
mbstowcs
_wcsnicmp
wcsncmp
__C_specific_handler
memcpy
free

ntdll

ZwWriteVirtualMemory
ZwReadVirtualMemory
ZwQueryInformationProcess
ZwClose

kernel32

OpenProcess
GetProcAddress
SetErrorMode
GetCurrentProcessId
WriteProcessMemory
VirtualProtectEx
CloseHandle
GetVersionExW
Sleep
ReadProcessMemory
GetLastError

Exports

Exports

ModuleCommand
ModuleStart
ModuleStop

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decrypted_inj_snake_Win32.dll
.dll windows:4 windows x86 arch:x86

3d5032378b9af0771d87f9e00f08f145

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

listen
recv
select
getsockname
connect
WSASendTo
WSASend
send
WSASetLastError
getservbyport
gethostbyaddr
htonl
getservbyname
inet_ntoa
inet_addr
htons
recvfrom
ioctlsocket
gethostbyname
WSAStartup
WSACleanup
closesocket
bind
ntohl
WSAGetLastError
socket
shutdown
setsockopt
sendto
accept
ntohs

ntdll

_allmul
strrchr
strchr
sprintf
_itow
atoi
isspace
wcstoul
isdigit
_chkstk
wcschr
_allshl
ZwOpenThread
ZwQueryInformationThread
ZwReadVirtualMemory
ZwWriteVirtualMemory
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
strncmp
wcsncat
mbstowcs
ZwSetInformationProcess
ZwTerminateProcess
ZwGetContextThread
ZwResumeThread
ZwDuplicateObject
ZwSetContextThread
ZwUnmapViewOfSection
wcsncpy
ZwMapViewOfSection
abs
strtol
isalpha
sscanf
ZwCreateSection
ZwCreateFile
RtlInitUnicodeString
wcscat
wcsrchr
ZwTerminateThread
memcmp
_vsnprintf
_stricmp
strcat
strcpy
toupper
strstr
strcmp
strncpy
wcslen
_wcsnicmp
ZwClose
ZwWaitForSingleObject
ZwQueryInformationProcess
wcscpy
RtlQueryRegistryValues
RtlNtStatusToDosError
ZwQuerySystemInformation
strlen
memset
memcpy
RtlUnwind
strtoul

msvcrt

perror
fflush
fprintf
realloc
free
malloc
_strdup
_beginthreadex
setlocale
mbtowc
wctomb
_time64
fclose
vfprintf
fopen
calloc
_fullpath
_unlink
fwrite
fread
rename
_stat
_fmode
_filelength
_fileno
_errno
_fstat
_localtime64
_close
_read
_lseek
_wopen
_write
_wunlink
_wcsdup
_lrotl

kernel32

LoadLibraryA
SetLastError
LocalFree
FormatMessageA
CancelIo
SetNamedPipeHandleState
WaitNamedPipeA
GetOverlappedResult
WaitForMultipleObjects
TransactNamedPipe
CreateNamedPipeA
ConnectNamedPipe
CallNamedPipeA
GetCurrentThread
LoadLibraryW
GetSystemDirectoryW
GetModuleHandleA
CreatePipe
CreateProcessW
GetTempPathW
GetTempFileNameW
CreateFileW
ResumeThread
DeleteFileW
lstrcpyW
PeekNamedPipe
GetComputerNameW
lstrlenW
TerminateProcess
OpenProcess
GetTempFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW
WinExec
GetTickCount
ResetEvent
GetLocaleInfoA
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
GetCurrentProcessId
GetModuleFileNameA
GetCurrentProcess
OpenEventA
GetSystemDirectoryA
GetTempPathA
GetCommandLineA
DisableThreadLibraryCalls
SetErrorMode
TerminateThread
GetExitCodeThread
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
GetVersionExA
ReleaseSemaphore
GetCurrentThreadId
CreateSemaphoreW
GetVersionExW
ReleaseMutex
OpenMutexA
CreateMutexA
GetLastError
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
DeleteCriticalSection
Sleep
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
CreateFileA
GetFileSize
InitializeCriticalSection

user32

CharToOemA
OemToCharBuffA
CloseDesktop
CreateDesktopW
ExitWindowsEx
GetDesktopWindow
GetMessageW
TranslateMessage
DispatchMessageW
wsprintfW

advapi32

CryptReleaseContext
CryptAcquireContextA
LookupAccountNameA
OpenThreadToken
AddAccessAllowedAce
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
ImpersonateNamedPipeClient
RevertToSelf
CryptGenRandom
SetSecurityDescriptorSacl
GetSidSubAuthority
InitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidLengthRequired
FreeSid
EqualSid
CryptAcquireContextW
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
GetUserNameA
LookupPrivilegeValueW
AdjustTokenPrivileges

wininet

InternetConnectA
InternetErrorDlg
InternetSetOptionA
InternetSetStatusCallback
InternetReadFile
HttpQueryInfoA
InternetQueryDataAvailable
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA

Exports

Exports

ModuleStart
ModuleStartEx
ModuleStop
_EntryPoint@16
code_result_tbl
config_read
config_read_uint32
config_write
config_write_uint32
local_queue_read
local_queue_write
qm_create
qm_enum
qm_find_first
qm_free
qm_move
qm_pop
qm_push
qm_read
qm_read_hdr
qm_reset_len
qm_rm
qm_rm_list
qm_set_dates
qm_set_param
qm_write
rk_pcap_cmd
rk_pcap_send
snake_alloc
snake_free
snake_log
snake_modules_command
t_close
t_getoptbin
t_getoptlist
t_setoptbin
t_setoptlist
t_strerr
tc_cancel
tc_free_data
tc_get_reply
tc_read_request_pipe
tc_send_request
tc_send_request_bufs
tc_socket
tc_transact
tc_transact_bufs
tc_write_request_pipe
tc_write_request_pipe_bufs
tm_free
tm_init
tr_alloc
tr_alloc_tbuf
tr_clear_tbufs
tr_free
tr_get_callbacks
tr_read_pipe
tr_write_pipe
tr_write_pipe_bufs
ts_socket
ts_start

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decrypted_inj_snake_x64.dll
.dll windows:4 windows x64 arch:x64

0381d227c32912b04ad1af4c31199348

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
recvfrom
getsockname
select
recv
listen
accept
connect
WSASendTo
WSASend
send
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
inet_ntoa
inet_addr
htons
gethostbyname
ntohs
sendto
setsockopt
ntohl
socket
WSAGetLastError
bind
closesocket
WSACleanup
WSAStartup
htonl
shutdown

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
ZwClose
_wcsnicmp
wcslen
strncpy
strcmp
strstr
toupper
strcat
strcpy
_stricmp
_vsnprintf
memcmp
strtoul
strrchr
strchr
ZwWaitForSingleObject
ZwTerminateThread
wcsrchr
wcscat
RtlInitUnicodeString
ZwCreateFile
ZwCreateSection
ZwMapViewOfSection
wcsncpy
ZwUnmapViewOfSection
ZwSetContextThread
ZwDuplicateObject
ZwResumeThread
ZwGetContextThread
ZwTerminateProcess
ZwSetInformationProcess
__C_specific_handler
mbstowcs
wcsncat
strncmp
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ZwWriteVirtualMemory
ZwReadVirtualMemory
ZwQueryInformationThread
ZwQueryInformationProcess
ZwOpenThread
wcschr
__chkstk
isdigit
wcstoul
isspace
atoi
wcscpy
RtlQueryRegistryValues
RtlNtStatusToDosError
ZwQuerySystemInformation
RtlDeleteFunctionTable
RtlAddFunctionTable
strlen
memset
memcpy
_itow
sprintf

kernel32

HeapReAlloc
GetProcessHeap
FlsSetValue
HeapDestroy
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
HeapSize
GetCurrentDirectoryA
LCMapStringW
LCMapStringA
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetFileInformationByHandle
SetStdHandle
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetDriveTypeA
GetStartupInfoA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
Sleep
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
GetLastError
CreateFileA
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
CreateMutexA
OpenMutexA
ReleaseMutex
GetVersionExW
CreateSemaphoreW
GetCurrentThreadId
ReleaseSemaphore
GetVersionExA
GetExitCodeThread
TerminateThread
SetErrorMode
DisableThreadLibraryCalls
GetCommandLineA
GetTempPathA
GetSystemDirectoryA
OpenEventA
GetCurrentProcess
GetModuleFileNameA
GetCurrentProcessId
SetEndOfFile
SetFilePointer
ReadFile
WriteFile
GetLocaleInfoA
ResetEvent
GetTickCount
WinExec
GetModuleHandleW
GetProcAddress
FreeLibrary
GetTempFileNameA
OpenProcess
TerminateProcess
lstrlenW
GetSystemInfo
GetComputerNameW
PeekNamedPipe
lstrcpyW
DeleteFileW
ResumeThread
CreateProcessW
CreateFileW
GetTempFileNameW
GetTempPathW
CreatePipe
GetModuleHandleA
GetSystemDirectoryW
HeapCreate
HeapSetInformation
LoadLibraryA
SetLastError
LocalFree
FormatMessageA
LoadLibraryW
CancelIo
SetNamedPipeHandleState
WaitNamedPipeA
EnumSystemLocalesA
GetUserDefaultLCID
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetConsoleMode
GetConsoleCP
GetFileType
MoveFileA
DeleteFileA
GetFullPathNameA
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
CreateThread
ExitThread
HeapAlloc
HeapFree
GetCurrentThread
CallNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
TransactNamedPipe
WaitForMultipleObjects
GetOverlappedResult
ExitProcess

user32

wsprintfW
CharToOemA
OemToCharBuffA
CloseDesktop
CreateDesktopW
ExitWindowsEx
TranslateMessage
DispatchMessageW
GetMessageW
GetDesktopWindow

advapi32

FreeSid
CryptAcquireContextA
LookupAccountNameA
OpenThreadToken
AddAccessAllowedAce
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
ImpersonateNamedPipeClient
RevertToSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
CryptReleaseContext
GetSidLengthRequired
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorSacl
CryptGenRandom
CryptAcquireContextW

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetReadFile
InternetSetStatusCallback
InternetOpenA
InternetSetOptionA
InternetErrorDlg
InternetConnectA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle

Exports

Exports

EntryPoint
ModuleStart
ModuleStartEx
ModuleStop
code_result_tbl
config_read
config_read_uint32
config_write
config_write_uint32
local_queue_read
local_queue_write
qm_create
qm_enum
qm_find_first
qm_free
qm_move
qm_pop
qm_push
qm_read
qm_read_hdr
qm_reset_len
qm_rm
qm_rm_list
qm_set_dates
qm_set_param
qm_write
rk_pcap_cmd
rk_pcap_send
snake_alloc
snake_free
snake_log
snake_modules_command
t_close
t_getoptbin
t_getoptlist
t_setoptbin
t_setoptlist
t_strerr
tc_cancel
tc_free_data
tc_get_reply
tc_read_request_pipe
tc_send_request
tc_send_request_bufs
tc_socket
tc_transact
tc_transact_bufs
tc_write_request_pipe
tc_write_request_pipe_bufs
tm_free
tm_init
tr_alloc
tr_alloc_tbuf
tr_clear_tbufs
tr_free
tr_get_callbacks
tr_read_pipe
tr_write_pipe
tr_write_pipe_bufs
ts_socket
ts_start

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decrypted_rkctl_Win32.dll
.dll windows:4 windows x86 arch:x86

6772345dfdfef239defde216b3d731f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
htonl

msvcrt

_beginthreadex
_adjust_fdiv
malloc
_vsnprintf
fopen
vfprintf
fclose
free
memcpy
_initterm

kernel32

GetProcAddress
SetErrorMode
DisableThreadLibraryCalls
Sleep
GetExitCodeThread
WaitForSingleObject
SetEvent
CloseHandle
CreateEventA
GetLastError

Exports

Exports

ModuleCommand
ModuleStart
ModuleStop

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1019B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decrypted_rkctl_x64.dll
.dll windows:4 windows x64 arch:x64

b4ee1d288984e041a8d401633c82193d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
htonl

kernel32

TlsFree
SetErrorMode
GetLastError
GetProcAddress
WaitForSingleObject
SetEvent
CreateEventA
CloseHandle
GetCurrentThreadId
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleA
ExitProcess
WriteFile
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FlsGetValue
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileA
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
LoadLibraryA
LCMapStringA
LCMapStringW
HeapReAlloc
RtlVirtualUnwind
RtlLookupFunctionEntry
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
ReadFile
HeapSize

Exports

Exports

ModuleCommand
ModuleStart
ModuleStop

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

263ed0882aefdd66d38d24ad5f8d1b4f

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

3f92e7bc1781683461b6460d4dde23c6

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 312B

.reloc Size: 4KB - Virtual size: 66B

3d5032378b9af0771d87f9e00f08f145

Headers

File Characteristics

Imports

ws2_32

ntdll

msvcrt

kernel32

user32

advapi32

wininet

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 80KB - Virtual size: 77KB

.reloc Size: 12KB - Virtual size: 8KB

0381d227c32912b04ad1af4c31199348

Headers

File Characteristics

Imports

ws2_32

ntdll

kernel32

user32

advapi32

wininet

Exports

Exports

Sections

.text Size: 332KB - Virtual size: 330KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 96KB - Virtual size: 95KB

.pdata Size: 16KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

6772345dfdfef239defde216b3d731f0

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

msvcrt

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 312B

.reloc
Size: 4KB - Virtual size: 66B

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 80KB - Virtual size: 77KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 332KB - Virtual size: 330KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 96KB - Virtual size: 95KB

.pdata
Size: 16KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 1019B

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 20KB - Virtual size: 16KB

.pdata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 690B