8381d0e0a87bb88570c6742ce8c520d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8381d0e0a87bb88570c6742ce8c520d7_JaffaCakes118
Size

705KB
MD5

8381d0e0a87bb88570c6742ce8c520d7
SHA1

2580acdd2d8e6207b95210cc1a548bfa77b8ff05
SHA256

247184cfaae7e3eb127f5db42bf472e52b371da74089185fea106983abaadb4b
SHA512

3f74bf70841180950200ebe57bdfe913e4c419ae5abd99b75555b0c2fd51a603f95617b61b49bef6061712c44db833ba72f515fdf4176a07483a4274ff7bf355
SSDEEP

12288:d0g3vPuuIH+qkuF35fG8u2P1EFoX8LJKumRw7PSVhW2xT0Mp5E6jVzFvSp:qyXuHHvkqbDEFoXmKHR0PEWVh6jJFvSp

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
8381d0e0a87bb88570c6742ce8c520d7_JaffaCakes118
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/NotifyIcon.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/__90a051c63685485aa11afa19a82977f2.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisunz.dll

Files

8381d0e0a87bb88570c6742ce8c520d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NotifyIcon.dll
.dll windows:5 windows x86 arch:x86

78155e3314922676e9dbf9f4fff8568c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcpynW

user32

ShowWindow
OpenIcon
KillTimer
IsIconic
CallWindowProcW
wsprintfW
GetDlgItem
FindWindowExW
GetWindowLongW
SetTimer
LoadImageW
SendMessageW
SetWindowLongW

shell32

Shell_NotifyIconW

Exports

Exports

Icon

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/__90a051c63685485aa11afa19a82977f2.dll
.dll windows:5 windows x86 arch:x86

42b90a45f4c0a500ad358b3959b96fd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameW

wininet

InternetCloseHandle
InternetCanonicalizeUrlA
InternetSetOptionW
InternetOpenA

kernel32

GetUserDefaultLangID
ReadFile
GetFileSizeEx
GetUserDefaultUILanguage
GetCurrentProcessId
GetTempPathA
WaitForSingleObject
CreateProcessA
GetLastError
CloseHandle
LocalFree
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LoadLibraryW
lstrlenW
FindFirstFileW
GetSystemDefaultUILanguage
SystemTimeToFileTime
GetTickCount
InitializeCriticalSectionAndSpinCount
Sleep
LeaveCriticalSection
GetFileAttributesW
CreateDirectoryA
SetCurrentDirectoryA
CopyFileA
EnterCriticalSection
CreateMutexA
FindNextFileW
GetCurrentDirectoryA
GetCurrentThreadId
ReleaseMutex
GetSystemTime
DeleteFileA
CreateThread
SetFilePointer
CreateDirectoryW
SetFileTime
WriteFile
CreateFileW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetProcAddress
InterlockedCompareExchange
GetLocalTime
FileTimeToSystemTime
GetUserDefaultLCID
GetCurrentProcess
GetModuleFileNameW
GetTempPathW
SetStdHandle
GetTempFileNameA
GetModuleFileNameA
GetModuleHandleW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetVersionExA
ExpandEnvironmentStringsA
GetComputerNameW
GetVersionExW
lstrlenA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
HeapDestroy
HeapCreate
GetStartupInfoW
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
GetCPInfo
LCMapStringW
FindFirstFileExA
GetDriveTypeA
FindClose
FileTimeToLocalFileTime
ExitThread
RaiseException
RtlUnwind
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
GetFileSize
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileInformationByHandle
QueryPerformanceCounter
GetFullPathNameA
CreateFileA
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
WriteConsoleW
SetEnvironmentVariableA
GetDriveTypeW
HeapAlloc
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
SetEndOfFile
GetFileAttributesA
GetProcessHeap
SetLastError
FormatMessageA
LoadLibraryA
VerifyVersionInfoA
VerSetConditionMask
FreeLibrary
SleepEx
InitializeCriticalSection
DeleteCriticalSection

user32

ShowWindow
SetWindowLongW
GetParent
DestroyWindow
DefWindowProcW
GetWindowLongW
RegisterClassExW
GetClientRect
GetPropW
SetPropW
LoadCursorW
RemovePropW
SetCursor
DispatchMessageW
MoveWindow
CreateWindowExW
MessageBoxA
TranslateMessage
wsprintfW
GetMessageW
GetWindowRect
UpdateWindow
BringWindowToTop
SetFocus
SetTimer
SetWindowPos
GetDesktopWindow
SetParent
KillTimer
SendMessageW
CallWindowProcW
IsCharAlphaW
MapWindowPoints

gdi32

SetTextColor
CreateFontIndirectW
DeleteObject
GetObjectW
GetStockObject

advapi32

CryptGetHashParam
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW
CryptDestroyHash

shell32

ShellExecuteA
FindExecutableA

ole32

OleSetContainedObject
OleInitialize
OleUninitialize
OleCreate
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

ws2_32

accept
listen
socket
closesocket
ioctlsocket
gethostname
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
connect
send
recvfrom
sendto
getaddrinfo
freeaddrinfo
recv
select
WSAGetLastError
__WSAFDIsSet
WSACleanup
WSAStartup
WSASetLastError

wldap32

ord46
ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22

normaliz

IdnToAscii

Exports

Exports

__027345d63d1d4c92a3aeee56bc4eaa33
__02f60b16b8a746cead160b089843ce00
__049fb7651c9844d3a44b294894485acc
__07fa324710f64ae0ac860516fc2c133e
__09339d2995aa49b29e13e8ad504f595d
__0bb5422284cb4ba190371794d0a190e9
__0bc855ca784d4e208552dfb389cf4241
__0eb5081a1d614cf98ec79da686f62cae
__139d62cbb01f4684b7507ea833e46953
__152ca8a341f54e13aa319cc6bbb6fc32
__15faf332c60446f18245863970c3d307
__18885e950c4c4b84a69339342ce50894
__1b83b29f7031451b855a0ddc98893139
__1fd9c2add2934d55959d8accb8e26d29
__275fdc29b9b6477b872592320db29da5
__29cde274584542fe8272b70f97de4810
__2b3f06cf89dc497d93f003c558ffeffb
__32219fd779be433281298dbba0fe8951
__37355301ebb5475783d933191e2868cc
__39b04d0cece04b128f02a85f8d204b44
__3c83c6826bc04941a08a9ac3ff445197
__3f85f4d63494471ab6f9bec7f03d0e44
__4791083c934148c58b21726eef749af8
__4bca6c4568c343909b3093317cad1daf
__4ce20ec59c7d4f998c0413c1138ce0e2
__4ed6431c2491421f9cf7a5a2ed32bd9f
__5335394b0de0447dad344aa98480821e
__5523288871f24a4884c0aa486354f3cd
__57fd65c428b94cccb269897ad6456139
__58f395cbd5414485a9db29a7c4a01ac4
__5cf93329717848b0948b5b5e642c63d6
__5d3efa2f023941bb8daaaf6d477ac3c1
__5f09504d1d83412fa4807369a515f626
__60475691c8c041d0bf65f1d74a436566
__6241b26d251e463c9a8a2f37d6552244
__631b4027cb09478abad322c4e9e1a008
__643a7efb0c664c37b0656ecf0f70a8ab
__664302b93cc6409294280bd2ad9de262
__68663f35c066483c944396a8125f6af6
__69bf613c959043f59492e769c05b6918
__6c44346a688f445da538217c23754bcb
__6d9f732d81b6440c9f4782e52c3e361b
__6f1c4c14b39b4ac9b9fa2d3746fc9c2b
__70d7ad9d74a54fedaf34309cf03b1582
__72b899b6a4cf40589f1e3b9797fce83b
__74777856dd704a61be00f300038b4958
__765eeb1e6a43489da6eb541789cd3bfe
__7701b778b23041cd94998cb485b1efbe
__7873c8d342a245f882bf2d1a88a2be7d
__793105f320bf437c8c9493a68429f837
__7bd3daf1ee454946ab6a459b668b9ad2
__7e16599ca8e4423abb6ca41573e34be1
__7e32053023a847769c5f520a2309f533
__7ffb0cf49baa44be9bc23eaf5b015da8
__8184089d52484de4a70657010eba2fe8
__8236c16fec584dfabda1a42fa019669a
__83c9b98f7cf64c4784563b9b71e11de0
__8511187c29fc4a9fb6b9025afd0a0d85
__85b7740016a04a08a985856471d115e6
__86f5d02970e643f8bec1a0f933d41503
__8b595a68176f4c4bada54fd5b7213ac8
__8b7b32d06c6c42f698370fb9102eb154
__8b963c7e952448d5b39ec1132316485b
__9122e481e506466a8cba54df8ad75d69
__945285ad8e37429a9618aca317a68fbb
__94e44773544f4b7cb590510c0bce8161
__94f095bfc17d4e5dbd403329493e6ca6
__957512ac3d2d46209c6ed1c28fe9486d
__96a676c29b6140f4a3e1d78fd7f16912
__995cefae943c4968be37a3c29e1ae25b
__9990c85ab26c46a5ab87e555f24ba523
__9c23ff0957d04fdab64a6f6211ccd7d7
__a42052620ebd40bfaaf3d42eb73ebb03
__a52836cfb70c407b9ffec406a3a802dc
__a5de465ccec84250b3e2684c50091eb8
__a8d92e6f314f4532968079154fe67ab8
__aa379fe560c84f56a84005490a14f2d5
__ace3c1b7212547f981a0096917e1111c
__ad3fec9fbe7d4a6ba9c8aeb543ced167
__af0a5be9e264470d8c1caa203e61476a
__afeed8999dc541cd827750ac72137545
__b0aad5b953774b65a67161b73c659a30
__b1c9b399c89d472fb03def09730563a7
__b2badeadd30e4e45a7b46a15f070148f
__b4f90e06c2974a4684d8dce75e0e38da
__b7a9daa020d44927a641762b04bdaec9
__bd721b9cb6fc4ea4a78012a97b0f6d2b
__c12d4c85f3cf4b3aa6d9b041bfc93157
__c3eb9ba51dbe4594b255782bdd136e5b
__c4a804b4c2c0427fa0eca01e15ec1513
__c77c91e9e735404e80f12428dee7eb55
__cbb2b514bfb846d485a461c1f7489f2b
__cf505889c54a4b3da3be94ade350a000
__d3013ae9042c45d4ac9098dc9a7fd48e
__d53fffaa435946f79105f6a5216701f6
__d67fc389962b40bba6b2e13cda5cfa7c
__d9ee1d8fbd8c41d2a3345bba841cb106
__da4bce1201174811975490a5796395b5
__dbad297518ab438ba9b281f7b3ee2383
__dcd0696098704e7b85d60b4b24ea1931
__ddfb90c3dcc84e428dd38cd7cdb37f60
__dea7032179c24500a555ee86847e2d15
__dfbb256d8357424a864a14a480958f3e
__e0d16250ff0d4f0ea6317ab2624fc565
__e17eab0e39174e2799d1429e97a9b018
__e68870a8bdd343fe99f02e7274288ace
__e70a381bc926436da8eccad789c118e4
__eba5045b584841e68b90286457a9e6d0
__ef26d3789c3740218659469fff8b7687
__f7eda2aee13546a4b6546658f96a7c1a
__f8cc8882c0054914be6c62210bbf6132
__fab12656985e4ddebe001a304f139155
__ff17451519f6473f958038409a49474d
__ff2d3df0d9884f12a06f93aa066c7d46
__ff85920700df49c2ab9bf580fd904e1a

Sections

.text
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

86cdacc6fa5e3ff4938d358350751516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcstol
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
wcsstr
wcschr
memset
_chkesp

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
CreateFileW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
GetFileSize
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
DestroyWindow
KillTimer
UpdateWindow
RedrawWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpAddRequestHeadersW
HttpOpenRequestW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:5 windows x86 arch:x86

1b37562e8104552588ae892e11fcdff2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
lstrcpyW
GetVersion
lstrlenW
lstrcatW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
lstrcmpiW
lstrcmpW
GlobalFree
GlobalAlloc
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
SetEndOfFile
GetProcessHeap
GetLocaleInfoA

user32

MessageBoxW
CharPrevW
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
GetDlgItem
SendMessageW
wsprintfW

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 3.6MB

.rsrc Size: 109KB - Virtual size: 108KB

.reloc Size: 4KB - Virtual size: 3KB

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 729B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 350B

78155e3314922676e9dbf9f4fff8568c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 774B

.data Size: - Virtual size: 72B

.reloc Size: 1024B - Virtual size: 516B

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

42b90a45f4c0a500ad358b3959b96fd8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

kernel32

user32

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 3.6MB

.rsrc
Size: 109KB - Virtual size: 108KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 350B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 774B

.data
Size: - Virtual size: 72B

.reloc
Size: 1024B - Virtual size: 516B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 561KB - Virtual size: 561KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 12KB - Virtual size: 22KB

.reloc
Size: 37KB - Virtual size: 37KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB