a363a59ba3394e31ce06b024351f1f9a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a363a59ba3394e31ce06b024351f1f9a_JaffaCakes118
Size

3.9MB
MD5

a363a59ba3394e31ce06b024351f1f9a
SHA1

a9653e86dcacbf60d42750a722c3f9caa06a818e
SHA256

40944a0508c93b43ee7184700dfc4a6760c66db32bf81d66c2941923fd334f6a
SHA512

46804a2bd26064d3e85f9862e14a004575064a5cdafa90845b2adde80f8f96adada6be0dd10da39d224513a53c5d402cb14893c57af2ae116cc5c361bab2a550
SSDEEP

98304:zGYvxUezzK0y+yu4dZYdGYvxUezzxtqwnvr7GYvxUezzm8nOnJOj:6Y5Ueqd+yRdysY5UeRVn2Y5Ue/IJOj

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BIOS_v1.07/M24/SNIPEM24.EXE
unpack001/BIOS_v1.07/M24/flash.sys
unpack001/BIOS_v1.07/M26/SNIPEM26.EXE
unpack001/BIOS_v1.07/M26/flash.sys
unpack001/BIOS_v1.07/RS480M/SNIPE.EXE
unpack001/BIOS_v1.07/RS480M/flash.sys
unpack001/BIOS_v1.07/snpac.exe

Files

a363a59ba3394e31ce06b024351f1f9a_JaffaCakes118
.zip
BIOS_v1.07/ACERACDC.EXE
BIOS_v1.07/M24/ABVXD.VXD
BIOS_v1.07/M24/SNIPEM24.EXE
.exe windows:4 windows x86 arch:x86

13cb01175c640468da507caa355398c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord825
ord768
ord4258
ord800
ord5953
ord4160
ord540
ord4710
ord1771
ord6366
ord6055
ord1776
ord4401
ord5290
ord4837
ord4424
ord3639
ord567
ord692
ord4275
ord3706
ord3573
ord3626
ord3663
ord3803
ord5875
ord5787
ord2414
ord1641
ord2859
ord2413
ord537
ord348
ord663
ord1138
ord2086
ord858
ord924
ord641
ord765
ord2302
ord1175
ord4224
ord6334
ord860
ord6778
ord2645
ord6215
ord1105
ord1168
ord2575
ord4396
ord3402
ord3574
ord609
ord2642
ord5280
ord3597
ord324
ord2370
ord4234
ord3499
ord2515
ord355
ord941
ord4853
ord4376
ord3571
ord1768
ord6374
ord1146
ord755
ord640
ord2405
ord5785
ord1640
ord323
ord470
ord489
ord3610
ord656
ord3698
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord498
ord4259
ord5850
ord4715
ord3092
ord1200
ord939
ord5710
ord5683
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord711
ord4129
ord6663
ord2621
ord1134
ord4168
ord413
ord6880
ord4284
ord4287
ord2109
ord6199
ord2863
ord4204
ord4425
ord4627
ord4080
ord3079
ord3825
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord2379
ord4353
ord5162
ord5161
ord1907
ord6197
ord823
ord1576

msvcrt

__CxxFrameHandler
free
calloc
atoi
div
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException
wcslen
_itoa
_strupr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
GetCurrentProcess
GetVersionExA
DeviceIoControl
GetLastError
WritePrivateProfileStringA
lstrcpynA
GetPrivateProfileStringA
GetModuleFileNameA
OpenFile
GetSystemDirectoryA
CopyFileA
ResetEvent
GetSystemPowerStatus
WriteFile
InterlockedDecrement
lstrcpyA
lstrcatA
CreateFileA
ReadFile
CloseHandle
Sleep
WaitForSingleObject
SetEvent
WideCharToMultiByte
LocalFree
GetStartupInfoA

user32

AppendMenuA
GetWindowRect
DrawIcon
GetSystemMetrics
MapVirtualKeyA
KillTimer
LoadIconA
GetSystemMenu
GetClientRect
IsIconic
wsprintfA
ReleaseDC
ExitWindowsEx
GetDC
InvalidateRect
SendMessageA
CopyRect
GetSysColor
MessageBeep
EnableWindow
LoadBitmapA
SetTimer
UpdateWindow
PostMessageA
MessageBoxA
TranslateMessage
PeekMessageA
DispatchMessageA

gdi32

CreateCompatibleDC
BitBlt
GetTextExtentPoint32A
CreateRectRgnIndirect
FillRgn
CreateSolidBrush

advapi32

CreateServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

VariantInit
VariantCopy
VariantChangeType
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BIOS_v1.07/M24/SNIPEM24.WPH
BIOS_v1.07/M24/flash.sys
.sys windows:5 windows x86 arch:x86

885ad9772e9759c9b01c0dfc64fd33a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\wflash\wdm\i386\flash.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoDeleteDevice
IofCompleteRequest
MmMapIoSpace
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BIOS_v1.07/M26/ABVXD.VXD
BIOS_v1.07/M26/SNIPEM26.EXE
.exe windows:4 windows x86 arch:x86

13cb01175c640468da507caa355398c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord825
ord768
ord4258
ord800
ord5953
ord4160
ord540
ord4710
ord1771
ord6366
ord6055
ord1776
ord4401
ord5290
ord4837
ord4424
ord3639
ord567
ord692
ord4275
ord3706
ord3573
ord3626
ord3663
ord3803
ord5875
ord5787
ord2414
ord1641
ord2859
ord2413
ord537
ord348
ord663
ord1138
ord2086
ord858
ord924
ord641
ord765
ord2302
ord1175
ord4224
ord6334
ord860
ord6778
ord2645
ord6215
ord1105
ord1168
ord2575
ord4396
ord3402
ord3574
ord609
ord2642
ord5280
ord3597
ord324
ord2370
ord4234
ord3499
ord2515
ord355
ord941
ord4853
ord4376
ord3571
ord1768
ord6374
ord1146
ord755
ord640
ord2405
ord5785
ord1640
ord323
ord470
ord489
ord3610
ord656
ord3698
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord498
ord4259
ord5850
ord4715
ord3092
ord1200
ord939
ord5710
ord5683
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord711
ord4129
ord6663
ord2621
ord1134
ord4168
ord413
ord6880
ord4284
ord4287
ord2109
ord6199
ord2863
ord4204
ord4425
ord4627
ord4080
ord3079
ord3825
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord2379
ord4353
ord5162
ord5161
ord1907
ord6197
ord823
ord1576

msvcrt

__CxxFrameHandler
free
calloc
atoi
div
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException
wcslen
_itoa
_strupr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
GetCurrentProcess
GetVersionExA
DeviceIoControl
GetLastError
WritePrivateProfileStringA
lstrcpynA
GetPrivateProfileStringA
GetModuleFileNameA
OpenFile
GetSystemDirectoryA
CopyFileA
ResetEvent
GetSystemPowerStatus
WriteFile
InterlockedDecrement
lstrcpyA
lstrcatA
CreateFileA
ReadFile
CloseHandle
Sleep
WaitForSingleObject
SetEvent
WideCharToMultiByte
LocalFree
GetStartupInfoA

user32

AppendMenuA
GetWindowRect
DrawIcon
GetSystemMetrics
MapVirtualKeyA
KillTimer
LoadIconA
GetSystemMenu
GetClientRect
IsIconic
wsprintfA
ReleaseDC
ExitWindowsEx
GetDC
InvalidateRect
SendMessageA
CopyRect
GetSysColor
MessageBeep
EnableWindow
LoadBitmapA
SetTimer
UpdateWindow
PostMessageA
MessageBoxA
TranslateMessage
PeekMessageA
DispatchMessageA

gdi32

CreateCompatibleDC
BitBlt
GetTextExtentPoint32A
CreateRectRgnIndirect
FillRgn
CreateSolidBrush

advapi32

CreateServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

VariantInit
VariantCopy
VariantChangeType
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BIOS_v1.07/M26/SNIPEM26.WPH
BIOS_v1.07/M26/flash.sys
.sys windows:5 windows x86 arch:x86

885ad9772e9759c9b01c0dfc64fd33a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\wflash\wdm\i386\flash.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoDeleteDevice
IofCompleteRequest
MmMapIoSpace
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BIOS_v1.07/PHLASH16.EXE
BIOS_v1.07/RS480M/ABVXD.VXD
BIOS_v1.07/RS480M/SNIPE.EXE
.exe windows:4 windows x86 arch:x86

13cb01175c640468da507caa355398c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord825
ord768
ord4258
ord800
ord5953
ord4160
ord540
ord4710
ord1771
ord6366
ord6055
ord1776
ord4401
ord5290
ord4837
ord4424
ord3639
ord567
ord692
ord4275
ord3706
ord3573
ord3626
ord3663
ord3803
ord5875
ord5787
ord2414
ord1641
ord2859
ord2413
ord537
ord348
ord663
ord1138
ord2086
ord858
ord924
ord641
ord765
ord2302
ord1175
ord4224
ord6334
ord860
ord6778
ord2645
ord6215
ord1105
ord1168
ord2575
ord4396
ord3402
ord3574
ord609
ord2642
ord5280
ord3597
ord324
ord2370
ord4234
ord3499
ord2515
ord355
ord941
ord4853
ord4376
ord3571
ord1768
ord6374
ord1146
ord755
ord640
ord2405
ord5785
ord1640
ord323
ord470
ord489
ord3610
ord656
ord3698
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord498
ord4259
ord5850
ord4715
ord3092
ord1200
ord939
ord5710
ord5683
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord711
ord4129
ord6663
ord2621
ord1134
ord4168
ord413
ord6880
ord4284
ord4287
ord2109
ord6199
ord2863
ord4204
ord4425
ord4627
ord4080
ord3079
ord3825
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord2379
ord4353
ord5162
ord5161
ord1907
ord6197
ord823
ord1576

msvcrt

__CxxFrameHandler
free
calloc
atoi
div
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException
wcslen
_itoa
_strupr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
GetCurrentProcess
GetVersionExA
DeviceIoControl
GetLastError
WritePrivateProfileStringA
lstrcpynA
GetPrivateProfileStringA
GetModuleFileNameA
OpenFile
GetSystemDirectoryA
CopyFileA
ResetEvent
GetSystemPowerStatus
WriteFile
InterlockedDecrement
lstrcpyA
lstrcatA
CreateFileA
ReadFile
CloseHandle
Sleep
WaitForSingleObject
SetEvent
WideCharToMultiByte
LocalFree
GetStartupInfoA

user32

AppendMenuA
GetWindowRect
DrawIcon
GetSystemMetrics
MapVirtualKeyA
KillTimer
LoadIconA
GetSystemMenu
GetClientRect
IsIconic
wsprintfA
ReleaseDC
ExitWindowsEx
GetDC
InvalidateRect
SendMessageA
CopyRect
GetSysColor
MessageBeep
EnableWindow
LoadBitmapA
SetTimer
UpdateWindow
PostMessageA
MessageBoxA
TranslateMessage
PeekMessageA
DispatchMessageA

gdi32

CreateCompatibleDC
BitBlt
GetTextExtentPoint32A
CreateRectRgnIndirect
FillRgn
CreateSolidBrush

advapi32

CreateServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

VariantInit
VariantCopy
VariantChangeType
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BIOS_v1.07/RS480M/SNIPE.WPH
BIOS_v1.07/RS480M/flash.sys
.sys windows:5 windows x86 arch:x86

885ad9772e9759c9b01c0dfc64fd33a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\wflash\wdm\i386\flash.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoDeleteDevice
IofCompleteRequest
MmMapIoSpace
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BIOS_v1.07/ReadMe.txt
BIOS_v1.07/SNIPE.bat
.bat .vbs
BIOS_v1.07/VTEST.COM
BIOS_v1.07/WVTEST.COM
BIOS_v1.07/snpac.exe
.exe windows:4 windows x86 arch:x86

74786652bb79daf78397ab625cfb7289

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
CreateFileA
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetFilePointer
SetStdHandle
FlushFileBuffers
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
ReadFile
CloseHandle
GetTempPathA
VirtualUnlock
GetVersionExA
VirtualLock
GetLastError
WriteFile
DeviceIoControl

advapi32

DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
CreateServiceA
StartServiceA
ControlService

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13cb01175c640468da507caa355398c4

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 592KB - Virtual size: 588KB

885ad9772e9759c9b01c0dfc64fd33a6

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 128B - Virtual size: 113B

.data Size: 256B - Virtual size: 184B

INIT Size: 256B - Virtual size: 232B

.reloc Size: 128B - Virtual size: 116B

13cb01175c640468da507caa355398c4

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 592KB - Virtual size: 588KB

885ad9772e9759c9b01c0dfc64fd33a6

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 128B - Virtual size: 113B

.data Size: 256B - Virtual size: 184B

INIT Size: 256B - Virtual size: 232B

.reloc Size: 128B - Virtual size: 116B

13cb01175c640468da507caa355398c4

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 64KB - Virtual size: 61KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 592KB - Virtual size: 588KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 128B - Virtual size: 113B

.data
Size: 256B - Virtual size: 184B

INIT
Size: 256B - Virtual size: 232B

.reloc
Size: 128B - Virtual size: 116B

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 592KB - Virtual size: 588KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 128B - Virtual size: 113B

.data
Size: 256B - Virtual size: 184B

INIT
Size: 256B - Virtual size: 232B

.reloc
Size: 128B - Virtual size: 116B

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 592KB - Virtual size: 588KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 128B - Virtual size: 113B

.data
Size: 256B - Virtual size: 184B

INIT
Size: 256B - Virtual size: 232B

.reloc
Size: 128B - Virtual size: 116B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 12KB