xmrig | ac34bab4d5f5bd9dd51846c6ca988db9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac34bab4d5f5bd9dd51846c6ca988db9_JaffaCakes118
Size

1.3MB
MD5

ac34bab4d5f5bd9dd51846c6ca988db9
SHA1

6b5d70e1db5e092bfad34b510aee70c1f01e3f92
SHA256

7ca7e64a24ff155eb96dbb11948d2e0d8889c8fc49bbeaebd5c106d8cc30698f
SHA512

45e9ad2c58a8eb8959a180dbdd0a03d3772dcabdcc9969e5052b4157309d8c600378ca506b6791359f9908637820e60781ebf6f0d28d5d15b8be7e0ff069b97b
SSDEEP

24576:scNmCQCAPHu8/Ri3mJA2B5sBN80hesubW/Z4cok5KJnTVDVe:k1VPut3Res6W/Zlf5KrDVe

Score

10^/10

upx miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
static1/unpack001/hp/windows update.exe	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/hp/R 1.5.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hp/R 1.5.exe
unpack002/out.upx
unpack001/hp/procexp.exe
unpack001/hp/windows update.exe

Files

ac34bab4d5f5bd9dd51846c6ca988db9_JaffaCakes118
.rar
hp/1C.vbs
.vbs
hp/1V.vbs
.vbs
hp/R 1.5.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 153KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hp/config.json
hp/hide.bat
hp/procexp.exe
.exe windows:5 windows x86 arch:x86

d63da3de00e38528eade8c14a891aeac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sysint\ProcExp\exe\Release\ProcExp.pdb

Imports

shlwapi

ColorHLSToRGB
ColorRGBToHLS
ord176
UrlUnescapeW

ws2_32

ntohs
htonl
htons
gethostbyaddr
getservbyport
WSAStartup
ntohl

mpr

WNetGetConnectionW

comctl32

ord17
PropertySheetW
CreateStatusWindowW
CreatePropertySheetPageW
ord410
CreateToolbarEx
ord413
ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ImageList_Create

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

kernel32

GetCurrentThread
SetThreadAffinityMask
SetFilePointer
GetSystemDirectoryW
DeleteFileW
SearchPathW
OpenThread
GetThreadContext
SuspendThread
ResumeThread
Thread32First
Thread32Next
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
GetCurrentProcessId
GlobalMemoryStatus
SetProcessWorkingSetSize
TerminateProcess
GetProcessId
PulseEvent
SetPriorityClass
GetComputerNameW
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
DeviceIoControl
DuplicateHandle
OutputDebugStringW
GetDriveTypeW
GetCurrentDirectoryW
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemInfo
ExpandEnvironmentStringsA
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
IsProcessorFeaturePresent
EncodePointer
RtlUnwind
IsDebuggerPresent
lstrlenA
GetProcessAffinityMask
VirtualQueryEx
GetEnvironmentVariableW
lstrcmpiW
lstrcmpW
ReadProcessMemory
OpenEventW
SetLastError
IsBadStringPtrW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
DeleteCriticalSection
Module32NextW
Module32FirstW
TerminateThread
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
FindResourceExW
FindResourceW
SizeofResource
LoadResource
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetCommandLineW
LocalAlloc
FormatMessageW
GetFileSizeEx
GlobalAddAtomW
GetTickCount
MulDiv
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetExitCodeThread
CreateThread
LeaveCriticalSection
FindNextFileW
FindClose
MultiByteToWideChar
GetModuleHandleW
ReadFile
LoadLibraryExW
FreeLibrary
GetPrivateProfileStringW
FindFirstFileW
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateFileW
GetFullPathNameW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
CreateProcessW
GetModuleFileNameW
LoadLibraryW
CreateFileMappingW
TlsSetValue
TlsAlloc
lstrlenW
UnmapViewOfFile
MapViewOfFile
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
WriteFile
GetStdHandle
GetFileSize
Sleep
InitializeCriticalSection
SetErrorMode
GetLastError
ExitThread
GetCurrentProcess
OpenProcess
LocalFree
GetVersion
GetProcAddress
InterlockedDecrement
InterlockedIncrement
TlsGetValue
CompareStringW
LCMapStringW
SetFilePointerEx
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableA

user32

GetWindow
GetDesktopWindow
IsWindowEnabled
KillTimer
MsgWaitForMultipleObjects
GetDlgCtrlID
CheckRadioButton
SendMessageTimeoutW
PeekMessageW
GetUserObjectSecurity
SetUserObjectSecurity
IsDialogMessageW
DrawIconEx
CheckMenuRadioItem
WindowFromPoint
RedrawWindow
TrackPopupMenu
RemoveMenu
CreateMenu
DrawMenuBar
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
GetDlgItemTextW
CreateDialogParamW
IsWindow
PostQuitMessage
ExitWindowsEx
DispatchMessageW
TranslateMessage
GetMessageW
DrawEdge
RegisterWindowMessageW
GetWindowDC
SetMenuItemInfoW
IsIconic
ShowWindowAsync
SystemParametersInfoW
EnumWindows
SetClassLongW
GetWindowTextW
InvalidateRgn
TrackPopupMenuEx
ModifyMenuW
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetWindowPlacement
LoadImageW
SetWindowPlacement
RegisterClassW
DefMDIChildProcW
DefDlgProcW
CreateIconIndirect
FrameRect
ClientToScreen
IsWindowVisible
DestroyWindow
GetClassNameW
EnumChildWindows
PtInRect
UnionRect
CopyRect
ScreenToClient
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
PostMessageW
DrawFrameControl
ChildWindowFromPoint
SetDlgItemTextW
DialogBoxParamW
MoveWindow
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetScrollInfo
SetScrollInfo
GetParent
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetCursorPos
GetWindowRect
GetClientRect
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
GetSystemMetrics
SetTimer
ReleaseCapture
SetCapture
GetCapture
DeleteMenu
SetForegroundWindow
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
LoadCursorW
LoadIconW
DestroyIcon
EnumDisplaySettingsW
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
LoadStringW
ReleaseDC
GetDC
DefFrameProcW

gdi32

GetTextMetricsW
SetTextColor
RectInRegion
SelectClipRgn
SelectObject
SetBkColor
Polyline
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
SetBkMode
MoveToEx
SetROP2
SaveDC
RestoreDC
Rectangle
LineTo
ExtTextOutW
SetTextAlign
GetTextExtentPoint32W
CreateDIBSection
GetObjectW
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
GetBkColor
GetBkMode
GetDeviceCaps
GetStockObject
CreateFontIndirectW

comdlg32

ChooseColorW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
FindTextW
ChooseFontW

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeNameW
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetKernelObjectSecurity
CreateProcessAsUserW
RegConnectRegistryW
FlushTraceW
ConvertSidToStringSidW
LsaEnumerateAccountRights
RegCloseKey
LsaOpenPolicy
LsaClose
LsaFreeMemory
AddAccessAllowedAce
AddAce
InitializeAcl
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
SetTokenInformation
QueryServiceConfigW
CopySid
GetLengthSid
CloseTrace
RevertToSelf
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
ProcessTrace
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
MapGenericMask
RegCreateKeyW
RegDeleteValueW
StartServiceW
QueryServiceStatus
FreeSid
GetAce
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
GetSecurityInfo
SetSecurityInfo
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ControlService

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc
Shell_NotifyIconW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

ole32

CoMarshalInterThreadInterfaceInStream
CoSetProxyBlanket
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound

winhttp

WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData

psapi

GetModuleFileNameExW

Sections

.text
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hp/sist.bat
hp/start.bat
hp/windows update.exe
.exe windows:4 windows x64 arch:x64

4db376d8b053f1cc04b3eb72c3ebb59f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
FreeSid
GetSecurityInfo
GetTokenInformation
GetUserNameW
LookupPrivilegeValueW
LsaAddAccountRights
LsaClose
LsaOpenPolicy
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclA
SetSecurityInfo

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToNameW
GetAdaptersAddresses

kernel32

AddVectoredExceptionHandler
AssignProcessToJobObject
CancelIo
CloseHandle
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FlushFileBuffers
FormatMessageA
FreeConsole
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetHandleInformation
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetNumberOfConsoleInputEvents
GetProcAddress
GetProcessAffinityMask
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTickCount64
GlobalMemoryStatusEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekNamedPipe
PostQueuedCompletionStatus
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
RaiseException
ReadConsoleInputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
RegisterWaitForSingleObject
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessAffinityMask
SetSystemTime
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnregisterWait
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argv
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_close
_endthreadex
_errno
_exit
_fdopen
_fmode
_get_osfhandle
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_onexit
_open_osfhandle
_read
_setjmp
_snwprintf
_strdup
_stricmp
_strnicmp
_time64
_ultoa
_umask
_unlock
_vsnprintf
_wchmod
_wcsdup
_wcsnicmp
_wcsrev
_wmkdir
_write
_write
_wrmdir
abort
atoi
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fwprintf
fwrite
getenv
islower
isspace
isupper
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
qsort
raise
rand
realloc
signal
sprintf
srand
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
vfprintf
wcschr
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcstombs

psapi

GetProcessMemoryInfo

user32

DispatchMessageA
GetMessageA
MapVirtualKeyW
MessageBoxW
ShowWindow
TranslateMessage

userenv

GetUserProfileDirectoryW

ws2_32

FreeAddrInfoW
GetAddrInfoW
WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSAIoctl
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

Exports

Exports

MHD_add_connection
MHD_add_response_footer
MHD_add_response_header
MHD_create_response_for_upgrade
MHD_create_response_from_buffer
MHD_create_response_from_callback
MHD_create_response_from_data
MHD_create_response_from_fd
MHD_create_response_from_fd64
MHD_create_response_from_fd_at_offset
MHD_create_response_from_fd_at_offset64
MHD_del_response_header
MHD_destroy_response
MHD_free
MHD_get_connection_info
MHD_get_connection_values
MHD_get_daemon_info
MHD_get_fdset
MHD_get_fdset2
MHD_get_reason_phrase_for
MHD_get_response_header
MHD_get_response_headers
MHD_get_timeout
MHD_get_version
MHD_http_unescape
MHD_is_feature_supported
MHD_lookup_connection_value
MHD_queue_response
MHD_quiesce_daemon
MHD_resume_connection
MHD_run
MHD_run_from_select
MHD_set_connection_option
MHD_set_connection_value
MHD_set_panic_func
MHD_set_response_options
MHD_start_daemon
MHD_start_daemon_va
MHD_stop_daemon
MHD_suspend_connection
MHD_upgrade_action

Sections

Size: 858KB - Virtual size: 857KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 288KB

UPX1 Size: 153KB - Virtual size: 156KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 337KB - Virtual size: 336KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 24KB - Virtual size: 24KB

.rsrc Size: 31KB - Virtual size: 32KB

d63da3de00e38528eade8c14a891aeac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

Sections

.text Size: 684KB - Virtual size: 684KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 35KB - Virtual size: 178KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 45KB - Virtual size: 45KB

.data Size: 11KB - Virtual size: 11KB

4db376d8b053f1cc04b3eb72c3ebb59f

Headers

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

psapi

user32

userenv

ws2_32

Exports

Exports

Sections

Size: 858KB - Virtual size: 857KB

Size: 2KB - Virtual size: 2KB

.rdata Size: 84KB - Virtual size: 84KB

.pdata Size: 25KB - Virtual size: 24KB

.xdata Size: 26KB - Virtual size: 25KB

.bss Size: - Virtual size: 9KB

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 12KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 288KB

UPX1
Size: 153KB - Virtual size: 156KB

.rsrc
Size: 8KB - Virtual size: 8KB

CODE
Size: 337KB - Virtual size: 336KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 31KB - Virtual size: 32KB

.text
Size: 684KB - Virtual size: 684KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 35KB - Virtual size: 178KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 45KB - Virtual size: 45KB

.data
Size: 11KB - Virtual size: 11KB

.rdata
Size: 84KB - Virtual size: 84KB

.pdata
Size: 25KB - Virtual size: 24KB

.xdata
Size: 26KB - Virtual size: 25KB

.bss
Size: - Virtual size: 9KB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 12KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB