b53df754a3c14445a42f57ef556d3be0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b53df754a3c14445a42f57ef556d3be0_JaffaCakes118
Size

608KB
MD5

b53df754a3c14445a42f57ef556d3be0
SHA1

15f766ff5222e48308550939c1f8308ad37e32f1
SHA256

24afc72116728ad45cab2330e70ee8d72c0bfdf2f94419614a080253509de3a3
SHA512

2ab87d9723b082328076264a352a32887e904f2dfe9ca5920dfd661ca5a2f9375d90b841d665f5d0e99a937c978eb097a0cba3bb6b2e5a0bd3f70bd43298f6fd
SSDEEP

12288:P0guAp8m+qkuF35fGAbgBboe4h33Peq+9GDUOeX1V09OX7LoBfLRUaPC/:sDAqmvkq7Gi33avOeXv0gLLwjTC/

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
b53df754a3c14445a42f57ef556d3be0_JaffaCakes118
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/NotifyIcon.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/__37e17e015e2849b5b4176e73426d692f.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisunz.dll

Files

b53df754a3c14445a42f57ef556d3be0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NotifyIcon.dll
.dll windows:5 windows x86 arch:x86

78155e3314922676e9dbf9f4fff8568c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcpynW

user32

ShowWindow
OpenIcon
KillTimer
IsIconic
CallWindowProcW
wsprintfW
GetDlgItem
FindWindowExW
GetWindowLongW
SetTimer
LoadImageW
SendMessageW
SetWindowLongW

shell32

Shell_NotifyIconW

Exports

Exports

Icon

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/__37e17e015e2849b5b4176e73426d692f.dll
.dll windows:5 windows x86 arch:x86

da445e6f223f657f1a07c95f3c7a7f5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameW

wininet

InternetSetOptionW
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA

comctl32

InitCommonControlsEx

kernel32

CreateProcessA
GetLastError
CloseHandle
LocalFree
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LoadLibraryW
lstrlenW
GetCommandLineW
GetFileSize
FindFirstFileW
GetSystemDefaultUILanguage
SystemTimeToFileTime
GetUserDefaultLCID
GetTickCount
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileAttributesW
CreateDirectoryA
SetCurrentDirectoryA
CopyFileA
EnterCriticalSection
CreateMutexA
FindNextFileW
GetCurrentDirectoryA
GetUserDefaultUILanguage
ReleaseMutex
GetSystemTime
DeleteFileA
CreateThread
SetFilePointer
CreateDirectoryW
SetFileTime
WriteFile
CreateFileW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetProcAddress
InterlockedCompareExchange
GetLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
GetFileAttributesA
GetModuleFileNameW
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetVersionExA
ExpandEnvironmentStringsA
GetComputerNameW
GetUserDefaultLangID
lstrlenA
GetFullPathNameA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
HeapDestroy
HeapCreate
GetStartupInfoW
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
GetCPInfo
LCMapStringW
FindFirstFileExA
GetDriveTypeA
FindClose
FileTimeToLocalFileTime
ExitThread
WaitForSingleObject
GetTempPathA
GetCurrentProcessId
GetCurrentThreadId
ReadFile
GetFileSizeEx
GetTempFileNameA
Sleep
CreateFileA
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
RaiseException
RtlUnwind
GetCommandLineA
HeapReAlloc
GetDriveTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
SleepEx
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
VerSetConditionMask
VerifyVersionInfoA
LoadLibraryA
FormatMessageA
SetLastError
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
GetVersionExW
GetProcessHeap

user32

DispatchMessageW
IsCharAlphaW
CallWindowProcW
SendMessageW
CreateWindowExW
ShowWindow
SetWindowLongW
GetParent
DestroyWindow
DefWindowProcW
GetWindowLongW
RegisterClassExW
GetClientRect
GetPropW
SetPropW
LoadCursorW
RemovePropW
SetCursor
MoveWindow
MapWindowPoints
MessageBoxA
TranslateMessage
wsprintfW
GetMessageW
GetWindowRect
UpdateWindow
BringWindowToTop
SetFocus
SetTimer
SetWindowPos
GetDesktopWindow
SetParent
KillTimer

gdi32

SetTextColor
CreateFontIndirectW
DeleteObject
GetObjectW
GetStockObject

advapi32

CryptCreateHash
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW
CryptAcquireContextA

shell32

FindExecutableA
ShellExecuteA

ole32

OleSetContainedObject
OleUninitialize
OleCreate
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
OleInitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

ws2_32

WSACleanup
WSAStartup
recvfrom
sendto
WSASetLastError
getaddrinfo
WSAGetLastError
select
recv
send
gethostname
ioctlsocket
freeaddrinfo
listen
accept
connect
socket
closesocket
getpeername
setsockopt
getsockname
ntohs
WSAIoctl
getsockopt
htons
__WSAFDIsSet
bind

wldap32

ord33
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord301
ord27
ord200
ord41
ord46

normaliz

IdnToAscii

Exports

Exports

__01256ef0acda41da94df16bfd17b3a32
__078539eb051e460db6d47656fbbf245f
__0ae3228d1a044298be62ece6c51c80cf
__0df1b39f1b1543569aec179b8d9aee21
__0f31c1acb8444bed91d29b770b1be0a7
__1013b03288394008902dd63dcd411b2f
__10e2e724754b470b8f50660ca335c2b8
__1837e71aa0a848a4a44f32e8847482be
__188e04c47ea94ad4b5674f1ffce916aa
__18a0b5730b0f4db4943d5bbf234ee5af
__203b4019070e42a796a8c1d2f83b53fc
__215490ed06bd41cab7224dc161dfa22e
__21b5612b32754285aa95e7574a7efbe9
__23bcd0c970654b97b05c85422b011f88
__2423e28d6d534de9af78bc8414e23788
__2462991670f04271b68b34dd252455dd
__27ac0c67f624490487464050fcddb58e
__2905c467422f4081a94132fe122f971e
__2ca31ce9c29e47c09788a877951f63b0
__2ccc343e61404710aeade38884e7bdf7
__33446f34a4de476d84f17f5624e91ed5
__3410d08777bd49f7b613dbe16766f24b
__349f691b5d394490bef0ce254e7257c7
__365b790d36114d33b913bc7c7da6fd46
__398fe42192a9470a9106a5e5418ead6e
__40025b98fed048d797fe2125f0824e44
__4044824f715f43dd9cd8635609192233
__40c0c4c21e9e48869fe9edb727247ae1
__42b910a4710b48eca9c95e04ab618843
__42d7fcab27bf43e5ab1daaa59f83b959
__44a56e182ff54cf791b4e8ef9592b9ec
__45fcb8c9394144709297c98922cd9215
__471c3e6147a94280976b8027288e09e8
__47f3822b5ded4f8e8f8c274420b4510a
__482438ef54d14354bcf558ccc24baaac
__4ae90ecf4f2b42248cba9e28bb31888c
__4d197e2d090044f5a735575d5ee1fe85
__4f116ea8a2c74fb2b2e53ddc3177dd02
__5162d98bc0c24ac49d4d5d30201d48a9
__529e7fa849d6401184e49a937f6d60dd
__52d161e6fe974e4b96ba71c2500220d2
__57906296aa1847c591ef22371fa90e7a
__58d9ccae4fe84a99b479bad6201f30b9
__5cf179d5b90948798e10d6d72a3a4d26
__5d4680e7fbf94d78beffb0c162f96cd5
__5dcb0a568523462c9a324b8222c6c862
__60526ecbeffb40e79a6938a488f3776d
__62b529988dab4ddb9f331e9a3317395f
__6f37a9252840465b838a4142ce8238ca
__72158ce7b90e4bef9a1011e46c89aff0
__72dd5ae4d0ef486ea6c722459f1caf75
__74934aaf9436404e9221bc7dd544c510
__77e982d7eee34f219943b16876410ace
__78b6111aeb154fae8bc10a43176857cd
__81191110bf7749bda23228d4ebc744e2
__82bf898bdab44be2806ebdb0d6be5520
__831e82ca1985473fa2f1cf4d9be2cf67
__8481c6be79e4417bb7fbc58395e05a0a
__8545fc81e1504e07b348705e44aa996f
__85a5020165034c47a921c887b7ef6380
__88333ed7dec04582a916e35d40c906f0
__883d2106dc6d4265a3708b843b324a39
__892c3ec0c403410fa77a6fe0434993c2
__8b348bfe7d184d9cb8fe392aa958ecd6
__8b9f943fdf044e2f8556d1218fc84f94
__8de914482cbf497381d39d63f8de2cb4
__8df44cebdfa04eba850d3aed91e4caca
__8f8987756f01400dad85493a5eca9ee1
__8fd917dc04fe41c792a72b7c564c3774
__95a1fdfcc3fc4715b52e29bc57f71160
__98a9d33edf2f4d2da8a478217b3624cd
__9ae3913bf8494919899635d19559208d
__9cc6ad5832014044b2d99b7eb01fd0b4
__a082dde1eb1b4a4e9da5748cce69a352
__a276927b0ee24416b945e84ce3ff1959
__a8f14d07ed9647c4aee4887185735c34
__a9ae475c5fcc434594b573974bb24f54
__ab5cfc6b07cc4e609adddfc528e6b8e2
__abf8cdfe037c4b47957842ebbe28f4ff
__ad846d5bd5d142978c7d6e6f82a3474d
__ad93d36236264cb1990a9fe6f8e7df5d
__afd2f9669a9f4790979a22c6fe47b47e
__b14620fb655641a88656173d32eb130c
__b4386bc23b7745129cb2a5e58ebb626a
__bbb17e4be2b54bd9b2a3adf4aec15ac6
__bc33921c5dd14813ab6f6d74d0b0ce6a
__bd3185f647714b6399ce49ef6cd2b391
__beb0f52ead4e42d4a9049dd9f4b0d8bb
__becb9520b2d54512a8e4add5fbdfa702
__bfd8e48f064c4614adcb6cbcdd5f2255
__c0272dce846f424bbfa9c42c23870d70
__c39e6e16bcd04f01a94823cbdab82e77
__c49695455ea142b3aab28754c29e907e
__c546704aa4fc4e86a768691af10c24fe
__c7543fd44a2e4a4da4c690b0c5dbf495
__caeab1fdeaf14e3ca9e081f48f074ec3
__cc437057ba504ae6af4ffc70b8f42cab
__ccfee13e77c0497b9f2b1481e23b2522
__d23cc925bd9b4e78ac76125da74d3c6d
__d596c5d8590543d0be23267e4bb2e3c4
__d63e0b2b834b423eab53bb53357be5f1
__d8138c448712404ba581563c4277a027
__dc4e342875754522a278f3fa20d307e7
__dffadc68230f4f1d93f1f8db58704ce4
__e0e79d65195d476ca61c50a9c362d1ce
__e2bd4d69e444459aaf936be66e2daa92
__e3b336f90e5c48f1a4589cf68dc3601b
__ecb60f6656864085a39248a0383314e7
__f11cf8a173d54295ab62e0d9731a9a33
__f3740f6212324283bee2d689eea15075
__f4aa5165222644c4a45a7372164fec6b
__fbd0f06186d74dd48a28689f4031f751
__fdf353f187c746409dd1aa1c4a5c01cb

Sections

.text
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

86cdacc6fa5e3ff4938d358350751516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcstol
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
wcsstr
wcschr
memset
_chkesp

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
CreateFileW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
GetFileSize
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
DestroyWindow
KillTimer
UpdateWindow
RedrawWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpAddRequestHeadersW
HttpOpenRequestW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:5 windows x86 arch:x86

1b37562e8104552588ae892e11fcdff2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
lstrcpyW
GetVersion
lstrlenW
lstrcatW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrcpynW
lstrcmpiW
lstrcmpW
GlobalFree
GlobalAlloc
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
SetEndOfFile
GetProcessHeap
GetLocaleInfoA

user32

MessageBoxW
CharPrevW
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
GetDlgItem
SendMessageW
wsprintfW

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 3.6MB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 729B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 350B

78155e3314922676e9dbf9f4fff8568c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 774B

.data Size: - Virtual size: 72B

.reloc Size: 1024B - Virtual size: 516B

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

da445e6f223f657f1a07c95f3c7a7f5c

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

comctl32

kernel32

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 3.6MB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 350B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 774B

.data
Size: - Virtual size: 72B

.reloc
Size: 1024B - Virtual size: 516B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 756KB - Virtual size: 755KB

.rdata
Size: 163KB - Virtual size: 162KB

.data
Size: 11KB - Virtual size: 22KB

.reloc
Size: 38KB - Virtual size: 37KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB