b6bc36bbe134bd1d711e837e59055168_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b6bc36bbe134bd1d711e837e59055168_JaffaCakes118
Size

449KB
MD5

b6bc36bbe134bd1d711e837e59055168
SHA1

e278b40ee33613a16fc9262e61083af9266744c6
SHA256

4f98f78f2f75cdc7b17931fc0fe66c6dc1a26bf6af26be8ebecc1edd53e80776
SHA512

edb792e7c9f40a510519ba544512987ede5bb426cadcf7ec848c2320e997d0b9fe420c46596fab5edaf1deb257cb879ced8f5337d9276c850c94b8612fbf3573
SSDEEP

12288:QPxaRCQBjHkcNqOQ/3AjTr7vHSujL6TctM3TZ:YIRCQBAcN0/3YrziTx3TZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
b6bc36bbe134bd1d711e837e59055168_JaffaCakes118
unpack001/$1/TablacusInstallerStuff.exe
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$R1/Tablacus.exe
unpack001/$R1/TablacusApp.exe

Files

b6bc36bbe134bd1d711e837e59055168_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2a592076b17ef8bfb48b7e03965a3fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
MoveFileW
SetFileAttributesW
GetCurrentProcess
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
WaitForSingleObject
CopyFileW
CompareFileTime
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
lstrcpyW
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GlobalFree
GlobalAlloc
GetShortPathNameW
SearchPathW
lstrcmpiW
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
lstrcmpW
GlobalUnlock
lstrcpynW
GetDiskFreeSpaceW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
IsWindowEnabled
EnableMenuItem
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
wsprintfW
ScreenToClient
GetWindowRect
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
LoadImageW
SetTimer
SetWindowTextW
PostQuitMessage
ShowWindow
GetDlgItem
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegDeleteKeyW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$1/TablacusInstallerStuff.exe
.exe windows:6 windows x86 arch:x86

3fa959cd4f6d1e304f691dcc0fbc2049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
ReadFile
SetFilePointer
GetFileSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
GetLastError
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
GetCommandLineW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
CloseHandle
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R1/Tablacus.exe
.exe windows:5 windows x86 arch:x86

8d3fcb29b341b50d5a29b25cb6dc7da7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cpp\TE\Debug\TE32.pdb

Imports

kernel32

GlobalGetAtomNameW
GlobalFindAtomW
GlobalDeleteAtom
FileTimeToDosDateTime
OutputDebugStringW
MoveFileExW
VerSetConditionMask
VerifyVersionInfoW
CreateMutexW
TerminateProcess
GlobalAlloc
GetThreadLocale
lstrcmpW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
VirtualAlloc
GlobalAddAtomW
LeaveCriticalSection
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapFree
RaiseException
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
CreateThread
ResumeThread
GetLastError
ExitThread
GetTimeFormatW
GetDateFormatW
GetCurrentDirectoryW
GetModuleHandleW
LoadLibraryExW
OpenProcess
GetVersionExW
GetShortPathNameW
SetFileTime
WriteFile
CreateDirectoryW
GetTickCount
lstrcmpA
WideCharToMultiByte
lstrcmpiA
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
WaitForSingleObject
CreateEventW
GetCurrentThreadId
SetEvent
GetVolumeInformationW
GetCommandLineW
lstrcpyW
FileTimeToSystemTime
InterlockedIncrement
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW
GetDriveTypeW
lstrcpynW
GetCurrentProcess
lstrcmpiW
ReleaseMutex
Sleep
lstrcatW
GetNumberFormatW
GetLocaleInfoW
CloseHandle
ReadFile
GetFileSize
CreateFileW
MultiByteToWideChar
GetUserDefaultLCID
lstrlenW
FormatMessageW
LocalFree
InterlockedDecrement
EnterCriticalSection
GetModuleHandleA

user32

AttachThreadInput
SetWindowLongW
GetWindowLongW
SendMessageW
RedrawWindow
GetPropA
GetParent
SetParent
FindWindowExA
GetClientRect
MoveWindow
InvalidateRect
GetMenuItemInfoW
GetMenuItemCount
GetForegroundWindow
GetWindowThreadProcessId
SetForegroundWindow
ShowWindow
SystemParametersInfoW
IsIconic
GetAsyncKeyState
SetWindowsHookExW
TrackPopupMenuEx
UnhookWindowsHookEx
MessageBoxW
GetClassLongW
GetSubMenu
GetSysColorBrush
GetDC
CreatePopupMenu
SetClassLongW
GetSystemMenu
GetWindowDC
GetWindow
GetTopWindow
GetCapture
GetMessagePos
SetMenuDefaultItem
GetMenuDefaultItem
WaitForInputIdle
MapVirtualKeyW
GetMenuItemID
ReleaseDC
GetSysColor
GetSystemMetrics
SetMenuItemInfoW
SetMenuInfo
GetMenuInfo
EndPaint
FillRect
GetIconInfo
MsgWaitForMultipleObjectsEx
SendInput
GetMessageW
SendNotifyMessageW
SetWindowTextW
InsertMenuW
AllowSetForegroundWindow
CopyImage
LoadMenuW
LoadIconW
LoadImageW
CreateWindowExW
BeginPaint
LoadCursorFromFileW
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
GetKeyNameTextW
LoadStringW
MonitorFromPoint
MonitorFromRect
PtInRect
SetRectEmpty
DefWindowProcW
PostQuitMessage
ChangeClipboardChain
SetClipboardViewer
RegisterClipboardFormatW
SendMessageTimeoutW
ShowScrollBar
SetRect
CopyRect
RegisterClassExW
CopyIcon
DrawTextW
UnregisterHotKey
RegisterHotKey
SetWindowPos
CreateMenu
InsertMenuItemW
IsChild
GetFocus
CallNextHookEx
ScreenToClient
SetFocus
GetClassNameA
GetDoubleClickTime
GetCursorPos
CallWindowProcW
ClientToScreen
OffsetRect
GetKeyState
GetWindowRect
IsWindowVisible
SetCursor
LoadCursorW
SetCapture
ReleaseCapture
SetScrollInfo
FindWindowW
FindWindowExW
WindowFromPoint
PeekMessageW
TranslateMessage
DispatchMessageW
RegisterWindowMessageW
GetKeyboardState
SetKeyboardState
CreateIconIndirect
PostMessageW
KillTimer
EndMenu
DestroyCursor
SetCursorPos
DestroyWindow
EnableMenuItem
DrawIconEx
RemoveMenu
DeleteMenu
SetMenuItemBitmaps
IsMenu
BringWindowToTop
OpenIcon
IsZoomed
IsWindow
DestroyIcon
SetTimer
DestroyMenu
DrawIcon
keybd_event
mouse_event
GetMonitorInfoW

gdi32

DeleteObject
LineTo
BitBlt
Rectangle
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
SelectObject
GetObjectW
SetTextColor
SetBkColor
SetBkMode
GetTextExtentPoint32W
DeleteDC
MoveToEx
CreateFontIndirectW

comdlg32

GetOpenFileNameW
ChooseColorW
FindTextW
GetSaveFileNameW
ChooseFontW
ReplaceTextW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW

shell32

ord256
SHGetSettings
SHGetFolderLocation
ord189
ord645
ord644
ShellExecuteW
SHGetFileInfoW
ord2
ord88
ExtractIconExW
SHEmptyRecycleBinW
Shell_NotifyIconW
ord4
SHChangeNotify
DragFinish
DragAcceptFiles
SHFreeNameMappings
ShellExecuteExW
ord16
CommandLineToArgvW
SHGetDataFromIDListW
ord152
SHFileOperationW
ord162
ord18
ord23
ord21
DragQueryFileW
ord17
ord153
SHGetDesktopFolder
SHBindToParent
ord25

ole32

ReleaseStgMedium
CoCreateInstance
StringFromGUID2
StringFromCLSID
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
OleSetClipboard
OleGetClipboard
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CreateBindCtx
RegisterDragDrop
RevokeDragDrop

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantCopy
VariantClear
VariantChangeType
SysAllocStringLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysReAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayGetLBound
SysReAllocString
GetActiveObject
SafeArrayDestroy
SysAllocString

comctl32

ImageList_LoadImageW
ImageList_Duplicate
ImageList_Create
ImageList_GetIcon
ImageList_GetBkColor
ImageList_Replace
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Add
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_Copy
ImageList_SetOverlayImage
ImageList_SetImageCount
ImageList_DrawEx
ImageList_Draw
ImageList_SetIconSize
ImageList_Remove
ImageList_Destroy
ord17

shlwapi

PathFileExistsW
PathIsSameRootW
AssocQueryStringW
ord172
StrCmpLogicalW
StrChrIW
StrRChrW
PathMatchSpecW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathGetDriveNumberW
PathIsRootW
PathSearchAndQualifyW
PathCreateFromUrlW
PathUnquoteSpacesW
StrFormatKBSizeW
StrFormatByteSizeW
StrChrW
PathAppendW
StrRetToBSTR
StrCmpNIW
ord8
ord9
ord10
ord219
ord174
StrToIntExW
ord256
ord12
PathQuoteSpacesW

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCreateHICONFromBitmap
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromResource
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipImageRotateFlip
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipSaveImageToFile
GdipCloneImage

urlmon

CoInternetSetFeatureEnabled
URLDownloadToFileW
CreateFormatEnumerator

imm32

ImmSetOpenStatus
ImmGetVirtualKey
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R1/TablacusApp.exe
.exe windows:5 windows x86 arch:x86

fb4851e96dfb62630c061bd5e124c583

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

AssocQueryStringW

user32

GetMessageW
DispatchMessageW
GetForegroundWindow
TranslateAcceleratorW
TranslateMessage
GetClassNameA
GetWindowRect

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

shell32

ShellExecuteExW
SHGetFolderPathW

kernel32

HeapReAlloc
FlushFileBuffers
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
CreateThread
ExpandEnvironmentStringsW
GetCurrentProcess
CreateFileW
MultiByteToWideChar
CloseHandle
IsWow64Process
GetProcAddress
LoadLibraryExW
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
GetLastError
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R1/config/window.xml
.xml
$R1/init/addons.xml
.xml
$R1/init/key.xml
.xml
$R1/init/menus.xml
.xml
$R1/init/mouse.xml
.xml
$R1/lang/de.xml
$R1/lang/en.xml
$R1/lang/es.xml
$R1/lang/fr.xml
$R1/lang/it.xml
$R1/lang/ja.xml
$R1/lang/pt.xml
$R1/lang/ru.xml
$R1/lang/zh.xml
$R1/lang/zh_cn.xml
$R1/layout/1tab.xml
.xml
$R1/layout/4tabs.xml
.xml
$R1/layout/bottom_tab.xml
.xml
$R1/layout/h2tabs.xml
.xml
$R1/layout/left_tab.xml
.xml
$R1/layout/right_tab.xml
.xml
$R1/layout/tree_1tab.xml
.xml
$R1/layout/tree_2tabs.xml
.xml
$R1/layout/v2tabs.xml
.xml
$R1/layout/vertical_tab.xml
.xml
$R1/readme.txt
$R1/script/background.js
.js
$R1/script/common.js
.js
$R1/script/consts.js
.js
$R1/script/dialog.html
.html
$R1/script/index.css
$R1/script/index.html
.html
$R1/script/index.js
.js
$R1/script/location.html
.html
$R1/script/options.css
$R1/script/options.html
.html
$R1/script/options.js
.js

Sharing

General

Malware Config

Signatures

Files

e2a592076b17ef8bfb48b7e03965a3fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 171KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 4KB - Virtual size: 3KB

3fa959cd4f6d1e304f691dcc0fbc2049

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 300B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 927B

.data Size: - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 254B

8d3fcb29b341b50d5a29b25cb6dc7da7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

gdiplus

urlmon

imm32

Sections

.text Size: 247KB - Virtual size: 246KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 16KB - Virtual size: 38KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 22KB - Virtual size: 22KB

fb4851e96dfb62630c061bd5e124c583

Headers

DLL Characteristics

File Characteristics

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 171KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 300B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 927B

.data
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 247KB - Virtual size: 246KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 16KB - Virtual size: 38KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 22KB - Virtual size: 22KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 300B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB