0320b8d40c9c72bc83cdf93a0864b241_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0320b8d40c9c72bc83cdf93a0864b241_JaffaCakes118
Size

1015KB
MD5

0320b8d40c9c72bc83cdf93a0864b241
SHA1

e56b6b1e5e475038044e65b165832329c4a01122
SHA256

a95c229012919a27f6c848945bbbb1a2499bd53c9eb17ffb981511ea1dbf08f5
SHA512

6780e10da4da0e41cb2d0f9f4ede90d424144355f94516c7dcd976bcb400e5f53f7fa3248aefd0254b8fac471939f6cb2c1ffbd96283bb04205af8cccbbdcbc3
SSDEEP

24576:hyGuf+y5bnzhA4VCEil/68a5o89IZ0dqjspCOnvRaqySsFta/ss8zp:hyTfB5bnzmqt26B5omY004kOv+Ssq/rW

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AdvPack.DLL
unpack001/mbadmin.exe
unpack001/mbserver.exe
unpack001/setup.exe

Files

0320b8d40c9c72bc83cdf93a0864b241_JaffaCakes118
.rar
AdvPack.DLL
.dll windows:5 windows x86 arch:x86

20a6e16114196ebf78d40a21d76df0a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

user32

GetSystemMetrics
GetWindowRect
UpdateWindow
CharUpperA
CharToOemA
OemToCharA
DispatchMessageA
MsgWaitForMultipleObjects
ShowWindow
CreateDialogParamA
DestroyWindow
PeekMessageA
GetDC
ReleaseDC
SetWindowPos
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
GetDesktopWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
EnableWindow
EndDialog
DialogBoxParamA
MessageBeep
MessageBoxA
wsprintfA
CharPrevA
ExitWindowsEx
IsWindow
LoadStringA
CharNextA

gdi32

GetStockObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps
DeleteObject

kernel32

GetPrivateProfileIntA
_lopen
GetVolumeInformationA
GetDiskFreeSpaceA
GetCurrentProcess
SetFileTime
GetFileTime
MulDiv
WritePrivateProfileSectionA
GetProfileStringA
ReadFile
GetSystemInfo
FindFirstFileA
GetProcAddress
GetLastError
FreeLibrary
lstrcpyA
lstrlenA
GetDriveTypeA
lstrcpynA
GetEnvironmentVariableA
CloseHandle
WriteFile
CreateFileA
WritePrivateProfileStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetWindowsDirectoryA
GetTempPathA
SetFilePointer
LocalFree
LocalAlloc
GetModuleFileNameA
lstrcatA
IsBadReadPtr
DeleteFileA
LocalReAlloc
GetFileAttributesA
GetFullPathNameA
lstrcmpiA
FormatMessageA
FindClose
GetLocalTime
SearchPathA
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
LoadLibraryA
IsDBCSLeadByte
GetShortPathNameA
ExpandEnvironmentStringsA
GetSystemDirectoryA
MultiByteToWideChar
LoadLibraryExA
_lclose
_llseek
RemoveDirectoryA
FindNextFileA
GetFileSize
OpenFile
SetFileAttributesA
CreateDirectoryA
CreateProcessA
GetPrivateProfileSectionA
CopyFileA
UnmapViewOfFile
SetLastError
MapViewOfFileEx
CreateFileMappingA
MoveFileExA
MoveFileA

advapi32

RegQueryInfoKeyA
RegEnumKeyA
RegEnumValueA
RegDeleteKeyA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegUnLoadKeyA
RegLoadKeyA
RegSaveKeyA
RegFlushKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

AddDelBackupEntry
AdvInstallFile
CloseINFEngine
DelNode
DelNodeRunDLL32
DllMain
DoInfInstall
ExecuteCab
ExtractFiles
FileSaveMarkNotExist
FileSaveRestore
FileSaveRestoreOnINF
GetVersionFromFile
GetVersionFromFileEx
IsNTAdmin
LaunchINFSection
LaunchINFSectionEx
NeedReboot
NeedRebootInit
OpenINFEngine
RebootCheckOnInstall
RegInstall
RegRestoreAll
RegSaveRestore
RegSaveRestoreOnINF
RegisterOCX
RunSetupCommand
SetPerUserSecValues
TranslateInfString
TranslateInfStringEx
UserInstStubWrapper
UserUnInstStubWrapper

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FILE_ID.DIZ
ORDER.TXT
SMTPBEAM.INF
i_main.htm
.html
i_msg.htm
.html
logoff.htm
.html
logon.htm
.html
mbadmin.exe
.exe windows:1 windows x86 arch:x86

2de2efba96d26d93e827e30b66d65556

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
ImageList_Create
ImageList_Destroy
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
InitCommonControls
LBItemFromPt
MakeDragList
PropertySheetA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

CommDlgExtendedError
FindTextA
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PrintDlgA
ReplaceTextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueExA

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
SHBrowseForFolderA
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessVersion
GetProfileStringA
GetShortPathNameA
GetStdHandle
GetStringTypeExA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalReAlloc
LockFile
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
PeekConsoleInputA
RaiseException
ReadConsoleInputA
ReadFile
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteConsoleA
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

gdi32

ArcTo
BitBlt
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBPatternBrushPt
CreateFontA
CreateFontIndirectA
CreateHatchBrush
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
EndDoc
EndPage
EnumMetaFile
Escape
ExcludeClipRect
ExtCreatePen
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetDeviceCaps
GetMapMode
GetObjectA
GetObjectType
GetPixel
GetStockObject
GetTextExtentPointA
GetTextFaceA
GetTextMetricsA
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
MoveToEx
OffsetClipRgn
OffsetViewportOrgEx
OffsetWindowOrgEx
PatBlt
PlayMetaFileRecord
PlayMetaFile
PolyBezierTo
PolyDraw
PolylineTo
PtVisible
RectVisible
RestoreDC
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipPath
SelectClipRgn
SelectObject
SelectPalette
SetArcDirection
SetBkColor
SetBkMode
SetColorAdjustment
SetMapMode
SetMapperFlags
SetPolyFillMode
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
StretchDIBits
TextOutA

user32

AdjustWindowRectEx
AppendMenuA
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CharLowerA
CharToOemA
CharUpperA
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseClipboard
CopyRect
CreateDialogIndirectParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EqualRect
FillRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetFocus
GetForegroundWindow
GetKeyState
GetLastActivePopup
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
GetMessageA
GetMessagePos
GetMessageTime
GetNextDlgTabItem
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GrayStringA
InflateRect
InsertMenuA
IntersectRect
InvalidateRect
InvertRect
IsChild
IsDialogMessageA
IsDlgButtonChecked
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsA
LoadBitmapA
LoadCursorA
LoadIconA
LoadMenuA
LoadStringA
LockWindowUpdate
MapDialogRect
MapWindowPoints
MessageBeep
MessageBoxA
ModifyMenuA
MoveWindow
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RegisterClassA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemovePropA
ReuseDDElParam
ScreenToClient
ScrollDC
ScrollWindow
ScrollWindowEx
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetDlgItemInt
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemBitmaps
SetMessageQueue
SetParent
SetPropA
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TabbedTextOutA
TrackPopupMenu
TranslateAcceleratorA
TranslateMessage
UnhookWindowsHookEx
UnpackDDElParam
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
wvsprintfA

Sections

AUTO
Size: 515KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 1.1MB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 14KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 167KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mbserver.exe
.exe windows:1 windows x86 arch:x86

913c8634ae00f12c7f0cedc694f433b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

user32

CharToOemA
CharUpperA
GetActiveWindow
MessageBoxA
OemToCharA
wsprintfA

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
DeregisterEventSource
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
ReportEventA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetOEMCP
GetProcAddress
GetProfileStringA
GetStdHandle
GetSystemDirectoryA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleInputA
ReadFile
ReleaseMutex
RemoveDirectoryA
ResetEvent
ResumeThread
ScrollConsoleScreenBufferA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFilePointer
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToFileTime
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

Sections

AUTO
Size: 1.1MB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 461KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 13KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 45KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
o_main.htm
.html
o_msg.htm
.html
s_err_er.htm
.html
s_err_ok.htm
.html
s_msg.htm
.html
setup.exe
.exe windows:1 windows x86 arch:x86

de5fd8fb3991ee635c118eeb01230a9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

user32

CharUpperBuffA
MessageBoxA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExitThread
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

Sections

AUTO
Size: 18KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smtpbeam.htm
.html
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

20a6e16114196ebf78d40a21d76df0a1

Headers

File Characteristics

Imports

ntdll

user32

gdi32

kernel32

advapi32

ole32

version

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 5KB

2de2efba96d26d93e827e30b66d65556

Headers

File Characteristics

Imports

comctl32

winspool.drv

comdlg32

version

advapi32

shell32

kernel32

gdi32

user32

Sections

AUTO Size: 515KB - Virtual size:

.idata Size: 11KB - Virtual size:

DGROUP Size: 1.1MB - Virtual size:

.bss Size: 14KB - Virtual size:

.reloc Size: 167KB - Virtual size:

.rsrc Size: 57KB - Virtual size:

913c8634ae00f12c7f0cedc694f433b8

Headers

File Characteristics

Imports

gdi32

user32

wsock32

advapi32

kernel32

Sections

AUTO Size: 1.1MB - Virtual size:

.idata Size: 5KB - Virtual size:

DGROUP Size: 461KB - Virtual size:

.bss Size: 13KB - Virtual size:

.reloc Size: 45KB - Virtual size:

.rsrc Size: 2KB - Virtual size:

de5fd8fb3991ee635c118eeb01230a9d

Headers

File Characteristics

Imports

shell32

user32

kernel32

Sections

AUTO Size: 18KB - Virtual size:

.idata Size: 1KB - Virtual size:

DGROUP Size: 3KB - Virtual size:

.bss Size: 4KB - Virtual size:

.reloc Size: 1KB - Virtual size:

.rsrc Size: 1024B - Virtual size:

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB

AUTO
Size: 515KB - Virtual size:

.idata
Size: 11KB - Virtual size:

DGROUP
Size: 1.1MB - Virtual size:

.bss
Size: 14KB - Virtual size:

.reloc
Size: 167KB - Virtual size:

.rsrc
Size: 57KB - Virtual size:

AUTO
Size: 1.1MB - Virtual size:

.idata
Size: 5KB - Virtual size:

DGROUP
Size: 461KB - Virtual size:

.bss
Size: 13KB - Virtual size:

.reloc
Size: 45KB - Virtual size:

.rsrc
Size: 2KB - Virtual size:

AUTO
Size: 18KB - Virtual size:

.idata
Size: 1KB - Virtual size:

DGROUP
Size: 3KB - Virtual size:

.bss
Size: 4KB - Virtual size:

.reloc
Size: 1KB - Virtual size:

.rsrc
Size: 1024B - Virtual size: