035a63c0c261105e96d936c6404fa057_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

035a63c0c261105e96d936c6404fa057_JaffaCakes118
Size

2.4MB
MD5

035a63c0c261105e96d936c6404fa057
SHA1

a32fe1241b2c507684bb59538de19485cbcbb25a
SHA256

c4865e85bf77580a76cf37177dc0e4c0c5e4a471437111e891f55ea7b557cafe
SHA512

e9143993d45c294d626ede9abaef48d09c0d0b8685d694f3db27b4131352ac665324f6cd20daca3bc0e366886939162d446c9cdd41ebe9552941499b9856e03c
SSDEEP

49152:B1fPKD+oqO1x5LwVCprUHJM+2TNx+K9XEMrJlSoHY6cOqzAytOtNNORM:B18xHbLsarIGNxpEsJUm+OqzAyaz

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
035a63c0c261105e96d936c6404fa057_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/FlvPlayer.exe
unpack001/apps/ffmpeg.exe
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

035a63c0c261105e96d936c6404fa057_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
FlvPlayer.exe
.exe windows:4 windows x86 arch:x86

82dc01db4359fff7e4526c5f256f4202

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MakeSureDirectoryPathExists

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetGetConnectedState

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
__p__commode
_except_handler3
_beginthreadex
wcsstr
swprintf
wcsncpy
_waccess
_purecall
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
_exit
??2@YAPAXI@Z
wcslen
__CxxFrameHandler
free
wcscpy
wcscmp
_wcsicmp
swscanf
_wsplitpath

mfc42u

ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3397
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord3569
ord3568
ord3688
ord609
ord1634
ord567
ord641
ord3621
ord2406
ord4270
ord640
ord2442
ord4128
ord4292
ord5783
ord5784
ord1633
ord323
ord3084
ord2859
ord1165
ord5436
ord6379
ord5261
ord4370
ord4847
ord4992
ord2506
ord6048
ord1767
ord4401
ord5276
ord4419
ord3592
ord324
ord4229
ord6193
ord4704
ord2637
ord2371
ord4532
ord2505
ord293
ord3716
ord3566
ord795
ord2444
ord2910
ord940
ord537
ord1143
ord6266
ord2858
ord755
ord470
ord2397
ord5781
ord3614
ord538
ord2855
ord2854
ord2810
ord801
ord541
ord860
ord1720
ord6168
ord5871
ord5785
ord1088
ord2114
ord556
ord2631
ord3714
ord793
ord2290
ord2289
ord2355
ord2350
ord2293
ord2294
ord6330
ord2362
ord6211
ord1105
ord3087
ord6195
ord5568
ord2809
ord1560
ord665
ord6381
ord353
ord5201
ord389
ord268
ord2634
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord4215
ord2576
ord3649
ord2430
ord692
ord3494
ord2507
ord355
ord1637
ord1172
ord1197
ord6874
ord3798
ord6139
ord3605
ord656
ord5977
ord4219
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord2613
ord1131
ord617
ord4294
ord5208
ord296
ord2550
ord4279
ord4273
ord922
ord4272
ord6655
ord2127
ord818
ord2680
ord941
ord6376
ord6375
ord6871
ord1225
ord6451
ord2538
ord1173
ord291
ord6868
ord2644
ord2756
ord1662
ord4197
ord3871
ord668
ord3180
ord3173
ord3176
ord2773
ord2762
ord356
ord5801
ord2078
ord4470
ord925
ord4124
ord809
ord3792
ord6354
ord4155
ord1941
ord4029
ord5679
ord5706
ord1971
ord2795
ord5180
ord354
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4390
ord1768
ord4073
ord6051
ord2567
ord2606
ord861
ord535
ord858
ord927
ord942
ord540
ord800
ord3658
ord1863
ord1569

kernel32

GetStartupInfoW
GetModuleHandleW
GetProcAddress
WaitForMultipleObjects
PeekNamedPipe
SetErrorMode
CreateProcessW
SetPriorityClass
WideCharToMultiByte
EnterCriticalSection
SetEvent
WaitForSingleObject
TerminateThread
LeaveCriticalSection
GetExitCodeProcess
TerminateProcess
InitializeCriticalSection
CreatePipe
GetCurrentProcess
CreateEventW
GetLastError
lstrcatW
lstrcpyW
LoadLibraryW
FreeLibrary
CreateDirectoryW
MoveFileExW
CopyFileW
GetWindowsDirectoryW
CreateFileW
GetFileSize
ReadFile
MultiByteToWideChar
CloseHandle
GetModuleFileNameW
GetSystemDefaultLangID
GetPrivateProfileStringW
GetVersion
GetPrivateProfileIntW
GetCurrentThreadId
lstrlenW
SetLastError
DuplicateHandle

user32

LoadMenuW
LoadIconW
LoadAcceleratorsW
SetWindowLongW
GetWindowLongW
AppendMenuW
GetSystemMenu
DrawIcon
IsIconic
TranslateAcceleratorW
GetMenuItemID
GetMenuItemCount
GetMenu
MessageBoxW
CheckMenuItem
DrawMenuBar
DefWindowProcW
GetCursorPos
EndPaint
BeginPaint
MessageBeep
RedrawWindow
IsWindow
GetSysColor
InflateRect
SetCursor
CopyIcon
SetWindowTextW
EnumChildWindows
ScreenToClient
GetMenuState
ModifyMenuW
mouse_event
CallNextHookEx
LoadBitmapW
EnableWindow
ChildWindowFromPointEx
ClientToScreen
PtInRect
ChildWindowFromPoint
SendMessageW
ReleaseCapture
GetWindowRect
GetSystemMetrics
SetCapture
InvalidateRect
GetParent
PostMessageW
FillRect
EqualRect
LoadCursorW
GetDC
GetClientRect
SetWindowsHookExW
GetSubMenu
ReleaseDC
UnhookWindowsHookEx
GetDlgCtrlID

gdi32

CreateFontIndirectW
CreateSolidBrush
GetTextMetricsW
GetTextExtentPoint32W
StretchBlt
CreatePen
SetTextColor
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
SelectObject
SetPixel
Rectangle
GetStockObject

advapi32

RegQueryValueExW
RegSetValueExW
RegQueryValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

shell32

DragFinish
DragQueryFileW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleInitialize

gdiplus

GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FlvPlayer.exe.manifest
.xml
Lang/lang_chn.ini
Lang/lang_eng.ini
Lang/lang_jpn.ini
Lang/language_lookup.ini
Lang/res/btn_browser_video_c.BMP
Lang/res/btn_browser_video_d.BMP
Lang/res/btn_browser_video_h.BMP
Lang/res/btn_browser_video_n.BMP
Lang/res/btn_custom_video_c.BMP
Lang/res/btn_custom_video_d.BMP
Lang/res/btn_custom_video_h.BMP
Lang/res/btn_custom_video_n.BMP
Lang/res/btn_play_video_c.BMP
Lang/res/btn_play_video_d.BMP
Lang/res/btn_play_video_h.BMP
Lang/res/btn_play_video_n.BMP
Lang/res/btn_publish_video_c.BMP
Lang/res/btn_publish_video_d.BMP
Lang/res/btn_publish_video_h.BMP
Lang/res/btn_publish_video_n.BMP
Lang/res/btn_stop_video_c.BMP
Lang/res/btn_stop_video_d.BMP
Lang/res/btn_stop_video_h.BMP
Lang/res/btn_stop_video_n.BMP
Lang/res/caption.bmp
Lang/res/caption_logo.bmp
Lang/res/close_d.bmp
Lang/res/close_m.bmp
Lang/res/close_n.bmp
Lang/res/logo.bmp
Lang/res/logo_bk.bmp
Lang/res/max_d.bmp
Lang/res/max_m.bmp
Lang/res/max_n.bmp
Lang/res/menu-hl.bmp
Lang/res/menu-normal.bmp
Lang/res/minimize_d.bmp
Lang/res/minimize_m.bmp
Lang/res/minimize_n.bmp
Lang/res/side_board.bmp
Lang/res/toolbar_bk.bmp
apps/ffmpeg.exe
.exe windows:4 windows x86 arch:x86

0b79d678fa46f85fdf5cf25bab6d1a86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
Sleep

msvcrt

_close
_getch
_kbhit
_open
_read
_setmode
_tempnam
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_atoi64
_cexit
_errno
_filbuf
_iob
_isctype
_lseeki64
_onexit
_pctype
_setjmp
_setmode
_stricmp
_vsnprintf
abort
acos
asin
atan
atexit
atof
atoi
calloc
ceil
cos
cosh
exit
exp
fclose
fflush
fgetc
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
getenv
gmtime
ldexp
localtime
log
log10
longjmp
malloc
memchr
memcpy
memmove
memset
mktime
perror
pow
printf
putchar
puts
qsort
rand
realloc
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strchr
strcmp
strcpy
strncmp
strncpy
strrchr
strstr
strtod
strtol
tan
tanh
time
tolower
toupper
vfprintf
vsprintf

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
inet_ntoa
ioctlsocket
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 948KB - Virtual size: 948KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
help_Web FLV Player.chm
.chm
player/flvplayer.html
.html
player/flvpreview.html
.html
player/player.swf
player/web_player.swf
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 20KB - Virtual size: 20KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

82dc01db4359fff7e4526c5f256f4202

Headers

File Characteristics

Imports

imagehlp

version

wininet

msvcp60

msvcrt

mfc42u

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 832KB - Virtual size: 828KB

0b79d678fa46f85fdf5cf25bab6d1a86

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rodata Size: 11KB - Virtual size: 10KB

.data Size: 68KB - Virtual size: 67KB

.rdata Size: 948KB - Virtual size: 948KB

.bss Size: - Virtual size: 1.6MB

.idata Size: 3KB - Virtual size: 3KB

099c0646ea7282d232219f8807883be0

Headers

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 832KB - Virtual size: 828KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rodata
Size: 11KB - Virtual size: 10KB

.data
Size: 68KB - Virtual size: 67KB

.rdata
Size: 948KB - Virtual size: 948KB

.bss
Size: - Virtual size: 1.6MB

.idata
Size: 3KB - Virtual size: 3KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 20KB - Virtual size: 20KB