0e596266498dc3fc0bfd3f809c571fae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e596266498dc3fc0bfd3f809c571fae_JaffaCakes118
Size

932KB
MD5

0e596266498dc3fc0bfd3f809c571fae
SHA1

c0a68777df7bb28b9826aeb4258d700e217e25f4
SHA256

21bc71499a3ed17ae55bd22c68b02c40939defdf28d10ebc3481e706b7f8a71e
SHA512

3a6d0014da8a51c68076cc5e68bafc769798da8a930f0b3bd9c1d3af8edb2c3fe878153166aedf1174043e76029051ead0e2084e032a5b5e410d60957fd198e7
SSDEEP

24576:tmUVlLRhQjuVgrCP0T2DyX2OMU8peNt+sP:korQjuEu0wQspOR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keygen.exe	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/949.dll
unpack001/editplus.exe
unpack001/eppie.exe
unpack001/eppshell.dll
unpack001/eppshell64.dll
unpack001/eppshellreg.exe
unpack001/keygen.exe
unpack002/out.upx
unpack001/launcher.exe
unpack001/remove.exe
unpack001/setup_ep.exe

Files

0e596266498dc3fc0bfd3f809c571fae_JaffaCakes118
.rar
949.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ansi.ctl
codepage.txt
control.ctl
cpp.acp
.js
cpp.stx
cs.stx
css.ctl
css.stx
css2.ctl
editplus.chm
.chm
editplus.exe
.exe windows:4 windows x86 arch:x86

2597f30e8c8d52d3c036484010a44f07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowCaret
GetClipboardData
RegisterClipboardFormatA
SetCursorPos
GetMessageTime
GetDoubleClickTime
HideCaret
DefWindowProcA
LoadCursorA
SetCursor
IsClipboardFormatAvailable
UnpackDDElParam
ReuseDDElParam
EnableMenuItem
GetMenu
GetMessagePos
TranslateAcceleratorA
TranslateMDISysAccel
ModifyMenuA
DestroyAcceleratorTable
GetFocus
IsChild
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
GetDesktopWindow
WinHelpA
LoadStringA
RemoveMenu
CreatePopupMenu
GetKeyboardLayout
CreateAcceleratorTableA
CopyAcceleratorTableA
FindWindowA
OpenClipboard
GetSysColor
GetSysColorBrush
CharLowerA
CharUpperA
IsCharUpperA
IsCharLowerA
IsCharAlphaNumericA
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
IsWindowEnabled
GetActiveWindow
SetActiveWindow
EmptyClipboard
SetClipboardData
CloseClipboard
ClientToScreen
GetDlgItem
SetWindowPos
DrawTextA
MessageBeep
SetWindowTextA
GetWindowTextLengthA
GetWindowTextA
AppendMenuA
GetMenuStringA
InsertMenuA
DestroyMenu
CreateCaret
SetForegroundWindow
LoadMenuA
GetSubMenu
DeleteMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenuEx
SystemParametersInfoA
LoadAcceleratorsA
DdeClientTransaction
DdeDisconnect
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
DdeInitializeA
DdeUninitialize
SetWindowTextW
GetWindow
GetWindowTextLengthW
GetWindowTextW
RegisterWindowMessageA
InvalidateRgn
GetDC
ReleaseDC
InvalidateRect
LoadBitmapA
InflateRect
GetNextDlgGroupItem
PostThreadMessageA
InvertRect
LockWindowUpdate
GetDCEx
DestroyIcon
MapDialogRect
SetRect
OffsetRect
IsIconic
UpdateWindow
ChangeClipboardChain
SetClipboardViewer
IsZoomed
GetKeyState
CharUpperW
IsWindow
IsWindowVisible
GetClassLongA
SetClassLongA
CharLowerW
TabbedTextOutA
FillRect
EnableWindow
GetCapture
KillTimer
GetCursorPos
ScreenToClient
PtInRect
SetCapture
SetTimer
ReleaseCapture
PostMessageA
GetParent
SendMessageA
GetWindowRect
GetClientRect
SetCaretPos
GetCaretPos
SetFocus
GetTabbedTextExtentA
GetScrollPos
PostQuitMessage
SetRectEmpty
DrawFocusRect
GetKeyNameTextA
MapVirtualKeyA
GetMenuItemInfoA
GetForegroundWindow
DrawMenuBar
wsprintfA
SetWindowContextHelpId
CharNextA
GetClassNameA
GetSystemMenu
IsRectEmpty
SetParent
WindowFromPoint
GetWindowThreadProcessId
WaitMessage
GetMessageA
TranslateMessage
ValidateRect
ShowOwnedPopups
DestroyCursor
SetMenu
RedrawWindow
DefMDIChildProcA
DefFrameProcA
BringWindowToTop
GrayStringA
EndPaint
BeginPaint
GetWindowDC
wvsprintfA
ShowWindow
MoveWindow
IsDialogMessageA
ScrollWindowEx
SetDlgItemTextA
GetMenuCheckMarkDimensions
GetMenuState
GetSystemMetrics
GetWindowPlacement
IntersectRect
SetWindowLongA
GetWindowLongA
GetLastActivePopup
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
SetWindowPlacement
TrackPopupMenu
RegisterClassA
GetClassInfoA
MessageBoxA
GetTopWindow
SetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EqualRect
DispatchMessageA
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
LoadIconA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
UnregisterClassA

comctl32

ImageList_LoadImageA
ord17
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_AddMasked

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetSystemTime
GetCurrentDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
CloseHandle
FindFirstFileA
CreateFileMappingA
OpenFileMappingA
FindNextFileA
SetCurrentDirectoryA
GetModuleFileNameA
GetACP
LoadLibraryA
GetCPInfo
GetStringTypeExA
GetThreadLocale
lstrlenA
lstrcmpiA
GetFullPathNameA
GetProcAddress
LocalFree
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
MulDiv
DeleteFileA
GetTempFileNameA
GetTempPathA
SystemTimeToFileTime
WaitForSingleObject
LoadResource
LockResource
IsValidCodePage
GetVersionExA
SetEndOfFile
CreateFileA
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetShortPathNameA
FormatMessageA
GetLocaleInfoA
IsDBCSLeadByte
CreateProcessA
GlobalAddAtomA
GlobalGetAtomNameA
SearchPathA
GetProfileIntA
ExpandEnvironmentStringsA
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
EnumSystemCodePagesA
GetExitCodeProcess
UnmapViewOfFile
GetStdHandle
SetConsoleCtrlHandler
CreatePipe
MapViewOfFile
SuspendThread
ResumeThread
GetVolumeInformationA
lstrcpyA
GetDriveTypeA
InterlockedExchange
RaiseException
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GetCurrentThreadId
lstrcatA
GetVersion
InterlockedIncrement
InterlockedDecrement
SetLastError
lstrcmpA
lstrcpynA
SetEvent
SetThreadPriority
CreateEventA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
MoveFileA
GetFileAttributesA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetOEMCP
SetErrorMode
LocalFileTimeToFileTime
GlobalSize
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
HeapSize
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
FindClose
GetDateFormatA
GetTimeFormatA
WideCharToMultiByte
MultiByteToWideChar
CopyFileA
GetTickCount
FindResourceA
GlobalMemoryStatus
Sleep
SetEnvironmentVariableA

gdi32

GetPolyFillMode
GetStretchBltMode
GetNearestColor
CopyMetaFileA
LPtoDP
GetViewportOrgEx
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
SetRectRgn
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetTextAlign
GetCurrentPositionEx
IntersectClipRect
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
StartDocA
GetClipBox
StretchDIBits
CreateDIBitmap
CreatePatternBrush
ExtTextOutW
SetTextAlign
SelectClipRgn
CreatePolygonRgn
CreateRectRgn
CombineRgn
GetRgnBox
Polygon
GetBkColor
GetCharABCWidthsA
GetOutlineTextMetricsA
GetDeviceCaps
GetTextExtentPoint32W
CreateICA
EnumFontFamiliesExA
GetTextMetricsA
Rectangle
CreateRectRgnIndirect
GetStockObject
CreateSolidBrush
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
GetBkMode
GetTextColor
CreatePen
MoveToEx
LineTo
PatBlt
SetBkColor
CreateDCA
SelectObject
GetROP2
GetTextFaceA
GetCharWidthA
GetWindowOrgEx
CreateCompatibleDC
BitBlt
DeleteDC
SetTextColor
SetBkMode
ExtTextOutA
CreateFontIndirectA
DeleteObject
GetObjectA
GetTextExtentPoint32A
CreateCompatibleBitmap

comdlg32

CommDlgExtendedError
ChooseColorA
GetFileTitleA
PrintDlgA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

SetSecurityDescriptorDacl
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyA
RegOpenKeyA
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegCloseKey
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
RegOpenKeyExA
RegEnumValueA
RegSetValueA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetFileInfoA
DragQueryFileA
ShellExecuteExA
SHFileOperationA
SHBrowseForFolderA
SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA
SHChangeNotify
ShellExecuteA
ExtractIconA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoFreeUnusedLibraries
OleUninitialize
CoRegisterMessageFilter
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemFree
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoRevokeClassObject
OleDuplicateData
OleGetClipboard
CreateStreamOnHGlobal
OleInitialize

Sections

.text
Size: 1003KB - Virtual size: 1002KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
epp231p441.txt
eppie.exe
.exe windows:4 windows x86 arch:x86

e510161895848a46a595e94769b9511d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

kernel32

GetStringTypeW
GetStdHandle
CreateProcessA
lstrcpyA
lstrcatA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
eppshell.dll
.dll regsvr32 windows:4 windows x86 arch:x86

94e469130973374b4ce15cb4de3eda48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

InsertMenuA
DdeConnect
DdeInitializeA
DdeCreateStringHandleA
wsprintfA
DdeFreeStringHandle
DdeClientTransaction
DdeDisconnect
DdeUninitialize

advapi32

RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

DragQueryFileA

ole32

ReleaseStgMedium

kernel32

LoadLibraryA
MultiByteToWideChar
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetProcAddress
HeapAlloc
GetACP
GetCPInfo
HeapReAlloc
lstrlenA
GetModuleFileNameA
GlobalFree
GlobalUnlock
lstrcpyA
GlobalLock
GlobalAlloc
Sleep
CreateProcessA
lstrcatA
lstrcpynW
lstrcpynA
GetCommandLineA
GetVersion
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
VirtualAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eppshell64.dll
.dll regsvr32 windows:4 windows x64 arch:x64

4db6e97dff52dd37cbac3e1e35687b5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
DdeClientTransaction
DdeDisconnect
DdeUninitialize
InsertMenuA
wsprintfA

advapi32

RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

DragQueryFileA

ole32

ReleaseStgMedium

msvcrt

malloc
free
_initterm
??3@YAXPEAX@Z
memset
??2@YAPEAX_K@Z

kernel32

lstrcpyA
GlobalLock
GlobalFree
GlobalAlloc
Sleep
CreateProcessA
lstrcatA
lstrcpynA
GlobalUnlock
GetModuleFileNameA
lstrlenA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
lstrcpynW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eppshellreg.exe
.exe windows:4 windows x64 arch:x64

cd75c446262d431a3a5df0b0bfe940c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler

kernel32

LoadLibraryA
GetStartupInfoA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleFileNameA
lstrlenA
FreeLibrary
GetProcAddress
lstrcpyA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file_id.diz
html.ctl
html.stx
html4.ctl
htmlbar.acp
java.acp
.js
java.stx
js.stx
jsp.stx
keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
launcher.exe
.exe windows:4 windows x86 arch:x86

46583813f95cfe7dca7a9318723a71e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
UnmapViewOfFile
FlushFileBuffers
WriteFile
ExitProcess
WaitForSingleObject
GenerateConsoleCtrlEvent
ReadFile
CreateProcessA
SetConsoleCtrlHandler
GetStdHandle
CreatePipe
MapViewOfFile
OpenFileMappingA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
license.txt
perl.acp
perl.stx
php.stx
readme.txt
remove.exe
.exe windows:4 windows x86 arch:x86

b7426e1e3dfa0a5e17abb7ad72d9a0b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueA
RegSetValueA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA

user32

CallWindowProcA
BeginPaint
SendMessageA
GetWindowLongA
GetClientRect
EndPaint
GetWindowTextA
SetWindowTextA
InvalidateRect
UpdateWindow
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
SetWindowPos
EndDialog
GetDlgItem
SetWindowLongA
GetSysColor
SetForegroundWindow
LoadStringA
MessageBoxA
DialogBoxParamA
wsprintfA
PostMessageA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

gdi32

SelectObject
GetTextColor
GetBkColor
SetTextColor
SetBkColor
GetTextExtentPoint32A
ExtTextOutA

kernel32

SetFilePointer
HeapAlloc
GetStringTypeW
GetStringTypeA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
HeapFree
ReadFile
GetLastError
GetFileType
GetStdHandle
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetCPInfo
GetOEMCP
SetEndOfFile
RtlUnwind
lstrlenA
GetModuleFileNameA
GetACP
CreateThread
ResumeThread
SuspendThread
lstrcmpA
GetShortPathNameA
lstrcatA
lstrcpyA
WaitForSingleObject
DeleteFileA
RemoveDirectoryA
MulDiv
FreeLibrary
GetProcAddress
LoadLibraryA
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTempPathA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup_ep.exe
.exe windows:4 windows x86 arch:x86

55efc4a63adc5b9b63db8999dfaa54a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowTextA
SendMessageA
SetForegroundWindow
GetDlgItem
PostQuitMessage
DefWindowProcA
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
SetWindowPos
CreateWindowExA
GetWindowPlacement
SetWindowPlacement
DialogBoxParamA
EndDialog
GetDC
ReleaseDC
SetRect
OffsetRect
FillRect
CharLowerA
FindWindowA
IsIconic
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
CreateDialogParamA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
BeginPaint
GetWindowLongA
GetClientRect
EndPaint
InvalidateRect
UpdateWindow
DestroyWindow
SetWindowLongA
GetSysColor
GetSysColorBrush
CallWindowProcA
PostMessageA
GetWindowTextA
MessageBoxA
LoadStringA
wsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueA
RegSetValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetMalloc

gdi32

ExtTextOutA
GetTextExtentPoint32A
SetBkColor
CreateFontIndirectA
SetTextColor
GetBkColor
GetTextColor
SelectObject
CreateSolidBrush
SetBkMode
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt

ole32

CoUninitialize
CoInitialize
CoCreateInstance

kernel32

GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
WriteFile
GetProcAddress
GetCurrentProcess
GetExitCodeProcess
MultiByteToWideChar
GetACP
LoadLibraryA
GetModuleFileNameA
ExitProcess
CreateProcessA
lstrcmpA
OpenFileMappingA
GetVersionExA
RemoveDirectoryA
lstrcpynA
CopyFileA
MoveFileExA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetWindowsDirectoryA
WritePrivateProfileStringA
MulDiv
WaitForSingleObject
SuspendThread
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetOEMCP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeLibrary
ResumeThread
CreateThread
GetFileSize
ReadFile
CreateDirectoryA
FindClose
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA
lstrlenA
DeleteFileA
CloseHandle
CreateFileA
GetTempFileNameA
GetDriveTypeA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
template.cpp
template.html
.html
template.java
template.pl
.pl .sh linux
templatex.html
.html
vb.stx
.vbs
xhtml.ctl
xhtmlbar.acp
xml.stx
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.rsrc Size: 144KB - Virtual size: 142KB

.reloc Size: 4KB - Virtual size: 12B

2597f30e8c8d52d3c036484010a44f07

Headers

File Characteristics

Imports

user32

comctl32

version

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

oledlg

ole32

Sections

.text Size: 1003KB - Virtual size: 1002KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 46KB - Virtual size: 255KB

.rsrc Size: 183KB - Virtual size: 182KB

e510161895848a46a595e94769b9511d

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

94e469130973374b4ce15cb4de3eda48

Headers

File Characteristics

Imports

user32

advapi32

shell32

ole32

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 9KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

4db6e97dff52dd37cbac3e1e35687b5b

Headers

File Characteristics

Imports

user32

advapi32

shell32

ole32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 112B

cd75c446262d431a3a5df0b0bfe940c3

Headers

DLL Characteristics

File Characteristics

Imports

.rsrc
Size: 144KB - Virtual size: 142KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 1003KB - Virtual size: 1002KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 46KB - Virtual size: 255KB

.rsrc
Size: 183KB - Virtual size: 182KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 112B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 60B

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 43KB - Virtual size: 44KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 884B

.rsrc
Size: 72KB - Virtual size: 70KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 9KB - Virtual size: 9KB