1c594d709624cb576a2e66f3739d2ea7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c594d709624cb576a2e66f3739d2ea7_JaffaCakes118
Size

494KB
MD5

1c594d709624cb576a2e66f3739d2ea7
SHA1

9dacb6b153d9be9470d7f381b75aea716d368133
SHA256

1d6fcfa9b095b35fbd5e65e5cb5eac7c93cee16e61ca55cdda8b7cdc0dc47552
SHA512

481a6ff5227acb897113c29f260e670336eeb16b7f0917bbdbd0e8e41c9db266c9123dbcb1c78c7c62dfcfab27eeee6975a7ea57b8dc3d34620920a67587096a
SSDEEP

12288:PN1asEfnpdm7qUn97pkU9FMIBBzmvadgJYIGpzZesdV:4v/mZ9KU7LwAgJYIiUeV

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/viruscol3/1/W95JOKE.EXE
unpack001/viruscol3/2/Annoy.exe
unpack001/viruscol3/2/VB40032.DLL
unpack001/viruscol3/5/DeskIconsLib.dll
unpack001/viruscol3/5/SwappingIcons.exe
unpack001/viruscol3/6/Light.exe

Files

1c594d709624cb576a2e66f3739d2ea7_JaffaCakes118
.7z
viruscol3/1/W95JOKE.EXE
.exe windows:4 windows x86 arch:x86

c75180bede4a57beee7ea0374f24c648

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
Sleep
GetProcAddress
ExitProcess
LCMapStringA
GetStringTypeW
LCMapStringW
LoadLibraryA
HeapAlloc
GetStringTypeA
WriteFile
HeapFree
GetStdHandle
GetFileType
HeapCreate
GetOEMCP
GetACP
SetHandleCount
WideCharToMultiByte
GetEnvironmentStringsW
GetCPInfo
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetProfileIntA
UnhandledExceptionFilter
FreeEnvironmentStringsA
TerminateProcess
GetCurrentProcess
RtlUnwind

user32

GetWindowLongA
SetParent
SetWindowPos
SetWindowLongA
SendMessageA
DestroyWindow
PostQuitMessage
DefWindowProcA
MessageBoxA
WinHelpA
GetFocus
LoadCursorA
CreateWindowExA
LoadIconA
GetWindow
RegisterClassA
FindWindowA
SetTimer
SetForegroundWindow
LoadBitmapA
DispatchMessageA
GetMessageA
TranslateMessage

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
viruscol3/2/Annoy.exe
.exe windows:4 windows x86 arch:x86

e449e571e1b97b504857c79c49df2a8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

vb40032

ord100
ord187
ord199
ord593
ord595

Sections

.text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
viruscol3/2/VB40032.DLL
.dll windows:1 windows x86 arch:x86

07bebe0245f57bd5ea8738e7cd4d783f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt20

_CIexp
_except_handler3
_adjust_fdiv
_initterm
_onexit
__dllonexit
strtoul
_ultoa
atol
_ltoa
exit
_isatty
memcpy
wcslen
_chdrive
_getdrive
strchr
memmove
getenv
_clearfp
_ftol
_chdir
_errno
_getdcwd
_chmod
strncpy
_access
_getcwd
free
__p__pctype
modf
_splitpath
memchr
floor
_CIpow
_adj_fdivr_m32
_adj_fdiv_r
_adj_fdiv_m32i
_adj_fdivr_m64
_adj_fdiv_m64
_adj_fdiv_m32
__p__environ
__p__wenviron
_wgetenv
qsort
_adj_fpatan
_locking
_close
_lseek
_write
_read
_sopen
rename
_purecall
remove
_rmdir
_mkdir
_findfirst
_findnext
_findclose
__doserrno
_commit
wcstod
strtod
wcspbrk
wcsncmp
_fcvt
_ecvt
_itoa
strstr
toupper
strpbrk
strrchr
iswctype
wcschr
wcscat
_wcsicmp
atoi
wcscmp
wcsncpy
_isctype
__p___mb_cur_max
malloc
wcscpy
_strnicmp
_fpreset
_statusfp
_exit

kernel32

CreateFileMappingA
LocalAlloc
LocalFree
SetHandleCount
GetSystemDirectoryA
SetErrorMode
GetCurrentProcessId
FileTimeToLocalFileTime
Sleep
GetSystemTime
LoadLibraryExA
GlobalDeleteAtom
ExitProcess
UnhandledExceptionFilter
GetStartupInfoA
CloseHandle
SetLocalTime
VirtualProtect
GetVersionExA
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
IsValidCodePage
LoadLibraryW
LCMapStringA
LCMapStringW
CompareStringW
GetUserDefaultLangID
CreateProcessW
RtlUnwind
RaiseException
FormatMessageW
WinExec
GetVersion
GetCurrentProcess
FlushInstructionCache
CompareStringA
lstrcmpiW
MultiByteToWideChar
CreateProcessA
GetUserDefaultLCID
GetLocaleInfoA
FreeResource
WaitForSingleObject
GetExitCodeProcess
VirtualFree
VirtualQuery
VirtualAlloc
GetCurrentThreadId
GlobalSize
WideCharToMultiByte
GetProfileStringA
GetModuleHandleA
GlobalAddAtomA
SearchPathA
GlobalReAlloc
GetFileAttributesA
CreateFileA
GetFullPathNameA
SetLastError
GetFileType
GlobalHandle
SizeofResource
FindResourceA
LoadResource
LockResource
_lwrite
_lread
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
_llseek
GetLastError
_lclose
MulDiv
GetPrivateProfileStringA
IsBadReadPtr
SetCurrentDirectoryA
lstrcmpiA
GetTickCount
GetVolumeInformationA
GetDriveTypeA
GetCurrentDirectoryA
GetShortPathNameA
FindFirstFileA
FindClose
GlobalAlloc
lstrcatA
IsDBCSLeadByte
lstrlenA
GlobalFree
GlobalLock
lstrcpyA
GlobalUnlock
lstrcmpA
GetProcAddress
GetModuleFileNameA
LoadLibraryA
GetLocalTime
FreeLibrary
SetFileAttributesA
GetCommandLineA

user32

SendDlgItemMessageA
ClientToScreen
ScreenToClient
GetMessagePos
FillRect
GetMessageTime
ReleaseDC
SetWindowPos
GetClassNameA
GetParent
InvalidateRect
UpdateWindow
SetMenuDefaultItem
DispatchMessageA
GetDoubleClickTime
TrackPopupMenu
UnhookWindowsHookEx
EnableWindow
IsWindow
PostMessageA
CallWindowProcA
GetWindow
CharNextA
InflateRect
DrawFocusRect
CharPrevA
LoadBitmapA
GetWindowTextA
CopyRect
CharLowerA
GetCaretPos
KillTimer
SetCaretPos
GetWindowDC
DestroyIcon
CharUpperA
IsIconic
GetWindowTextLengthA
IsZoomed
SetFocus
DrawMenuBar
DestroyMenu
WinHelpA
DefMDIChildProcA
SetActiveWindow
FindWindowW
CharUpperBuffA
CharUpperBuffW
LoadStringW
SetWindowsHookExW
CharLowerBuffW
VkKeyScanW
GetKeyboardState
keybd_event
SetKeyboardState
GetForegroundWindow
GetWindowLongA
VkKeyScanA
DeferWindowPos
EndDeferWindowPos
MoveWindow
BeginDeferWindowPos
GetClientRect
GetSystemMenu
IsWindowVisible
SetWindowTextA
wsprintfA
WaitForInputIdle
CloseClipboard
EmptyClipboard
OpenClipboard
SetScrollRange
ShowWindow
IsClipboardFormatAvailable
GetKeyState
IsChild
GetCapture
GetFocus
SendMessageA
MapWindowPoints
GetWindowRect
DdeConnect
DdeFreeStringHandle
DdeFreeDataHandle
DdeCreateStringHandleA
DdeNameService
DdeQueryStringA
DdeQueryConvInfo
DdeUninitialize
DdeInitializeA
DdeSetUserHandle
FindWindowA
SetWindowLongA
SetRect
CharToOemA
LoadStringA
UnregisterClassA
SetWindowWord
GetClassLongA
DestroyWindow
GetAsyncKeyState
SetPropA
GetPropA
RemovePropA
GetTabbedTextExtentA
CreateIcon
CreateCursor
EnumClipboardFormats
DestroyCursor
GetCursor
LoadIconA
IsDialogMessageA
IsRectEmpty
CreateDialogParamA
GetLastActivePopup
PostQuitMessage
MessageBeep
DialogBoxParamA
MessageBoxA
DrawIcon
EndDialog
SetDlgItemTextA
CreatePopupMenu
GetMenu
OffsetRect
BringWindowToTop
LoadAcceleratorsA
TranslateMDISysAccel
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemBuffA
OemToCharA
ShowCursor
PostThreadMessageA
WaitMessage
CallNextHookEx
SetWindowsHookExA
RegisterWindowMessageA
AttachThreadInput
DdeClientTransaction
DdeAbandonTransaction
DdePostAdvise
DdeCreateDataHandle
DdeGetData
DdeGetLastError
SetCursor
PtInRect
SetMenu
DdeDisconnect
GetUpdateRgn
SetCapture
WindowFromPoint
ReleaseCapture
GetScrollPos
SetParent
SetTimer
LoadCursorA
SetScrollPos
SetCursorPos
GetClipboardData
SetClipboardData
SetForegroundWindow
PeekMessageA
GetCursorPos
CheckMenuItem
ModifyMenuA
GetMenuState
GetMenuItemID
GetDlgItem
GetSubMenu
GetMenuStringA
AppendMenuA
GetMenuItemCount
DeleteMenu
RegisterClassA
DefFrameProcA
TabbedTextOutA
IntersectRect
IsWindowEnabled
TranslateMessage
RemoveMenu
EnableMenuItem
GetActiveWindow
InsertMenuA
GetClassInfoA
DrawTextA
GetDC
CharLowerBuffA
GetSystemMetrics
GetSysColor
FrameRect
ValidateRect
CreateMenu
CreateWindowExA
SetWindowContextHelpId
BeginPaint
EndPaint
DefWindowProcA
GetDesktopWindow
GetWindowThreadProcessId

gdi32

OffsetWindowOrgEx
SaveDC
CreateSolidBrush
GetTextExtentPointA
UnrealizeObject
SetBkColor
CreateHatchBrush
CreatePen
SelectObject
SetTextColor
SetBrushOrgEx
PatBlt
StretchBlt
ExtTextOutA
GetClipBox
RealizePalette
SetBkMode
GetTextMetricsA
GetStockObject
GetViewportExtEx
GetDeviceCaps
SelectPalette
MoveToEx
SetROP2
GetObjectA
RestoreDC
GetROP2
LineTo
CreateCompatibleBitmap
IntersectClipRect
Escape
RoundRect
CreateCompatibleDC
DeleteDC
CombineRgn
Ellipse
CreateDCA
ExcludeClipRect
SetRectRgn
Rectangle
GetWindowExtEx
SetWindowOrgEx
CreateRectRgn
TextOutA
SetAbortProc
BitBlt
EnumFontsA
CreateBrushIndirect
Arc
CreatePenIndirect
SetStretchBltMode
GetPixel
Pie
StretchDIBits
CreateBitmap
GetBitmapBits
CopyEnhMetaFileA
CreatePalette
CopyMetaFileA
CreateDIBitmap
GetPaletteEntries
GetNearestColor
ScaleViewportExtEx
SetViewportExtEx
GetDIBits
SetWindowExtEx
SetMapMode
SetViewportOrgEx
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
SelectClipRgn
CreateRectRgnIndirect
PlayMetaFile
CreateICA
EndDoc
StartPage
EndPage
AbortDoc
ResetDCA
CreatePatternBrush
StartDocA
DeleteObject
GetBkColor

advapi32

RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExA
RegCloseKey
RegQueryValueW
RegEnumValueA
RegEnumValueW
RegEnumKeyW
RegDeleteValueA
RegOpenKeyA
RegDeleteKeyW
RegOpenKeyW
RegSetValueExA
RegSetValueExW
RegSetValueW
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegQueryValueA

ole32

OleCreateFromFile
OleQueryCreateFromData
ReadClassStm
OleSaveToStream
CoIsOle1Class
OleDoAutoConvert
OleLoad
OleSave
OleQueryLinkFromData
MkParseDisplayName
CoLockObjectExternal
CreateILockBytesOnHGlobal
OleDuplicateData
CoGetMalloc
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleBuildVersion
BindMoniker
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
OleCreateLinkToFile
GetClassFile
CLSIDFromProgID
OleGetAutoConvert
IsAccelerator
CoCreateInstance
OleSetMenuDescriptor
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
ReadClassStg
WriteClassStg
OleRun
CreateBindCtx
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
ReleaseStgMedium
OleIsRunning
StgCreateDocfile
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
ProgIDFromCLSID
StringFromCLSID
StringFromGUID2
CoFreeUnusedLibraries
CoGetClassObject
IsValidInterface
CoDisconnectObject
CreateStreamOnHGlobal
OleUninitialize
StgIsStorageILockBytes

oleaut32

RegisterTypeLi
SafeArrayGetLBound
DispInvoke
VariantInit
VariantChangeType
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysFreeString
SysAllocStringByteLen
SysStringLen
SysAllocString
SafeArrayDestroy
SysStringByteLen
GetErrorInfo
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
LoadRegTypeLi
LoadTypeLi
CreateDispTypeInfo
DispGetIDsOfNames
OaBuildVersion
VarUI1FromI2
SafeArrayGetUBound
GetActiveObject
VarBstrFromDate
VarBstrFromR4
SafeArrayLock
SafeArrayUnlock
VariantCopy
VariantCopyInd
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayDestroyData
RevokeActiveObject
VarDateFromStr
VarR8FromStr
VarCyFromStr
VarBstrFromCy
VarI2FromStr
VarCyFromR8
SysReAllocStringLen
SafeArrayPutElement
VariantChangeTypeEx
SafeArrayGetElement
SafeArrayGetDim
SafeArrayRedim
VarCyFromI4
VarBstrFromI2
VarBstrFromI4
VarBstrFromR8
SysReAllocString
VarI4FromStr
VarI4FromR8
VarR4FromStr
VarI2FromI4
VarR4FromR8

olepro32

ord254
ord252
ord248
ord251
ord250
ord253

Exports

Exports

AssignRecord
CopyRecord
CreateIExprSrvObj
DestructRecord
DllFunctionCall
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbResetProject
EbResetProjectNormal
GetMem1
GetMem2
GetMem4
GetMem8
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
IntlInitializeTable
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceProject
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFixVar
rtcFreeFile
rtcGetAllSettings
rtcGetDateBstr
rtcGetDateValue
rtcGetDateVar
rtcGetDayOfMonth
rtcGetDayOfWeek
rtcGetErl
rtcGetFileAttr
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetObject
rtcGetPresentDate
rtcGetProjectLCID
rtcGetSecondOfMinute
rtcGetSetting
rtcGetTimeBstr
rtcGetTimeValue
rtcGetTimeVar
rtcGetTimer
rtcGetYear
rtcHexBstrFromVar
rtcHexVarFromVar
rtcIMEStatus
rtcIPMT
rtcIRR
rtcImmediateIf
rtcInStr
rtcInStrChar
rtcInputBox
rtcInputCharCount
rtcInputCharCountVar
rtcInputCount
rtcInputCountVar
rtcIntVar
rtcIsArray
rtcIsDate
rtcIsEmpty
rtcIsError
rtcIsMissing
rtcIsNull
rtcIsNumeric
rtcIsObject
rtcKillFiles
rtcLeftBstr
rtcLeftCharBstr
rtcLeftCharVar
rtcLeftTrimBstr
rtcLeftTrimVar
rtcLeftVar
rtcLenCharVar
rtcLenVar
rtcLog
rtcLowerCaseBstr
rtcLowerCaseVar
rtcMIRR
rtcMacId
rtcMakeDir
rtcMidBstr
rtcMidCharBstr
rtcMidCharVar
rtcMidVar
rtcMsgBox
rtcNPV
rtcNPer
rtcOctBstrFromVar
rtcOctVarFromVar
rtcPMT
rtcPPMT
rtcPV
rtcPackDate
rtcPackTime
rtcPartition
rtcQBColor
rtcR8ValFromBstr
rtcRandomNext
rtcRandomize
rtcRate
rtcRemoveDir
rtcRgb
rtcRightBstr
rtcRightCharBstr
rtcRightCharVar
rtcRightTrimBstr
rtcRightTrimVar
rtcRightVar
rtcSLN
rtcSYD
rtcSaveSetting
rtcSendKeys
rtcSetDateBstr
rtcSetDateVar
rtcSetFileAttr
rtcSetTimeBstr
rtcSetTimeVar
rtcSgnVar
rtcShell
rtcSin
rtcSpaceBstr
rtcSpaceVar
rtcSqr
rtcStrConvVar
rtcStrFromVar
rtcStringBstr
rtcStringVar
rtcSwitch
rtcTan
rtcTrimBstr
rtcTrimVar
rtcTypeName
rtcUpperCaseBstr
rtcUpperCaseVar
rtcVarBstrFromAnsi
rtcVarBstrFromByte
rtcVarBstrFromChar
rtcVarDateFromVar
rtcVarFromError
rtcVarFromFormatVar
rtcVarFromVar
rtcVarStrFromVar
rtcVarType

Sections

.text
Size: 515KB - Virtual size: 514KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
viruscol3/3/drifting.exe
viruscol3/4/a-cool.exe
viruscol3/5/DeskIconsLib.dll
.dll windows:4 windows x86 arch:x86

600e543310f241c0f1e82d151fae90b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileType
GetACP
GetOEMCP
SetStdHandle
CloseHandle
SetFilePointer
LoadLibraryA
GetProcAddress
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetCurrentThreadId
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
LCMapStringA
LCMapStringW

user32

UnhookWindowsHookEx
CallNextHookEx
PostThreadMessageA
SetWindowsHookExA
SendMessageA
CreateDialogParamA
DestroyWindow
SetWindowLongA
GetWindowLongA

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA

Exports

Exports

_Bottom@0
_GetImageIndex@8
_HitEdge@0
_Left@0
_Right@0
_SetDIPSHook@4
_SetImageIndex@12
_Top@0
_X@0
_Y@0

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
viruscol3/5/SwappingIcons.exe
.exe windows:4 windows x86 arch:x86

702063d999d87b1adf47be41c9466ace

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
FlushFileBuffers
SetStdHandle
CloseHandle
SetEnvironmentVariableA
CompareStringW
SetFilePointer
HeapReAlloc
CompareStringA
InterlockedIncrement
OutputDebugStringA
GetLastError
LoadLibraryA
GetProcAddress
InterlockedDecrement
VirtualAlloc
HeapFree
HeapAlloc
LCMapStringA
HeapValidate
LCMapStringW
FreeEnvironmentStringsA
WriteFile
IsBadWritePtr
GetStringTypeW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
DebugBreak
GetModuleFileNameA
GetOEMCP
GetStringTypeA
IsBadReadPtr
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind

user32

GetActiveWindow
wsprintfA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
DestroyIcon
PostQuitMessage
DefWindowProcA
GetTopWindow
FindWindowA
MessageBoxA
GetWindowThreadProcessId
IsWindow
SendMessageA
LoadCursorA
GetMessageA
LoadIconA
CreateWindowExA
RegisterClassExA
LoadStringA
LoadImageA
ShowWindow
UpdateWindow

gdi32

GetStockObject

shell32

Shell_NotifyIconA

deskiconslib

_SetDIPSHook@4

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
viruscol3/6/Light.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c75180bede4a57beee7ea0374f24c648

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

e449e571e1b97b504857c79c49df2a8f

Headers

File Characteristics

Imports

vb40032

Sections

.text Size: 6KB - Virtual size: 8KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

07bebe0245f57bd5ea8738e7cd4d783f

Headers

File Characteristics

Imports

msvcrt20

kernel32

user32

gdi32

advapi32

ole32

oleaut32

olepro32

Exports

Exports

Sections

.text Size: 515KB - Virtual size: 514KB

ENGINE Size: 45KB - Virtual size: 44KB

.bss Size: - Virtual size: 7KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 35KB - Virtual size: 34KB

.idata Size: 15KB - Virtual size: 14KB

.edata Size: 12KB - Virtual size: 11KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 35KB - Virtual size: 35KB

600e543310f241c0f1e82d151fae90b6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 15KB

Shared Size: 512B - Virtual size: 88B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

702063d999d87b1adf47be41c9466ace

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

deskiconslib

Sections

.text Size: 42KB - Virtual size: 42KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 8KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 515KB - Virtual size: 514KB

ENGINE
Size: 45KB - Virtual size: 44KB

.bss
Size: - Virtual size: 7KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 35KB - Virtual size: 34KB

.idata
Size: 15KB - Virtual size: 14KB

.edata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 35KB - Virtual size: 35KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 15KB

Shared
Size: 512B - Virtual size: 88B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 11KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

CODE
Size: 316KB - Virtual size: 316KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 103KB - Virtual size: 103KB