227c781350e52b534ceecfc5f0dc8688_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

227c781350e52b534ceecfc5f0dc8688_JaffaCakes118
Size

2.9MB
MD5

227c781350e52b534ceecfc5f0dc8688
SHA1

aafd03d92e30d9e49a607a84910a56e6fa591966
SHA256

9294283d4b2261e6b1893aff42501cdd0451754ac25a74854ba57d8524555d75
SHA512

8e7077de5fc9eb1aa28442b5934d959ab3cb69051615fd6db9485d30590e5c91e441d87c044484a7e21558746cf4efd2d2fade0323160a357a1b01a3e53d1358
SSDEEP

49152:0nIyPuBZ5hook3aZAHKFr3bZU2WwN6LI3b8ElWy611iZ3Hv9E63VuPVxg1pgCjuN:0IeIZfooFZAHKd3bK2WwEKbfW1I0A1GB

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/wmsj-wmbl/v418.1/PubLib.dll	vmprotect
static1/unpack001/wmsj-wmbl/v418.1/Wmbl.exe	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wmsj-wmbl/v418.1/PubLib.dll
unpack001/wmsj-wmbl/v418.1/Wmbl.exe

Files

227c781350e52b534ceecfc5f0dc8688_JaffaCakes118
.rar
wmsj-wmbl/v418.1/155绿色软件站.url
.url
wmsj-wmbl/v418.1/PubLib.dll
.dll windows:4 windows x86 arch:x86

99a218a0f0a8966ea5d09e17ce8f277e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
RaiseException
GlobalFlags
InterlockedIncrement
ExitProcess
RtlUnwind
HeapAlloc
ExitThread
CreateThread
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
QueryPerformanceCounter
GlobalReAlloc
HeapCreate
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
InterlockedDecrement
GetLastError
SetLastError
MulDiv
lstrcpyW
GlobalAlloc
FormatMessageW
LocalFree
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrcatW
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
lstrlenW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WritePrivateProfileStringA
GetPrivateProfileStringA
SetUnhandledExceptionFilter
GetVersionExW
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
TryEnterCriticalSection
TerminateProcess
GetLocalTime
LoadLibraryW
GetCurrentProcessId
GetModuleFileNameA
GetModuleFileNameW
CreateProcessW
ReadProcessMemory
ResumeThread
OpenFileMappingW
GetCurrentProcess
ReadFile
IsBadReadPtr
CreateFileA
DeviceIoControl
CreateFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
Beep
WideCharToMultiByte
VirtualAllocEx
GetProcAddress
VirtualFreeEx
VirtualQueryEx
VirtualProtectEx
WriteProcessMemory
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileW
FindNextFileW
FindClose
CreateMutexW
WaitForSingleObject
TerminateThread
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
Sleep
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapDestroy
GetTickCount
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

PostQuitMessage
CharUpperW
EndPaint
BeginPaint
GrayStringW
DrawTextExW
TabbedTextOutW
wsprintfW
DestroyMenu
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
GetClassLongW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageW
GetMenuItemID
AdjustWindowRectEx
ScreenToClient
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
SetWindowPos
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
DrawFocusRect
WindowFromPoint
ClientToScreen
OffsetRect
DrawStateW
ReleaseCapture
SetCapture
KillTimer
GetDC
InvalidateRect
CopyRect
UnionRect
SetRectEmpty
GetSysColor
GetWindowTextA
SetWindowTextA
GetKeyState
LoadCursorW
WaitForInputIdle
SetWindowsHookExW
GetCursorPos
SendInput
SetWindowRgn
ShowWindow
CallWindowProcW
RegisterHotKey
UnregisterHotKey
GetWindowDC
DrawTextW
ReleaseDC
SetWindowLongW
RemovePropW
TrackMouseEvent
FillRect
SetPropW
CallNextHookEx
IsWindowVisible
LoadMenuW
LoadBitmapW
PtInRect
GetDesktopWindow
GetClassNameA
GetFocus
SetTimer
MessageBoxW
GetMenuItemCount
GetParent
GetClassInfoExW
RegisterClassExW
GetWindowLongW
GetWindowPlacement
CreateWindowExW
DestroyWindow
ExitWindowsEx
EnumWindows
GetSysColorBrush
GetMessageW
TranslateMessage
GetSubMenu
ValidateRect
GetWindowThreadProcessId
GetPropW
UnregisterClassW
LoadImageW
GetDlgItem
GetSystemMetrics
IsWindow
LoadIconW
GetClientRect
IsIconic
DrawIcon
InflateRect
SetRect
SetCursor
GetClassNameW
EnumChildWindows
GetWindowTextW
SetWindowTextW
EnableWindow
GetWindowRect
GetMenuStringW
AppendMenuW
CreatePopupMenu
SendMessageW
SystemParametersInfoA
MessageBoxA

gdi32

GetStockObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
CreatePen
RoundRect
Ellipse
GetTextExtentPoint32W
Polygon
GetTextColor
GetBkColor
GetDeviceCaps
ExtTextOutW
SetBkMode
SetStretchBltMode
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
MoveToEx
LineTo
CreateFontIndirectW
DeleteObject
CombineRgn
CreateEllipticRgnIndirect
CreateRectRgnIndirect
GetObjectW
CreateSolidBrush

comdlg32

GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
AdjustTokenPrivileges
RegSetValueExW

comctl32

ImageList_Draw
_TrackMouseEvent
ord17
ImageList_Destroy

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

WSAIoctl
socket
htons
connect
recv
closesocket
select
shutdown
send
inet_addr

winmm

PlaySoundW

iphlpapi

GetAdaptersInfo

Exports

Exports

�m��:�LՆYtuó��M4GX�HJ��"�Q)��qYI�`[oG�j��i��~)iQ<&�D[��u�8�hp�ԟ��0��]�y��)_\�g�Q iF�%��}�leb�E�O��Au�2�m��J��vmȖ W|su䘏�t)��*5�}�f��8;��zT�y��?`��">��/S�tR�� [~@B�yd`]�gk.�0d��K<��7�e�.A��x��Y&ƃ{<;�[�[u��'��?�`�J�-g��ߝ��x�7��4�v�1��'��q?��뤘�x��4��r� !�*`��Q)V�=P�?�k��+HS�}�uTs"�D� ��њ.��B��Z<E�=��T��R&� i{��Wm��~p[�ͥ�:=��vk]f��?�H�Px��f�2];��D�.4j��Z<L��Ǯ�j~?T��2UʹN��5>�̔U�?C9�38z�E�y��+��#�d��X�0��u(�0WZ2��{9ّq�#��:,r>~oO�/��>�,�ؖ3wۓU"�D�>�Y\�O͕�:I6;鎨�T�~�&��Vj��2? ��K؈]�6Y��<뷦��?��}�y�&�lLS�7�5��]�/Y�%Srd%Iaj�T�4ɩ�+ϼ}��uǱP� ��8�'�oⓒCe�,��|Çi�^Ɓ��L�g��gs�х�^TmK��u��s��a"�Q�� x��L��߆-��lzg��zIH� �ω��8·R/l2�Դ\�O��Ձ��/Mjs��h_�U=>]a�5*��"}�j�!�;˱M�a�Wg뙅�Q�4~t�!��~�m :�\�ڝj��g��b��T4�w�.��i��|��8GM��'9��h"�~*��3��~dX��R=ǝ3��bd*j�D��O50�?",Bۘd�:x�$v�U�C�!�˒}�>�:�x��h�,��5.�Q��u�5�zR ��L��9�G��sM��xn,%�]��c��.1z�tX `�W�dTr0��ڈ��#P�?�H��]x 3*�e�R��Hçzs�H��+��`�ns�z�N*��{u�ԓ��%9��B*Z�?7΅�8�Ւ��.��d��Q�Ď4�C�1N��L0(k3<��4!��TE��J��ފզ��cRi�;Y�V��8�ԍ¦�LɁ��K�]�h�x��r�֑��n~C�l1M��@��bu8�߄6��Fvc,�!��,��b��x:_��q��%��$�+�kj��*��:,�,Y��8ʮ`�2�\̛H ��u�(��aH(v�.� :�K��"�jA�.]a< �ĝY��w��GyG��ҍ�e��lѶ�kI_�� 1��lBW��P�ץ�s ��)�Ʋrk�4��`�!M�K� �*�3�Ƿ-m��nj>�>M+E�� `�n�`s�.KZt��a��߳M��\��GT�@|nls�=�Q�i[$�k��Ba'�i�7��`��]�� zfqb��Kf۷��/��vh8��n.��a�Ƶ��p�7н��~ ��[� �j� ��~�AҢ��5�Dv)�7�P�jK�NfB�QZ*um�X�4X��P"0`�0u=e�J;ץ�� w0~�:��O��ꬰ�ط%{�N�Kg�l ��>��6��l8�?Gp�ƅfe�&F��a�g1t`�#�8<��E��=�,��{\9��,�/Y>CLf��ĀL��[��y{�3��r��>VH�,_�=k%�sOl��r�k�&`�K��9a쫱,��I��ܡ;d�JBᇥ]c�+��r�=��޵-c��=@��1�f��;O!�t�A�� 6fO��l�E��&��>�h�J��ȁ��EdO��m3Y'�N��&��d��F��h�t�*gQ�2xջ��zZ�\r��˙+��|p��&7��l��ox�S}��U�u�k>��3�Ӱ��33�t]�P�#��e�>L�N:"*]6BM��D��ka�@,p��s�=��p��Y@X%*��U90�fD��i�A*Jo+ �O�-DU�Pm��]�P��Úòx�zY7� (}��M��R�e�Z�>��8��wj��# �ZD��q��rwB��(�b��!��( (��Ԓ.�;�;��}�2牑��۟�y6K[؀H��߼�,��+��¶nɄk/�n��rG�>�WAe�_Z�Pؓ:�s`��OZĖ�6�Y�h��ೖ��>�Y�5P�j�Iz��kB��S&��A-�ia�N{rNm�E�y��fC�,<�mk�3L9��m��Aӡ��;��>�� F�Sq+ �2�i F�+3ON�}��ͿkR��%k��ĚD�"<oli�'֥�=�]VGy��p��v�(!!l�?A�>ܓٰ�]�T�5�S"y"6�[�h: a��[m�-��"��[@k8G�vpq�u^�`o��;U�݌XQ�,\L:��$WV�j��Q�/Z��Kn䠠� J��MB��p��>��7N�Kc �� f>��>��(ά��j6��q�f釯�2�7��q��MH�F5E��ߗ�+c��r%�Z�(\5�5�1S�g�H�� o{��}� �T�ב�u%�\�2Y��Mf��p{ʴ�ԩ=�̓|��\��μ�EX)��C� 鑈��Tp�NqH{��]��~,]�u��B��*�%��f��;� Ǥ9�%��nF�9��W�I-��.��I/��<Kwh��3�\��;�R��wv��S㼭��w�l��vRamHG��k�Mp�ɶY�K˞3��犻 �P�#�M�]�C��<Bꎘ��y�w�u�k[pb��J�Zy��X՘��mϓ��ث�{�J6�n m�N"p��

Sections

.text
Size: - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 908KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wmsj-wmbl/v418.1/Wmbl.exe
.exe windows:4 windows x86 arch:x86

b8068827aed4c4202adc84c161101563

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatW
MessageBoxA

gdi32

GetStockObject

comdlg32

GetOpenFileNameW

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

ShellExecuteW

comctl32

ord17

shlwapi

PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc

oleaut32

SysAllocString

ws2_32

setsockopt

iphlpapi

GetAdaptersInfo

Exports

Exports

��Z�;�b�Y��#ɴ��θjA1��9(t�)�mۓ�}l-�=��.��k��DF�J�ue��W呉r�j��|y��$K ��S�]��_5ä��y��AU�i�qr�S � �"t��L�h��!7�]#�=�ꔷ��0��*9,@@��{(�`�oBkTZy�L�->)V(y��Ѽ��< t:� z*7%�2��_�A(͒wuC=�|�?j�ی,��i�*\�/>��,�%�THq�a]O��^��j�j�.��]��n��f53��zt\��۫Wd��kN�#��E��Q��P��i�8 P��&�.�M0�z;Hk.��3&.�·姷$�|,��=��$�е�6J�72W��뵦�o��W�/�I�{d�qܝ��񓑾O<�W��y�Bl�(��E-�h�#0/�F�Ƭ>��̢�ф��6O�z-/O��3��[ak*�|29��*��c��`�n��/��0�4-�š*N�J�ym��Q�b��??\��^h�qj!�X]V��ad�D�p_B��yoF#�e��^�1�\БW��΁��R$�[�Υ�}^v��zps ��u�`�Mv^��%ZW{��=��Ӭߟ�,��o��q.�\F��:)��X��"��m�~#��F�Ѿw�KM��z�]��z4�:�W-��!�ęD�dy��f��^��:\�)�岰-h԰� ��ͧ�h��o�3��u4Q�/��h�a�N��9��"�8do��qۉ�ĤQVjm��a�O��Ȃ��.��,�U��@ �\�rA�4O��ř�0F��|e{쳥�Fa��xiQ�=s@ZNAC*��O��~��fG�D�s��0�� ]�.D��(᤭7m�l�!�-a��\��}��$|F.6o��;4�g�D�� X) �m,3��X�=�4��tQw�7ǽ�{�O�E]�@(�wA�nO$�s�ڹ�4.��3�cb� t��@N��3j@VΝaT��9'��`�{٢��<��:��O�1z�R3��)Q'K��z�d��%�%��'�9��f��U]m+�0�7��ߴ3�V�H��_��AGÓ�1�,��"i�1�'�!MQ��զS=��X�E��pq�}�6�"�?��%Rl9�#C��^��L�#LO� g:�M�v ��W��ܵ��$5&h�,Y�K�W�j�c��Grdw�0��Fk�M��{=f�H��X��^?�'N8e+1��6|p�L�!R��W�['�j�ɻ�fD�v*zȌ"�)��G�y�Ɩ�*Pҗ��+��X��w�k�Eр�p��u��;��˹� ��I�d��n��r �"�Ꝼ�2�m�Ԅ�d�8��M�?"A��:�:tAVW0��\�n�qv@�gL�P��%Z��QxHD��sB�%i��.�b�ͽ��,a�)�WO��hZ�L :n�r.0uLK�U��}WT�c3"�ۓ*�_��+��#?��x4xì#�W^��n�q �X2}�|M��&�Y�R�$'��D��5}ʀNV,~V_��y��uu�XԔ��4��F�� ?ΐ��Vt%+�b��׵Ӵéß['�J*�J啫�8�>U��u��W��Db��$��dr��Z��<��U��[3a^�ob��3�+�9q�0L��:�4҈��R�H��w�"��:�֮)+�N��@�o�ۗ.�"�Hj�;�K��#9ԃ%��h�MJBr�T��5��l�?�&�C��o?��I�u!MK��h��;1�c;��M�@�Y�A��?'�雜�ߵ��=7˩�_��)U��س��$��{��4��O�G�ୟ�~>�KƲ�l_�\�_��㲛��g�4�u�3P@xRv��py@d��K9˻[#vP�3.@s� �+�� B:��!��jz8��c��cώ,VNeaM-]�Z��Ɠ��ݰ4FQ�DHG� �B�{��|�~�0=�{J8��5��]�S�U�b��Y��O;YK�¿��m�Q��7��9 �X�5��X`�$3~cѓy��L��_ٻ��H�3�n�l�8d\��zI �M�+ �F��`zF]<U7�#�%�R�W��T�jͻ�Ԇ�7h��k� SyB8�$�B��op�J��4��R��n�u@�G��&��l,��R��e��f��K�l~��O"_?��~6߁du~� �=��V��,�"&�}��Z�W{?�6p^x\<Id��G�E��8QW[�F� Z �M��ُӹ�S�� ^$��*��)��(_��}��mY��&�z��['W�#Q�^�D�˘��d��cX�iA��Ǫ�od��وpya��μ�Gm��XS�C� S�⮊��^��M�QFi��.��#��i ��\��}b9��)\r��S��=��F��-ةg<�aI8꫋��v��L0��.`��\�y�M��N<H�d�qT��QK�?ej�\xգ��M[!�F@��v؍�Ź��֍�L�bVWn�~�kKU�6ɠ*��:��:c5�F+�T�A�k<D��Qಧ��E%8$�Q� u��ެu[s�(:x"��ۍ��+�ȝ�y2�d�=j��+� ��X�%#"B��1y@�1ʩ`�]��s��M��1[H��.u�� c� �֖ �� \��c #�,��q�,�Gܗ��wA��5(�X��_B!��S��߬�Aʌ��˜v(-��x6V^�f�4�<2��(��&m�2��~�� x0�LISS]8C�W�5��,c�3hI2��-+F��58��[H�Ob��x&i�vt�M��~B��`<��1[��R��~KIM�R��}m<&#�(�9�(H�x}�h��Dߩ�`ͨF�`��E)e�ѿ� l�&��

Sections

.text
Size: - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wmsj-wmbl/v418.1/alert.wav
wmsj-wmbl/v418.1/script/29修真脚本.txt
wmsj-wmbl/v418.1/script/别墅脚本传送版.txt
wmsj-wmbl/v418.1/script/别墅脚本飞行版.txt
wmsj-wmbl/v418.1/script/图2帽子(钢脊豺).txt
wmsj-wmbl/v418.1/script/图3鞋子.txt
wmsj-wmbl/v418.1/script/默认回城脚本.txt
wmsj-wmbl/v418.1/脚本说明.txt

Sharing

General

Malware Config

Signatures

Files

99a218a0f0a8966ea5d09e17ce8f277e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

ws2_32

winmm

iphlpapi

Exports

Exports

Sections

.text Size: - Virtual size: 328KB

.rdata Size: - Virtual size: 59KB

.data Size: - Virtual size: 37KB

.rsrc Size: 16KB - Virtual size: 114KB

.vmp0 Size: - Virtual size: 47KB

.vmp1 Size: - Virtual size: 593KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 908KB - Virtual size: 906KB

.reloc Size: 4KB - Virtual size: 168B

b8068827aed4c4202adc84c161101563

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: - Virtual size: 199KB

.rdata Size: - Virtual size: 56KB

.data Size: - Virtual size: 33KB

.rsrc Size: 16KB - Virtual size: 98KB

.vmp0 Size: - Virtual size: 1.5MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 4KB - Virtual size: 164B

.text
Size: - Virtual size: 328KB

.rdata
Size: - Virtual size: 59KB

.data
Size: - Virtual size: 37KB

.rsrc
Size: 16KB - Virtual size: 114KB

.vmp0
Size: - Virtual size: 47KB

.vmp1
Size: - Virtual size: 593KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 908KB - Virtual size: 906KB

.reloc
Size: 4KB - Virtual size: 168B

.text
Size: - Virtual size: 199KB

.rdata
Size: - Virtual size: 56KB

.data
Size: - Virtual size: 33KB

.rsrc
Size: 16KB - Virtual size: 98KB

.vmp0
Size: - Virtual size: 1.5MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 4KB - Virtual size: 164B