25a49bd36c7a938319dc234f3b305910_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

25a49bd36c7a938319dc234f3b305910_JaffaCakes118
Size

1.4MB
MD5

25a49bd36c7a938319dc234f3b305910
SHA1

20eac200f647c984dc7d343aaab3537c702780e2
SHA256

cf1d917f5f60be495adc81cfffabc6909d58f1735d8a901811dc088f95afea16
SHA512

946fef10d82a9ebcd9a7c2e202856e9898b72c047beecaf1d923327e6386c114448ae4d3586701c7ea8a32417c71f10c21b0a4627fcb0e2d0d2ca98c36b6254f
SSDEEP

24576:g8mop2j8C5ANppzdRCBnXx1koUfYWIptKqcz0YGuRJuB6MJS/Y+fj5:zmoIj8a0pyXx1SJstKqczLJudo//N

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
25a49bd36c7a938319dc234f3b305910_JaffaCakes118
unpack001/$PLUGINSDIR/InetLoad.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/WA.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

25a49bd36c7a938319dc234f3b305910_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strchr
_adjust_fdiv
malloc
_initterm
free
memset
strstr
strtol
strncmp
strtoul
time
strrchr

kernel32

GlobalFree
lstrcpynA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrcmpA
lstrlenA
MulDiv
WriteFile
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx

user32

GetDlgItem
SendMessageA
SetWindowTextA
wsprintfA
GetWindowTextA
RegisterWindowMessageA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
RedrawWindow
SetWindowLongA

wininet

InternetErrorDlg
InternetSetFilePointer
HttpQueryInfoA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

comctl32

ord17

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
DATA/Gfx/FontExt/med2.fex
DATA/Gfx/FontExt/sml2.fex
DATA/Gfx/FontExt/std2.fex
DATA/ImgHoles/Birthday.bin
DATA/ImgHoles/Fruity2.bin
DATA/ImgHoles/Paris.bin
DATA/ImgHoles/Polar.bin
DATA/ImgHoles/Shoes.bin
DATA/ImgHoles/Speccy.bin
DATA/ImgHoles/Village.bin
DATA/Wav/Effects/Collect.wav
DATA/Wav/Effects/ROCKETPOWERDOWN.wav
DATA/Wav/Effects/THROWPOWERDOWN.wav
Graphics/ButtonBorders/13265.bmp
Graphics/Cursor.bmp
Graphics/GrafittiBrushSize.seq/000000.bmp
Graphics/HostJoinScreen/RoundTime/minutes.bmp
Graphics/HostJoinScreen/RoundTime/minutes_btn.bmp
Graphics/HostJoinScreen/RoundTime/seconds.bmp
Graphics/HostJoinScreen/RoundTime/seconds_btn.bmp
Graphics/HostJoinScreen/TurnTime/INF.bmp
Graphics/HostJoinScreen/TurnTime/INF_btn.bmp
Graphics/HostJoinScreen/TurnTime/blank.bmp
Graphics/HostJoinScreen/TurnTime/blank_btn.bmp
Graphics/HostJoinScreen/WormEnergy/blank.bmp
Graphics/HostJoinScreen/WormEnergy/blank_btn.bmp
Graphics/HostJoinScreen/WormEnergy/inf.bmp
Graphics/HostJoinScreen/WormEnergy/inf_btn.bmp
Graphics/HostJoinScreen/WormSelectRANDOM.bmp
Graphics/HostJoinScreen/WormSelectRANDOM_btn.bmp
Graphics/HostJoinScreen/winsrequired/0.bmp
Graphics/HostJoinScreen/winsrequired/0_btn.bmp
Graphics/Intro/MPSlogo.bmp
Graphics/Intro/TEAM17.BMP
Graphics/Intro/mps.pal
Graphics/Intro/team17.pal
Graphics/MapedMisc/GirderedHole.bmp
Graphics/MapedMisc/SoilBorder.bmp
Graphics/NetworkMenu/LANgame0.bmp
Graphics/NetworkMenu/wormnet0.bmp
Graphics/NumSmall.bmp
Graphics/NumSmallOnBlue.bmp
Graphics/NumSmallPlain.bmp
Graphics/Numbers.bmp
Graphics/NumbersMapEd.bmp
Graphics/NumbersOnBlue.bmp
Graphics/NumbersPlain.bmp
Graphics/OptionsMenu/000004.bmp
Graphics/OptionsMenu/allies.bmp
Graphics/ServerLobby/OldServerList.htm
.html
Graphics/ServerLobby/ServerList.htm
.html
Graphics/ServerLobby/flagsandwormnet.pal
Graphics/ServerLobby/nationflags.bmp
Graphics/ServerLobby/rankstrip.bmp
Graphics/WeaponEditor/door2.bmp
Graphics/bigfont2.bmp
Graphics/gameoptions/RoundTime/minutes.bmp
Graphics/gameoptions/RoundTime/seconds.bmp
Graphics/gameoptions/TurnTime/000000.bmp
Graphics/gameoptions/TurnTime/000006.bmp
Graphics/gameoptions/WormEnergy/000000.bmp
Graphics/gameoptions/WormSelectRANDOM.bmp
Graphics/gameoptions/winsrequired/000000.bmp
Graphics/medfont2.bmp
Graphics/smlfont2.bmp
Graphics/stdfont2.bmp
Tweaks/BackgroundGradientParallax_Disable.reg
Tweaks/BackgroundGradientParallax_Enable.reg
Tweaks/ForceWineVirtualDesktop_Off.reg
Tweaks/ForceWineVirtualDesktop_On.reg
Tweaks/FrontendPaletteFix_Off.reg
Tweaks/FrontendPaletteFix_On.reg
Tweaks/FrontendUseDesktopWindow_Disable.reg
Tweaks/FrontendUseDesktopWindow_Enable.reg
Tweaks/FrontendUseVRAM_Disable.reg
Tweaks/FrontendUseVRAM_Enable.reg
Tweaks/InGameDoubleBuffering_Disable.reg
Tweaks/InGameDoubleBuffering_Enable.reg
Tweaks/LandInVram_Disable.reg
Tweaks/LandInVram_Enable.reg
Tweaks/LargerFonts_Off.reg
Tweaks/LargerFonts_On.reg
Tweaks/LegacyUtilityKey_Off.reg
Tweaks/LegacyUtilityKey_On.reg
Tweaks/MapAreaWarnLimit_Default.reg
Tweaks/MapAreaWarnLimit_Unlimited.reg
Tweaks/OfflineRopeKnocking_Off.reg
Tweaks/OfflineRopeKnocking_On.reg
Tweaks/Phone_Disable.reg
Tweaks/Phone_Enable.reg
Tweaks/RegisterAssociations_Automatically.reg
Tweaks/RegisterAssociations_Manually.reg
Tweaks/ResetRegistryOptions.reg
Tweaks/SkipIntro_Off.reg
Tweaks/SkipIntro_On.reg
Tweaks/SlowFrontendWorkaround_Alternative.reg
Tweaks/SlowFrontendWorkaround_Off.reg
Tweaks/SlowFrontendWorkaround_On.reg
Tweaks/SmoothBackgroundGradient_Disable.reg
Tweaks/SmoothBackgroundGradient_Enable.reg
Tweaks/StereoEffects_Disabled.reg
Tweaks/StereoEffects_Normal.reg
Tweaks/StereoEffects_Reversed.reg
Tweaks/TimerWorkaround_Off.reg
Tweaks/TimerWorkaround_On.reg
User/Flags/Default/Argentina.bmp
User/Flags/Default/Australia.bmp
User/Flags/Default/Austria.bmp
User/Flags/Default/Belgium.bmp
User/Flags/Default/Bosnia.bmp
User/Flags/Default/Brazil.bmp
User/Flags/Default/Bulgaria.bmp
User/Flags/Default/Canada.bmp
User/Flags/Default/Chile.bmp
User/Flags/Default/Croatia.bmp
User/Flags/Default/Cyprus.bmp
User/Flags/Default/Czech.bmp
User/Flags/Default/Denmark.bmp
User/Flags/Default/England.bmp
User/Flags/Default/Finland.bmp
User/Flags/Default/France.bmp
User/Flags/Default/Georgia.bmp
User/Flags/Default/Germany.bmp
User/Flags/Default/Greece.bmp
User/Flags/Default/Holland.bmp
User/Flags/Default/Hong Kong.bmp
User/Flags/Default/Hungary.bmp
User/Flags/Default/Iceland.bmp
User/Flags/Default/India.bmp
User/Flags/Default/Indonesia.bmp
User/Flags/Default/Iran.bmp
User/Flags/Default/Iraq.bmp
User/Flags/Default/Ireland.bmp
User/Flags/Default/Israel.bmp
User/Flags/Default/Italy.bmp
User/Flags/Default/Japan.bmp
User/Flags/Default/Liechtenstein.bmp
User/Flags/Default/Luxembourg.bmp
User/Flags/Default/Malaysia.bmp
User/Flags/Default/Malta.bmp
User/Flags/Default/Mexico.bmp
User/Flags/Default/Morocco.bmp
User/Flags/Default/New Zealand.bmp
User/Flags/Default/North Vietnam.bmp
User/Flags/Default/Norway.bmp
User/Flags/Default/Poland.bmp
User/Flags/Default/Portugal.bmp
User/Flags/Default/Puerto Rico.bmp
User/Flags/Default/Qatar.bmp
User/Flags/Default/Romania.bmp
User/Flags/Default/Russia.bmp
User/Flags/Default/Scotland.bmp
User/Flags/Default/Singapore.bmp
User/Flags/Default/South Africa.bmp
User/Flags/Default/Spain.bmp
User/Flags/Default/Sweden.bmp
User/Flags/Default/Switzerland.bmp
User/Flags/Default/Turkey.bmp
User/Flags/Default/United Kingdom.bmp
User/Flags/Default/United States.bmp
User/Flags/Default/cpuflag1.bww
User/Flags/Default/cpuflag2.Bww
User/Flags/Default/cpuflag3.Bww
User/Flags/Default/cpuflag4.Bww
User/Flags/Default/cpuflag5.Bww
User/Graves/symbol.BMP
WA.exe
.exe windows:4 windows x86 arch:x86

b8150a6ad23ead58ec4d09034bb73eea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\WA\Source\Redist\WA.pdb

Imports

ddraw

DirectDrawCreate
DirectDrawEnumerateA

wsock32

WSACleanup
gethostname
WSAStartup
recvfrom
inet_addr
ntohl
ntohs
ioctlsocket
WSASetLastError
htonl
closesocket
socket
gethostbyname
WSAAsyncSelect
listen
htons
setsockopt
sendto
recv
send
bind
inet_ntoa
connect
WSAGetLastError
getpeername
getsockname

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeKillEvent
timeSetEvent
timeGetTime
mmioAscend
mmioDescend
mmioClose
mmioOpenA
mmioRead
mmioSeek

dsound

ord1

kernel32

GetProfileStringA
GetLocaleInfoA
GetACP
Process32First
Process32Next
VirtualProtect
CreateToolhelp32Snapshot
lstrcatA
RaiseException
GetSystemInfo
FileTimeToDosDateTime
IsDebuggerPresent
FileTimeToLocalFileTime
lstrcpyA
VirtualQuery
GetCurrentProcess
lstrcpynA
MulDiv
LocalFree
FormatMessageA
SetLastError
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetModuleFileNameW
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
DeleteFileA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetFullPathNameA
WritePrivateProfileStringA
SetErrorMode
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetFileAttributesA
GetFileAttributesA
VirtualAlloc
HeapAlloc
HeapReAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetEnvironmentVariableA
FindNextFileA
GetTimeFormatA
GetDateFormatA
RtlUnwind
SetStdHandle
GetFileType
GetProcessHeap
GetStartupInfoA
HeapSize
VirtualFree
HeapDestroy
HeapCreate
SetHandleCount
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleOutputCP
WriteConsoleW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTickCount
WideCharToMultiByte
CompareStringW
MultiByteToWideChar
lstrlenA
InterlockedExchange
GetVersion
GetLastError
CompareStringA
CreateThread
FindResourceA
LoadResource
SizeofResource
LockResource
OutputDebugStringA
GetProfileIntA
GetProcAddress
FreeLibrary
LoadLibraryA
FindFirstFileA
FindClose
Sleep
CreateDirectoryA
FreeResource
OpenFile
GlobalUnlock
GlobalAlloc
GlobalLock
WriteFile
GlobalFree
CloseHandle
CreateFileA
ReadFile
GetVolumeInformationA
GetDiskFreeSpaceA
GetVersionExA
GetFileTime
GetFileSize
SetFilePointer
GetLogicalDrives
GetDriveTypeA
WriteConsoleA
MoveFileExA
GetLocalTime
GetComputerNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
FindResourceExA
GetSystemDefaultLCID
MoveFileA
GlobalMemoryStatus
WriteProfileSectionA
SetCurrentDirectoryA
WaitForSingleObject
GetCurrentDirectoryA
CreateProcessA
GetCurrentThreadId
ExitProcess
GetModuleFileNameA
GetCurrentProcessId
SetFileTime
CreateSemaphoreA
GetDiskFreeSpaceExA
GetExitCodeThread
AllocConsole
FreeConsole
GetCommandLineA
GetStdHandle
GetModuleHandleA
WriteProfileStringA

user32

EnableMenuItem
LoadIconA
SetForegroundWindow
keybd_event
VkKeyScanA
SetKeyboardState
MapVirtualKeyA
InvalidateRect
EndPaint
BeginPaint
PostQuitMessage
GetAncestor
GetKeyboardLayout
GetWindowTextA
GetClassNameA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
GetWindowPlacement
CallWindowProcA
GetDlgCtrlID
SetScrollInfo
EqualRect
AdjustWindowRectEx
GetSysColor
GetClassInfoA
GetClassInfoExA
GetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetDlgItem
GetWindowTextLengthA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
IsDialogMessageA
SetWindowTextA
SetCursor
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
GetNextDlgTabItem
CreateDialogIndirectParamA
WindowFromPoint
RegisterClipboardFormatA
SetWindowContextHelpId
UnregisterClassA
GetSysColorBrush
DestroyMenu
PostThreadMessageA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
GetWindowThreadProcessId
GetNextDlgGroupItem
TrackPopupMenuEx
FlashWindowEx
GetLastActivePopup
IsDlgButtonChecked
CreateDialogParamA
LoadCursorA
GetDlgItemTextA
GetSystemMenu
SetDlgItemTextA
EndDialog
DialogBoxParamA
DestroyWindow
GetForegroundWindow
DispatchMessageA
TranslateMessage
SetFocus
IsIconic
GetSystemMetrics
ChildWindowFromPointEx
GetKeyboardState
FindWindowExA
MessageBoxA
SetCursorPos
SetScrollPos
GetScrollPos
KillTimer
SetTimer
LoadImageA
MessageBeep
InflateRect
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard
CloseClipboard
CreateWindowExA
IsClipboardFormatAvailable
UpdateWindow
MapDialogRect
GetMessageA
IsWindow
IsWindowEnabled
PeekMessageA
SetActiveWindow
GetActiveWindow
GetFocus
ScreenToClient
ClientToScreen
CopyRect
GetKeyState
GetWindowRect
GetClientRect
OffsetRect
IntersectRect
PostMessageA
ValidateRect
SystemParametersInfoA
SetRect
GetCursorPos
IsWindowVisible
SetWindowLongA
SetCapture
PtInRect
ReleaseCapture
GetWindowLongA
EnableWindow
SendMessageA
ReleaseDC
DefWindowProcA
GetDesktopWindow
GetDC
LockWindowUpdate
ShowCursor
wsprintfA
wvsprintfA
MsgWaitForMultipleObjects
SetMenuDefaultItem
MoveWindow
ShowWindow
GetDlgItemInt
OpenIcon
InvalidateRgn
SetWindowPos
CharUpperA
RegisterClassA
GetParent

gdi32

CreatePen
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetTextColor
GetBkColor
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
SetMapMode
SetStretchBltMode
RestoreDC
SaveDC
GetClipBox
CreateBitmap
GetDeviceCaps
SetTextColor
SetBkColor
TextOutA
CreateDIBSection
CreateSolidBrush
GetPixel
GetStockObject
StretchBlt
ExtFloodFill
BitBlt
RealizePalette
CreateCompatibleDC
DeleteObject
GetObjectA
SelectObject
Ellipse
SelectPalette
SetPaletteEntries
CreatePalette
SetSystemPaletteUse

advapi32

CryptReleaseContext
RegEnumKeyA
RegQueryValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameA
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
CryptGenRandom
CryptAcquireContextA
RegDeleteValueA
RegOpenKeyA

ltkrn10n

ord134
ord110
ord111
ord125
ord108
ord198

ltfil10n

ord112
ord102
ord100
ord113

ws2_32

WSAAccept

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WA_Readme-3.6.31.0_Beta.rtf
.rtf

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 27KB - Virtual size: 27KB

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

b8150a6ad23ead58ec4d09034bb73eea

Headers

File Characteristics

PDB Paths

Imports

ddraw

wsock32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 408KB - Virtual size: 404KB

.data
Size: 120KB - Virtual size: 2.8MB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB