cybergate | 28d0a05a6a43df71ebc0e24d61208c65_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28d0a05a6a43df71ebc0e24d61208c65_JaffaCakes118
Size

1.9MB
MD5

28d0a05a6a43df71ebc0e24d61208c65
SHA1

4b820ccd4ad7ba196a0959ed836456753088725a
SHA256

ccdef7651a98e4679187eed80bea87f405d14cfd1fe4daaa259f36f47c00b9de
SHA512

449f849bfc486717309f073e188aceb7dd280e4fad323f1af903c883141caf3b009d594dc7aca9b2bde8b07ba27fd5c1665c2e5c34722b0b992f247044ca1630
SSDEEP

49152:6D+ztw3Vy980mWbKHiNK3D+UzAHm5f838UfT5Pl8B/Z:6D+ztE89TKHac+UDNufT5CBh

Score

10^/10

upx vítima cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

theoriginalvor.no-ip.info:81

theoriginalvor.no-ip.info:82

theoriginalvor.no-ip.info:83

theoriginalvor.no-ip.info:84

theoriginalvor.no-ip.info:85

theoriginalvor.no-ip.info:86

theoriginalvor.no-ip.info:87

theoriginalvor.no-ip.info:88

theoriginalvor.no-ip.info:89

theoriginalvor.no-ip.info:90

Mutex

***MUTEX***

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234
regkey_hkcu
Policies
regkey_hklm
Policies

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Steam/Steam brute.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Steam/PDFL.dll
unpack001/Steam/Steam brute.exe
unpack002/out.upx

Files

28d0a05a6a43df71ebc0e24d61208c65_JaffaCakes118
.rar
Steam/PDFL.dll
.dll windows:4 windows x86 arch:x86

7f3ea1ad237a723f9cd04aa3e3891e3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\coretech\source\marilyn\pdfl\Public\Libraries\Win\Release\Dynamic\AdobePDFL.pdb

Imports

kernel32

GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentThreadId
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
FreeLibrary
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetTempFileNameW
GetTempPathW
DeleteFileW
IsDBCSLeadByteEx
IsDBCSLeadByte
SystemTimeToFileTime
GetSystemTime
GlobalFree
GlobalAlloc
GetPrivateProfileIntA
FindClose
GetDriveTypeW
FindFirstFileW
GetShortPathNameW
GetDriveTypeA
GetFullPathNameW
CloseHandle
SetFilePointer
ReadFile
SetEndOfFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
lstrcpynA
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
CreateFileW
FindNextFileW
FindFirstFileA
lstrlenA
GetFullPathNameA
DeleteFileA
GetDiskFreeSpaceExA
GetFileAttributesA
FindNextFileA
lstrcpyA
CreateDirectoryA
RemoveDirectoryA
CreateFileA
SetFileAttributesA
GetTempPathA
lstrcatA
GetCurrentDirectoryA
LockResource
FreeResource
SizeofResource
LoadResource
FindResourceA
GlobalUnlock
GlobalLock
GlobalMemoryStatus
_lclose
OpenFile
GetTempFileNameA
_lwrite
CompareFileTime
IsProcessorFeaturePresent
GetSystemInfo
lstrcmpiA
_lread
_llseek
_lopen
lstrcmpA
RaiseException
MoveFileW
MoveFileA
HeapCompact
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
Sleep
InterlockedDecrement
GetLastError
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA

adobexmp

ord64
ord4
ord16
ord25
ord26
ord27
ord72
ord96
ord97
ord73
ord5
ord2
ord3
ord6
ord7
ord30
ord31
ord32
ord35
ord49
ord54
ord60
ord63
ord68
ord65
ord70

jp2klib

?GetImageBuffer@JP2KImageData@@QAEPAVJP2KBufID_I@@XZ
?DecodeTile@JP2KImage@@QAEJJJJJJPAVJP2KImageData@@@Z
JP2KLibInit
?InitToDefaults@JP2KEncOpt@@QAEJJJJJJJ@Z
?InitEncoder@JP2KImage@@QAEJPAVJP2KEncOpt@@PAVJP2KCodeStm@@PAVJP2KClientProcs@@@Z
?EncodeImage@JP2KImage@@QAEJJPAJPAM@Z
?GetClientData@JP2KImage@@QAEPAVJP2KClientData@@XZ
?XMLPresent@JP2KImage@@QAE_NXZ
?GetXMLBoxes@JP2KImage@@QAEPAU__tagJP2KXML@@XZ
?GetNumXMLBoxes@JP2KImage@@QAEJXZ
?UUIDPresent@JP2KImage@@QAE_NXZ
?GetUUIDBoxes@JP2KImage@@QAEPAU__tagJP2KUUID@@XZ
?GetNumUUIDBoxes@JP2KImage@@QAEJXZ
?GetDecodeOptions@JP2KImage@@QAEPAVJP2KDecOpt@@XZ
?GetEncodeOptions@JP2KImage@@QAEPAVJP2KEncOpt@@XZ
?GetCodeStream@JP2KImage@@QAEPAVJP2KCodeStm@@XZ
?GetStmProcs@JP2KCodeStm@@QAEPAVJP2KStreamProcs@@XZ
?GetColorSpecList@JP2KImage@@QAEPAU__tagColorSpecList@@XZ
?GetPalette@JP2KImage@@QAEPAU__tagJP2KPalette@@XZ
?PalettePresent@JP2KImage@@QAE_NXZ
?GetGeometryParams@JP2KImage@@QAEPAVJP2KImageGeometry@@XZ
?GetMaxRes@JP2KImage@@QAEJXZ
?GetTileResolutionBoundingBox@JP2KImageGeometry@@QAEXJJJJPAJ000@Z
?GetTileNum@JP2KImageGeometry@@QAEJJJ@Z
JP2KLibShutDown
?GetComponentType@JP2KImage@@QAE?AW4JP2KChannelType@@J@Z
?GetGlobalTransparencyChannelNum@JP2KImage@@QAEJXZ
?GlobalTransparencyChannelPresent@JP2KImage@@QAE_NXZ
?InitDecoder@JP2KImage@@QAEJPAVJP2KCodeStm@@PAVJP2KDecOpt@@PAVJP2KClientProcs@@@Z
?GetImageResolutionBoundingBox@JP2KImageGeometry@@QAEXJJPAJ000@Z
?GetInterleavedColorData@JP2KImage@@QAEJJJPAVJP2KImageData@@@Z
?DecodeTile@JP2KImage@@QAEJJJJJJPAVJP2KImageData@@0@Z
?FreeImageBuffer@JP2KImageData@@QAEXXZ
?GetHeight@JP2KImageData@@QAEJXZ
?GetWidth@JP2KImageData@@QAEJXZ
?Die@JP2KEncOpt@@QAEXXZ
?GetOutputImage@JP2KTileComponent@@QAEPAVJP2KImageData@@XZ
?GetTileComponent@JP2KImage@@QAEPAVJP2KTileComponent@@JJ@Z
?DecodeTile@JP2KImage@@QAEJJJJJJ@Z
?GetMemObj@JP2KImage@@QAEPAVJP2KMemFuncs@@XZ
?DecodeImage@JP2KImage@@QAEJJJJ@Z
?Die@JP2KImage@@QAEJXZ
?Die@JP2KDecOpt@@QAEXXZ
?InitToDefaults@JP2KDecOpt@@QAEJXZ
?InitJP2KCodeStm@JP2KCodeStm@@QAEX_K_N111PAVJP2KStreamProcs@@@Z
JP2KGetMemObj
?GetTileBoundingBox@JP2KImageGeometry@@QAEJJJPAJ000@Z
?CompressTile@JP2KImage@@QAEJJ@Z

bib

ord12
ord4
ord5

bibutils

ord3
ord4

ace

ord4
ord3

agm

ord3
ord4

are

ord3
ord4

cooltype

ord1
ord3

mpr

WNetGetConnectionW
WNetAddConnection2W
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumA
WNetGetConnectionA
WNetAddConnection2A
WNetEnumResourceA

axe8sharedexpat

ord1
ord2

user32

SetRect
ReleaseDC
CharToOemBuffA
CharUpperBuffA
OemToCharBuffA
GetDC
GetDesktopWindow
LoadStringA
wsprintfA
CharUpperA

gdi32

RemoveFontResourceA
CreateScalableFontResourceA
AddFontResourceA
GetFontData
EnumFontFamiliesA
CreateFontIndirectA
GetTextFaceA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SelectObject
SetBkColor
EndPage
StartPage
GetDeviceCaps
EndDoc
StartDocA
Escape
CreateDCA
EnumFontFamiliesExA
GetObjectA
GetStockObject
GetDIBits
DeleteDC
DeleteObject
BitBlt

winspool.drv

EnumPrintersA
EnumJobsA
DeviceCapabilitiesA
GetPrinterDriverA
OpenPrinterA
OpenPrinterW
DocumentPropertiesA
ClosePrinter

advapi32

GetUserNameA
CryptGenRandom
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CryptReleaseContext
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetDesktopFolder
SHGetFileInfoA
SHFileOperationA
SHFileOperationW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoCreateGuid
CoInitialize
CoUninitialize

Exports

Exports

ACApplyTransform
ACEngineCount
ACEngineInfo
ACGetExceptionErrorCode
ACGetSettingsProfile
ACGetSettingsString
ACGetSettingsUnsigned32
ACGetWorkingSpaceProfile
ACLoadSettings
ACMakeBufferProfile
ACMakeCalGray
ACMakeCalLab
ACMakeCalRGB
ACMakeColorTransform
ACMakePresetList
ACMakeProfileList
ACMakeSettings
ACMakeString
ACMonitorProfile
ACPopExceptionFrame
ACPresetFileToName
ACPresetListCount
ACPresetListItemFile
ACProfileColorSpace
ACProfileData
ACProfileDescription
ACProfileFromCode
ACProfileFromDescription
ACProfileListCount
ACProfileListItemCode
ACProfileListItemDescription
ACProfileSize
ACProfilesMatch
ACPushExceptionFrame
ACSetEngine
ACStringASCII
ACStringLocalized
ACStringUnicode
ACUnReferencePresetList
ACUnReferenceProfile
ACUnReferenceProfileList
ACUnReferenceSettings
ACUnReferenceString
ACUnReferenceTransform
AGMFunctionGetCosObj
ASAtomExistsForString
ASAtomFromString
ASAtomGetCount
ASAtomGetString
ASCStringToFixed
ASCabCopy
ASCabDestroy
ASCabDestroyEmpties
ASCabDetachBinary
ASCabDetachCab
ASCabDetachPathName
ASCabDetachPointerRaw
ASCabDetachString
ASCabDetachText
ASCabDup
ASCabEnum
ASCabEqual
ASCabFromEntryList
ASCabGetAtom
ASCabGetBinary
ASCabGetBinaryCopy
ASCabGetBool
ASCabGetCab
ASCabGetDouble
ASCabGetInt
ASCabGetInt64
ASCabGetPathNameCopy
ASCabGetPointerDestroyProc
ASCabGetPointerRaw
ASCabGetPointerType
ASCabGetString
ASCabGetStringCopy
ASCabGetText
ASCabGetType
ASCabGetUns
ASCabGetUns64
ASCabKnown
ASCabMakeEmpty
ASCabMunge
ASCabNew
ASCabNumEntries
ASCabPutAtom
ASCabPutBinary
ASCabPutBool
ASCabPutCab
ASCabPutDouble
ASCabPutInt
ASCabPutInt64
ASCabPutNull
ASCabPutPathName
ASCabPutPointerRaw
ASCabPutString
ASCabPutText
ASCabPutUns
ASCabPutUns64
ASCabReadFromStream
ASCabRemove
ASCabRename
ASCabValueEqual
ASCabWriteToStream
ASCalendarTimeSpanAddWithBase
ASCalendarTimeSpanCompare
ASCalendarTimeSpanDiff
ASCallbackCreate
ASCallbackDestroy
ASConstCabEnum
ASDateAddCalendarTimeSpan
ASDateAddTimeSpan
ASDateCalendarDiff
ASDateClear
ASDateCompare
ASDateCopy
ASDateDestroy
ASDateDup
ASDateExactDiff
ASDateGetLocalTime
ASDateGetTimeString
ASDateGetUTCTime
ASDateNew
ASDateSetLocalTimeOffset
ASDateSetTimeFromRec
ASDateSetTimeFromString
ASDateSetToCurrentLocalTime
ASDateSetToCurrentUTCTime
ASDateSubtractCalendarTimeSpan
ASDateSubtractTimeSpan
ASFileAcquirePathName
ASFileCanSetEOF
ASFileClearOutstandingMReads
ASFileClose
ASFileFlush
ASFileFromMDFile
ASFileGetEOF
ASFileGetEOF64
ASFileGetFileSys
ASFileGetFileSysByName
ASFileGetMDFile
ASFileGetOpenMode
ASFileGetPos
ASFileGetPos64
ASFileGetURL
ASFileHardFlush
ASFileHasOutstandingMReads
ASFileIsSame
ASFileMReadRequest
ASFilePushData
ASFileRead
ASFileRegisterFileSys
ASFileReopen
ASFileSetEOF
ASFileSetEOF64
ASFileSetMode
ASFileSetPos
ASFileSetPos64
ASFileStmRdOpen
ASFileStmWrOpen
ASFileSysAcquireFileSysPath
ASFileSysAcquireParent
ASFileSysAcquirePlatformPath
ASFileSysCanPerformOpOnItem
ASFileSysConvertCabToItemProps
ASFileSysConvertItemPropsToCab
ASFileSysCopyPathName
ASFileSysCreateFolder
ASFileSysCreatePathName
ASFileSysDIPathFromPath
ASFileSysDIPathFromPathEx
ASFileSysDestroyFolderIterator
ASFileSysDisplayASTextFromPath
ASFileSysDisplayStringFromPath
ASFileSysFirstFolderItem
ASFileSysFlushVolume
ASFileSysGetDefaultTempPath
ASFileSysGetFilePosLimit
ASFileSysGetItemProps
ASFileSysGetItemPropsAsCab
ASFileSysGetNameFromPath
ASFileSysGetNameFromPathAsASText
ASFileSysGetNameFromPathForDisplay
ASFileSysGetPlatformThing
ASFileSysGetStorageFreeSpace
ASFileSysGetTempPathName
ASFileSysGetTypeAndCreator
ASFileSysNextFolderItem
ASFileSysOpenFile
ASFileSysOpenFile64
ASFileSysPathFromDIPath
ASFileSysPathFromDIPathEx
ASFileSysPerformOpOnItem
ASFileSysReleasePathName
ASFileSysReleasePlatformPath
ASFileSysRemove
ASFileSysRemoveFolder
ASFileSysSetDefaultTempPath
ASFileSysSetTypeAndCreator
ASFileSysURLFromPath
ASFileUnregisterFileSys
ASFileWrite
ASFixedDiv
ASFixedMatrixConcat
ASFixedMatrixInvert
ASFixedMatrixTransform
ASFixedMatrixTransformRect
ASFixedMul
ASFixedToCString
ASFixedToFloat
ASGetConfiguration
ASGetDefaultFileSys
ASGetErrorString
ASGetErrorStringASText
ASGetHFTByNameAndVersion
ASGetRamFileSys
ASGetTempFileSys
ASHostMBLen
ASIsValidUTF8
ASMemStmRdOpen
ASPathFromPlatformPath
ASPlatformPathGetCFURLRefRecPtr
ASPlatformPathGetCstringPtr
ASPlatformPathGetFSRefPtr
ASPlatformPathGetFSRefWithCFStringRefRecPtr
ASPlatformPathGetFSSpecPtr
ASPlatformPathGetPOSIXPathPtr
ASPopExceptionFrame
ASProcStmRdOpen
ASProcStmRdOpenEx
ASProcStmWrOpen
ASPurgeMemory
ASPushExceptionFrame
ASRaise
ASRamFileSysSetLimitKB
ASRegisterErrorString
ASRegisterErrorStringASText
ASScriptFromHostEncoding
ASScriptToHostEncoding
ASSecs
ASSetTempFileSys
ASStmClose
ASStmFlush
ASStmRead
ASStmWrite
ASTextCaseSensitiveCmp
ASTextCat
ASTextCatMany
ASTextCmp
ASTextCopy
ASTextDestroy
ASTextDup
ASTextEval
ASTextFilter
ASTextFromEncoded
ASTextFromInt32
ASTextFromPDText
ASTextFromScriptText
ASTextFromSizedEncoded
ASTextFromSizedPDText
ASTextFromSizedScriptText
ASTextFromSizedUnicode
ASTextFromUnicode
ASTextFromUns32
ASTextGetBestEncoding
ASTextGetBestScript
ASTextGetCountry
ASTextGetEncoded
ASTextGetEncodedCopy
ASTextGetLanguage
ASTextGetPDTextCopy
ASTextGetScriptText
ASTextGetScriptTextCopy
ASTextGetUnicode
ASTextGetUnicodeCopy
ASTextIsEmpty
ASTextMakeEmpty
ASTextNew
ASTextNormalizeEndOfLine
ASTextReplace
ASTextReplaceASCII
ASTextReplaceBadChars
ASTextSetCountry
ASTextSetEncoded
ASTextSetLanguage
ASTextSetPDText
ASTextSetScriptText
ASTextSetSizedEncoded
ASTextSetSizedPDText
ASTextSetSizedScriptText
ASTextSetSizedUnicode
ASTextSetUnicode
ASTimeSpanAdd
ASTimeSpanCompare
ASTimeSpanCopy
ASTimeSpanDestroy
ASTimeSpanDiff
ASTimeSpanDup
ASTimeSpanGetASInt32
ASTimeSpanNegate
ASTimeSpanNew
ASTimeSpanSet
ASTimeSpanSetFromASInt32
ASTimeSpanSetFromString
ASUUIDFromCString
ASUUIDGenFromHash
ASUUIDGenFromName
ASUUIDGenUnique
ASUUIDToCString
ASfree
ASmalloc
ASrealloc
AVExtensionMgrRegisterNotification
AVExtensionMgrUnregisterNotification
CosArrayGet
CosArrayInsert
CosArrayIsWeakReference
CosArrayLength
CosArrayPut
CosArrayRemove
CosArrayRemoveNth
CosArraySetWeakReference
CosBooleanValue
CosCopyNameStringValue
CosCopyStringValue
CosCryptGetVersion
CosDecryptData
CosDecryptGetMaxKeyBytes
CosDictGet
CosDictGetKey
CosDictGetKeyString
CosDictGetXAPMetadata
CosDictIsWeakReference
CosDictKnown
CosDictKnownKey
CosDictKnownKeyString
CosDictPut
CosDictPutKey
CosDictPutKeyString
CosDictRemove
CosDictRemoveKey
CosDictRemoveKeyString
CosDictSetWeakReference
CosDictSetXAPMetadata
CosDocClose
CosDocCreate
CosDocEnumEOFs
CosDocEnumEOFs64
CosDocEnumIndirect
CosDocGetID
CosDocGetInfoDict
CosDocGetObjByID
CosDocGetRoot
CosDocHasFullCompression
CosDocHasPartialCompression
CosDocObjIsWithinRange
CosDocObjIsWithinRange64
CosDocOpenWithParams
CosDocSaveToFile
CosDocSaveWithParams
CosDocSetDirty
CosEncryptData
CosEncryptGetMaxKeyBytes
CosFixedValue
CosFloatValue
CosInteger64Value
CosIntegerValue
CosNameValue
CosNewArray
CosNewBoolean
CosNewDict
CosNewFixed
CosNewFloat
CosNewInteger
CosNewInteger64
CosNewName
CosNewNameFromString
CosNewNull
CosNewObjCollection
CosNewStream
CosNewStream64
CosNewString
CosNumberIsWithinASFixedRange
CosNumberIsWithinASInt32Range
CosObjAcquire
CosObjAddToCollection
CosObjCmp
CosObjCollectionEnum
CosObjCollectionEqual
CosObjCollectionIsNull
CosObjCollectionSize
CosObjCopy
CosObjDestroy
CosObjEnum
CosObjEqual
CosObjGetCollection
CosObjGetCompressibility
CosObjGetDoc
CosObjGetGeneration
CosObjGetID
CosObjGetType
CosObjHash
CosObjIsCompressed
CosObjIsIndirect
CosObjRefreshAfterLinearizedSave
CosObjRelease
CosObjRemoveFromCollection
CosObjSetCompressibility
CosSetExternalFilePermissionProc
CosSetMaxDocStorage
CosStreamDict
CosStreamLength
CosStreamLength64
CosStreamOpenStm
CosStreamPos
CosStreamPos64
CosStreamSetData
CosStringGetHexFlag
CosStringSetHexFlag
CosStringValue
CosStringValueSafe
FloatToASFixed
HFTGetVersion
JPXColorSpaceAcquireNext
JPXColorSpaceGetEnumAttrs
JPXColorSpaceGetProfile
JPXColorSpaceGetType
JPXPaletteGetBitDepths
JPXPaletteGetNumComponents
JPXPaletteGetNumEntries
JPXPaletteGetTable
PDActionCanCopy
PDActionCanPaste
PDActionCopy
PDActionDestroy
PDActionDestroyClipboardData
PDActionEqual
PDActionFromCosObj
PDActionGetCosObj
PDActionGetDest
PDActionGetFileSpec
PDActionGetSubtype
PDActionIsValid
PDActionNew
PDActionNewFromDest
PDActionNewFromFileSpec
PDActionPaste
PDAnnotCanCopy
PDAnnotCanPaste
PDAnnotCopy
PDAnnotDestroyClipboardData
PDAnnotEqual
PDAnnotFromCosObj
PDAnnotGetColor
PDAnnotGetCosObj
PDAnnotGetDate
PDAnnotGetFlags
PDAnnotGetOCMD
PDAnnotGetRect
PDAnnotGetSubtype
PDAnnotGetTitle
PDAnnotGetTitleASText
PDAnnotIsCurrentlyVisible
PDAnnotIsValid
PDAnnotNotifyDidChange
PDAnnotNotifyWillChange
PDAnnotPaste
PDAnnotRemoveOCMD
PDAnnotSetColor
PDAnnotSetDate
PDAnnotSetFlags
PDAnnotSetOCMD
PDAnnotSetRect
PDAnnotSetTitle
PDAnnotSetTitleASText
PDApplyFunction
PDBeadAcquirePage
PDBeadDestroy
PDBeadEqual
PDBeadFromCosObj
PDBeadGetCosObj
PDBeadGetIndex
PDBeadGetNext
PDBeadGetPrev
PDBeadGetRect
PDBeadGetThread
PDBeadInsert
PDBeadIsValid
PDBeadNew
PDBeadSetPage
PDBeadSetRect
PDBookmarkAddChild
PDBookmarkAddNewChild
PDBookmarkAddNewChildASText
PDBookmarkAddNewSibling
PDBookmarkAddNewSiblingASText
PDBookmarkAddNext
PDBookmarkAddPrev
PDBookmarkAddSubtree

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 828KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Steam/Steam brute.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 284KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7f3ea1ad237a723f9cd04aa3e3891e3c

Headers

File Characteristics

PDB Paths

Imports

kernel32

adobexmp

jp2klib

bib

bibutils

ace

agm

are

cooltype

mpr

axe8sharedexpat

user32

gdi32

winspool.drv

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 828KB - Virtual size: 824KB

.data Size: 268KB - Virtual size: 286KB

.rsrc Size: 236KB - Virtual size: 232KB

.reloc Size: 224KB - Virtual size: 223KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 108KB

UPX1 Size: 284KB - Virtual size: 288KB

.rsrc Size: 32KB - Virtual size: 32KB

Headers

File Characteristics

Sections

CODE Size: 44KB - Virtual size: 44KB

DATA Size: 1024B - Virtual size: 544B

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 291KB - Virtual size: 291KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 828KB - Virtual size: 824KB

.data
Size: 268KB - Virtual size: 286KB

.rsrc
Size: 236KB - Virtual size: 232KB

.reloc
Size: 224KB - Virtual size: 223KB

UPX0
Size: - Virtual size: 108KB

UPX1
Size: 284KB - Virtual size: 288KB

.rsrc
Size: 32KB - Virtual size: 32KB

CODE
Size: 44KB - Virtual size: 44KB

DATA
Size: 1024B - Virtual size: 544B

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 291KB - Virtual size: 291KB