2bc38130bff25cb94879d8cdcf81fec2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bc38130bff25cb94879d8cdcf81fec2_JaffaCakes118
Size

327KB
MD5

2bc38130bff25cb94879d8cdcf81fec2
SHA1

59edf31f84ce6037cc416480fe065a474236bb25
SHA256

b1b3d6651276f3513077328109073407f8789b32a31e753343551d7c9d1254f3
SHA512

22ad08b55075a422e356f21ca3a0208b8fa098ed71b950c2f15bf591ec8be7b8c5680a8401c3dd4b8e87b127a6aa1be7711dcbc55a56c9cf24a626c206a9beca
SSDEEP

6144:0vkqpG4VMUNaDGuGpNpBWtxCCg+XOMQdMr1rjQ7vrGHYmbLtaschx7BhWEMo:izemaDOTKxBHQdqFcYdascD7BJp

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/BIN/WIN7.ocx
unpack002/BIN/cjgh.dll
unpack002/BIN/cjgl.exe
unpack002/BIN/update.exe
unpack002/BIN/update_DATA.dll
unpack002/TEMP/cjzh.exe
unpack002/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/Setup.exe	nsis_installer_1
static1/unpack001/Setup.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

2bc38130bff25cb94879d8cdcf81fec2_JaffaCakes118
.rar
Setup.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
BIN/C100D.ZDL
BIN/C120D.ZDL
BIN/C150D.ZDL
BIN/WIN7.ocx
.dll regsvr32 windows:6 windows x86 arch:x86

0143a0da3dfb1092f3a9895e75348e3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dmview.pdb

Imports

mfc42u

ord6125
ord537
ord6810
ord3568
ord1143
ord543
ord3579
ord803
ord4294
ord446
ord3676
ord4616
ord3348
ord3273
ord5494
ord4466
ord6361
ord3321
ord6360
ord743
ord1869
ord4244
ord2478
ord1174
ord6466
ord1223
ord1207
ord686
ord723
ord3941
ord521
ord384
ord423
ord5821
ord4618
ord4076
ord3075
ord2981
ord3264
ord4460
ord3255
ord3143
ord2978
ord6366
ord2376
ord2949
ord4533
ord3399
ord2480
ord4973
ord4986
ord4409
ord5002
ord4597
ord4403
ord4732
ord4735
ord4733
ord4350
ord4355
ord4365
ord4578
ord5054
ord4630
ord4631
ord4643
ord4774
ord4348
ord4637
ord4648
ord5017
ord4683
ord4642
ord4660
ord4661
ord4662
ord4902
ord4903
ord4653
ord4929
ord4924
ord4919
ord4982
ord4588
ord4515
ord4542
ord4897
ord4644
ord4762
ord4654
ord4655
ord4108
ord5645
ord2993
ord2871
ord4701
ord4699
ord5144
ord3863
ord2948
ord5207
ord1955
ord2129
ord5998
ord4914
ord4850
ord2148
ord5670
ord4633
ord4681
ord4336
ord994
ord5614
ord1686
ord2431
ord4943
ord2372
ord5570
ord3215
ord3052
ord3281
ord1262
ord755
ord470
ord2857
ord2533
ord5884
ord6051
ord4976
ord5027
ord3194
ord2092
ord4453
ord5569
ord4782
ord2929
ord2756
ord4272
ord3991
ord4124
ord2088
ord1257
ord2679
ord1884
ord4247
ord449
ord4419
ord4619
ord3274
ord4432
ord5282
ord6367
ord1767
ord6048
ord2506
ord4707
ord4992
ord4847
ord4370
ord5261
ord5005
ord4837
ord4666
ord4564
ord746
ord2270
ord1209
ord5869
ord6168
ord2559
ord5785
ord2810
ord561
ord3665
ord3396
ord3947
ord5710
ord5285
ord5303
ord4692
ord4074
ord2716
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord815
ord6350
ord1213
ord1224
ord861
ord2444
ord3635
ord3365
ord4396
ord2574
ord3993
ord6139
ord3296
ord693
ord4238
ord801
ord6898
ord6003
ord541
ord5975
ord6896
ord3288
ord2606
ord3133
ord940
ord942
ord2809
ord3915
ord2442
ord556
ord3727
ord809
ord4265
ord614
ord1220
ord3574
ord4221
ord3998
ord2719
ord2722
ord2721
ord1203
ord2615
ord290
ord1129
ord1128
ord600
ord1571
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1568
ord1173
ord1115
ord269
ord826
ord4073
ord1768
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord3793
ord4831
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord2438
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord3737
ord567
ord323
ord818
ord640
ord6390
ord5446
ord2099
ord2836
ord5286
ord6211
ord5977
ord2746
ord6124
ord2114
ord2144
ord538
ord2821
ord4162
ord6303
ord540
ord4155
ord800
ord6928
ord6379
ord5436
ord4435
ord1165
ord4688
ord2116
ord5257
ord3232
ord858
ord4270
ord2371
ord2859
ord2854
ord535
ord1633
ord3566
ord1634
ord3614
ord268
ord2406
ord2385
ord3621
ord823
ord825
ord3658
ord4020
ord1560

msvcrt

free
_initterm
_amsg_exit
malloc
_XcptFilter
_CIlog10
_purecall
iswdigit
_wtoi
wcsstr
localeconv
wcsncmp
_CxxThrowException
_ftol2_sse
_ftol2
??_V@YAXPAX@Z
??_U@YAPAXI@Z
__CxxFrameHandler3
memset
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common

dmdskmgr

?GetImageNum@CDMNodeObj@@QAEHXZ
?GetSizeMB@CDMNodeObj@@QAEXAA_J@Z
?Command@CContextMenu@@QAEJJPAUIDataObject@@J@Z
?GetStorageType@CDMNodeObj@@QAEXAAVCString@@H@Z
?GetObjectId@CDMNodeObj@@QAEXAA_J@Z
?PopUpInit@CContextMenu@@QAEXPAVCDMNodeObj@@AAH1H@Z
?GetScopeNode@CDMScopeNodeCollection@@QAEHJPAPAVCDMScopeNode@@@Z
?UpDateConsoleView@CDMSnapin@@QAEXJ@Z
?GetResultPane@CDMSnapin@@QAEHJPAPAVCDMResultPane@@@Z
?GetUIState@CTaskData@@QAEKXZ
?GetParentDiskPtr@CDMNodeObj@@QAEPAV1@XZ
?GetDeviceType@CDMNodeObj@@QAEKXZ
?DoDelete@CContextMenu@@QAEXJ@Z
?EnumDiskRegions@CDMNodeObj@@QAEXPAPAJAAJ@Z
?GetDiskInfo@CDMNodeObj@@QAEHAAUdiskinfoex@@@Z
?GetSize@CDMNodeObj@@QAEXAA_JH@Z
?IsHiddenRegion@CDMNodeObj@@QAEHXZ
?GetExtendedRegionColor@CDMNodeObj@@QAEKXZ
?IsDiskOffline@CDMNodeObj@@QAEHXZ
?GetOfflineReasonText@CDMNodeObj@@QAEHAAVCString@@@Z
?GetStorageType@CDMNodeObj@@QAE?AW4_STORAGE_TYPES@@XZ
?GetPatternRef@CDMNodeObj@@QAEHXZ
?GetColorRef@CDMNodeObj@@QAEKXZ
?GetVolumeStatus@CDMNodeObj@@QAEHAAVCString@@@Z
?GetFileSystemLabel@CDMNodeObj@@QAEXAAVCString@@@Z
?GetParentVolumePtr@CDMNodeObj@@QAEPAV1@XZ
?GetFlags@CDMNodeObj@@QAEJXZ
?GetFileSystemName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetDriveLetter@CDMNodeObj@@QAEXAAG@Z
?GetDiskStatus@CDMNodeObj@@QAEHAAVCString@@@Z
?GetSizeString@CDMNodeObj@@QAEXAAVCString@@@Z
?GetDiskTypeName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetName@CDMNodeObj@@QAEXAAVCString@@@Z
?EnumVolumeMembers@CDMNodeObj@@QAEXPAPAJAAJ@Z
?GetResultStringArray@CDMNodeObj@@QAEHAAVCStringArray@@@Z
?ShowContextMenu@CContextMenu@@QAEJPAVCWnd@@JJJ@Z
?namecmp@@YGHPBG0@Z
?EnumFirstVolumeMember@CDMNodeObj@@QAEXAAJ0@Z
?EnumVolumes@CTaskData@@QAEXAAKPAPAJ@Z
?EnumDisks@CTaskData@@QAEXAAKPAPAJ@Z

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetModuleHandleW
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
LocalFree
LocalAlloc
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentThreadId

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw

user32

GetParent
GetWindowRect
SendMessageW
PtInRect
SetRect
GetClientRect
ScreenToClient
BeginPaint
EndPaint
GetDC
ReleaseDC
InvalidateRect
GetFocus
ShowScrollBar
SystemParametersInfoW
NotifyWinEvent
GetSysColor
GetCursorPos
GetKeyState
IsWindow
EnableWindow
RegisterWindowMessageW
LoadBitmapW
DrawFrameControl
PostMessageW
DrawIconEx
PostThreadMessageW
LoadCursorW
SetCursor
ClientToScreen
FillRect
EqualRect
LoadImageW
DestroyIcon
DrawFocusRect
DrawTextExW

oleaut32

SysAllocString
LoadRegTypeLi

gdi32

CreateFontIndirectW
CreateBitmap
CreateCompatibleDC
GetDeviceCaps
SelectObject
BitBlt
GetTextMetricsW
CreateSolidBrush
PatBlt
GetBkColor
ExtTextOutW
CreateHatchBrush
GetTextExtentPoint32W

shlwapi

StrCmpLogicalW

oleacc

AccessibleObjectFromWindow
LresultFromObject

dmutil

ShowMessage

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QAEXPAU_LDM_OBJ_MAP_ENTRY@@@Z
?GetDiskCount@CDataCache@@QAEKXZ
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetVolumeCount@CDataCache@@QAEKXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BIN/cjgh.dll
.exe windows:4 windows x86 arch:x86

8ad98195bfea10a14ae3990a3364999a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord300
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord306
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
ord616
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BIN/cjgl.exe
.exe windows:4 windows x86 arch:x86

cd01d9323f2f3992ed64dcbf11b551b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord300
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord599
ord306
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaStrVarVal
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BIN/mad.bat
BIN/main.dat
BIN/regesiter.dat
BIN/update.exe
.exe windows:4 windows x86 arch:x86

75aa7604d64b699d7f77e79c15e03e1b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BIN/update_DATA.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fb251c24262a8ced6d830dfdfd26b0fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
_CIatan
_allmul
_CItan
_CIexp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TEMP/cjzh.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TEMP/li.txt
TEMP/whatsnew.txt
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 62KB - Virtual size: 62KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

0143a0da3dfb1092f3a9895e75348e3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

dmdskmgr

kernel32

comctl32

user32

oleaut32

gdi32

shlwapi

oleacc

dmutil

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 78KB

.data Size: 2KB - Virtual size: 11KB

.rsrc Size: 19KB - Virtual size: 20KB

.reloc Size: 6KB - Virtual size: 6KB

8ad98195bfea10a14ae3990a3364999a

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 160KB - Virtual size: 160KB

cd01d9323f2f3992ed64dcbf11b551b6

Headers

File Characteristics

Imports

msvbvm60

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 62KB - Virtual size: 62KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 78KB - Virtual size: 78KB

.data
Size: 2KB - Virtual size: 11KB

.rsrc
Size: 19KB - Virtual size: 20KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 160KB - Virtual size: 160KB

.text
Size: 248KB - Virtual size: 244KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 164KB - Virtual size: 164KB

.text
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 780B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 252B

CODE
Size: 147KB - Virtual size: 147KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 11KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 62KB - Virtual size: 62KB