30f32eb138a44e2548baa6ee74a20148_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30f32eb138a44e2548baa6ee74a20148_JaffaCakes118
Size

890KB
MD5

30f32eb138a44e2548baa6ee74a20148
SHA1

90c8117a0db92f8cede1bf6b6c6ec87869050fc0
SHA256

026212cb5500931d0862902dec817baea7730a8133ec393d0c82ac31efbf4bcf
SHA512

20403d71ad9090454cab569dd6fa662eceff28895268583f8bb334156ec9cff8f4b1164fa626bc4bd982c5c000a58c75e80d508952e350b28cdfa090312e5e65
SSDEEP

24576:KUiZlLv7fr3W1L/pL3P7jJuUYVQRaAoOggIYk:UdjD34L93DbRl1y

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/imagestego_setup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/ImageStego.exe
unpack002/imgproc.dll
unpack002/libbz2w.dll
unpack002/uninstall.exe
unpack003/$PLUGINSDIR/InstallOptions.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/imagestego_setup.exe	nsis_installer_1
static1/unpack002/uninstall.exe	nsis_installer_1

Files

30f32eb138a44e2548baa6ee74a20148_JaffaCakes118
.zip
imagestego_setup.exe
.exe windows:4 windows x86 arch:x86

c1d02edd28ce94e699431ce65bed28ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CloseHandle
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
PtInRect
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
OpenClipboard

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

2db813254ea8b4d2a92d703ecb659f39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
ImageStego.exe
.exe windows:4 windows x86 arch:x86

c0cc6fc44b8a85ab528b6804252a972f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
TerminateThread
CreateEventA
WaitForSingleObject
SetEvent
GetDriveTypeA
DeviceIoControl
GetTickCount
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
OpenFile
VirtualLock
VirtualProtect
GetSystemTimeAsFileTime
SetEnvironmentVariableW
FileTimeToSystemTime
FileTimeToLocalFileTime
FreeLibrary
LoadLibraryA
GetProcAddress
ExitProcess
LocalFree
SetEndOfFile
CreateFileA
SetStdHandle
FindResourceA
LoadResource
LockResource
GetModuleHandleA
GetCommandLineA
SetThreadPriority
SetConsoleTitleA
AllocConsole
GetModuleFileNameA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
FindFirstFileA
FindClose
FindNextFileA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
CopyFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
Sleep
MulDiv
InterlockedDecrement
MultiByteToWideChar
CreateProcessA
CloseHandle
CreatePipe
GetLastError
ReadFile
WriteFile
PeekNamedPipe
GetCurrentThreadId
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
GetVersion
InterlockedIncrement
RtlUnwind
TerminateProcess
GetCurrentProcess
IsBadReadPtr
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
HeapReAlloc
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

PostThreadMessageA
KillTimer
DialogBoxParamA
SendDlgItemMessageA
SetForegroundWindow
GetDlgItem
GetWindowTextA
SetTimer
EndDialog
ChangeDisplaySettingsA
ReleaseDC
ReleaseCapture
ClientToScreen
SetCursorPos
GetCursorPos
DefWindowProcA
SetWindowLongA
CreatePopupMenu
EnableWindow
LoadCursorA
IsIconic
BeginPaint
DrawEdge
EndPaint
ValidateRect
FillRect
InvalidateRect
MoveWindow
ShowWindow
SetWindowTextA
SetActiveWindow
SetMenu
DestroyMenu
GetWindowLongA
GetMenu
AdjustWindowRect
CreateMenu
AppendMenuA
DestroyWindow
GetScrollInfo
PostMessageA
SetScrollPos
CharLowerBuffA
LoadIconA
RegisterClassA
SetCursor
SetCapture
SetScrollInfo
GetScrollPos
CallWindowProcA
CreateWindowExA
GetClientRect
GetDesktopWindow
GetWindowRect
MessageBoxA
SendMessageA
GetFocus
SetFocus
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
UnregisterClassA
GetActiveWindow
GetForegroundWindow
DispatchMessageA
GetDC

opengl32

glBegin
glVertex2i
glEnd
glDisable
glTexCoord2f
glTexEnvi
glReadPixels
glBindTexture
glCallLists
glRasterPos2i
glListBase
glDrawPixels
glTexParameteri
glTexImage2D
glGenTextures
glDeleteTextures
glScissor
glEnable
glViewport
glMatrixMode
glLoadIdentity
glOrtho
glAlphaFunc
glColor3ub
glPixelMapfv
glDeleteLists
glGenLists
wglUseFontBitmapsA
wglGetProcAddress
wglMakeCurrent
wglDeleteContext
wglCreateContext
wglShareLists

wsock32

select
WSACleanup
WSAStartup
listen
ioctlsocket
connect
bind
gethostbyname
accept
send
getsockname
closesocket
setsockopt
recvfrom
inet_ntoa
WSAGetLastError
inet_addr
__WSAFDIsSet
recv
sendto
htons
htonl
ntohl
ntohs
getpeername
socket

winmm

waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetNumDevs
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutOpen
waveOutGetNumDevs
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerSetControlDetails
mixerOpen
mixerGetNumDevs
mixerClose
waveOutGetDevCapsA
mciSendCommandA
mciGetErrorStringA
timeGetTime
timeSetEvent
timeKillEvent
timeBeginPeriod
timeEndPeriod
waveOutClose

comctl32

ImageList_Create
ImageList_Destroy
_TrackMouseEvent
InitCommonControlsEx
ImageList_AddMasked

gdi32

SelectObject
GetTextExtentPoint32A
CreateCompatibleDC
DeleteDC
GetStockObject
GetTextMetricsA
SetDIBits
CreateCompatibleBitmap
CreateSolidBrush
BitBlt
StretchBlt
ExtTextOutA
SetTextColor
SetBkMode
SetPixelFormat
ChoosePixelFormat
SwapBuffers
GetTextFaceA
DeleteObject
AddFontResourceA
CreateFontA
GetDeviceCaps
CreateFontIndirectA
Ellipse
Rectangle
Polyline
CreatePen
CreateDIBSection

comdlg32

ChooseColorA
GetSaveFileNameA
ChooseFontA
GetOpenFileNameA

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

ole32

OleSetContainedObject
OleCreate
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit
VariantCopy
VariantChangeType

advapi32

RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA

msacm32

acmFormatSuggest
acmStreamOpen
acmStreamSize
acmStreamPrepareHeader
acmStreamConvert
acmStreamClose
acmStreamUnprepareHeader

Exports

Exports

_bbWinMain@0
runtimeGetRuntime

Sections

.text
Size: 540KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/about.png
.png
data/noimage.png
.png
data/noimagerus.png
.png
data/register.png
.png
data/splash.jpg
.jpg
get.url
get_ru.url
help.url
help_ru.url
icon.ico
imgproc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

FreeImage_OutputMessageProc
_FreeImage_AdjustBrightness@12
_FreeImage_AdjustContrast@12
_FreeImage_AdjustCurve@12
_FreeImage_AdjustGamma@12
_FreeImage_Allocate@24
_FreeImage_AllocateT@28
_FreeImage_AppendPage@8
_FreeImage_Clone@4
_FreeImage_CloseMultiBitmap@8
_FreeImage_ColorQuantize@8
_FreeImage_Composite@16
_FreeImage_ConvertFromRawBits@36
_FreeImage_ConvertLine16To24_555@12
_FreeImage_ConvertLine16To24_565@12
_FreeImage_ConvertLine16To32_555@12
_FreeImage_ConvertLine16To32_565@12
_FreeImage_ConvertLine16To8_555@12
_FreeImage_ConvertLine16To8_565@12
_FreeImage_ConvertLine16_555_To16_565@12
_FreeImage_ConvertLine16_565_To16_555@12
_FreeImage_ConvertLine1To16_555@16
_FreeImage_ConvertLine1To16_565@16
_FreeImage_ConvertLine1To24@16
_FreeImage_ConvertLine1To32@16
_FreeImage_ConvertLine1To8@12
_FreeImage_ConvertLine24To16_555@12
_FreeImage_ConvertLine24To16_565@12
_FreeImage_ConvertLine24To32@12
_FreeImage_ConvertLine24To8@12
_FreeImage_ConvertLine32To16_555@12
_FreeImage_ConvertLine32To16_565@12
_FreeImage_ConvertLine32To24@12
_FreeImage_ConvertLine32To8@12
_FreeImage_ConvertLine4To16_555@16
_FreeImage_ConvertLine4To16_565@16
_FreeImage_ConvertLine4To24@16
_FreeImage_ConvertLine4To32@16
_FreeImage_ConvertLine4To8@12
_FreeImage_ConvertLine8To16_555@16
_FreeImage_ConvertLine8To16_565@16
_FreeImage_ConvertLine8To24@16
_FreeImage_ConvertLine8To32@16
_FreeImage_ConvertTo16Bits555@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_ConvertTo24Bits@4
_FreeImage_ConvertTo32Bits@4
_FreeImage_ConvertTo8Bits@4
_FreeImage_ConvertToRawBits@32
_FreeImage_ConvertToStandardType@8
_FreeImage_ConvertToType@12
_FreeImage_Copy@20
_FreeImage_CreateICCProfile@12
_FreeImage_DeInitialise@0
_FreeImage_DeletePage@8
_FreeImage_DestroyICCProfile@4
_FreeImage_Dither@8
_FreeImage_FIFSupportsExportBPP@8
_FreeImage_FIFSupportsExportType@8
_FreeImage_FIFSupportsICCProfiles@4
_FreeImage_FIFSupportsReading@4
_FreeImage_FIFSupportsWriting@4
_FreeImage_FlipHorizontal@4
_FreeImage_FlipVertical@4
_FreeImage_GetBPP@4
_FreeImage_GetBackgroundColor@8
_FreeImage_GetBits@4
_FreeImage_GetBlueMask@4
_FreeImage_GetChannel@8
_FreeImage_GetColorType@4
_FreeImage_GetColorsUsed@4
_FreeImage_GetComplexChannel@8
_FreeImage_GetCopyrightMessage@0
_FreeImage_GetDIBSize@4
_FreeImage_GetDotsPerMeterX@4
_FreeImage_GetDotsPerMeterY@4
_FreeImage_GetFIFCount@0
_FreeImage_GetFIFDescription@4
_FreeImage_GetFIFExtensionList@4
_FreeImage_GetFIFFromFilename@4
_FreeImage_GetFIFFromFormat@4
_FreeImage_GetFIFFromMime@4
_FreeImage_GetFIFRegExpr@4
_FreeImage_GetFileType@8
_FreeImage_GetFileTypeFromHandle@12
_FreeImage_GetFormatFromFIF@4
_FreeImage_GetGreenMask@4
_FreeImage_GetHeight@4
_FreeImage_GetHistogram@12
_FreeImage_GetICCProfile@4
_FreeImage_GetImageType@4
_FreeImage_GetInfo@4
_FreeImage_GetInfoHeader@4
_FreeImage_GetLine@4
_FreeImage_GetLockedPageNumbers@12
_FreeImage_GetPageCount@4
_FreeImage_GetPalette@4
_FreeImage_GetPitch@4
_FreeImage_GetPixelColor@16
_FreeImage_GetPixelIndex@16
_FreeImage_GetRedMask@4
_FreeImage_GetScanLine@8
_FreeImage_GetTransparencyCount@4
_FreeImage_GetTransparencyTable@4
_FreeImage_GetVersion@0
_FreeImage_GetWidth@4
_FreeImage_HasBackgroundColor@4
_FreeImage_Initialise@4
_FreeImage_InsertPage@12
_FreeImage_Invert@4
_FreeImage_IsLittleEndian@0
_FreeImage_IsPluginEnabled@4
_FreeImage_IsTransparent@4
_FreeImage_Load@12
_FreeImage_LoadFromHandle@16
_FreeImage_LockPage@8
_FreeImage_MovePage@12
_FreeImage_OpenMultiBitmap@20
_FreeImage_Paste@20
_FreeImage_RegisterExternalPlugin@20
_FreeImage_RegisterLocalPlugin@20
_FreeImage_Rescale@16
_FreeImage_RotateClassic@12
_FreeImage_RotateEx@48
_FreeImage_Save@16
_FreeImage_SaveToHandle@20
_FreeImage_SetBackgroundColor@8
_FreeImage_SetChannel@12
_FreeImage_SetComplexChannel@12
_FreeImage_SetOutputMessage@4
_FreeImage_SetPixelColor@16
_FreeImage_SetPixelIndex@16
_FreeImage_SetPluginEnabled@8
_FreeImage_SetTransparencyTable@12
_FreeImage_SetTransparent@8
_FreeImage_Threshold@8
_FreeImage_Unload@4
_FreeImage_UnlockPage@12
_FreeImage_ZLibCompress@16
_FreeImage_ZLibUncompress@16

Sections

.text
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libbz2w.dll
.dll windows:4 windows x86 arch:x86

e6a9ce0996406f2fcd00060d35f79b2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
GetLastError
CloseHandle
ReadFile
WriteFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetOEMCP
GetACP
TlsGetValue
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
SetStdHandle
SetFilePointer
CreateFileA
RtlUnwind
GetCPInfo
LoadLibraryA
LCMapStringA
LCMapStringW
SetEndOfFile

Exports

Exports

BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite
_bz2@16

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
settings.ini
uninstall.exe
.exe windows:4 windows x86 arch:x86

c1d02edd28ce94e699431ce65bed28ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CloseHandle
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
PtInRect
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
OpenClipboard

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp

Sharing

General

Malware Config

Signatures

Files

c1d02edd28ce94e699431ce65bed28ec

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 292KB - Virtual size: 292KB

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 994B

2db813254ea8b4d2a92d703ecb659f39

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 254B

c0cc6fc44b8a85ab528b6804252a972f

Headers

File Characteristics

Imports

kernel32

user32

opengl32

wsock32

winmm

comctl32

gdi32

comdlg32

shell32

ole32

oleaut32

advapi32

msacm32

Exports

Exports

Sections

.text Size: 540KB - Virtual size: 536KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 112KB - Virtual size: 402KB

.rsrc Size: 284KB - Virtual size: 283KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 292KB - Virtual size: 292KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 994B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 540KB - Virtual size: 536KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 112KB - Virtual size: 402KB

.rsrc
Size: 284KB - Virtual size: 283KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 512KB - Virtual size: 511KB

.rdata
Size: 136KB - Virtual size: 132KB

.data
Size: 36KB - Virtual size: 48KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 292KB - Virtual size: 292KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 994B