37184f4a2d3568cb859b5cb518dacf16_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

37184f4a2d3568cb859b5cb518dacf16_JaffaCakes118
Size

710KB
MD5

37184f4a2d3568cb859b5cb518dacf16
SHA1

fdee30f00b9ad38211ea8c5f0f351ffdb6d0b037
SHA256

2046f1330beb67a88b12bf1ea767afc57b38f72525a3268f70141d2c30fffd1e
SHA512

e21ecf583898d3b9a72715deeff1bcd245cff4c86f7da9e9e8e6da55be906c4625d6988759b67a51c2ad694abcef5da972a93126e7a17c8d1d73e77d696d4a3e
SSDEEP

12288:w54kIIxfrVE8Ro3CC5R6TV2+stIGn56ozgGgIdR6O3qkVlHpz7PNu/ksUR6mFuGc:tIVrVXo3CFmzAIRt+/ksizFullKzIp

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/OEPFinders/EXE32PackOEP.dll	acprotect
static1/unpack001/OEPFinders/PEPack10OEP.dll	acprotect
static1/unpack001/OEPFinders/PackManOEP.dll	acprotect
static1/unpack001/OEPFinders/StealthPE21OEP.dll	acprotect
static1/unpack001/OEPFinders/WWPack32OEP.dll	acprotect

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Engine.sys
unpack001/OEPFinders/EXE32PackOEP.dll
unpack001/OEPFinders/Force.dll
unpack001/OEPFinders/GenOEP.dll
unpack001/OEPFinders/PEPack10OEP.dll
unpack001/OEPFinders/PackManOEP.dll
unpack001/OEPFinders/StealthPE21OEP.dll
unpack001/OEPFinders/UPackOEP.dll
unpack001/OEPFinders/WWPack32OEP.dll
unpack001/PESniffer.dll
unpack001/PEiDLL.DLL
unpack001/Plugins/PluginEx.dll
unpack001/QUnpack.exe
unpack001/selfscan.dll

Files

37184f4a2d3568cb859b5cb518dacf16_JaffaCakes118
.zip
Engine.sys
.dll windows:4 windows x86 arch:x86

e628239ac2c12433fe401e7304ed24fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\D\QU10RC1\engine\objfre\i386\Engine.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
ZwSetInformationThread
memmove
ZwYieldExecution
ZwQueryInformationProcess
KeNumberProcessors
RtlAppendUnicodeStringToString
IoDeleteDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
IoCreateDevice
RtlIntegerToUnicodeString
ZwOpenKey
ZwCreateKey
RtlCopyUnicodeString
ZwQueryValueKey
memcpy
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
ExQueueWorkItem
KeInitializeSpinLock
KeBugCheckEx
RtlInitUnicodeString
ZwClose
ExFreePoolWithTag
ExAllocatePoolWithTag

hal

KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 609B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.STL
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
OEPFinders/EXE32PackOEP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetOEPNow
ShortFinderName

Sections

Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
OEPFinders/Force.dll
.dll windows:4 windows x86 arch:x86

bd54f5ebf04f2d0eea701bb40bae79e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
WaitForInputIdle
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
VirtualQuery
TerminateProcess
SuspendThread
SetFilePointer
ReadProcessMemory
ReadFile
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFree
GlobalAlloc
GetVersionExA
GetThreadLocale
GetStdHandle
GetStartupInfoA
GetShortPathNameA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetFileSize
GetDiskFreeSpaceA
GetDateFormatA
GetCPInfo
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateProcessA
CreateFileA
CompareStringA
CloseHandle

Exports

Exports

GetDllOEPNow
GetOEPNow
ShortFinderName

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OEPFinders/GenOEP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DoMyJob
LoadDll

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OEPFinders/PEPack10OEP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetOEPNow
ShortFinderName

Sections

Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
OEPFinders/PackManOEP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetOEPNow
ShortFinderName

Sections

Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
OEPFinders/StealthPE21OEP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetOEPNow
ShortFinderName

Sections

Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
OEPFinders/UPackOEP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetOEPNow
ShortFinderName

Sections

CODE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 99B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OEPFinders/WWPack32OEP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetOEPNow
ShortFinderName

Sections

Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PESniffer.dll
.dll windows:4 windows x86 arch:x86

8e4121032692da8c5f65944d2b4c896a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetFileSize
lstrlenA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
HeapAlloc
HeapFree
FlushViewOfFile
GetProcessHeap
ReadFile
lstrcatA
DisableThreadLibraryCalls
CreateFileMappingA
GetModuleFileNameA
CloseHandle
lstrcpyA
HeapReAlloc
IsBadReadPtr
LCMapStringW
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA

user32

CharUpperA

imagehlp

ImageNtHeader

Exports

Exports

AnalyzeFile
GetTotalSignatures
IsDataBaseLoaded

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PEiDLL.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FileEntropy
GetInternalDatabase
GetPEiDScanMode
MultiScanDir
PEiDLLVersion
PEiDVersion
ScanWithPEiD
Scan_Deep
Scan_Hard
Scan_Norm
SetPluginOptions
SetScanOptions

Sections

packerBY
Size: - Virtual size: 627KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bero^fr
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/PluginEx.dll
.dll windows:4 windows x86 arch:x86

7e45ecb69f553c3cfb5bde11088a7f5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls

user32

MessageBoxA

Exports

Exports

GetPluginName
StartPlugin

Sections

.data
Size: 512B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QU.ini
QUnpack.exe
.exe windows:4 windows x86 arch:x86

b6be7ed4753b9633caac9330a145879d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\E\QU10\_Release\QUnpack.pdb

Imports

imagehlp

ImageNtHeader
ImageRvaToVa

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetCurrentThreadId
CompareStringW
CompareStringA
InterlockedExchange
GetVersion
MultiByteToWideChar
lstrcpynA
GetPrivateProfileStructA
WritePrivateProfileStructA
lstrcpyA
HeapReAlloc
HeapAlloc
HeapFree
IsBadReadPtr
GetProcessHeap
MulDiv
FreeLibrary
FindClose
FindNextFileA
FindFirstFileA
TerminateThread
SetThreadPriority
ExitProcess
GlobalUnlock
GlobalLock
GlobalAlloc
SetCurrentDirectoryA
GetCurrentDirectoryA
SetThreadAffinityMask
SetProcessAffinityMask
SwitchToThread
ResumeThread
OpenThread
WriteProcessMemory
VirtualProtectEx
WriteFile
GetExitCodeProcess
VirtualFreeEx
VirtualAllocEx
UnmapViewOfFile
FlushViewOfFile
SetFilePointer
MapViewOfFile
CreateFileMappingA
GetFileSize
DeviceIoControl
GetCurrentThread
WaitForSingleObject
DeleteFileA
LoadLibraryA
LockResource
GetProcAddress
TerminateProcess
ReadProcessMemory
WideCharToMultiByte
SuspendThread
CreateProcessA
lstrcmpA
CloseHandle
CreateFileA
GetModuleHandleA
CreateThread
GetLastError
ReadFile
SetLastError
GetFileAttributesA
lstrcatA
GetModuleFileNameA
Sleep
GetThreadContext
lstrlenA
lstrcmpiA
GetVersionExA
FreeResource
LoadResource
SizeofResource
FindResourceA
GetEnvironmentStringsW
SetHandleCount
GetFileTime
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FileTimeToLocalFileTime
SetErrorMode
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
LocalFree
_lopen
_lclose
_lread
_llseek
LocalAlloc
GlobalFree
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
FormatMessageA
GetCurrentProcessId
GetModuleFileNameW
InterlockedDecrement
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GlobalFlags
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
FileTimeToSystemTime
GetFileType

user32

CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckDlgButton
SendDlgItemMessageA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetFocus
GetWindowTextA
GetWindowTextLengthA
GetWindowPlacement
DefWindowProcA
DeferWindowPos
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenuItemID
TrackPopupMenu
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetClassLongA
IsChild
WinHelpA
RegisterWindowMessageA
CheckMenuItem
GetMenuState
DestroyWindow
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowDC
BeginPaint
EndPaint
TranslateMessage
SetCursor
ShowOwnedPopups
GetWindowThreadProcessId
UnregisterClassA
MapDialogRect
SetWindowContextHelpId
DestroyMenu
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
BringWindowToTop
TranslateMDISysAccel
TranslateAcceleratorA
RedrawWindow
SetMenu
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
SetRect
UnregisterHotKey
GetSysColorBrush
LoadCursorA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetDC
FillRect
EnableWindow
LoadImageA
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
ModifyMenuA
EndDialog
UpdateWindow
CreatePopupMenu
KillTimer
AppendMenuA
LoadBitmapA
MessageBoxExA
RegisterHotKey
RemoveMenu
SetWindowPos
IntersectRect
GetMenuItemRect
DrawStateA
GetClassNameA
DestroyIcon
CallWindowProcA
SetMenuItemInfoA
CallNextHookEx
GetWindowLongA
SystemParametersInfoA
GetForegroundWindow
SetRectEmpty
EqualRect
GetSystemMenu
GetMenuItemInfoA
GetMenuItemCount
IsMenu
OffsetRect
GetPropA
IsWindowVisible
RemovePropA
SetPropA
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsRectEmpty
PostMessageA
ReleaseDC
GetCursorPos
ReleaseCapture
ClientToScreen
DispatchMessageA
ScreenToClient
GetMessageA
PtInRect
SetCapture
GetCapture
GetDlgCtrlID
InvalidateRect
ValidateRect
GetFocus
GetMenu
IsIconic
SetTimer
GetSubMenu
GetSystemMetrics
EnableMenuItem
GetClientRect
GetKeyState
GetWindow
CopyRect
InflateRect
GetParent
CharUpperA
DrawIcon
SendMessageA
GetWindowRect
LoadIconA
WaitForInputIdle
wsprintfA
SetForegroundWindow
PostQuitMessage
MessageBoxA
CloseClipboard
OpenClipboard
EmptyClipboard
SetClipboardData
GetSysColor

gdi32

LineTo
ExcludeClipRect
SetMapMode
MoveToEx
Ellipse
GetTextMetricsA
GetTextColor
GetClipBox
ExtTextOutA
GetCurrentObject
RectVisible
PtVisible
CreatePen
Escape
GetStockObject
Rectangle
GetDeviceCaps
DeleteObject
DeleteDC
BitBlt
TextOutA
CreateSolidBrush
GetTextExtentPoint32A
SetBkMode
SetBkColor
SetTextColor
CreateFontIndirectA
SelectObject
CreateCompatibleBitmap
GetPixel
CreateFontA
GetObjectA
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetRgnBox
RestoreDC
SetPixel
SaveDC
CreateBitmap
CreateCompatibleDC

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateServiceA
StartServiceA
OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
RegCreateKeyA
RegSetValueA
RegDeleteKeyA

shell32

DragFinish
ShellExecuteA
DragQueryFileA

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
OleInitialize

oleaut32

SysFreeString
OleLoadPicture
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
VariantCopy

comctl32

ImageList_GetIcon
ord17
ImageList_Draw

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

pesniffer

AnalyzeFile

peidll

Scan_Norm
Scan_Hard
Scan_Deep

oleacc

LresultFromObject
CreateStdAccessibleObject

winmm

waveOutClose
waveOutGetPosition
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA

Sections

CODE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.eng.txt
Readme.rus.txt
SDK/OEPFinders/UPack OEP Finder/PELIB.PAS
SDK/OEPFinders/UPack OEP Finder/UPackOEP.bdsproj
SDK/OEPFinders/UPack OEP Finder/UPackOEP.bdsproj.local
SDK/OEPFinders/UPack OEP Finder/UPackOEP.cfg
SDK/OEPFinders/UPack OEP Finder/UPackOEP.dpr
SDK/OEPFinders/UPack OEP Finder/pelib.dcu
SDK/Plugins/C++/PluginEx.cpp
SDK/Plugins/C++/PluginEx.def
SDK/Plugins/C++/PluginEx.dsp
SDK/Plugins/C++/PluginEx.dsw
SDK/Plugins/C++/PluginEx.h
SDK/Plugins/C++/PluginEx.sln
SDK/Plugins/C++/PluginEx.suo
SDK/Plugins/C++/PluginEx.vcproj
.xml
Signs.txt
replace.ini
selfscan.dll
.dll windows:4 windows x86 arch:x86

8ee5784f55e09e86d1874a6536818e5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
MessageBoxA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
SetFilePointer
ReadFile
FreeLibrary
CreateFileA
CloseHandle

Exports

Exports

DetectPacker

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 966B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e628239ac2c12433fe401e7304ed24fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 609B

.CRT Size: 512B - Virtual size: 12B

.STL Size: 512B - Virtual size: 16B

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 36KB

Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

bd54f5ebf04f2d0eea701bb40bae79e2

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.itext Size: 1024B - Virtual size: 528B

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 13KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 119B

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 264B

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 36KB

Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 36KB

Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 36KB

Size: 7KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 609B

.CRT
Size: 512B - Virtual size: 12B

.STL
Size: 512B - Virtual size: 16B

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 57KB

.itext
Size: 1024B - Virtual size: 528B

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 13KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 119B

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 264B

.rsrc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

CODE
Size: 11KB - Virtual size: 10KB

DATA
Size: 512B - Virtual size: 176B

BSS
Size: - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 99B

.reloc
Size: 1024B - Virtual size: 924B

.rsrc
Size: 512B - Virtual size: 512B

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 5KB

packerBY
Size: - Virtual size: 627KB

bero^fr
Size: 225KB - Virtual size: 228KB

.rsrc
Size: 668B - Virtual size: 32KB

.data
Size: 512B - Virtual size: 371B

.reloc
Size: 512B - Virtual size: 24B