382015c2d0ce2bb716336ffc1b13c83c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

382015c2d0ce2bb716336ffc1b13c83c_JaffaCakes118
Size

1.4MB
MD5

382015c2d0ce2bb716336ffc1b13c83c
SHA1

4bca15995198104082202775dcb6e87001fe99f2
SHA256

f61d5187505705afddcdadd79a7dc55fc26b655a5d0695654c3af2fddafd73b6
SHA512

51bc002328fe9a6aa359c1f8733452c9bcc0f38b7201aa96d1435dcb70eef8e590ed104063eed88159ac89192a7033ea232c20274b6a3fcb35e07ee59f6afb24
SSDEEP

24576:lSJ3ngKt0oGiQZvn4cmoxOrctDzq6stxIzS7WqzyE+VsgT5vXzjwaPh2SdBr:lI3nltXGiEv4cmoxqcpq6qIwryE+Vj5Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
382015c2d0ce2bb716336ffc1b13c83c_JaffaCakes118
unpack001//Gom.exe
unpack001//GomWiz.exe
unpack001//GrLauncher.exe
unpack001///UserInfo.dll
unpack001///advsplash.dll
unpack001//InstallOptions.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

382015c2d0ce2bb716336ffc1b13c83c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

440c26768d74783386e2b06f588c7aba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
SetErrorMode
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
ExitProcess

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
SetWindowPos
PostMessageA
IsWindowEnabled
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
PostQuitMessage

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/Gom.exe
.exe windows:4 windows x86 arch:x86

db0da186f6124708daf4333fef47f167

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
InterlockedDecrement
lstrlenA
lstrlenW
MultiByteToWideChar
LocalFree
FindResourceA
GlobalAddAtomA
GetProfileStringA
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
SetEnvironmentVariableA
GetOEMCP
GetACP
GetDriveTypeA
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetFileType
SetStdHandle
TerminateProcess
RaiseException
IsBadReadPtr
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetStartupInfoW
SetErrorMode
FindResourceExW
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
lstrcmpiA
GetCurrentThread
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetTempFileNameW
lstrcmpiW
GetThreadLocale
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
ResumeThread
GlobalUnlock
lstrcmpA
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalAlloc
FormatMessageW
WideCharToMultiByte
CloseHandle
ReadFile
SetFilePointer
CreateFileW
GetFileSize
GetFileAttributesW
GlobalFree
CreateDirectoryW
GetFileTime
GetTempPathW
GetVolumeInformationW
DeviceIoControl
GetVersion
SetThreadPriority
InterlockedExchange
CreateEventW
FlushInstructionCache
GetCurrentThreadId
IsDBCSLeadByte
HeapDestroy
LoadLibraryA
SetPriorityClass
SizeofResource
GetDriveTypeW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetCurrentDirectoryW
GetCommandLineW
GetDiskFreeSpaceW
CreateFileA
GetVersionExW
SetLastError
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
WinExec
GetWindowsDirectoryW
GetLogicalDrives
lstrcmpW
GetTickCount
GetFullPathNameW
FindResourceW
LoadResource
LockResource
GetModuleHandleW
DeleteFileW
WaitForMultipleObjects
CreateThread
GetLastError
ResetEvent
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
WriteFile
Sleep
DeleteCriticalSection
InitializeCriticalSection
GlobalAlloc
GlobalLock
MulDiv
GetUserDefaultLangID
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcpynW
lstrcpyW
lstrcatW

advapi32

RegCreateKeyExW
GetFileSecurityW
SetFileSecurityW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

SendMessageW
UnregisterClassW
FindWindowW
GetSystemMetrics
SystemParametersInfoW
CharNextW
RegisterWindowMessageW
LoadStringW
DestroyIcon
IntersectRect
CopyRect
OffsetRect
MoveWindow
GetWindowRect
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
PostThreadMessageW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableW
SetWindowPos
GetWindowLongW
DispatchMessageW
TranslateMessage
PeekMessageW
GetWindowPlacement
ScreenToClient
ClientToScreen
GetWindowTextW
GetWindowTextLengthW
SetWindowLongW
LoadImageW
ReleaseDC
GetDC
DrawTextW
PtInRect
SetRectEmpty
TabbedTextOutW
GrayStringW
PostMessageW
IsWindow
SetDlgItemTextW
DialogBoxIndirectParamW
SetPropW
RemovePropW
GetPropW
SetTimer
LoadIconW
SetFocus
CreateWindowExW
SetWindowTextW
ShowWindow
MapWindowPoints
LoadCursorFromFileW
GetClassLongW
SetClassLongW
DestroyCursor
GetClassInfoExW
RegisterClassExW
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
SubtractRect
MessageBoxW
DestroyWindow
SetParent
GetMenuItemCount
ExitWindowsEx
EqualRect
ChangeDisplaySettingsW
ShowCursor
GetActiveWindow
keybd_event
EnableMenuItem
AppendMenuW
CheckMenuItem
ModifyMenuW
CheckMenuRadioItem
DeleteMenu
InsertMenuW
GetDoubleClickTime
LoadAcceleratorsW
SetForegroundWindow
SetCursor
RedrawWindow
IsWindowEnabled
GetCapture
UpdateWindow
GetKeyState
GetNextDlgTabItem
SetCapture
ReleaseCapture
DrawFrameControl
DrawEdge
GetWindowDC
DrawFocusRect
EnumDisplaySettingsW
GetParent
LoadMenuW
GetSubMenu
GetFocus
TranslateAcceleratorW
FindWindowExW
SetWindowRgn
FillRect
IsRectEmpty
DefWindowProcW
LoadCursorW
RegisterClassW
InflateRect
SetRect
GetMenu
AdjustWindowRectEx
UnionRect
CallWindowProcW
GetCursorPos
EnumWindows
IsWindowVisible
GetClassNameW
wsprintfW
InvalidateRect
KillTimer
GetClientRect
EndDialog
BeginPaint
EndPaint
GetSysColor
GetDlgItem
EnableWindow
UnhookWindowsHookEx
IsIconic
GetWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
CallNextHookEx
SetWindowsHookExW
GetDlgCtrlID
TrackPopupMenu
GetMenuItemID
GetClassInfoW
WinHelpW
IsChild
GetTopWindow
SetActiveWindow
SendDlgItemMessageA
SendDlgItemMessageW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
ValidateRect
GetMessageW
CreateDialogIndirectParamW
wvsprintfW
DestroyMenu
GetAsyncKeyState
MapDialogRect
CharUpperW
WindowFromPoint
PostQuitMessage
SetWindowContextHelpId
GetSysColorBrush

gdi32

GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
CreateBitmap
IntersectClipRect
OffsetViewportOrgEx
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
GetMapMode
PatBlt
DPtoLP
GetTextColor
LPtoDP
ExtTextOutA
GetTextExtentPointA
CreateDIBitmap
CloseFigure
EndPath
GetPath
AbortPath
BeginPath
TextOutA
GetTextExtentPoint32A
CreateFontA
GetRegionData
OffsetRgn
ExtCreateRegion
SetMapMode
RestoreDC
SaveDC
CreateEllipticRgn
CreateRoundRectRgn
CreatePen
MoveToEx
LineTo
GetClipBox
CreateFontIndirectW
PtInRegion
CreatePolygonRgn
FrameRgn
Rectangle
Polygon
EnumFontFamiliesExW
CreateSolidBrush
GetBkColor
CreateRectRgn
GetStockObject
CreateRectRgnIndirect
CombineRgn
FillRgn
GetDeviceCaps
SetTextCharacterExtra
SetPixel
Escape
TextOutW
RectVisible
PtVisible
CreateCompatibleBitmap
SetTextColor
SetBkMode
CreateFontW
BitBlt
DeleteDC
GetDIBColorTable
CreateCompatibleDC
SelectObject
DeleteObject
GetObjectW
CreateDIBSection
SetBkColor
ExtTextOutW
GetTextMetricsW
GetTextExtentPoint32W

shell32

SHAppBarMessage
DragQueryPoint
DragQueryFileW
DragFinish
SHChangeNotify
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW

comdlg32

GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

winmm

mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
waveOutGetNumDevs
mixerClose
mixerGetNumDevs
mixerOpen
mixerGetDevCapsW
mixerGetID
mixerGetLineInfoW

comctl32

_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_LoadImageW
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Draw

oledlg

OleUIBusyW

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
CreateBindCtx
MkParseDisplayName
CLSIDFromString
StringFromGUID2
CoTaskMemFree
CreateILockBytesOnHGlobal
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

olepro32

ord253
ord250

oleaut32

SafeArrayAccessData
VariantChangeType
SysFreeString
SysAllocStringLen
SysStringLen
SafeArrayUnaccessData
VariantClear
SysAllocString
VariantTimeToSystemTime
VariantCopy

wininet

InternetOpenW
InternetOpenUrlW
InternetSetFilePointer
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 884KB - Virtual size: 880KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_G
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/GomWiz.exe
.exe windows:4 windows x86 arch:x86

e697b39f729efff9991a4e7221e975cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalFree
GetUserDefaultLangID
GetFileAttributesW
CreateDirectoryW
GetDiskFreeSpaceW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrlenA
InterlockedDecrement
InterlockedIncrement
MulDiv
LoadLibraryW
GetProcAddress
FreeLibrary
GetLogicalDrives
GetStartupInfoA

user32

ShowWindow
EnableWindow
FindWindowW
SendDlgItemMessageW
PostMessageW
SetTimer
SetWindowPos
SystemParametersInfoW
GetWindowRect
GetParent
LoadStringW
ClientToScreen
GetSystemMetrics
CopyRect
OffsetRect
RegisterWindowMessageW
SetDlgItemTextW
DialogBoxIndirectParamW
RemovePropW
SetPropW
GetPropW
SetWindowTextW
SendMessageW
LoadIconW
SetFocus
CreateWindowExW
ReleaseDC
GetWindowLongW
InvalidateRect
KillTimer
GetClientRect
PtInRect
SetWindowLongW
EndDialog
BeginPaint
ScreenToClient
EndPaint
GetSysColor
DrawTextW
GetDC
GetDlgItem
MoveWindow

gdi32

BitBlt
SetBkColor
ExtTextOutW
SetBkMode
SetTextColor
SelectObject
CreateCompatibleBitmap
CreateFontW
DeleteObject
DeleteDC
GetTextExtentPoint32W
CreateCompatibleDC
GetTextMetricsW

advapi32

RegCreateKeyW
RegSetValueExW
RegCloseKey
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW

shell32

SHChangeNotify
ShellExecuteW

comctl32

PropertySheetW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
wcstok
wcscpy
strlen
malloc
free
_wtoi
iswdigit
wcsncmp
wcslen
swprintf
vswprintf
wcsrchr
wcsstr
wcscmp
??2@YAPAXI@Z
memcpy
_except_handler3
memset
??3@YAXPAX@Z
__CxxFrameHandler

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/GrLauncher.exe
.exe windows:4 windows x86 arch:x86

30d9bf43bc7562df43cf16dc3ee373e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetTempPathW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
lstrcpyW
GetProcAddress
GetUserDefaultLangID
MultiByteToWideChar
MulDiv
WriteFile
lstrlenA
GetModuleHandleW
CloseHandle
WideCharToMultiByte
CreateProcessW
WaitForSingleObject
Sleep
lstrcmpW
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
lstrlenW
GlobalAlloc
FindResourceW
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DeleteFileW
MoveFileW
GetStartupInfoW

user32

RegisterWindowMessageW
PostMessageW
SetWindowLongW
DialogBoxIndirectParamW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetPropW
DefWindowProcW
GetWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
CallWindowProcW
GetSysColor
SetFocus
IsChild
GetFocus
ReleaseDC
GetDC
EndPaint
FillRect
GetClientRect
BeginPaint
SetWindowPos
IsWindow
RedrawWindow
GetClassNameW
GetParent
GetSystemMetrics
PtInRect
DrawTextW
ShowWindow
LoadIconW
GetDesktopWindow
SetPropW
RemovePropW
ClientToScreen
ScreenToClient
TranslateMessage
MoveWindow
OffsetRect
CopyRect
FindWindowW
LoadStringW
GetWindowRect
SystemParametersInfoW
MapWindowPoints
PeekMessageW
DispatchMessageW
SetDlgItemTextW
KillTimer
EnableWindow
EndDialog
SetTimer
GetDlgItem
SendMessageW
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
wsprintfW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW

gdi32

GetTextExtentPoint32W
GetTextMetricsW
ExtTextOutW
SetBkColor
GetStockObject
SetTextColor
SetBkMode
GetObjectW
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
CreateFontW
GetDeviceCaps
DeleteDC

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

ole32

OleLockRunning
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
SysAllocString
LoadRegTypeLi
SysStringLen
VariantClear
SysFreeString
OleCreateFontIndirect

msvcrt

exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
iswdigit
swprintf
vswprintf
wcsstr
memmove
wcschr
swscanf
_wtoi
_beginthread
wcscmp
_wcsicmp
wcsncmp
wcsncpy
_except_handler3
wcstok
wcsrchr
malloc
free
wcslen
wcscpy
memset
strlen
memcmp
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
time
__CxxFrameHandler
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__set_app_type

wininet

InternetOpenW
InternetOpenUrlW
InternetSetFilePointer
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
//UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
//advsplash.dll
.dll windows:4 windows x86 arch:x86

aca113c44eb167eb4b08c836ef09ba00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
InvalidateRect
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

DeleteObject
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
CombineRgn

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/spltmp.bmp
/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

7ca439f240520f2b3eaee86b88d31ab2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
lstrcpynA
GetModuleHandleA
GlobalAlloc
MultiByteToWideChar
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcatA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
SetWindowLongA
LoadIconA
LoadImageA
PtInRect
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
GetDlgItem
GetWindowLongA
DrawTextA
DrawFocusRect
MapWindowPoints
CallWindowProcA
PostMessageA
SetWindowTextA
SendMessageA
GetWindowTextA
SetFocus
MessageBoxA
wsprintfA
CreateWindowExA

gdi32

SetTextColor
SelectObject
CreateCompatibleDC
DeleteObject
GetTextExtentPoint32A
DeleteDC
SetBkMode
SetBkColor
GetTextMetricsA

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA
SHGetMalloc

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/ioSpecial.ini
/modern-header.bmp
/modern-wizard.bmp

Sharing

General

Malware Config

Signatures

Files

440c26768d74783386e2b06f588c7aba

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 109KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 12KB - Virtual size: 12KB

db0da186f6124708daf4333fef47f167

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

comdlg32

winmm

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

winspool.drv

Sections

.text Size: 884KB - Virtual size: 880KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 84KB - Virtual size: 187KB

Shared_G Size: 4KB - Virtual size: 12B

.rsrc Size: 188KB - Virtual size: 184KB

e697b39f729efff9991a4e7221e975cb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcrt

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 125KB - Virtual size: 125KB

30d9bf43bc7562df43cf16dc3ee373e4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

wininet

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 9KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 109KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 884KB - Virtual size: 880KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 84KB - Virtual size: 187KB

Shared_G
Size: 4KB - Virtual size: 12B

.rsrc
Size: 188KB - Virtual size: 184KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 125KB - Virtual size: 125KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 1024B - Virtual size: 572B

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 512B - Virtual size: 45B

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 208B

.reloc
Size: 512B - Virtual size: 412B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 942B