42531fe64998da7c6bcd3110ebc3ce17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42531fe64998da7c6bcd3110ebc3ce17_JaffaCakes118
Size

751KB
MD5

42531fe64998da7c6bcd3110ebc3ce17
SHA1

74603f4ba66ed4fe53fcaa2457619af256d2683a
SHA256

242116f7fd40531ea3d9274148d4a062eb5efbdb02a5caf9e1f983413a1574d3
SHA512

a44f95201ec6b356e7d287430b9fdb0dc005705d5b6e27422c59c66424aa519bf12157f34d60ced13311454934772041fd28a44385ab40e158896ff4624478e1
SSDEEP

12288:TJ1nS3ce5rstONX8wMrjDmSonCTvQKTch4NkY+MZQ5gXLJfZgnJvnboyi3hSHqZc:TJ1He5rzNXpMIsvpTch+ZQtpbyhDZeZD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/FishZip.exe	upx
static1/unpack001/MagoSFX.exe	upx
static1/unpack001/MagoZip.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
42531fe64998da7c6bcd3110ebc3ce17_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$SYSDIR/MagoShell.dll
unpack001/$SYSDIR/UNRAR.DLL
unpack001/$SYSDIR/aunzip32.dll
unpack001/$SYSDIR/azip32.dll
unpack001/$SYSDIR/mpShellLink.dll
unpack001/FishZip.exe
unpack001/MagoSFX.exe
unpack003/out.upx
unpack001/MagoZip.exe
unpack001/uninst.exe
unpack005/$PLUGINSDIR/InstallOptions.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

42531fe64998da7c6bcd3110ebc3ce17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

FindNextFileA
DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
lstrcmpiA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ExitWindowsEx

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

988db7036e1df22d2d639752d85eeb84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetPrivateProfileIntA
lstrcatA
lstrcmpiA
GetPrivateProfileStringA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GetModuleHandleA
MulDiv

user32

MapWindowPoints
PtInRect
LoadIconA
LoadImageA
LoadCursorA
CallWindowProcA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetWindowLongA
SetCursor
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
MessageBoxA
EnableWindow
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
DrawTextA
GetDlgItem
DrawFocusRect
DestroyIcon
GetDlgCtrlID
SetWindowLongA

gdi32

SetTextColor
DeleteDC
GetTextExtentPoint32A
GetTextMetricsA
SelectObject
CreateCompatibleDC
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/MagoShell.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7304ccc879dcc3862b52215cabe04265

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

ReleaseStgMedium

shell32

DragQueryFileA

msvbvm50

MethCallEngine
ord519
EVENT_SINK2_Release
ord631
ord525
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord607
ProcCallEngine
ord537
ord644
EVENT_SINK2_AddRef
ord681
ord101
ord102
ord103
ord104
ord105
ord616
ord617
ord618

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SHLEXT.tlb
$SYSDIR/UNRAR.DLL
.dll windows:4 windows x86 arch:x86

17f6e45fe2b8143fd7ea1ee0168216ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/aunzip32.dll
.dll windows:4 windows x86 arch:x86

8123df67474ac8f00764f6e4d6b6ee82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
GetVolumeInformationA
SetVolumeLabelA
SetFileAttributesA
FileTimeToDosDateTime
FindClose
FindFirstFileA
WriteFile
SetHandleCount
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
FileTimeToLocalFileTime
SetFileTime
SetEnvironmentVariableA
CompareStringW
FileTimeToSystemTime
GetLocaleInfoW
SetEndOfFile
CompareStringA
GetLastError
GetFileAttributesA
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetFullPathNameA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapReAlloc
DeleteFileA
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
CloseHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
GetTickCount
VirtualAlloc
SetFilePointer
FlushFileBuffers
GetModuleFileNameA
GetCPInfo
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
RtlUnwind
TerminateProcess
GetCurrentProcess
CreateFileA
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetLocaleInfoA
GetProcAddress
LoadLibraryA

user32

SendMessageA
DispatchMessageA
PeekMessageA
TranslateMessage
GetWindowRect
PostMessageA
GetDesktopWindow
SetDlgItemTextA
SetWindowPos
EndDialog
MessageBoxA
DialogBoxParamA
wsprintfA

Exports

Exports

UnzipDlgBoxProc
_addUNZIP_InMemory@16
addUNZIP
addUNZIP_Abort
addUNZIP_ArchiveName
addUNZIP_Decrypt
addUNZIP_DisplayComment
addUNZIP_Exclude
addUNZIP_ExcludeListFile
addUNZIP_ExtractTo
addUNZIP_Freshen
addUNZIP_FromMemory
addUNZIP_GetLastError
addUNZIP_GetLastWarning
addUNZIP_GetVersion
addUNZIP_Include
addUNZIP_IncludeListFile
addUNZIP_Initialise
addUNZIP_InstallCallback
addUNZIP_InstallCallbackEx
addUNZIP_Overwrite
addUNZIP_Register
addUNZIP_RestoreAttributes
addUNZIP_RestoreStructure
addUNZIP_SaveConfiguration
addUNZIP_SetParentWindowHandle
addUNZIP_SetWindowHandle
addUNZIP_Test
addUNZIP_ToMemory
addUNZIP_ToPrinter
addUNZIP_Update
addUNZIP_View

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/azip32.dll
.dll windows:4 windows x86 arch:x86

bad5270da5988342c63120f061940368

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetDriveTypeA
SetVolumeLabelA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
SetFileAttributesA
GetTempFileNameA
GetTempPathA
FreeResource
SizeofResource
LockResource
LoadResource
FreeLibrary
FindResourceA
LoadLibraryA
VirtualAlloc
VirtualFree
RemoveDirectoryA
DeleteFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
GetFullPathNameA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MoveFileA
HeapReAlloc
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
CloseHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
OutputDebugStringA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
RtlUnwind
HeapDestroy
HeapCreate
SetEnvironmentVariableA
CreateDirectoryA
GetCPInfo
GetACP
GetOEMCP
GetCurrentDirectoryA
FlushFileBuffers
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetProcAddress
SetEndOfFile
GetLocaleInfoW
CompareStringA
CompareStringW

user32

SendMessageA
GetDesktopWindow
GetWindowRect
SetWindowPos
EndDialog
SetDlgItemTextA
DialogBoxParamA
wsprintfA
MessageBoxA

Exports

Exports

_addZIP_InMemory@16
_addZIP_SFXExtractTo@4
addZIP
addZIP_Abort
addZIP_AppendTo
addZIP_ArchiveName
addZIP_BuildSFX
addZIP_ClearAttributes
addZIP_Comment
addZIP_Delete
addZIP_DeleteComment
addZIP_DisplayComment
addZIP_Encrypt
addZIP_Exclude
addZIP_ExcludeListFile
addZIP_Freshen
addZIP_FromMemory
addZIP_GetLastError
addZIP_GetLastWarning
addZIP_GetVersion
addZIP_Include
addZIP_IncludeArchive
addZIP_IncludeDirectoryEntries
addZIP_IncludeEmptyDirectoryEntries
addZIP_IncludeFilesNewer
addZIP_IncludeFilesOlder
addZIP_IncludeHidden
addZIP_IncludeListFile
addZIP_IncludeReadOnly
addZIP_IncludeSystem
addZIP_Initialise
addZIP_InstallCallback
addZIP_InstallCallbackEx
addZIP_KeepCompatible
addZIP_Move
addZIP_Overwrite
addZIP_Recurse
addZIP_Register
addZIP_SFXAutoExecute
addZIP_SFXAutoPasswordPrompt
addZIP_SFXRestoreStructure
addZIP_SFXStub
addZIP_SaveAttributes
addZIP_SaveConfiguration
addZIP_SaveRelativeTo
addZIP_SaveStructure
addZIP_SetArchiveDate
addZIP_SetCompressionLevel
addZIP_SetParentWindowHandle
addZIP_SetTempDrive
addZIP_SetWindowHandle
addZIP_Span
addZIP_SpanCreateImages
addZIP_SpanSizes
addZIP_Store
addZIP_ToMemory
addZIP_Update
addZIP_UseLFN
addZIP_View
zip__DlgBoxProc

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/mpShellLink.dll
.dll windows:4 windows x86 arch:x86

4f0b11a148c6a2b4873197c9d5ac1c91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar

user32

MessageBoxA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcrt

_adjust_fdiv
malloc
_initterm
free

Exports

Exports

CreateLink

Sections

.text
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 637B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FishZip.chm
.chm
FishZip.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MagoSFX.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MagoZip.HLP
MagoZip.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 740KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 270KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninst.exe
.exe windows:4 windows x86 arch:x86

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

FindNextFileA
DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
lstrcmpiA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ExitWindowsEx

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

988db7036e1df22d2d639752d85eeb84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetPrivateProfileIntA
lstrcatA
lstrcmpiA
GetPrivateProfileStringA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GetModuleHandleA
MulDiv

user32

MapWindowPoints
PtInRect
LoadIconA
LoadImageA
LoadCursorA
CallWindowProcA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetWindowLongA
SetCursor
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
MessageBoxA
EnableWindow
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
DrawTextA
GetDlgItem
DrawFocusRect
DestroyIcon
GetDlgCtrlID
SetWindowLongA

gdi32

SetTextColor
DeleteDC
GetTextExtentPoint32A
GetTextMetricsA
SelectObject
CreateCompatibleDC
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp

Sharing

General

Malware Config

Signatures

Files

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 5KB - Virtual size: 8KB

988db7036e1df22d2d639752d85eeb84

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

7304ccc879dcc3862b52215cabe04265

Headers

File Characteristics

Imports

ole32

shell32

msvbvm50

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: - Virtual size: 5KB

.idata Size: 1024B - Virtual size: 592B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

17f6e45fe2b8143fd7ea1ee0168216ae

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 128KB

.data Size: 15KB - Virtual size: 36KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

8123df67474ac8f00764f6e4d6b6ee82

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: - Virtual size: 5KB

.idata
Size: 1024B - Virtual size: 592B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 124KB - Virtual size: 128KB

.data
Size: 15KB - Virtual size: 36KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 22KB - Virtual size: 41KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 1024B - Virtual size: 1006B

.rdata
Size: 1024B - Virtual size: 637B

.data
Size: 512B - Virtual size: 132B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 142B

UPX0
Size: - Virtual size: 512KB

UPX1
Size: 50KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 740KB

UPX1
Size: 270KB - Virtual size: 272KB

.rsrc
Size: 7KB - Virtual size: 8KB