45e9976829cc8522ef5489049d8e226d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45e9976829cc8522ef5489049d8e226d_JaffaCakes118
Size

739KB
MD5

45e9976829cc8522ef5489049d8e226d
SHA1

e86ddd37f79ed926e8209dc9fd72349ad1ce1d62
SHA256

af479f8e0114bff172da2f630006d5a13c956d3b31859289642d9ac32143c9f9
SHA512

43f891e732b036478da209356bcb1fc0c1f80ba7bb6dcd9520f9a89e9fd75fc9e8b0110a31a247828ecbd97d7cad384d52d7c4836aa3c6fb7aedd3853d33dd44
SSDEEP

12288:qCc10lmK+lPxEwx8WCUIfEH2eKo8kFtSbiSCn+0db9xEk:oLjJEs85h+2eKodYFC+y/Ek

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/81225890/make/cert2spc.exe
unpack001/81225890/make/certmgr.exe
unpack001/81225890/make/chktrust.exe
unpack001/81225890/make/makecat.exe
unpack001/81225890/make/makecert.exe
unpack001/81225890/make/makectl.exe
unpack001/81225890/make/setreg.exe
unpack001/81225890/make/signcode.exe
unpack002/prjmain.ocx
unpack001/81225890/prjmain.ocx

Files

45e9976829cc8522ef5489049d8e226d_JaffaCakes118
.rar
81225890/Unit1.ddp
81225890/Unit1.dfm
81225890/Unit1.pas
81225890/del.bat
81225890/fmmain.dfm
81225890/fmmain.pas
81225890/make/cert2spc.exe
.exe windows:5 windows x86 arch:x86

888390cb4f659670498b8aa48872554f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_exit
vwprintf
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p___winitenv
exit
_XcptFilter

kernel32

CreateFileMappingA
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetLastError
CloseHandle
GetModuleHandleA
GetVersionExA
MultiByteToWideChar

crypt32

CertFreeCTLContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetCRLFromStore
CertAddCRLContextToStore
CertFreeCRLContext
CertOpenStore
CertAddEncodedCRLToStore
CertCloseStore
CertAddCTLContextToStore
CertSaveStore
CertEnumCTLsInStore
CreateFileU
CertFreeCertificateContext

user32

LoadStringA
LoadStringW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/make/certmgr.exe
.exe windows:5 windows x86 arch:x86

0d1153f78c761173231a548430873dfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

vwprintf
_wcsicmp
_controlfp
_except_handler3
__set_app_type
malloc
wcscat
_adjust_fdiv
__setusermatherr
_initterm
exit
_XcptFilter
_exit
_wasctime
wcscpy
swprintf
wprintf
towupper
printf
realloc
scanf
wcslen
strtok
free
_wtol
__wgetmainargs
__p__fmode
__p__commode
__p___winitenv

advapi32

CryptReleaseContext
CryptAcquireContextA

kernel32

GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
MultiByteToWideChar
GetLastError
SetLastError
CompareFileTime
FileTimeToSystemTime
WriteFile
GetFileSize
CreateFileMappingA
MapViewOfFile
CloseHandle
GetVersionExA
WideCharToMultiByte
LocalAlloc
GetModuleHandleA
UnmapViewOfFile
LocalFree

crypt32

CryptFreeOIDFunctionAddress
CertSaveStore
CertAddCertificateContextToStore
CryptGetOIDFunctionAddress
CreateFileU
CryptFindOIDInfo
CryptDecodeObject
CertRDNValueToStrA
CertRDNValueToStrW
CertCloseStore
CryptMsgClose
CryptRegisterOIDInfo
CryptInstallOIDFunctionAddress
CryptInitOIDFunctionSet
CertAddEncodedCertificateToStore
CertAddEncodedCRLToStore
CertAddEncodedCTLToStore
CertOpenStore
CertFreeCTLContext
CertAddCTLContextToStore
CertFindCTLInStore
CertFreeCRLContext
CertAddCRLContextToStore
CertFreeCertificateContext
CryptSIPRetrieveSubjectGuid
CertFindCertificateInStore
CertEnumCTLsInStore
CertGetCRLFromStore
CertEnumCertificatesInStore
CertEnumCertificateContextProperties
CertDuplicateCertificateContext
CertDuplicateCTLContext
CertDeleteCTLFromStore
CertDuplicateCRLContext
CertDeleteCRLFromStore
CertDeleteCertificateFromStore
CertSetCertificateContextProperty
CryptEncodeObject
CertGetCRLContextProperty
CertGetPublicKeyLength
CryptHashPublicKeyInfo
CertGetCertificateContextProperty
CertGetCTLContextProperty
CryptMsgGetAndVerifySigner
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToDecode
CryptSIPLoad

cryptui

CryptUIDlgCertMgr

user32

LoadStringA
LoadStringW

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/make/chktrust.exe
.exe windows:5 windows x86 arch:x86

c1317bb7c769622e07dd22bfca9b8aac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__set_app_type
??2@YAPAXI@Z
towlower
_exit
wcscat
wprintf
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
wcsrchr
wcscpy
_except_handler3
_controlfp
vwprintf
_memicmp
wcstoul
swprintf
??3@YAXPAX@Z
wcslen

kernel32

SetLastError
GetModuleHandleA
GetLastError
CloseHandle
WideCharToMultiByte
FindFirstFileA
MultiByteToWideChar
FindNextFileA
FindClose
DeleteFileW
LocalAlloc
LocalFree
ReadFile
SetFilePointer
lstrlenW
GetVersionExA
CreateFileW
CopyFileA
CreateFileA
CopyFileW
DeleteFileA

wintrust

WinVerifyTrust

mscat32

CryptCATAdminReleaseContext
CryptCATAdminAddCatalog
IsCatalogFile
CryptCATEnumerateMember
CryptCATClose
CryptCATOpen
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle

user32

LoadStringA
LoadStringW

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/make/makecat.exe
.exe windows:5 windows x86 arch:x86

bcc931f132cf96d826934a83ff231c61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__p__fmode
_XcptFilter
_initterm
__wgetmainargs
__p___winitenv
exit
__p__commode
_exit
__set_app_type
_except_handler3
_controlfp
??3@YAXPAX@Z
wcscpy
wcsrchr
wcstoul
_memicmp
vwprintf
??2@YAPAXI@Z
_adjust_fdiv
__setusermatherr
swprintf
wcscat
wprintf

kernel32

SetLastError
GetModuleHandleA
GetLastError
DeleteFileA
CreateFileW
DeleteFileW
lstrlenW
CloseHandle
WideCharToMultiByte
SetFilePointer
MultiByteToWideChar
ReadFile
GetVersionExA
CopyFileA
CopyFileW
CreateFileA
LocalFree
LocalAlloc

mscat32

CryptCATCDFEnumMembersByCDFTag
CryptCATCDFClose
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumCatAttributes
CryptCATCDFOpen

user32

LoadStringW
LoadStringA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/make/makecert.exe
.exe windows:5 windows x86 arch:x86

5c3600e183c192a08b229420404bbb3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_adjust_fdiv
??3@YAXPAX@Z
??2@YAPAXI@Z
strtok
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
malloc
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_ftol
_wtol
wprintf
free
vwprintf
wcscpy
swprintf
_wcsnicmp
_wcsicmp
wcslen

advapi32

CryptReleaseContext
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptDestroyKey
CryptGenKey

kernel32

SetLastError
SystemTimeToFileTime
CompareFileTime
GetUserDefaultLCID
FreeResource
UnmapViewOfFile
GetSystemTimeAsFileTime
LockResource
FileTimeToSystemTime
GetModuleHandleA
LocalFileTimeToFileTime
GetLastError
SizeofResource
LoadResource
FindResourceA
CloseHandle
CreateFileMappingA
GetFileSize
LocalAlloc
DeleteFileW
DeleteFileA
CreateFileW
CreateFileA
GetVersionExA
WideCharToMultiByte
LocalFree
MapViewOfFile
MultiByteToWideChar
WriteFile

user32

LoadStringA
LoadStringW

ole32

CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

VarDateFromStr

mssign32

SignError
PvkFreeCryptProv
PvkPrivateKeySave
FreeCryptProvFromCert
GetCryptProvFromCert
PvkGetCryptProv
PvkPrivateKeyAcquireContextFromMemory

crypt32

CertEnumCertificatesInStore
CryptHashCertificate
CryptHashPublicKeyInfo
CertGetCertificateContextProperty
CryptEncodeObject
CryptExportPublicKeyInfo
CertStrToNameW
CryptDecodeObject
CertCreateCertificateContext
CertComparePublicKeyInfo
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptSignAndEncodeCertificate

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/make/makectl.exe
.exe windows:5 windows x86 arch:x86

658e555101fe3dbdcc4be4750eb62ce0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

realloc
wprintf
vwprintf
_wcsicmp
_wcsnicmp
free
malloc
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p___winitenv
exit
_XcptFilter
_exit

kernel32

CloseHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetLastError
GetModuleHandleA
GetVersionExA
MultiByteToWideChar

crypt32

CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CryptMsgEncodeAndSignCTL
CertEnumCertificatesInStore
CreateFileU

cryptui

CryptUIWizBuildCTL

user32

LoadStringA
LoadStringW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/make/setreg.exe
.exe windows:5 windows x86 arch:x86

e0a99fce5a0b00ad66f2b159e2555f06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCreateKeyExW
RegCreateKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegOpenKeyExA
RegOpenKeyExW
OpenProcessToken
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
CopySid
GetLengthSid
RegCloseKey
GetTokenInformation

kernel32

GetLastError
TlsGetValue
SetLastError
GetCurrentThread
HeapCreate
VirtualFree
RtlUnwind
HeapDestroy
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetProcAddress
LoadLibraryA
GetModuleFileNameA
LCMapStringA
GetLocaleInfoA
GetVersionExA
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoW
SetStdHandle
SetFilePointer
CloseHandle
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
HeapAlloc
HeapFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetVersion
GetModuleHandleA
MultiByteToWideChar
LCMapStringW
GetCPInfo
LocalFree
LocalAlloc

user32

LoadStringW
LoadStringA
wsprintfW

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/make/signcode.exe
.exe windows:5 windows x86 arch:x86

d207b25a41f19d4fcfaa794752eaf05e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_adjust_fdiv
wcstoul
_exit
_XcptFilter
exit
__p___winitenv
wcslen
__wgetmainargs
_initterm
__setusermatherr
_wtol
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_wtoi
malloc
free
_wcsnicmp
_wcsicmp
wprintf
vwprintf
towupper

kernel32

LoadLibraryA
GetProcAddress
WriteFile
GetModuleHandleA
CloseHandle
UnmapViewOfFile
Sleep
FreeLibrary
GetFileSize
CreateFileMappingA
MapViewOfFile
GetVersionExA
LocalAlloc
SetLastError
MultiByteToWideChar
LocalFree
GetLastError
WideCharToMultiByte
CreateFileA
CreateFileW

cryptui

CryptUIWizDigitalSign

mssign32

SignError
SignerCreateTimeStampRequest
SignerAddTimeStampResponse
SignerTimeStamp
SignerSign

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

user32

LoadStringW
LoadStringA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/prjmain.cab
.cab
prjmain.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/prjmain.cfg
81225890/prjmain.dof
81225890/prjmain.dpr
81225890/prjmain.htm
.html
81225890/prjmain.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81225890/prjmain.res
81225890/prjmain.tlb
81225890/prjmain_TLB.pas
81225890/下载说明.htm
.html .js polyglot
81225890/说明文件.txt

Sharing

General

Malware Config

Signatures

Files

888390cb4f659670498b8aa48872554f

Headers

File Characteristics

Imports

msvcrt

kernel32

crypt32

user32

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

0d1153f78c761173231a548430873dfc

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

crypt32

cryptui

user32

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 22KB - Virtual size: 21KB

c1317bb7c769622e07dd22bfca9b8aac

Headers

File Characteristics

Imports

msvcrt

kernel32

wintrust

mscat32

user32

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 212B

.rsrc Size: 3KB - Virtual size: 2KB

bcc931f132cf96d826934a83ff231c61

Headers

File Characteristics

Imports

msvcrt

kernel32

mscat32

user32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 124B

.rsrc Size: 3KB - Virtual size: 3KB

5c3600e183c192a08b229420404bbb3b

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

mssign32

crypt32

Sections

.text Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 11KB

658e555101fe3dbdcc4be4750eb62ce0

Headers

File Characteristics

Imports

msvcrt

kernel32

crypt32

cryptui

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 212B

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 124B

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 11KB - Virtual size: 11KB

CODE
Size: 632KB - Virtual size: 632KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 164B

.reloc
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 28KB - Virtual size: 28KB

CODE
Size: 632KB - Virtual size: 632KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 164B

.reloc
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 28KB - Virtual size: 28KB