4b7ef149f7fb0d37d3a6fe923a5801b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b7ef149f7fb0d37d3a6fe923a5801b8_JaffaCakes118
Size

754KB
MD5

4b7ef149f7fb0d37d3a6fe923a5801b8
SHA1

07e1c5694d020b9b48ae176080c84e9488843b7f
SHA256

20399010fb5dad607afaa5f616ff5acaaa317d19ef87046772a55cb48ebf8edc
SHA512

058d0258c05adb7cd3a84903500e98d4fd9c625569731418cd0043aa7d2c150b7682f95457c553bb54497eb63be7e99683b7d8b2cd62cbdc49b3630d3aa459d7
SSDEEP

12288:lgfp/3grDOxviMALFoNPfUWdVH5+hk4+UIz9/ulsN6:6fp/3grSxXALsjZ+8HhrN6

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
4b7ef149f7fb0d37d3a6fe923a5801b8_JaffaCakes118
unpack001/$APPDATA/realboan/realboancnt.exe
unpack001/$APPDATA/realboan/realboansvc.exe
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/SelfDelete.dll
unpack001/realboan.dll
unpack001/realboan.exe
unpack001/realboanmon.exe
unpack001/uninst.exe
unpack002/$PLUGINSDIR/KillProcDLL.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

4b7ef149f7fb0d37d3a6fe923a5801b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/realboan/realboancnt.exe
.exe windows:4 windows x86 arch:x86

c1d51bd4431a9b32c165207554983e9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetCommandLineA
GetModuleHandleA
GetStartupInfoA

netapi32

Netbios

mfc42

ord800
ord535
ord2818
ord540
ord690
ord5207
ord389
ord939
ord941
ord537
ord2764

msvcrt

__CxxFrameHandler
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??3@YAXPAX@Z

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$APPDATA/realboan/realboansvc.exe
.exe windows:4 windows x86 arch:x86

a9d5c40b896003c4995539bf70b9333a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
InitializeCriticalSection
LeaveCriticalSection
CreateThread
ResetEvent
CreateEventA
WaitForSingleObject
SetEvent
Process32Next
GetModuleHandleA
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentProcess
GetLastError
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
OutputDebugStringA
CloseHandle
EnterCriticalSection
GetStartupInfoA

user32

GetWindowLongA
PostQuitMessage
SetTimer
KillTimer
GetMessageA
MessageBoxA
PostMessageA
DispatchMessageA
TranslateMessage
SetWindowLongA
CreateWindowExA
RegisterClassExA
FindWindowA
DefWindowProcA

advapi32

OpenSCManagerA
CreateProcessAsUserA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ControlService
DeleteService
StartServiceA
CreateServiceA
StartServiceCtrlDispatcherA
QueryServiceStatus
OpenServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
DuplicateTokenEx

shell32

SHGetSpecialFolderPathA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wininet

InternetGetConnectedState

mfc42

ord537
ord823
ord825
ord540
ord800

msvcrt

__setusermatherr
_initterm
__getmainargs
_acmdln
__p__commode
__p__fmode
_controlfp
_adjust_fdiv
__set_app_type
__CxxFrameHandler
_except_handler3
_local_unwind2
_itoa
_mbsnbcpy
sprintf
_mbscmp
__dllonexit
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
exit

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SelfDelete.dll
.dll windows:4 windows x86 arch:x86

3d91458bc90a151726bcfdaeff902d08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
free
_onexit
__dllonexit
??1type_info@@UAE@XZ
strrchr
_adjust_fdiv
malloc
_initterm

kernel32

LocalFree
LocalAlloc
CreateFileA
GetModuleFileNameA
lstrcpyA
lstrlenA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
ResumeThread
SetPriorityClass

user32

wsprintfA

shell32

SHChangeNotify

mfc42

ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord1253
ord1255
ord6467
ord1578
ord600
ord269
ord826

Exports

Exports

SelfDelete

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
realboan.dll
.dll windows:4 windows x86 arch:x86

363d4fec142cb3abe2b3ad9a9618e3c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord686
ord2453
ord2862
ord4284
ord1642
ord384
ord6907
ord3998
ord535
ord823
ord1200
ord858
ord926
ord922
ord924
ord5710
ord4129
ord2764
ord668
ord3178
ord4058
ord2781
ord2770
ord356
ord4698
ord5572
ord2915
ord3584
ord2818
ord803
ord1099
ord3790
ord4079
ord269
ord826
ord600
ord1578
ord4274
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord540
ord860
ord6199
ord537
ord800
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord543
ord5307
ord2512
ord1116
ord1176
ord2554
ord4486
ord6375
ord859

msvcrt

_CxxThrowException
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
wcsstr
wcscat
wcscpy
isspace
wcstombs
wcschr
_mbscmp
__CxxFrameHandler
time
srand
rand
wcslen

kernel32

LocalAlloc
GetTempPathA
GetWindowsDirectoryA
lstrlenA
lstrcatA
lstrcpyA
CreateFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
CreateToolhelp32Snapshot
Process32First
CloseHandle
OpenProcess
Process32Next
LocalFree
ExpandEnvironmentStringsA
DeleteFileA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GlobalMemoryStatusEx
Sleep

user32

wsprintfA
DestroyIcon
SendMessageA

advapi32

CryptReleaseContext
RegOpenKeyExA
RegEnumValueA
RegCloseKey
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

shell32

SHAddToRecentDocs
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoA
SHGetFileInfoW

ole32

OleRun
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
SysFreeString

crypt32

CryptUnprotectData

wininet

FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheEntryA
DeleteUrlCacheEntry

psapi

EmptyWorkingSet

Exports

Exports

AllRemoveHashEx
DeleteBizLogic
GetBizCount
GetMovieData
GetPersonData
PlayBizLogic
PlayBizLogicAll
SetBuffCPUName
SetDetachList
SetNowMemory
cMemoryClean

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
realboan.exe
.exe windows:4 windows x86 arch:x86

73e8f88dbb5351bd1df61523d846d831

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5785
ord6194
ord1640
ord323
ord2754
ord6880
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord2514
ord2621
ord1232
ord1168
ord5943
ord1134
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord4425
ord3597
ord1146
ord324
ord2302
ord4234
ord6197
ord6380
ord1768
ord941
ord535
ord6021
ord2764
ord665
ord1979
ord6385
ord939
ord5186
ord354
ord2086
ord823
ord4287
ord4710
ord690
ord5207
ord389
ord3873
ord4220
ord2584
ord3654
ord6215
ord2438
ord6270
ord2863
ord1644
ord2379
ord4299
ord1105
ord1200
ord3092
ord6379
ord6217
ord3996
ord6907
ord3998
ord858
ord4129
ord5683
ord2688
ord5280
ord6877
ord3302
ord3402
ord2135
ord818
ord4476
ord6199
ord2582
ord4402
ord3640
ord693
ord4243
ord2859
ord686
ord2862
ord2096
ord384
ord2860
ord3721
ord795
ord1949
ord4034
ord1793
ord2574
ord4396
ord609
ord4148
ord6453
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord470
ord3797
ord540
ord2818
ord860
ord1641
ord5789
ord5875
ord6172
ord5781
ord2414
ord800
ord755
ord3663
ord3626
ord3573
ord3619
ord3706
ord4275
ord765
ord825
ord567
ord3698
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord537
ord6055
ord1576

msvcrt

wcslen
_CxxThrowException
_setmbcp
__CxxFrameHandler
_ftol
_mbscmp
atoi
_itoa
_mbsnbcpy
_beginthreadex
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetProcAddress
lstrcpyA
GetCommandLineA
SetEvent
OpenProcess
GetExitCodeProcess
TerminateProcess
FindFirstFileA
FindClose
FindResourceA
LoadResource
CreateEventA
SizeofResource
CloseHandle
WaitForSingleObject
ResetEvent
Sleep
CreateMutexA
GetLastError
ReleaseMutex
LoadLibraryA
SuspendThread
ResumeThread
SetProcessWorkingSetSize
GetCurrentProcess
GetModuleFileNameA
WideCharToMultiByte
lstrlenW
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
LocalFree
lstrlenA
LockResource
GetStartupInfoA
MultiByteToWideChar
GetModuleHandleA

user32

EnableWindow
LoadIconA
DrawTextA
LoadMenuA
LoadBitmapA
GetCursorPos
GrayStringA
GetClassInfoA
GetSubMenu
IsWindowVisible
GetWindowRect
SetForegroundWindow
DrawIcon
GetSystemMetrics
IsIconic
RedrawWindow
SetCursor
LoadCursorA
KillTimer
SetTimer
MessageBoxA
SetWindowRgn
SetRect
GetDC
ReleaseDC
InvalidateRect
TabbedTextOutA
SendMessageA
GetClientRect
GetSysColor
FillRect
PostMessageA

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
FillRgn
GetObjectA
CreateFontIndirectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateRoundRectRgn
CreateCompatibleDC
BitBlt
CreateRectRgnIndirect
CreateFontA
CreateSolidBrush
SelectObject

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

OleRun
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

olepro32

ord251

oleaut32

SysFreeString
VariantClear
GetErrorInfo
SysAllocString

netapi32

Netbios

msimg32

GradientFill

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
realboanmon.exe
.exe windows:4 windows x86 arch:x86

c35643783a115e7136e73752ebfb3429

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1232
ord1168
ord5943
ord1134
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord324
ord4234
ord1768
ord800
ord2915
ord540
ord1105
ord2818
ord2086
ord823
ord6215
ord4299
ord4287
ord4710
ord2379
ord755
ord470
ord537
ord858
ord4129
ord860
ord941
ord5683
ord2621
ord543
ord803
ord6055
ord1776
ord5290
ord3402
ord567
ord2135
ord818
ord1949
ord1793
ord3571
ord2574
ord4396
ord3663
ord3626
ord609
ord2414
ord4148
ord4275
ord3619
ord2582
ord4402
ord3640
ord693
ord4243
ord2859
ord686
ord2862
ord2096
ord384
ord1641
ord2860
ord2302
ord6197
ord6380
ord6217
ord3996
ord640
ord5789
ord6172
ord5875
ord5873
ord5785
ord1640
ord323
ord3092
ord3573
ord2514
ord641
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3584
ord4673
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_setmbcp
__CxxFrameHandler
atoi
_mbscmp
_itoa
_mbsnbcpy
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_controlfp

kernel32

ResetEvent
Sleep
CreateMutexA
GetLastError
ReleaseMutex
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
CreateEventA
GetProcAddress
LoadLibraryA
SetEvent
LeaveCriticalSection
GetModuleFileNameA
EnterCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection

user32

SystemParametersInfoA
SetForegroundWindow
LoadBitmapA
GetWindowTextA
IsWindow
EnumWindows
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
SetTimer
GetClassNameA
SetWindowPos
InvalidateRect
LoadCursorA
SetCursor
EnableWindow
RedrawWindow
IsIconic
FindWindowA
GetWindowRect
LoadIconA
GetClassInfoA
KillTimer

gdi32

CreateFontA
CreateCompatibleDC
BitBlt
GetObjectA
CreateFontIndirectA
CreateSolidBrush

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 98KB - Virtual size: 97KB

c1d51bd4431a9b32c165207554983e9f

Headers

File Characteristics

Imports

kernel32

netapi32

mfc42

msvcrt

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1014B

.data Size: 4KB - Virtual size: 876B

a9d5c40b896003c4995539bf70b9333a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

userenv

wininet

mfc42

msvcrt

msvcp60

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

3d91458bc90a151726bcfdaeff902d08

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

mfc42

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 98KB - Virtual size: 97KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1014B

.data
Size: 4KB - Virtual size: 876B

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 318B

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 324KB - Virtual size: 320KB