5a58e6cbfb2563b406198f94c308cb9b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a58e6cbfb2563b406198f94c308cb9b_JaffaCakes118
Size

1.7MB
MD5

5a58e6cbfb2563b406198f94c308cb9b
SHA1

81b64e1c1d95cffc04dd7cca480cac8ef3f95001
SHA256

2d68e73bca99c69f4b17a7900b4f0253ef12f6ba91dda3e6726959c8de6a5ae5
SHA512

96ee228ccddf8305ae0e022fbad47c4c81cba6494ea78aab5ddf04f64dde8e3682471aae5bd5b577f864bb85bed8cb2a8f2badf04178a88381b4563548a814df
SSDEEP

49152:8ETOxAL+vskHwyV3lYS8K6wMsKzOsBNK2MBOj:NTOWLCwyxLOtzOqLMW

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
5a58e6cbfb2563b406198f94c308cb9b_JaffaCakes118
unpack001/$APPDATA/mIRC/mirc.exe
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/mirc.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

5a58e6cbfb2563b406198f94c308cb9b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/mIRC/bin/grc/gamersirc.grc
.js
$APPDATA/mIRC/bin/grc/startup.grc
$APPDATA/mIRC/bin/ini/aliases.ini
.js
$APPDATA/mIRC/bin/ini/popups.ini
$APPDATA/mIRC/bin/ini/servers.ini
$APPDATA/mIRC/bin/kte/Kte-Dyn.mrc
.js
$APPDATA/mIRC/bin/kte/Kte-Restore.dat
$APPDATA/mIRC/bin/kte/Kte-Theme.dat
$APPDATA/mIRC/bin/lng/1031.lng
$APPDATA/mIRC/bin/lng/1033.lng
$APPDATA/mIRC/bin/lng/1046.lng
$APPDATA/mIRC/bin/lng/2057.lng
$APPDATA/mIRC/bin/txt/fsmotd.txt
$APPDATA/mIRC/ircintro.chm
.chm
$APPDATA/mIRC/media/abouteng.txt
$APPDATA/mIRC/media/aboutger.txt
$APPDATA/mIRC/media/aboutptbr.txt
$APPDATA/mIRC/media/faqeng.txt
$APPDATA/mIRC/media/faqger.txt
$APPDATA/mIRC/media/faqptbr.txt
$APPDATA/mIRC/media/gfx/tools/cwsearch.jpg
.jpg
$APPDATA/mIRC/media/gnufdl.txt
$APPDATA/mIRC/media/license.txt
$APPDATA/mIRC/media/opensourceeng.txt
$APPDATA/mIRC/media/opensourceger.txt
$APPDATA/mIRC/media/opensourceptbr.txt
$APPDATA/mIRC/media/vhistoryeng.txt
$APPDATA/mIRC/media/vhistoryger.txt
$APPDATA/mIRC/media/vhistoryptbr.txt
$APPDATA/mIRC/mirc.chm
.chm
$APPDATA/mIRC/mirc.exe
.exe windows:4 windows x86 arch:x86

46c4da318ce3bf5cc7ed0bfe292dcbed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Draw
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize
ImageList_ReplaceIcon

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

sndPlaySoundA
mciSendStringA
mciGetDeviceIDA
timeEndPeriod
timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetDevCaps
mixerClose
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mciGetErrorStringA

wsock32

socket
listen
inet_addr
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
ntohs
ntohl
gethostname
recv
send
htons
connect
WSAGetLastError
accept
WSAAsyncSelect
shutdown
closesocket
ioctlsocket
htonl
getservbyname
gethostbyaddr
gethostbyname
bind
getsockname
sendto
WSASetLastError
recvfrom
WSACleanup
setsockopt
WSAStartup
WSACancelAsyncRequest

kernel32

GetSystemDefaultLCID
GetWindowsDirectoryA
SetEndOfFile
GetModuleFileNameA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
lstrcatW
lstrlenW
lstrcpyW
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
EnumResourceNamesA
EnumResourceTypesA
LoadLibraryExA
GetDiskFreeSpaceA
GetCurrentProcess
QueryDosDeviceA
GetFileType
GetFileAttributesA
WinExec
FindClose
FindNextFileA
FindFirstFileA
WriteFile
GlobalSize
MulDiv
InterlockedIncrement
InterlockedDecrement
GetLastError
SetFilePointer
ReadFile
FlushFileBuffers
CreateDirectoryA
DeleteFileA
GetLocaleInfoA
GetDriveTypeA
GetLogicalDriveStringsA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
RemoveDirectoryA
GetLocalTime
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateMutexA
SetErrorMode
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetEnvironmentVariableA
GetShortPathNameA
CompareFileTime
GetFileTime
ReleaseMutex
GetTimeZoneInformation
LocalAlloc
LocalReAlloc
LocalFree
CopyFileA
MoveFileA
SetLastError
GetTempPathA
EnterCriticalSection
SetStdHandle
GetSystemTimeAsFileTime
CreateThread
TlsGetValue
TlsSetValue
ExitThread
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
GetModuleHandleA
ExitProcess
GetSystemDefaultLangID
CreateEventA
WaitForSingleObject
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThread
SetThreadPriority
SetEvent
Sleep
WideCharToMultiByte
CloseHandle
MultiByteToWideChar
GetTickCount
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
SetConsoleCtrlHandler
GetACP
GetOEMCP
GetCPInfo
RaiseException
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
TlsFree
TlsAlloc
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
InitializeCriticalSection
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
HeapSize
SetUnhandledExceptionFilter
SetEnvironmentVariableA
SetEnvironmentVariableW
VirtualProtect
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetFileInformationByHandle
GetVolumeInformationA
PeekNamedPipe

user32

DdeNameService
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeQueryStringA
DdeCreateDataHandle
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
CallWindowProcA
GetMessageA
ClipCursor
SetKeyboardState
GetKeyboardState
ToAscii
ScrollDC
GetSystemMetrics
MessageBoxA
FlashWindow
RedrawWindow
ShowScrollBar
CharLowerBuffA
CharLowerA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
VkKeyScanA
GetKeyboardLayout
CopyAcceleratorTableA
MapVirtualKeyA
CallNextHookEx
GetCapture
CharUpperBuffA
DrawIcon
LoadIconA
GetWindowDC
DefMDIChildProcA
GetScrollInfo
IsMenu
GetMenuState
RemoveMenu
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemID
TrackPopupMenu
RegisterWindowMessageA
SetWindowsHookExA
GetWindowThreadProcessId
LoadAcceleratorsA
DispatchMessageA
TranslateMessage
TranslateMDISysAccel
IsDialogMessageA
LoadMenuA
PostQuitMessage
DefFrameProcA
RegisterClassExA
UnhookWindowsHookEx
ValidateRect
InvertRect
DefWindowProcA
DrawFrameControl
RegisterClassA
CopyImage
CreateIconIndirect
GetWindowRgn
SetWindowRgn
IsRectEmpty
OffsetRect
SetScrollInfo
SystemParametersInfoA
GetForegroundWindow
DdeUninitialize
IntersectRect
SetCapture
GetWindow
GetMessagePos
GetAsyncKeyState
GetWindowLongA
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
EnumClipboardFormats
GetClipboardFormatNameA
CreateWindowExA
GetClipboardData
DestroyWindow
CloseClipboard
MessageBeep
GetTopWindow
IsZoomed
GetActiveWindow
IsWindow
IsCharAlphaA
IsCharAlphaNumericA
GetDesktopWindow
IsIconic
GetDialogBaseUnits
SetDlgItemInt
GetDlgItemInt
GetSystemMenu
CheckMenuItem
CreatePopupMenu
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
EnableMenuItem
AppendMenuA
DrawMenuBar
GetWindowTextA
FrameRect
GetParent
GetSysColor
DrawFocusRect
GetKeyState
LoadCursorA
SetCursor
PeekMessageA
MsgWaitForMultipleObjects
BeginPaint
EndPaint
DrawIconEx
DestroyIcon
LoadImageA
IsWindowVisible
FillRect
DrawEdge
IsDlgButtonChecked
EndDialog
SetFocus
ReleaseCapture
GetWindowPlacement
SetWindowPlacement
GetWindowTextLengthA
CheckDlgButton
SetRect
SendMessageA
GetDlgCtrlID
GetCursorPos
ScreenToClient
SetWindowPos
UpdateWindow
PtInRect
SetWindowTextA
EnableWindow
DdeDisconnect
DdeFreeStringHandle
LoadStringA
IsChild
InsertMenuA
ModifyMenuA
GetNextDlgTabItem
ChildWindowFromPointEx
GetScrollPos
GetScrollRange
SetScrollPos
CreateMenu
SetMenu
FindWindowA
SetScrollRange
IsWindowUnicode
SetActiveWindow
GetMenuStringA
CreateDialogParamA
ReleaseDC
PostMessageA
MapWindowPoints
GetWindowRect
GetDlgItem
GetDC
SendDlgItemMessageA
InvalidateRect
CopyRect
FindWindowExA
SetForegroundWindow
ClientToScreen
ChildWindowFromPoint
WindowFromPoint
BringWindowToTop
SetWindowLongA
GetClassNameA
GetFocus
GetIconInfo
DrawTextA
EqualRect
WinHelpA
ShowWindow
MoveWindow
GetClientRect
SetTimer
KillTimer
IsWindowEnabled
DialogBoxParamA

gdi32

BitBlt
GetObjectA
CreateCompatibleDC
SetBrushOrgEx
SetStretchBltMode
StretchBlt
CreateCompatibleBitmap
GetDIBits
CreateDIBitmap
CreateDIBSection
CombineRgn
LineTo
MoveToEx
CreatePen
SelectClipRgn
CreateRectRgn
GetNearestColor
GetDeviceCaps
GetTextExtentPointA
CreateFontIndirectA
PtInRegion
DeleteDC
ExtFloodFill
CreatePatternBrush
Rectangle
RoundRect
Ellipse
GetStockObject
SetROP2
SetBkMode
IntersectClipRect
GetClipRgn
ExtTextOutW
GetBkColor
GetTextColor
GetCurrentObject
EnumFontFamiliesExA
GetTextCharset
ExcludeClipRect
GetTextExtentPointW
Polyline
GetObjectType
CreateBitmap
Polygon
FrameRgn
CreateRoundRectRgn
CreateRectRgnIndirect
RectInRegion
CreateFontA
CreateHatchBrush
GetTextMetricsA
ExtTextOutA
CreateSolidBrush
DeleteObject
SelectObject
SetTextColor
SetBkColor
GetPixel
CreatePolygonRgn
SetPixelV

comdlg32

ChooseColorA
CommDlgExtendedError
ChooseFontA

advapi32

RegSetValueA
RegCreateKeyA
RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragQueryFileA
FindExecutableA
ShellExecuteExA
ShellExecuteA
SHAppBarMessage
ExtractIconExA
ExtractIconA
Shell_NotifyIconA

ole32

ReleaseStgMedium
RegisterDragDrop
CoTaskMemFree
CoGetInterfaceAndReleaseStream
RevokeDragDrop
CoCreateInstance
ProgIDFromCLSID
OleSetContainedObject
CoGetClassObject
CoLockObjectExternal
OleInitialize
CLSIDFromProgID
OleUninitialize

oleaut32

DispGetParam
VarR8FromCy
VarR8FromDate
VarCyFromR8
VariantCopy
VariantChangeType
SysAllocString
VariantClear
VariantInit
LoadRegTypeLi
SetErrorInfo
VarDateFromR8
SysFreeString

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/mIRC/readme.txt
$APPDATA/mIRC/themes/greyworld/GreyWorld.mrc
$APPDATA/mIRC/themes/greyworld/GreyWorld.mts
$APPDATA/mIRC/themes/greyworld/readme.txt
$APPDATA/mIRC/versions.txt
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

d23fbd09100caad5e10f17163f511668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GetACP

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

c193ea402999ea8ce8faa9fef22de03d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
DrawFocusRect
CharPrevA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
GetWindowLongA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
GetUserData
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/grc/gamersirc.grc
.js
bin/grc/startup.grc
bin/ini/aliases.ini
.js
bin/ini/popups.ini
bin/ini/servers.ini
bin/kte/Kte-Dyn.mrc
.js
bin/kte/Kte-Restore.dat
bin/kte/Kte-Theme.dat
bin/lng/1031.lng
bin/lng/1033.lng
bin/lng/1046.lng
bin/lng/2057.lng
bin/txt/fsmotd.txt
ircintro.chm
.chm
media/abouteng.txt
media/aboutger.txt
media/aboutptbr.txt
media/faqeng.txt
media/faqger.txt
media/faqptbr.txt
media/gfx/tools/cwsearch.jpg
.jpg
media/gnufdl.txt
media/license.txt
media/opensourceeng.txt
media/opensourceger.txt
media/opensourceptbr.txt
media/vhistoryeng.txt
media/vhistoryger.txt
media/vhistoryptbr.txt
mirc.chm
.chm
mirc.exe
.exe windows:4 windows x86 arch:x86

46c4da318ce3bf5cc7ed0bfe292dcbed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Draw
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize
ImageList_ReplaceIcon

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

sndPlaySoundA
mciSendStringA
mciGetDeviceIDA
timeEndPeriod
timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetDevCaps
mixerClose
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mciGetErrorStringA

wsock32

socket
listen
inet_addr
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
ntohs
ntohl
gethostname
recv
send
htons
connect
WSAGetLastError
accept
WSAAsyncSelect
shutdown
closesocket
ioctlsocket
htonl
getservbyname
gethostbyaddr
gethostbyname
bind
getsockname
sendto
WSASetLastError
recvfrom
WSACleanup
setsockopt
WSAStartup
WSACancelAsyncRequest

kernel32

GetSystemDefaultLCID
GetWindowsDirectoryA
SetEndOfFile
GetModuleFileNameA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
lstrcatW
lstrlenW
lstrcpyW
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
EnumResourceNamesA
EnumResourceTypesA
LoadLibraryExA
GetDiskFreeSpaceA
GetCurrentProcess
QueryDosDeviceA
GetFileType
GetFileAttributesA
WinExec
FindClose
FindNextFileA
FindFirstFileA
WriteFile
GlobalSize
MulDiv
InterlockedIncrement
InterlockedDecrement
GetLastError
SetFilePointer
ReadFile
FlushFileBuffers
CreateDirectoryA
DeleteFileA
GetLocaleInfoA
GetDriveTypeA
GetLogicalDriveStringsA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
RemoveDirectoryA
GetLocalTime
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateMutexA
SetErrorMode
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetEnvironmentVariableA
GetShortPathNameA
CompareFileTime
GetFileTime
ReleaseMutex
GetTimeZoneInformation
LocalAlloc
LocalReAlloc
LocalFree
CopyFileA
MoveFileA
SetLastError
GetTempPathA
EnterCriticalSection
SetStdHandle
GetSystemTimeAsFileTime
CreateThread
TlsGetValue
TlsSetValue
ExitThread
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
GetModuleHandleA
ExitProcess
GetSystemDefaultLangID
CreateEventA
WaitForSingleObject
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThread
SetThreadPriority
SetEvent
Sleep
WideCharToMultiByte
CloseHandle
MultiByteToWideChar
GetTickCount
FindResourceA
LoadResource
LockResource
LeaveCriticalSection
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
SetConsoleCtrlHandler
GetACP
GetOEMCP
GetCPInfo
RaiseException
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
TlsFree
TlsAlloc
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
InitializeCriticalSection
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
HeapSize
SetUnhandledExceptionFilter
SetEnvironmentVariableA
SetEnvironmentVariableW
VirtualProtect
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetFileInformationByHandle
GetVolumeInformationA
PeekNamedPipe

user32

DdeNameService
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeQueryStringA
DdeCreateDataHandle
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
CallWindowProcA
GetMessageA
ClipCursor
SetKeyboardState
GetKeyboardState
ToAscii
ScrollDC
GetSystemMetrics
MessageBoxA
FlashWindow
RedrawWindow
ShowScrollBar
CharLowerBuffA
CharLowerA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
VkKeyScanA
GetKeyboardLayout
CopyAcceleratorTableA
MapVirtualKeyA
CallNextHookEx
GetCapture
CharUpperBuffA
DrawIcon
LoadIconA
GetWindowDC
DefMDIChildProcA
GetScrollInfo
IsMenu
GetMenuState
RemoveMenu
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemID
TrackPopupMenu
RegisterWindowMessageA
SetWindowsHookExA
GetWindowThreadProcessId
LoadAcceleratorsA
DispatchMessageA
TranslateMessage
TranslateMDISysAccel
IsDialogMessageA
LoadMenuA
PostQuitMessage
DefFrameProcA
RegisterClassExA
UnhookWindowsHookEx
ValidateRect
InvertRect
DefWindowProcA
DrawFrameControl
RegisterClassA
CopyImage
CreateIconIndirect
GetWindowRgn
SetWindowRgn
IsRectEmpty
OffsetRect
SetScrollInfo
SystemParametersInfoA
GetForegroundWindow
DdeUninitialize
IntersectRect
SetCapture
GetWindow
GetMessagePos
GetAsyncKeyState
GetWindowLongA
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
EnumClipboardFormats
GetClipboardFormatNameA
CreateWindowExA
GetClipboardData
DestroyWindow
CloseClipboard
MessageBeep
GetTopWindow
IsZoomed
GetActiveWindow
IsWindow
IsCharAlphaA
IsCharAlphaNumericA
GetDesktopWindow
IsIconic
GetDialogBaseUnits
SetDlgItemInt
GetDlgItemInt
GetSystemMenu
CheckMenuItem
CreatePopupMenu
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
EnableMenuItem
AppendMenuA
DrawMenuBar
GetWindowTextA
FrameRect
GetParent
GetSysColor
DrawFocusRect
GetKeyState
LoadCursorA
SetCursor
PeekMessageA
MsgWaitForMultipleObjects
BeginPaint
EndPaint
DrawIconEx
DestroyIcon
LoadImageA
IsWindowVisible
FillRect
DrawEdge
IsDlgButtonChecked
EndDialog
SetFocus
ReleaseCapture
GetWindowPlacement
SetWindowPlacement
GetWindowTextLengthA
CheckDlgButton
SetRect
SendMessageA
GetDlgCtrlID
GetCursorPos
ScreenToClient
SetWindowPos
UpdateWindow
PtInRect
SetWindowTextA
EnableWindow
DdeDisconnect
DdeFreeStringHandle
LoadStringA
IsChild
InsertMenuA
ModifyMenuA
GetNextDlgTabItem
ChildWindowFromPointEx
GetScrollPos
GetScrollRange
SetScrollPos
CreateMenu
SetMenu
FindWindowA
SetScrollRange
IsWindowUnicode
SetActiveWindow
GetMenuStringA
CreateDialogParamA
ReleaseDC
PostMessageA
MapWindowPoints
GetWindowRect
GetDlgItem
GetDC
SendDlgItemMessageA
InvalidateRect
CopyRect
FindWindowExA
SetForegroundWindow
ClientToScreen
ChildWindowFromPoint
WindowFromPoint
BringWindowToTop
SetWindowLongA
GetClassNameA
GetFocus
GetIconInfo
DrawTextA
EqualRect
WinHelpA
ShowWindow
MoveWindow
GetClientRect
SetTimer
KillTimer
IsWindowEnabled
DialogBoxParamA

gdi32

BitBlt
GetObjectA
CreateCompatibleDC
SetBrushOrgEx
SetStretchBltMode
StretchBlt
CreateCompatibleBitmap
GetDIBits
CreateDIBitmap
CreateDIBSection
CombineRgn
LineTo
MoveToEx
CreatePen
SelectClipRgn
CreateRectRgn
GetNearestColor
GetDeviceCaps
GetTextExtentPointA
CreateFontIndirectA
PtInRegion
DeleteDC
ExtFloodFill
CreatePatternBrush
Rectangle
RoundRect
Ellipse
GetStockObject
SetROP2
SetBkMode
IntersectClipRect
GetClipRgn
ExtTextOutW
GetBkColor
GetTextColor
GetCurrentObject
EnumFontFamiliesExA
GetTextCharset
ExcludeClipRect
GetTextExtentPointW
Polyline
GetObjectType
CreateBitmap
Polygon
FrameRgn
CreateRoundRectRgn
CreateRectRgnIndirect
RectInRegion
CreateFontA
CreateHatchBrush
GetTextMetricsA
ExtTextOutA
CreateSolidBrush
DeleteObject
SelectObject
SetTextColor
SetBkColor
GetPixel
CreatePolygonRgn
SetPixelV

comdlg32

ChooseColorA
CommDlgExtendedError
ChooseFontA

advapi32

RegSetValueA
RegCreateKeyA
RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragQueryFileA
FindExecutableA
ShellExecuteExA
ShellExecuteA
SHAppBarMessage
ExtractIconExA
ExtractIconA
Shell_NotifyIconA

ole32

ReleaseStgMedium
RegisterDragDrop
CoTaskMemFree
CoGetInterfaceAndReleaseStream
RevokeDragDrop
CoCreateInstance
ProgIDFromCLSID
OleSetContainedObject
CoGetClassObject
CoLockObjectExternal
OleInitialize
CLSIDFromProgID
OleUninitialize

oleaut32

DispGetParam
VarR8FromCy
VarR8FromDate
VarCyFromR8
VariantCopy
VariantChangeType
SysAllocString
VariantClear
VariantInit
LoadRegTypeLi
SetErrorInfo
VarDateFromR8
SysFreeString

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt
themes/greyworld/GreyWorld.mrc
themes/greyworld/GreyWorld.mts
themes/greyworld/readme.txt
versions.txt

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 17KB - Virtual size: 17KB

46c4da318ce3bf5cc7ed0bfe292dcbed

Headers

File Characteristics

Imports

comctl32

mpr

version

winmm

wsock32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 24KB - Virtual size: 621KB

.rsrc Size: 583KB - Virtual size: 583KB

d23fbd09100caad5e10f17163f511668

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 290B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

c193ea402999ea8ce8faa9fef22de03d

Headers

File Characteristics

Imports

kernel32

user32

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 17KB - Virtual size: 17KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 24KB - Virtual size: 621KB

.rsrc
Size: 583KB - Virtual size: 583KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 290B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 220B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 512B - Virtual size: 440B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 24KB - Virtual size: 621KB

.rsrc
Size: 583KB - Virtual size: 583KB