5c0660fd06f6c81c7f7a3e62fc8ca5df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c0660fd06f6c81c7f7a3e62fc8ca5df_JaffaCakes118
Size

4.8MB
MD5

5c0660fd06f6c81c7f7a3e62fc8ca5df
SHA1

16220f92bb6d01b39f7e69dce1f95fb9a721b471
SHA256

c06f1a98cd7090c8ec68b319e824fb552d8c719344031d20c47efeadd54f3826
SHA512

38ae53ac558cf74962d84cd24d6cd5b8838c555e3a3a161af812477d6d9d4291ca5e50446d5344a351760d0987224620a48a3597983ec21bd5e2e91f3fe70715
SSDEEP

98304:P3Ocny6AJZfZA3tOcdEhBxemEIG3E+HVQlho/1DJNvGPFqa7xwXKDRP:PRny6eZhsOcdEhBxemEz0LbUfEtOsP

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
5c0660fd06f6c81c7f7a3e62fc8ca5df_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$R0
unpack001/$R2/NSIS.Library.RegTool.v2.$HWNDPARENT.exe
unpack001/tbgftp.exe
unpack001/turboget.exe

Files

5c0660fd06f6c81c7f7a3e62fc8ca5df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GetPrivateProfileIntW
lstrcmpiW
GetModuleHandleW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
GlobalLock
lstrcpynW

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
LoadCursorW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
CharNextW
wsprintfW
MessageBoxW
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyIcon

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

7c83a9800c9b9878cc1abe781ae1d787

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
LockResource
DisableThreadLibraryCalls
CreateFileMappingW
CreateProcessW
SetEvent
OpenEventW
MapViewOfFile
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
FindResourceExW
lstrlenW
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCurrentThreadId
GetCommandLineA
VirtualFree
VirtualAlloc
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetOEMCP
LCMapStringA
WideCharToMultiByte
LCMapStringW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA

user32

UnregisterClassA
MessageBoxW
CharNextW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoGetMalloc
CoCreateInstance
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R2/NSIS.Library.RegTool.v2.$HWNDPARENT.exe
.exe windows:4 windows x86 arch:x86

cde62e7f485f127cc80c3ffdb9157507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
GetModuleFileNameW
GlobalAlloc
FreeLibrary
LoadLibraryExW
lstrcmpiA
lstrlenA
CreateFileW
GetFileAttributesW
WriteFile
SetFilePointer
CreateProcessW
ReadFile
GetFileSize
lstrcatW
GetWindowsDirectoryW
WideCharToMultiByte
GetShortPathNameW
lstrcpyW
SetErrorMode
lstrlenW
ExitProcess
GetCommandLineW
CloseHandle
WaitForSingleObject
GlobalFree
GetModuleHandleW
lstrcpyA
GetProcAddress

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegCloseKey

user32

wsprintfW
CharNextA
wsprintfA
CharNextW

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dht_routing_table_bt
history.txt
tbgftp.exe
.exe windows:4 windows x86 arch:x86

f502d00b3c19f1933399e951baa72ba6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\mysvnrepos\TurboGet\TBFtpExplorer\ReleaseU\tbgftp.pdb

Imports

kernel32

SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
Sleep
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetLastError
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
SizeofResource
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapReAlloc
CreateThread
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
EnumResourceTypesW
EnumResourceNamesW
GetExitCodeThread
TerminateThread
GetTempPathW
GetPrivateProfileSectionNamesW
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateDirectoryW
GetFileAttributesExW
CreateFileMappingW
MapViewOfFile
OpenEventW
SetEvent
GetModuleFileNameW
GlobalAlloc
GlobalLock
lstrlenW
WideCharToMultiByte
GlobalUnlock
lstrcpynW
lstrlenA
GlobalAddAtomW
GlobalGetAtomNameW
GetCurrentProcessId
GetVersion
GetModuleHandleA
MulDiv
InterlockedDecrement
FreeLibrary
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GetCurrentThreadId
FreeResource
CloseHandle
SetThreadPriority
ResumeThread
WaitForSingleObject
GetProfileIntW
GetCurrentDirectoryW
SetFileAttributesW
LocalFileTimeToFileTime
SetErrorMode
FindResourceExW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
SystemTimeToFileTime
GetVersionExW
GetDiskFreeSpaceW
GetTempFileNameW
GetFileTime
SetFileTime
GetFileAttributesW
GetPrivateProfileIntW
GetTickCount
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpA
CreateFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
GetThreadLocale
GetStringTypeExW
DeleteFileW
MoveFileW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
InterlockedIncrement
CopyFileW
GlobalSize
FormatMessageW
LocalFree
GlobalFree
VirtualProtect
SetLastError

user32

DestroyIcon
UnregisterClassW
UnionRect
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
LoadCursorW
GetSysColorBrush
ShowOwnedPopups
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
CountClipboardFormats
IsClipboardFormatAvailable
SetCapture
SetRect
MessageBeep
CharUpperW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuItemInfoW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
RemoveMenu
MapDialogRect
GetAsyncKeyState
GetMessageW
TranslateMessage
ValidateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
SetWindowsHookExW
CallNextHookEx
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetScrollPos
SetForegroundWindow
GetWindow
GetParent
LoadBitmapW
InvalidateRect
GetFocus
IsWindowVisible
GetClientRect
MessageBoxW
GetClassInfoExW
RegisterClassW
DeferWindowPos
GetScrollInfo
PtInRect
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
EndPaint
GetNextDlgGroupItem
SetTimer
KillTimer
WindowFromPoint
GetDCEx
LockWindowUpdate
BeginPaint
GetWindowDC
SendNotifyMessageW
CopyAcceleratorTableW
PostThreadMessageW
InvalidateRgn
CharNextW
GetSysColor
OffsetRect
InflateRect
GetWindowLongW
SetWindowLongW
SetWindowPos
EnableWindow
SendMessageW
GetClassLongW
RedrawWindow
GetCursorPos
ScreenToClient
LoadMenuW
GetSubMenu
ClientToScreen
SetMenuDefaultItem
SystemParametersInfoW
GetWindowRect
GetDesktopWindow
LoadIconW
RegisterWindowMessageW
UpdateWindow
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DefFrameProcW
LookupIconIdFromDirectoryEx
SendMessageTimeoutW
GetDoubleClickTime
SetCursorPos
SetWindowRgn
GetCursor
HideCaret
ShowCaret
IsMenu
GetWindowRgn
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
CreateAcceleratorTableW
DestroyAcceleratorTable
GetMenuDefaultItem
SetClassLongW
IsZoomed
DrawEdge
InvertRect
DrawIconEx
LoadImageW
CreateIconIndirect
CopyIcon
GetIconInfo
CreateIconFromResourceEx
DrawStateW
DrawFocusRect
DrawFrameControl
wsprintfW
UnregisterClassA
GetMenu
DefMDIChildProcW
GetMenuItemID
GetMenuItemCount
CreateWindowExW
DrawMenuBar
GetActiveWindow
BringWindowToTop
TranslateMDISysAccel
TranslateAcceleratorW
IsWindow
AdjustWindowRectEx
CopyRect
GetDC
ReleaseDC
GetKeyNameTextW
MapVirtualKeyW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
UnpackDDElParam
ReuseDDElParam
DestroyMenu
GetClassNameW
WinHelpW
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
EqualRect
GetDlgItem
GetKeyState
GetDlgCtrlID
SetCursor
PeekMessageW
GetCapture
ReleaseCapture
LoadAcceleratorsW
SetActiveWindow
IsIconic
InsertMenuItemW
CreatePopupMenu
GetClassInfoW
IntersectRect
SetRectEmpty
GetLastActivePopup
PostMessageW
SetMenu
ShowWindow

gdi32

DeleteObject
SelectClipRgn
CreateRectRgn
GetObjectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
GetStockObject
GetDeviceCaps
CreatePen
CopyMetaFileW
CreateDCW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextExtentPoint32W
CreateFontW
StretchDIBits
GetTextMetricsW
EnumFontFamiliesExW
GetBkColor
GetTextColor
GetRgnBox
GetTextAlign
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
Polygon
StretchBlt
SetPixel
GetCurrentObject
CreateDIBSection
GetDIBits
SetDIBits
Rectangle
PtInRegion
GetBitmapBits
ExtCreateRegion
GetViewportOrgEx
CreatePolygonRgn
RoundRect
SetBkMode
SetBkColor
RestoreDC
CreateFontIndirectW
CreateRectRgnIndirect
SaveDC
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyW
RegSetValueW
RegOpenKeyW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetFileSecurityW
SetFileSecurityW
RegDeleteValueW

shell32

SHGetPathFromIDListW
SHGetMalloc
ExtractIconW
DragAcceptFiles
DragQueryFileW
DragFinish
ShellExecuteW
SHGetFolderPathW
SHGetFileInfoW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent
ImageList_Draw

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

oledlg

OleUIAddVerbMenuW
OleUIInsertObjectW
OleUIPasteSpecialW
OleUIBusyW
OleUIObjectPropertiesW

ole32

CoLockObjectExternal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
OleGetClipboard
OleSetMenuDescriptor
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleLockRunning
WriteClassStm
OleSave
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CreateFileMoniker
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoDisconnectObject
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
OleSaveToStream
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop

oleaut32

SystemTimeToVariantTime
VariantChangeType
SysFreeString
SysStringLen
VariantClear
SysAllocString
SysAllocStringLen
VariantInit
SysAllocStringByteLen
SysStringByteLen
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
VarDateFromStr
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VarUdateFromDate
VariantChangeTypeEx
VariantTimeToSystemTime

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 420KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
turboget.exe
.exe windows:4 windows x86 arch:x86

0539a31253f066f6315e4c0a3a3568dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
SetErrorMode
GetCurrentThreadId
FindClose
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
VirtualProtectEx
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
SuspendThread
DebugActiveProcess
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
SetEvent
CreateEventA
MultiByteToWideChar
CloseHandle
CreateProcessA
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
ExitProcess
LocalFree
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FormatMessageA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
CreateFileA
GetShortPathNameA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
DeleteCriticalSection
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetProcessHeap
GetCPInfo
LCMapStringA
LCMapStringW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
WriteFile
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
GetTimeZoneInformation

user32

LoadStringW
IsWindow
PostMessageA
GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
BeginPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
EndPaint
FindWindowA
WaitForInputIdle
DestroyWindow
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

Sections

.text
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 508KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 529B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 76KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 172KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 19KB - Virtual size: 19KB

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

7c83a9800c9b9878cc1abe781ae1d787

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 7KB

cde62e7f485f127cc80c3ffdb9157507

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

advapi32

user32

ole32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 7KB

f502d00b3c19f1933399e951baa72ba6

Headers

File Characteristics

PDB Paths

Imports

kernel32

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 172KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 19KB - Virtual size: 19KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 7KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 308KB - Virtual size: 306KB

.data
Size: 32KB - Virtual size: 49KB

.rsrc
Size: 420KB - Virtual size: 418KB

.text
Size: - Virtual size: 2.4MB

.rdata
Size: 508KB - Virtual size: 505KB

.data
Size: - Virtual size: 176KB

.tls
Size: - Virtual size: 529B

.text1
Size: 384KB - Virtual size: 384KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 76KB - Virtual size: 192KB

.pdata
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 556KB - Virtual size: 556KB