5e7670b625c09912bc4b68d2ac5472f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e7670b625c09912bc4b68d2ac5472f3_JaffaCakes118
Size

2.2MB
MD5

5e7670b625c09912bc4b68d2ac5472f3
SHA1

5a3272d15079f539cf3114c1c2f832b66b1d4be9
SHA256

74263282a72cd23b7f8c405b736bd663f50ba778188b46b3606cf766ea415e94
SHA512

78152aff8f605adf3edf2ede0196a1a29fcdccb767347ea8fe4cafc28c67a98a1ae177b682ba487c91cef7fb4b1fd001c3083a7f95a6be6ca40256ef99d0518a
SSDEEP

49152:Gs4shZz0l1mPnoydpGkvsNyuyzTZflJb50Ag/4V3ESpEP5kCq5QZt:zFT61mPnoydVMFyz9tJl03/I3E/Ru5ot

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/Liquid Story Binder.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LiquidStoryBinderSetup.exe
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/Dictionary Functions.dll
unpack002/Image Functions.dll
unpack002/Liquid Story Binder.exe
unpack002/Text Functions.dll
unpack002/Thesaurus Functions.dll
unpack002/Word Count Functions.dll
unpack002/zlib Functions.dll
unpack002/zlib.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/LiquidStoryBinderSetup.exe	nsis_installer_1

Files

5e7670b625c09912bc4b68d2ac5472f3_JaffaCakes118
.rar
LiquidStoryBinderSetup.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

aebc3107701149edfc563b8db7a789fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetDlgItem
PostMessageA
CallWindowProcA
CreateDialogParamA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
SetWindowLongA
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Select

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Auto Complete Words.ini
Auto Replace Dictionary - Correct.TXT
Auto Replace Dictionary - Incorrect.TXT
Black Obelisk Software.url
Book Settings.ini
Cover.jpg
.jpg
Description.txt
Dictionary Functions.dll
.dll windows:4 windows x86 arch:x86

b9abed38fce104c978b65547ac029de4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegCloseKey

kernel32

CloseHandle
CreateFileA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetEnvironmentStringsA
GetFileSize
GetFileType
GetLastError
GetModuleHandleA
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
GlobalReAlloc
MultiByteToWideChar
ReadFile
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CreateDialogParamA
CreateWindowExA
DialogBoxParamA

Exports

Exports

APPENDDICTIONARYFILE
FINDWORDALTERNATIVES
GETDICTIONARYWORDINDEX
LOADDICTIONARYFILE

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dictionary.ini
Dictionary.txt
Help.GID
Help.HLP
Image Functions.dll
.dll windows:4 windows x86 arch:x86

980416fc5c464dd00efd701ec2341bf7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord5714
ord4424
ord3922
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1116
ord1243
ord1197
ord1570
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord4622
ord1089
ord1253
ord1255
ord6467
ord5731
ord2512
ord2554
ord4486
ord6375
ord3738
ord4274
ord1578
ord600
ord826
ord269

msvcrt

??1type_info@@UAE@XZ
__CxxFrameHandler
??2@YAPAXI@Z
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv

kernel32

LocalFree
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
MulDiv
GlobalFree
LocalAlloc

user32

GetDC
ReleaseDC

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
SelectObject
DeleteDC
GetObjectA

ole32

CreateStreamOnHGlobal

olepro32

ord251

Exports

Exports

ImageHeight
ImageWidth
LoadImageFile

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Liquid Story Binder.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Listing.ini
Manuscript Printer.ini
New Word Dictionary.txt
Purchase Liquid Story Binder.url
Quick Inserts.ini
Standard Layout.ini
Text Functions.dll
.dll windows:4 windows x86 arch:x86

01f3da39815dc73cfdf310495ed581b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegCloseKey

kernel32

CloseHandle
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetEnvironmentStringsA
GetLastError
GetModuleHandleA
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
MultiByteToWideChar
ReadFile
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CreateDialogParamA
CreateWindowExA
DialogBoxParamA

Exports

Exports

CLEANTEXT
FASTCREATEWORDLIST
FASTGETWORDPOSITION
FIXBROKENPARAGRAPHS
PARAGRAPHPROBLEMSCANNER
QUOTEFIXER
REMOVEALLNUMBERS
REMOVEWORDBREAKHYPHENATION
STRIPHTMLTAGS
TRIMLINES
WRAPLINES

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thesaurus Functions.dll
.dll windows:4 windows x86 arch:x86

6336d5abd8ffe18a6de40773fb76ee7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegCloseKey

kernel32

CloseHandle
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetEnvironmentStringsA
GetLastError
GetModuleHandleA
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
GlobalReAlloc
MultiByteToWideChar
ReadFile
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CreateDialogParamA
CreateWindowExA
DialogBoxParamA

Exports

Exports

LOADTHESAURUSFILE
RETURNALTERNATIVELIST
RETURNSYNONYMSLIST

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thesaurus.txt
Thumbs.db
Word Count Functions.dll
.dll windows:4 windows x86 arch:x86

01f3da39815dc73cfdf310495ed581b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegCloseKey

kernel32

CloseHandle
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetEnvironmentStringsA
GetLastError
GetModuleHandleA
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
MultiByteToWideChar
ReadFile
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CreateDialogParamA
CreateWindowExA
DialogBoxParamA

Exports

Exports

FASTWORDCOUNT

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib Functions.dll
.dll windows:4 windows x86 arch:x86

b00262547f8ee30ba688d05daf911667

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegCloseKey

kernel32

CloseHandle
CreateFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetEnvironmentStringsA
GetFileSize
GetFileType
GetLastError
GetModuleHandleA
GetStartupInfoA
GetSystemInfo
GetVersionExA
GetVolumeInformationA
GlobalAlloc
GlobalFree
MultiByteToWideChar
ReadFile
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CreateDialogParamA
CreateWindowExA
DialogBoxParamA

functions\zlib

compress
uncompress
gzopen
gzread
gzwrite
gzclose

Exports

Exports

GZCOMPRESSFILE
GZCOMPRESSSTRING
GZDECOMPRESSSTRING
GZUNCOMPRESSFILE

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib.dll
.dll windows:4 windows x86 arch:x86

e5c5650f0b0c0414d7e983aacdedc6c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
vsprintf
fflush
fseek
rewind
fputc
malloc
ftell
fprintf
_fdopen
fopen
sprintf
calloc
_initterm

kernel32

GlobalAlloc
GetVersion
GlobalFree

Exports

Exports

adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipWriteInFileInZip
zlibVersion

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 20KB

aebc3107701149edfc563b8db7a789fd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 444B

b9abed38fce104c978b65547ac029de4

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 1024B - Virtual size: 1KB

.link Size: 1KB - Virtual size: 1KB

.rloc Size: 512B - Virtual size: 388B

980416fc5c464dd00efd701ec2341bf7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

ole32

olepro32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 832B

.reloc Size: 4KB - Virtual size: 502B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.0MB

UPX1 Size: 300KB - Virtual size: 304KB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 20KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 444B

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 1KB

.link
Size: 1KB - Virtual size: 1KB

.rloc
Size: 512B - Virtual size: 388B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 4KB - Virtual size: 502B

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 300KB - Virtual size: 304KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 3KB - Virtual size: 3KB

.link
Size: 2KB - Virtual size: 1KB

.rloc
Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.link
Size: 1KB - Virtual size: 1KB

.rloc
Size: 512B - Virtual size: 220B

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.link
Size: 1KB - Virtual size: 1KB

.rloc
Size: 512B - Virtual size: 168B

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 1KB

.link
Size: 2KB - Virtual size: 1KB

.rloc
Size: 512B - Virtual size: 444B