611f2f2996c085350ae55cfb54836dfc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

611f2f2996c085350ae55cfb54836dfc_JaffaCakes118
Size

320KB
MD5

611f2f2996c085350ae55cfb54836dfc
SHA1

95081b76e3bf72966f76badbe0d7149192690bc1
SHA256

64c8a350e60d1e7ac62bfbdaf46d8d9660d812d01f4a499b5404e265a776ffe3
SHA512

b467b4b2e24f84b6354c62eab3d33e1536da1c2345a403a8c52f251e729b3b7f75c510936e02d7b4be1a776209a122cc2da0e2e50b822a5fafce47c9bd5034f7
SSDEEP

6144:esUGh9PvtvCUgKWpFwBqLW60tyctzu9/1CqDdL:mEPvtlraFiXtycRoDDdL

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
611f2f2996c085350ae55cfb54836dfc_JaffaCakes118
unpack001/$PLUGINSDIR/AdvSplash.dll
unpack001/$PLUGINSDIR/AlwaysOnTop.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISAutoSetupPlugin.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$TEMP/GomEncDnInstaller.exe
unpack001/$TEMP/NSISPromotionEx.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

611f2f2996c085350ae55cfb54836dfc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

d347bd7fee30a85a5438127ef69a20d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA
timeSetEvent
timeKillEvent

kernel32

GetVersion
lstrcpynA
GlobalAlloc
GetProcAddress
GetModuleHandleA
lstrcatA
GlobalFree
lstrcpyA

user32

GetClientRect
EndPaint
DefWindowProcA
DestroyWindow
SetWindowRgn
wsprintfA
SystemParametersInfoA
DispatchMessageA
GetMessageA
IsWindow
CreateWindowExA
LoadImageA
RegisterClassA
LoadCursorA
EnumDisplaySettingsA
SetWindowLongA
SetWindowPos
InvalidateRect
PostMessageA
UnregisterClassA
BeginPaint

gdi32

GetObjectA
GetDIBits
CreateRectRgn
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CombineRgn

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AlwaysOnTop.dll
.dll windows:4 windows x86 arch:x86

c56daabd0b59e7a0804d633593e01907

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowPos

Exports

Exports

SetAlwaysOnTop
SetNoAlwaysOnTop

Sections

.text
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISAutoSetupPlugin.dll
.dll windows:4 windows x86 arch:x86

d0d278fb6cea268ff7b5e239775d5bc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

RegisterClassExA
SetTimer
CreateWindowExA
PostQuitMessage
PostMessageA
IsWindowEnabled
GetDlgItem
DefWindowProcA

Exports

Exports

StartAutoSetup

Sections

.text
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 361B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$TEMP/GomEncDnInstaller.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/NSISPromotionEx.dll
.dll windows:5 windows x86 arch:x86

c554e8b856177ec55460d8536624f1c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\GOM_PACKAGE\GJ_DEVEL\NSISPromotionEx_20111128\Release\NSISPromotionEx.pdb

Imports

kernel32

SizeofResource
WriteFile
GetFileAttributesW
CreateDirectoryW
GetTickCount
GetFileSize
GetPrivateProfileStringA
WritePrivateProfileStringW
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
IsBadStringPtrW
IsBadReadPtr
IsBadWritePtr
GlobalUnlock
GlobalLock
CreateFileA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
LoadLibraryA
FreeResource
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
LockResource
LoadResource
FindResourceW
GetTempFileNameW
RaiseException
GetCommandLineA
GetCurrentThreadId
CreateThread
ResumeThread
ExitThread
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTempPathW
lstrcatW
GetPrivateProfileIntW
GetExitCodeProcess
GetLastError
GetSystemDefaultUILanguage
MulDiv
Sleep
ReadFile
SetFilePointer
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
lstrlenW
DeleteFileW
GetPrivateProfileStringW
GetModuleFileNameW
WaitForSingleObject
CloseHandle
CreateProcessW
GetACP
GetVersion
MultiByteToWideChar
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
FlushFileBuffers
lstrcpynA

user32

SetWindowTextW
GetDlgItem
MoveWindow
ScreenToClient
EndDialog
ShowWindow
SendMessageW
GetDC
InvalidateRect
GetSysColor
GetSysColorBrush
SetTimer
GetParent
PostMessageW
GetWindowRect
DialogBoxParamW
SetWindowPos
GetClientRect
MessageBoxW
PeekMessageW
DispatchMessageW
SetWindowLongW
LoadBitmapW
PostQuitMessage
BeginPaint
ReleaseDC
CallWindowProcW
RemovePropW
GetPropW
SetPropW
EnableWindow
LoadStringW
RegisterWindowMessageW
ClientToScreen
GetWindowTextW
GetWindowTextLengthW
IsWindow
GetWindowLongW
OffsetRect
CopyRect
SystemParametersInfoW
GetMonitorInfoW
MonitorFromRect
FindWindowW
DefWindowProcW
KillTimer
EndPaint
PtInRect
GetCursorPos

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

CreateStreamOnHGlobal
OleSetContainedObject
OleCreate
CoUninitialize
CoInitialize

shell32

ShellExecuteW
ShellExecuteExW

oleaut32

VariantClear
OleLoadPicture
SysAllocString
SysFreeString
VariantInit

gdi32

LineTo
MoveToEx
TextOutW
CreatePen
SetBkMode
DeleteObject
SetBkColor
GetBkColor
CreateSolidBrush
SetTextColor
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
DeleteDC
CreateDIBSection
BitBlt
SelectObject

wintrust

WinVerifyTrust

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17
ImageList_Draw

wininet

InternetCloseHandle
InternetReadFile
InternetGetCookieW
InternetSetCookieW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
HttpQueryInfoW
InternetQueryDataAvailable

ws2_32

gethostname
gethostbyname
WSACleanup
WSAStartup

Exports

Exports

AucTrigger
Check11Uninstall
CheckAskToolBarCanInstall
CheckBaiDuIMEInstall
CheckGSearch
CheckGoogleChromeInstall
CheckGoogleToolbarInstall
CheckNetCodec_KOR
CheckPromotionInstall
CheckYahooToolbarInstall
CheckYandexToolBarCanInstall
DaumShowTrigger
DaumShowTriggerAudio
DaumShowTriggerRecorder
DaumTrigger
DaumTriggerAudio
DaumTriggerRecorder
Explorer11stTrigger
Favorite11stTrigger
GetBaiDuIME_Path
GetCountryCode
GetSectionPromotionPath
GomAYhoToolbarInstallTrigger
GomAYhoToolbarShowTrigger
HttpTrigger
InstBaiDuIME
InstGChrome
InstGSearch
InstGToolbar
InstYHToolbar
ReadCookie
RequestPromotionInstall
SetupNetCodec_KOR
ShopIcon11stTrigger
Shorcut11stTrigger
Verify
Verify2
WriteCookie
YhoShowTrigger
YhoToolbarAgreeTrigger
YhoToolbarInstallTrigger
YhoToolbarShowTrigger
YhoTrigger

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/NSISPromotionEx.ini
$TEMP/spltmp.bmp

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 68KB - Virtual size: 68KB

d347bd7fee30a85a5438127ef69a20d9

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 132B

.reloc Size: 512B - Virtual size: 442B

c56daabd0b59e7a0804d633593e01907

Headers

File Characteristics

Imports

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 102B

.rdata Size: 512B - Virtual size: 204B

.data Size: - Virtual size: 12B

.reloc Size: 512B - Virtual size: 48B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

d0d278fb6cea268ff7b5e239775d5bc7

Headers

File Characteristics

Imports

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 368B

.rdata Size: 512B - Virtual size: 361B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 68KB - Virtual size: 68KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 132B

.reloc
Size: 512B - Virtual size: 442B

.text
Size: 512B - Virtual size: 102B

.rdata
Size: 512B - Virtual size: 204B

.data
Size: - Virtual size: 12B

.reloc
Size: 512B - Virtual size: 48B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 368B

.rdata
Size: 512B - Virtual size: 361B

.data
Size: 512B - Virtual size: 53B

.reloc
Size: 512B - Virtual size: 88B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 190B

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 64KB - Virtual size: 62KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 6KB - Virtual size: 81KB

.rsrc
Size: 335KB - Virtual size: 334KB

.reloc
Size: 15KB - Virtual size: 14KB