621698b9beee0dbe68aa84ecfef9d1e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

621698b9beee0dbe68aa84ecfef9d1e9_JaffaCakes118
Size

580KB
MD5

621698b9beee0dbe68aa84ecfef9d1e9
SHA1

638dd87aafa2cfd685b037b40a127111a6973e2a
SHA256

8ac32fc7cd97690b5bc5fc43d791919a6002e3cffa0e2db0314786ab0271ccd4
SHA512

78939bc2ee94954d0ee934e54d69a563f1390714adbabcfe58c7076580e4085abbbda6099adff3b5715a6231066bea6b738a34e2ac25acf274ab38365e50b739
SSDEEP

12288:UirU3q3w3+9919uy+FXmUWIkDWER1FuBwxD5SQ/IeQgq5Nd+:YfcUy57R/uCdSyRQguv+

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/cfg/sql/report.xls

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bin/3proxy.exe
unpack001/bin/PCREPlugin.dll
unpack001/bin/StringsPlugin.dll
unpack001/bin/TrafficPlugin.dll
unpack001/bin/WindowsAuthentication.dll
unpack001/bin/countersutil.exe
unpack001/bin/dighosts.exe
unpack001/bin/mycrypt.exe

Files

621698b9beee0dbe68aa84ecfef9d1e9_JaffaCakes118
.zip
Changelog
Readme
authors
bin/3proxy.exe
.exe windows:4 windows x86 arch:x86

a1beb1b3f5af3d8816a3c2eaee5a1e76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getservbyport
gethostbyname
select
__WSAFDIsSet
send
sendto
recvfrom
getsockname
connect
getpeername
gethostname
htonl
ntohl
ntohs
WSASocketA
ioctlsocket
setsockopt
bind
WSAGetLastError
listen
WSAAccept
shutdown
closesocket
WSAStartup
htons

advapi32

CreateServiceA
StartServiceA
RegOpenKeyExA
RegSetValueExA
OpenServiceA
DeleteService
RegDeleteValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA

odbc32

ord75
ord31
ord11
ord24
ord9
ord39
ord7

user32

MessageBoxA

kernel32

GetStringTypeW
GetStringTypeA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetTickCount
GetLocaleInfoA
ReadFile
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCommandLineA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
MultiByteToWideChar
LCMapStringA
FlushFileBuffers
IsValidCodePage
Sleep
CloseHandle
LeaveCriticalSection
EnterCriticalSection
FreeConsole
GetCurrentProcessId
GetProcAddress
GetLastError
LoadLibraryA
InitializeCriticalSection
GetFullPathNameA
SearchPathA
GetVersionExA
DeleteCriticalSection
GetCurrentThreadId
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
ExitThread
CreateThread
HeapFree
DeleteFileA
GetTimeZoneInformation
GetProcessHeap
GetCurrentDirectoryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
RtlUnwind
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameA
GetFileAttributesA
GetCPInfo
GetACP
GetOEMCP

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/PCREPlugin.dll
.dll windows:4 windows x86 arch:x86

927f93568fa9337f0d03dce32397f721

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers

Exports

Exports

pcre_plugin
regcomp
regerror
regexec
regfree

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/StringsPlugin.dll
.dll windows:4 windows x86 arch:x86

af27f8630a1ed4291941c0cfcd196a6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
SetFilePointer
CloseHandle
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
HeapReAlloc
VirtualAlloc
WriteFile
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
ReadFile
SetStdHandle
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

Exports

Exports

start

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/TrafficPlugin.dll
.dll windows:4 windows x86 arch:x86

0b93c4ade4233ed58878ebb6072ffdaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
RtlUnwind
HeapReAlloc
VirtualAlloc
WriteFile
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Exports

Exports

start

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/WindowsAuthentication.dll
.dll windows:4 windows x86 arch:x86

e03bdd1998d92d56b569992045e9eb14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetTokenInformation
LogonUserA
LookupAccountNameA
GetLengthSid

kernel32

CloseHandle
GetLastError
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
WriteFile
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize

Exports

Exports

WindowsAuthentication

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/countersutil.exe
.exe windows:4 windows x86 arch:x86

c00f169032f7d9e9fc5953c23db29843

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
RtlUnwind
Sleep
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
InitializeCriticalSection
CloseHandle
CreateFileA
HeapReAlloc
VirtualAlloc
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
SetStdHandle
SetEndOfFile
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/dighosts.exe
.exe windows:4 windows x86 arch:x86

de2444828b8fda0f2072e3d0cd43a6a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
htonl
setsockopt
bind
getsockname
ioctlsocket
ntohs
__WSAFDIsSet
ntohl
WSAStartup
htons
WSASocketA
connect
send
shutdown
closesocket
select
recv

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
SetEndOfFile
ReadFile
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetLastError
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
GetProcAddress
GetModuleHandleA
ExitProcess
WideCharToMultiByte
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetFileAttributesA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
MultiByteToWideChar
CreateFileA
InitializeCriticalSection
SetFilePointer
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/mycrypt.exe
.exe windows:4 windows x86 arch:x86

2dcbc36e1de884d24da48a008515a5a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
RtlUnwind
HeapReAlloc
VirtualAlloc
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/rus-koi8-r.3ps
bin/rus-win1251.3ps
cfg/0.scenario.txt
cfg/3proxy.cfg.sample
.sh linux
cfg/counters.sample
cfg/sql/3proxy.cfg
cfg/sql/create.sql
cfg/sql/report.xls
.xls windows office2003

ЭтаКнига

Лист1

Лист2

Лист3

Module1
copying
doc/devel/devref.rtf
.rtf
doc/html/faqe.html
doc/html/faqr.html
doc/html/howtoe.html
doc/html/howtor.html
doc/html/index.html
.html
doc/html/man3/3proxy.cfg.3.html
doc/html/man8/3proxy.8.html
doc/html/man8/3proxy.conf.3.html
doc/html/man8/ftppr.8.html
doc/html/man8/pop3p.8.html
doc/html/man8/proxy.8.html
doc/html/man8/socks.8.html
doc/html/man8/tcppm.8.html
doc/html/man8/udppm.8.html
doc/html/securityen.html
doc/ru/3proxy_for_dummies.rtf
.rtf
doc/ru/example1.txt
doc/ru/iodbc.txt
doc/ru/odbc.txt
news

Sharing

General

Malware Config

Signatures

Files

a1beb1b3f5af3d8816a3c2eaee5a1e76

Headers

File Characteristics

Imports

ws2_32

advapi32

odbc32

user32

kernel32

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 12KB - Virtual size: 19KB

927f93568fa9337f0d03dce32397f721

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 5KB

af27f8630a1ed4291941c0cfcd196a6e

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 4KB

0b93c4ade4233ed58878ebb6072ffdaa

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 4KB

e03bdd1998d92d56b569992045e9eb14

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

c00f169032f7d9e9fc5953c23db29843

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 11KB

de2444828b8fda0f2072e3d0cd43a6a8

Headers

File Characteristics

Imports

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 12KB - Virtual size: 19KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 11KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 12KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 11KB