692ebae1caa58c3244bcdd4558c3d200_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

692ebae1caa58c3244bcdd4558c3d200_JaffaCakes118
Size

1.7MB
MD5

692ebae1caa58c3244bcdd4558c3d200
SHA1

3cc87d016f8f38a68be9fc613ae93c5b9d5f48d7
SHA256

056c2e69b56732a76f993bf066f9f34fe0e69ab918eab9301db38585012f8aee
SHA512

3413f2679638a9b7d9fe10daa1b33e0388a113aad25eb5bc4a34af383ff71914b463b3c08809454af874b2ba88016815f6738ac69c7c3ecca79a3b20bd0b060d
SSDEEP

49152:2iyLs6RhzMCiYlgfE0sbJIDj/k1rOYnKmHvfLqQ9cxNnap:jyLvRhz9KgJIDo16zmHvzVSNnap

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 9 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/kuaida/FileCopy.exe	aspack_v212_v242
static1/unpack001/kuaida/KDCheckUpdate.exe	aspack_v212_v242
static1/unpack001/kuaida/ball.exe	aspack_v212_v242
static1/unpack001/kuaida/colorball.exe	aspack_v212_v242
static1/unpack001/kuaida/kuaida.exe	aspack_v212_v242
static1/unpack001/kuaida/snake.exe	aspack_v212_v242
static1/unpack001/kuaida/tie.exe	aspack_v212_v242
static1/unpack001/kuaida/wb.exe	aspack_v212_v242
static1/unpack001/kuaida/well.exe	aspack_v212_v242

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kuaida/FileCopy.exe
unpack001/kuaida/KDCheckUpdate.exe
unpack001/kuaida/MSWINSCK.oca
unpack001/kuaida/ball.exe
unpack001/kuaida/colorball.exe
unpack001/kuaida/kuaida.exe
unpack001/kuaida/snake.exe
unpack001/kuaida/tie.exe
unpack001/kuaida/wb.exe
unpack001/kuaida/well.exe

Files

692ebae1caa58c3244bcdd4558c3d200_JaffaCakes118
.rar
kuaida/FileCopy.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 42KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/KDCheckUpdate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 29KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

cb0275eec9ac31b6d4d44320e576fadb

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetFileAttributesA
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetProcAddress
GetLocaleInfoA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetWindowsDirectoryA
LoadLibraryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kuaida/MSWINSCK.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kuaida/ball.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 52KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/colorball.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 60KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/d.at
kuaida/d.dt
kuaida/key.wav
kuaida/kj.g
.gif
kuaida/kp/0.b
kuaida/kp/1.b
kuaida/kp/2.b
kuaida/kp/3.b
kuaida/kp/4.b
kuaida/kp/5.b
kuaida/kp/6.b
kuaida/kp/7.b
kuaida/kp/8.b
kuaida/kp/9.b
kuaida/kp/A.b
kuaida/kp/B.b
kuaida/kp/C.b
kuaida/kp/D.b
kuaida/kp/E.b
kuaida/kp/F.b
kuaida/kp/G.b
kuaida/kp/H.b
kuaida/kp/I.b
kuaida/kp/J.b
kuaida/kp/K.b
kuaida/kp/L.b
kuaida/kp/M.b
kuaida/kp/N.b
kuaida/kp/O.b
kuaida/kp/P.b
kuaida/kp/Q.b
kuaida/kp/R.b
kuaida/kp/S.b
kuaida/kp/T.b
kuaida/kp/U.b
kuaida/kp/V.b
kuaida/kp/W.b
kuaida/kp/X.b
kuaida/kp/Y.b
kuaida/kp/Z.b
kuaida/kp/k.j
.jpg
kuaida/kp/kh.g
.gif
kuaida/kp/ktbp.j
.jpg
kuaida/kp/l0.g
.gif
kuaida/kp/l1.g
.gif
kuaida/kp/l2.g
.gif
kuaida/kp/l3.g
.gif
kuaida/kp/l4.g
.gif
kuaida/kp/n/+.b
kuaida/kp/n/-.b
kuaida/kp/n/0.b
kuaida/kp/n/1.b
kuaida/kp/n/2.b
kuaida/kp/n/3.b
kuaida/kp/n/4.b
kuaida/kp/n/5.b
kuaida/kp/n/6.b
kuaida/kp/n/7.b
kuaida/kp/n/8.b
kuaida/kp/n/9.b
kuaida/kp/n/c.b
kuaida/kp/n/e.b
kuaida/kp/n/nu.b
kuaida/kp/n/p.b
kuaida/kp/n/x.b
kuaida/kp/r0.g
.gif
kuaida/kp/r1.g
.gif
kuaida/kp/r2.g
.gif
kuaida/kp/r3.g
.gif
kuaida/kp/r4.g
.gif
kuaida/kp/space.b
kuaida/kuaida.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 209KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/mp/1.b
kuaida/mp/1.j
.jpg
kuaida/mp/10.j
.jpg
kuaida/mp/2.j
.jpg
kuaida/mp/3.j
.jpg
kuaida/mp/4.j
.jpg
kuaida/mp/5.j
.jpg
kuaida/mp/6.j
.jpg
kuaida/snake.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/snake.wav
kuaida/snake_gameover.wav
kuaida/tie.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/u.dt
kuaida/user/00/d.at
kuaida/wb.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 38KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/well.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 37KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kuaida/wrong.wav
kuaida/zgb.g
.gif

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 42KB - Virtual size: 176KB

.data Size: 512B - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 4KB

.aspack Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 29KB - Virtual size: 92KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

.aspack Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

cb0275eec9ac31b6d4d44320e576fadb

Code Sign

Signer

Headers

File Characteristics

Imports

wsock32

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 5KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 19KB - Virtual size: 20KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

Headers

File Characteristics

Sections

.text Size: 52KB - Virtual size: 196KB

.data Size: 512B - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.aspack Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 60KB - Virtual size: 224KB

.data Size: 512B - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 4KB

.aspack Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 209KB - Virtual size: 1.0MB

.data Size: 512B - Virtual size: 48KB

.rsrc Size: 79KB - Virtual size: 324KB

.aspack Size: 72KB - Virtual size: 76KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 48KB - Virtual size: 208KB

.data Size: 512B - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 4KB

.aspack Size: 6KB - Virtual size: 8KB

.text
Size: 42KB - Virtual size: 176KB

.data
Size: 512B - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 92KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 19KB - Virtual size: 20KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 52KB - Virtual size: 196KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 224KB

.data
Size: 512B - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 209KB - Virtual size: 1.0MB

.data
Size: 512B - Virtual size: 48KB

.rsrc
Size: 79KB - Virtual size: 324KB

.aspack
Size: 72KB - Virtual size: 76KB

.adata
Size: - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 208KB

.data
Size: 512B - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 176KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 164KB

.data
Size: 512B - Virtual size: 16KB

.rsrc
Size: 70KB - Virtual size: 192KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 144KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB