6f8283dfc479216e8e5e82e3acc5c799_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6f8283dfc479216e8e5e82e3acc5c799_JaffaCakes118
Size

1.4MB
MD5

6f8283dfc479216e8e5e82e3acc5c799
SHA1

11f2c3322e7a2e311daca9ab74b4d470850f6765
SHA256

2d5e652425785634a024b9c45c5f72b059cd5912f3e1ceaa533076a8f5243eee
SHA512

2c6e1d0fc59e43c4cea1d212af225e83f3e0118cd8cb7f82b0a46934ebb2010e3b25422fa7ed10d723d938f1c856acbbb5aa93e8b4d79baa24a311e2f98546ed
SSDEEP

24576:r8vWc8YxQVoQXQ4ipcS13h+5YmLxcuRYLwpr5VnD1GtLtWO12NoSEjMAtdWBJ+gE:r8vWcFSbIOS1x0lcBwL9oBsXNo7lwAgE

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/NzbExplorer/Helper.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/NzbExplorer/Helper.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NzbExplorer/Helper.dll
unpack001/NzbExplorer/NzbExplorer.exe
unpack001/NzbExplorer/NzbExplorerLoader.exe
unpack001/NzbExplorer/unrar.dll
unpack001/NzbExplorer/vbuzip10.dll

Files

6f8283dfc479216e8e5e82e3acc5c799_JaffaCakes118
.zip
NzbExplorer/Adds.zip
.zip
Adds/1068_3209.jpg
.jpg
Adds/1145_3855.gif
.gif
Adds/1221_5729.gif
.gif
Adds/136_354.gif
.gif
Adds/1370_3907.gif
.gif
Adds/140_389.gif
.gif
Adds/1573_4346.gif
.gif
Adds/1975_5334.jpg
.jpg
Adds/2060_5603.gif
.gif
Adds/2240_6089.gif
.gif
Adds/2660_6957.jpg
.jpg
Adds/2730_7708.gif
.gif
Adds/2849_7464.gif
.gif
Adds/2875_7503.jpg
.jpg
Adds/2912_7657.gif
.gif
Adds/3121_9356.gif
.gif
Adds/3183_8291.gif
.gif
Adds/3227_8369.jpg
.jpg
Adds/3268_8561.jpg
.jpg
Adds/3291_8841.GIF
.gif
Adds/3628_9896.jpg
.jpg
Adds/3739_9595.jpg
.jpg
Adds/3863_10728.gif
.gif
Adds/4002_9922.gif
.gif
Adds/4383_13129.gif
.gif
Adds/4405_13137.gif
.gif
Adds/4408_11348.bmp
Adds/4421_11202.JPG
.jpg
Adds/4423_11200.JPG
.jpg
Adds/4499_11427.gif
.gif
Adds/4544_11570.gif
.gif
Adds/4648_11936.gif
.gif
Adds/4670_12129.JPG
.jpg
Adds/467_1740.jpg
.jpg
Adds/4709_12128.gif
.gif
Adds/470_11385.jpg
.jpg
Adds/4906_12721.gif
.gif
Adds/4950_12920.jpg
.jpg
Adds/4971_12995.jpg
.jpg
Adds/583_2238.jpg
.jpg
Adds/666_2152.gif
.gif
Adds/831_2560.gif
.gif
Adds/999_3070.jpg
.jpg
NzbExplorer/Adds/1068_3209.jpg
.jpg
NzbExplorer/Adds/1145_3855.gif
.gif
NzbExplorer/Adds/1221_5729.gif
.gif
NzbExplorer/Adds/136_354.gif
.gif
NzbExplorer/Adds/1370_3907.gif
.gif
NzbExplorer/Adds/140_389.gif
.gif
NzbExplorer/Adds/1573_4346.gif
.gif
NzbExplorer/Adds/1975_5334.jpg
.jpg
NzbExplorer/Adds/2060_5603.gif
.gif
NzbExplorer/Adds/2240_6089.gif
.gif
NzbExplorer/Adds/2660_6957.jpg
.jpg
NzbExplorer/Adds/2730_7708.gif
.gif
NzbExplorer/Adds/2849_7464.gif
.gif
NzbExplorer/Adds/2875_7503.jpg
.jpg
NzbExplorer/Adds/2912_7657.gif
.gif
NzbExplorer/Adds/3121_9356.gif
.gif
NzbExplorer/Adds/3183_8291.gif
.gif
NzbExplorer/Adds/3227_8369.jpg
.jpg
NzbExplorer/Adds/3268_8561.jpg
.jpg
NzbExplorer/Adds/3291_8841.GIF
.gif
NzbExplorer/Adds/3628_9896.jpg
.jpg
NzbExplorer/Adds/3739_9595.jpg
.jpg
NzbExplorer/Adds/3863_10728.gif
.gif
NzbExplorer/Adds/4002_9922.gif
.gif
NzbExplorer/Adds/4383_13129.gif
.gif
NzbExplorer/Adds/4405_13137.gif
.gif
NzbExplorer/Adds/4408_11348.bmp
NzbExplorer/Adds/4421_11202.JPG
.jpg
NzbExplorer/Adds/4423_11200.JPG
.jpg
NzbExplorer/Adds/4499_11427.gif
.gif
NzbExplorer/Adds/4544_11570.gif
.gif
NzbExplorer/Adds/4648_11936.gif
.gif
NzbExplorer/Adds/4670_12129.JPG
.jpg
NzbExplorer/Adds/467_1740.jpg
.jpg
NzbExplorer/Adds/4709_12128.gif
.gif
NzbExplorer/Adds/470_11385.jpg
.jpg
NzbExplorer/Adds/4906_12721.gif
.gif
NzbExplorer/Adds/4950_12920.jpg
.jpg
NzbExplorer/Adds/4971_12995.jpg
.jpg
NzbExplorer/Adds/583_2238.jpg
.jpg
NzbExplorer/Adds/666_2152.gif
.gif
NzbExplorer/Adds/831_2560.gif
.gif
NzbExplorer/Adds/999_3070.jpg
.jpg
NzbExplorer/Helper.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetBufferSize
GetCylinders
GetHeads
GetIdeDiskInfo
GetModelNumber
GetRevisionNo
GetSectors
GetSerialNumber

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NzbExplorer/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

2b2ee4e06ab7ae589a670cad99121b44

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
GetDlgItemInt
EndDialog
GetActiveWindow
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
IsWindowEnabled
IsWindowVisible
UnregisterClassA
CharNextA
MessageBoxA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemTextA
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
SetTimer
KillTimer
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetTextColor
SetBkMode
Rectangle
CreatePen
SetBkColor
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NzbExplorer/NzbExplorer.exe
.exe windows:4 windows x86 arch:x86

0e84a6f48c9400a030aa6cd1145526bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
__vbaStrErrVarCopy
__vbaVarFix
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaVarSetVarAddref
__vbaI2Abs
__vbaCopyBytes
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
ord661
__vbaLenBstrB
ord662
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaAryDestruct
ord669
__vbaVarIndexLoadRefLock
ord592
__vbaBoolStr
ord593
__vbaForEachCollObj
__vbaVarForInit
__vbaExitProc
ord594
__vbaStrLike
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord599
__vbaStrFixstr
ord520
__vbaBoolVar
__vbaVargVar
__vbaVarTstLt
__vbaFpR8
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
ord709
__vbaErase
ord631
__vbaVarCmpGt
__vbaVargVarMove
ord525
ord632
__vbaNextEachCollObj
__vbaVarZero
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
ord561
ord562
DllFunctionCall
__vbaVarOr
ord563
__vbaVarLateMemSt
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaRedimVar
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
__vbaFailedFriend
__vbaVarDiv
__vbaLateIdStAd
ord608
ord531
__vbaFPException
ord717
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord537
ord644
ord538
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaR8Str
__vbaNew2
__vbaInStr
ord648
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaVarSetObj
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord612
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
__vbaVarTstGe
__vbaVarCopy
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
__vbaRecDestructAnsi
_CIatan
ord618
__vbaI2ErrVar
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaStrVarCopy
__vbaForEachVar
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NzbExplorer/NzbExplorerLoader.exe
.exe windows:4 windows x86 arch:x86

d7de6042267a141320b063638936e62d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
ord662
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaFpR8
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaStrR8
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord712
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
ord717
__vbaStrVarVal
ord645
_CIlog
__vbaFileOpen
__vbaInStr
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
ord612
__vbaVarDup
ord616
ord617
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NzbExplorer/unrar.dll
.dll windows:4 windows x86 arch:x86

244d2f9772f4886a651db44514a2a29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NzbExplorer/vbuzip10.dll
.dll windows:4 windows x86 arch:x86

d7fb4de41cd6c7ef515f3cb090e706e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
HeapAlloc
GetLastError
CreateFileA
GetCurrentProcess
GetVersion
SetFileTime
SetFileAttributesA
FileTimeToLocalFileTime
GetFullPathNameA
CloseHandle
CreateMutexA
FindClose
SetVolumeLabelA
GetFileAttributesA
GetFileTime
FileTimeToDosDateTime
lstrcpyA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
GetVolumeInformationA
lstrlenA
lstrcmpiA
EnterCriticalSection
GetDriveTypeA
lstrcpynA
LeaveCriticalSection
GetProcessHeap
HeapFree
FindFirstFileA
FindNextFileA
HeapDestroy
TlsFree
SetLastError
GetCurrentDirectoryA
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetTimeZoneInformation
HeapCreate
VirtualFree
DeleteCriticalSection
ExitProcess
VirtualAlloc
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
FlushFileBuffers
WriteFile
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCurrentThreadId
TlsSetValue
TlsAlloc
FileTimeToSystemTime
TlsGetValue
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
ReadFile
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileA
CreateDirectoryA

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorControl
GetKernelObjectSecurity
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidAcl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
IsValidSid
OpenProcessToken
LookupPrivilegeValueA

Exports

Exports

UzpFreeMemBuffer
UzpVersion
UzpVersion2
Wiz_Grep
Wiz_Init
Wiz_NoPrinting
Wiz_SetOpts
Wiz_SingleEntryUnzip
Wiz_Unzip
Wiz_UnzipToMemory
Wiz_Validate

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 80KB

UPX1 Size: 39KB - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 4KB

2b2ee4e06ab7ae589a670cad99121b44

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 685KB - Virtual size: 684KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 279KB - Virtual size: 278KB

.reloc Size: 38KB - Virtual size: 38KB

0e84a6f48c9400a030aa6cd1145526bb

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 500KB - Virtual size: 496KB

.data Size: 4KB - Virtual size: 29KB

.rsrc Size: 64KB - Virtual size: 63KB

d7de6042267a141320b063638936e62d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

244d2f9772f4886a651db44514a2a29b

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 135KB - Virtual size: 136KB

.data Size: 15KB - Virtual size: 44KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

d7fb4de41cd6c7ef515f3cb090e706e1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 20KB - Virtual size: 16KB

UPX0
Size: - Virtual size: 80KB

UPX1
Size: 39KB - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 685KB - Virtual size: 684KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 279KB - Virtual size: 278KB

.reloc
Size: 38KB - Virtual size: 38KB

.text
Size: 500KB - Virtual size: 496KB

.data
Size: 4KB - Virtual size: 29KB

.rsrc
Size: 64KB - Virtual size: 63KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 135KB - Virtual size: 136KB

.data
Size: 15KB - Virtual size: 44KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 8KB - Virtual size: 5KB