70e46a44bfc218c991836c2e58d35ba3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70e46a44bfc218c991836c2e58d35ba3_JaffaCakes118
Size

14.3MB
MD5

70e46a44bfc218c991836c2e58d35ba3
SHA1

a0d5e8d9b5e35db61ed6adf70b5ccec63d7cdfeb
SHA256

e02bdfe374d9d85a97d6b509b8203acb73bf1dabdffcf8d96f6958f557d78b71
SHA512

dac33e217e1aa65b9e3fc14bfc574356e557eb8bd762879327840c9a653412e356a5e882526f37e9bc2d759b539b8c31972288161ec42daac6b79506e5aabb7e
SSDEEP

393216:VWTZx+E7Uu9ym3rAE6eUhl8NsjCzg5HllInYpSoV0M:UlJ7Xt3EE6hh+6L1pSoeM

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
70e46a44bfc218c991836c2e58d35ba3_JaffaCakes118
unpack001/$PLUGINSDIR/BrandingURL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/CactusBruce.RWG
unpack001/CactusBruce.exe
unpack001/cncs232.dll
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

70e46a44bfc218c991836c2e58d35ba3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c042238f43557c055fca8642de8a074

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BrandingURL.dll
.dll windows:4 windows x86 arch:x86

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalFree

user32

GetWindowRect
SetCapture
InvalidateRect
SendMessageA
GetCapture
ClientToScreen
EnableWindow
LoadImageA
SetPropA
SetWindowLongA
GetWindowLongA
GetDlgItem
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
RedrawWindow

gdi32

GetObjectA
SetTextColor
CreateFontIndirectA

shell32

ShellExecuteA

Exports

Exports

Set
Unload

Sections

.text
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 839B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SMPROGRAMS/Ʋ³˹Ⱥ/155ɫվ.lnk
.lnk
155ɫվ.lnk
.lnk
CM.sav
CactusBruce.RWG
.exe windows:4 windows x86 arch:x86

11787f155bff119bee66539bc09ae40b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cncs232

ord64
ord24
ord19
ord18
ord32
ord81
ord56
ord176
ord158
ord206
ord57
ord6
ord23
ord36
ord2
ord33
ord179
ord186
ord151
ord149
ord3
ord105
ord193
ord200
ord335
ord336
ord191
ord188
ord363
ord366
ord334
ord390
ord340
ord375
ord387
ord187
ord199
ord108
ord55
ord338
ord374
ord120
ord196
ord195
ord89
ord165
ord435
ord189
ord192
ord154
ord90
ord313
ord312
ord311
ord351
ord350
ord411
ord410
ord305
ord307
ord308
ord352
ord333
ord310
ord303
ord349
ord361
ord409
ord348
ord408
ord392
ord347
ord407
ord391
ord16
ord94
ord92
ord93
ord109
ord163
ord91
ord140
ord52
ord168
ord138
ord162
ord132
ord107
ord133
ord129
ord414
ord385
ord71
ord78
ord77
ord76
ord61
ord125
ord79
ord70
ord69
ord60
ord62
ord98
ord75
ord34
ord35
ord12
ord68
ord48
ord150
ord346
ord54
ord115
ord169
ord143
ord50
ord65
ord116
ord66
ord177
ord80
ord106
ord171
ord173
ord172
ord112
ord113
ord114
ord86
ord160
ord30
ord29
ord117
ord118
ord119
ord111
ord95
ord88
ord96
ord161
ord83
ord67
ord170
ord412
ord103
ord156
ord372
ord299
ord178
ord174
ord58

winmm

joyGetPos

kernel32

ReadFile
WriteFile
SetFilePointer
CloseHandle
_lread
_lwrite
GetTickCount
lstrcpy
lstrcmp
lstrcat
lstrlen
GetCommandLineA
_hread
_llseek
lstrcpyA
lstrcatA
lstrcmpA
lstrcpynA
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStdHandle
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
CreateFileA
UnhandledExceptionFilter
RaiseException
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
TerminateProcess
ExitProcess
GetStartupInfoA
GetModuleHandleA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
SetEnvironmentVariableA
DeleteFileA
HeapSize
HeapReAlloc
HeapCompact
HeapAlloc
HeapFree
RtlUnwind
FreeResource
FlushFileBuffers
CompareStringA
CompareStringW
GetLastError
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
GlobalReAlloc
GlobalAlloc
lstrlenA
GetExitCodeProcess
CreateProcessA
GetTempPathA
GetTempFileNameA
GlobalDeleteAtom
GetVersion
GlobalAddAtomA
GlobalLock
GlobalUnlock
GlobalFree
_lopen
_lclose
SetErrorMode
RemoveDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleFileNameA
WinExec
LocalAlloc
LocalFree
FindResourceA
SizeofResource
LoadResource
FreeEnvironmentStringsA
LockResource
SetEndOfFile

user32

SetScrollRange
CreateWindowExA
UnionRect
GetSysColor
DrawFocusRect
SetRect
InvertRect
OemToCharA
GetCursorPos
ShowCursor
GetAsyncKeyState
GetActiveWindow
MapWindowPoints
SetPropA
RemovePropA
GetPropA
CallWindowProcA
DefWindowProcA
ReleaseCapture
SetCapture
IntersectRect
GetDesktopWindow
TranslateMessage
DispatchMessageA
UpdateWindow
WinHelpA
SetForegroundWindow
EnumThreadWindows
IsWindow
GetTopWindow
GetClassNameA
GetWindow
LoadIconA
LoadImageA
RegisterClassExA
RegisterClassA
OffsetRect
GetSystemMetrics
AdjustWindowRectEx
CopyRect
DestroyIcon
GetSubMenu
CreateIconIndirect
PostQuitMessage
GetUpdateRect
FillRect
SetScrollPos
DestroyWindow
GetFocus
SetFocus
SendMessageA
RedrawWindow
GetClientRect
IsIconic
EnableMenuItem
GetParent
GetDC
ScreenToClient
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
PtInRect
MessageBoxA
SetWindowTextA
GetDlgItem
wsprintfA
MapVirtualKeyA
GetInputState
PeekMessageA
SetTimer
LoadStringA
SetDlgItemTextA
KillTimer
SetWindowLongA
SendDlgItemMessageA
GetWindowLongA
GetDlgItemTextA
EndDialog
GetKeyState
PostMessageA
IsZoomed
GetWindowRect
GetMenu
DestroyMenu
LoadMenuA
LoadMenuIndirectA
GetMenuItemCount
DeleteMenu
SetWindowPlacement
IsWindowVisible
ShowWindow
GetWindowPlacement
SetWindowPos
GetMenuState
CheckMenuItem
InvalidateRect
SetCursorPos

gdi32

DeleteObject
LineTo
MoveToEx
Rectangle
CreateHatchBrush
CreatePen
SelectPalette
RealizePalette
CreateSolidBrush
GetStockObject
SetDIBits
CreateCompatibleBitmap
CreateBitmap
CreatePalette
CreateFontIndirectA
GetObjectA
GetTextExtentPointA
GetCharWidthA
GetTextMetricsA
SetROP2
SetBkColor
SetTextColor
GetNearestPaletteIndex
SetBkMode
SetTextAlign
DPtoLP
TextOutA
Polygon
SetPolyFillMode
SelectClipRgn
CreateRectRgn
LPtoDP
SelectObject

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyA

shell32

DragQueryFileA
ShellExecuteA
DragAcceptFiles

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT_1
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CactusBruce.exe
.exe windows:4 windows x86 arch:x86

11787f155bff119bee66539bc09ae40b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cncs232

ord64
ord24
ord19
ord18
ord32
ord81
ord56
ord176
ord158
ord206
ord57
ord6
ord23
ord36
ord2
ord33
ord179
ord186
ord151
ord149
ord3
ord105
ord193
ord200
ord335
ord336
ord191
ord188
ord363
ord366
ord334
ord390
ord340
ord375
ord387
ord187
ord199
ord108
ord55
ord338
ord374
ord120
ord196
ord195
ord89
ord165
ord435
ord189
ord192
ord154
ord90
ord313
ord312
ord311
ord351
ord350
ord411
ord410
ord305
ord307
ord308
ord352
ord333
ord310
ord303
ord349
ord361
ord409
ord348
ord408
ord392
ord347
ord407
ord391
ord16
ord94
ord92
ord93
ord109
ord163
ord91
ord140
ord52
ord168
ord138
ord162
ord132
ord107
ord133
ord129
ord414
ord385
ord71
ord78
ord77
ord76
ord61
ord125
ord79
ord70
ord69
ord60
ord62
ord98
ord75
ord34
ord35
ord12
ord68
ord48
ord150
ord346
ord54
ord115
ord169
ord143
ord50
ord65
ord116
ord66
ord177
ord80
ord106
ord171
ord173
ord172
ord112
ord113
ord114
ord86
ord160
ord30
ord29
ord117
ord118
ord119
ord111
ord95
ord88
ord96
ord161
ord83
ord67
ord170
ord412
ord103
ord156
ord372
ord299
ord178
ord174
ord58

winmm

joyGetPos

kernel32

ReadFile
WriteFile
SetFilePointer
CloseHandle
_lread
_lwrite
GetTickCount
lstrcpy
lstrcmp
lstrcat
lstrlen
GetCommandLineA
_hread
_llseek
lstrcpyA
lstrcatA
lstrcmpA
lstrcpynA
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStdHandle
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
CreateFileA
UnhandledExceptionFilter
RaiseException
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
TerminateProcess
ExitProcess
GetStartupInfoA
GetModuleHandleA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
SetEnvironmentVariableA
DeleteFileA
HeapSize
HeapReAlloc
HeapCompact
HeapAlloc
HeapFree
RtlUnwind
FreeResource
FlushFileBuffers
CompareStringA
CompareStringW
GetLastError
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
GlobalReAlloc
GlobalAlloc
lstrlenA
GetExitCodeProcess
CreateProcessA
GetTempPathA
GetTempFileNameA
GlobalDeleteAtom
GetVersion
GlobalAddAtomA
GlobalLock
GlobalUnlock
GlobalFree
_lopen
_lclose
SetErrorMode
RemoveDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleFileNameA
WinExec
LocalAlloc
LocalFree
FindResourceA
SizeofResource
LoadResource
FreeEnvironmentStringsA
LockResource
SetEndOfFile

user32

SetScrollRange
CreateWindowExA
UnionRect
GetSysColor
DrawFocusRect
SetRect
InvertRect
OemToCharA
GetCursorPos
ShowCursor
GetAsyncKeyState
GetActiveWindow
MapWindowPoints
SetPropA
RemovePropA
GetPropA
CallWindowProcA
DefWindowProcA
ReleaseCapture
SetCapture
IntersectRect
GetDesktopWindow
TranslateMessage
DispatchMessageA
UpdateWindow
WinHelpA
SetForegroundWindow
EnumThreadWindows
IsWindow
GetTopWindow
GetClassNameA
GetWindow
LoadIconA
LoadImageA
RegisterClassExA
RegisterClassA
OffsetRect
GetSystemMetrics
AdjustWindowRectEx
CopyRect
DestroyIcon
GetSubMenu
CreateIconIndirect
PostQuitMessage
GetUpdateRect
FillRect
SetScrollPos
DestroyWindow
GetFocus
SetFocus
SendMessageA
RedrawWindow
GetClientRect
IsIconic
EnableMenuItem
GetParent
GetDC
ScreenToClient
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
PtInRect
MessageBoxA
SetWindowTextA
GetDlgItem
wsprintfA
MapVirtualKeyA
GetInputState
PeekMessageA
SetTimer
LoadStringA
SetDlgItemTextA
KillTimer
SetWindowLongA
SendDlgItemMessageA
GetWindowLongA
GetDlgItemTextA
EndDialog
GetKeyState
PostMessageA
IsZoomed
GetWindowRect
GetMenu
DestroyMenu
LoadMenuA
LoadMenuIndirectA
GetMenuItemCount
DeleteMenu
SetWindowPlacement
IsWindowVisible
ShowWindow
GetWindowPlacement
SetWindowPos
GetMenuState
CheckMenuItem
InvalidateRect
SetCursorPos

gdi32

DeleteObject
LineTo
MoveToEx
Rectangle
CreateHatchBrush
CreatePen
SelectPalette
RealizePalette
CreateSolidBrush
GetStockObject
SetDIBits
CreateCompatibleBitmap
CreateBitmap
CreatePalette
CreateFontIndirectA
GetObjectA
GetTextExtentPointA
GetCharWidthA
GetTextMetricsA
SetROP2
SetBkColor
SetTextColor
GetNearestPaletteIndex
SetBkMode
SetTextAlign
DPtoLP
TextOutA
Polygon
SetPolyFillMode
SelectClipRgn
CreateRectRgn
LPtoDP
SelectObject

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyA

shell32

DragQueryFileA
ShellExecuteA
DragAcceptFiles

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT_1
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OneTonClaw_Cannon.bmp
OneTonClaw_Claw.bmp
Stages/Stage1
Stages/Stage10
Stages/Stage100
Stages/Stage101
Stages/Stage102
Stages/Stage103
Stages/Stage104
Stages/Stage105
Stages/Stage106
Stages/Stage107
Stages/Stage108
Stages/Stage109
Stages/Stage11
Stages/Stage110
Stages/Stage12
Stages/Stage13
Stages/Stage14
Stages/Stage15
Stages/Stage16
Stages/Stage17
Stages/Stage18
Stages/Stage19
Stages/Stage2
Stages/Stage20
Stages/Stage21
Stages/Stage22
Stages/Stage23
Stages/Stage24
Stages/Stage25
Stages/Stage26
Stages/Stage27
Stages/Stage28
Stages/Stage29
Stages/Stage3
Stages/Stage30
Stages/Stage31
Stages/Stage32
Stages/Stage33
Stages/Stage34
Stages/Stage35
Stages/Stage36
Stages/Stage37
Stages/Stage38
Stages/Stage39
Stages/Stage4
Stages/Stage40
Stages/Stage41
Stages/Stage42
Stages/Stage43
Stages/Stage44
Stages/Stage45
Stages/Stage46
Stages/Stage47
Stages/Stage48
Stages/Stage49
Stages/Stage5
Stages/Stage50
Stages/Stage51
Stages/Stage52
Stages/Stage53
Stages/Stage54
Stages/Stage55
Stages/Stage56
Stages/Stage57
Stages/Stage58
Stages/Stage59
Stages/Stage6
Stages/Stage60
Stages/Stage61
Stages/Stage62
Stages/Stage63
Stages/Stage64
Stages/Stage65
Stages/Stage66
Stages/Stage67
Stages/Stage68
Stages/Stage69
Stages/Stage7
Stages/Stage70
Stages/Stage71
Stages/Stage72
Stages/Stage73
Stages/Stage74
Stages/Stage75
Stages/Stage76
Stages/Stage77
Stages/Stage78
Stages/Stage79
Stages/Stage8
Stages/Stage80
Stages/Stage81
Stages/Stage82
Stages/Stage83
Stages/Stage84
Stages/Stage85
Stages/Stage86
Stages/Stage87
Stages/Stage88
Stages/Stage89
Stages/Stage9
Stages/Stage90
Stages/Stage99
cb.wgm
cncs232.dll
.dll windows:4 windows x86 arch:x86

60295ba7e92b024ab63f2e367b68363f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

mciSendCommandA
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutOpen
timeGetTime
waveOutClose
timeKillEvent
timeGetDevCaps
timeSetEvent

kernel32

SetFilePointer
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
FreeResource
LockResource
GlobalDeleteAtom
OutputDebugStringA
SetUnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
WriteFile
GetFileType
SetHandleCount
RaiseException
GetCurrentProcess
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
ExitProcess
GetCommandLineA
HeapSize
HeapReAlloc
HeapCompact
HeapFree
HeapAlloc
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
ReadFile
CreateFileA
GetLastError
GlobalSize
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalLock
lstrcatA
GetModuleHandleA
GetPrivateProfileIntA
lstrcpyA
SetCurrentDirectoryA
GetCurrentDirectoryA
DeleteCriticalSection
GetModuleFileNameA
InitializeCriticalSection
GetSystemInfo
IsBadWritePtr
LocalFree
LocalAlloc
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
GlobalFree
GetVersion
lstrcmpA
IsBadReadPtr
GlobalAddAtomA
GetProfileStringA
lstrcmpiA
GetCurrentThreadId
lstrlenA
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
CompareStringA
CompareStringW
GetStdHandle
SetEnvironmentVariableA

user32

LoadBitmapA
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
SendDlgItemMessageA
GetDlgItem
EnumChildWindows
DefFrameProcA
DefMDIChildProcA
IsIconic
FillRect
GetTabbedTextExtentA
IsDialogMessageA
TranslateMDISysAccel
SetRect
DispatchMessageA
GetMessageA
PeekMessageA
CopyRect
GetKeyState
PostMessageA
SetCursor
SetWindowPos
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
GetSubMenu
ModifyMenuA
SetMenu
ShowWindow
FrameRect
PtInRect
CreateDialogParamA
DialogBoxParamA
ChangeDisplaySettingsA
TranslateMessage
UpdateWindow
AdjustWindowRectEx
LoadCursorA
CreateWindowExA
DestroyWindow
EnumDisplaySettingsA
RegisterClassA
HideCaret
MapWindowPoints
ShowCaret
BeginPaint
EndPaint
ExcludeUpdateRgn
GetWindowTextA
ClientToScreen
IsWindowEnabled
DrawTextA
GetFocus
IntersectRect
DrawFocusRect
GetParent
ScreenToClient
GetClassNameA
CallNextHookEx
InvalidateRect
GetSysColor
GetDC
GetSystemMetrics
GetClassInfoA
DefWindowProcA
GetWindowDC
GetWindowRect
InflateRect
OffsetRect
ReleaseDC
GetWindowLongA
IsChild
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
CharNextA
GetClientRect
RemovePropA
CallWindowProcA
SendMessageA
SetWindowLongA
SetPropA
GetPropA
TranslateAcceleratorA

gdi32

PatBlt
DeleteObject
GetTextExtentPointA
SetTextColor
SelectObject
GetDeviceCaps
CreateSolidBrush
DeleteDC
BitBlt
CreateCompatibleDC
SetBkMode
CreateDIBitmap
SetPixel
GetPixel
GetSystemPaletteEntries
SelectPalette
GetStockObject
CreatePen
CreateFontIndirectA
CreatePalette
SetBkColor
GetPaletteEntries
LineTo
MoveToEx
SetTextAlign
TextOutA
GetClipBox
GetTextMetricsA
GetObjectA
CreateCompatibleBitmap
Ellipse
Rectangle
Polygon
SetWindowOrgEx
StretchBlt
CreateDIBSection
SetDIBColorTable
Polyline
SetROP2
GdiFlush
RealizePalette
IntersectClipRect
ExtTextOutA

comctl32

ord17

msacm32

acmStreamSize
acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmStreamOpen

Exports

Exports

BtnWndProc3d
ComboWndProc3d
Ctl3dAutoSubclass
Ctl3dColorChange
Ctl3dCtlColor
Ctl3dCtlColorEx
Ctl3dDlgFramePaint
Ctl3dDlgProc
Ctl3dEnabled
Ctl3dGetVer
Ctl3dRegister
Ctl3dSetStyle
Ctl3dSubclassCtl
Ctl3dSubclassDlg
Ctl3dSubclassDlgEx
Ctl3dUnregister
Ctl3dWinIniChange
EditWndProc3d
ListWndProc3d
StaticWndProc3d
_CusTabProc@16
_KnpDirectionProc@16

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT_TEX
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
score-story.sav
uninst.exe
.exe windows:4 windows x86 arch:x86

1c042238f43557c055fca8642de8a074

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Signatures

Files

1c042238f43557c055fca8642de8a074

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 28KB

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 839B

.data Size: 512B - Virtual size: 336B

.reloc Size: 512B - Virtual size: 220B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

11787f155bff119bee66539bc09ae40b

Headers

File Characteristics

Imports

cncs232

winmm

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 198KB - Virtual size: 198KB

TEXT_1 Size: 50KB - Virtual size: 49KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 27KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 18KB - Virtual size: 18KB

11787f155bff119bee66539bc09ae40b

Headers

File Characteristics

Imports

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 839B

.data
Size: 512B - Virtual size: 336B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 198KB - Virtual size: 198KB

TEXT_1
Size: 50KB - Virtual size: 49KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 27KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 198KB - Virtual size: 198KB

TEXT_1
Size: 50KB - Virtual size: 49KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 27KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 227KB - Virtual size: 226KB

INIT_TEX
Size: 2KB - Virtual size: 1KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 25KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 28KB