7352a886bca8716fbdf1a17c65a98cb8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7352a886bca8716fbdf1a17c65a98cb8_JaffaCakes118
Size

2.4MB
MD5

7352a886bca8716fbdf1a17c65a98cb8
SHA1

68a6b7bed3221d610949f76ee1d5ecb2538914c8
SHA256

e016c61557abc0ec2dab0051dac1c8fff54fa958924484c1b3ddd7fecacc0b24
SHA512

0e2163791e9d0dee327c2c4cb5eb7bd20fd2b357306eb5f9a26d086e9137d985df98db35b2e5842b057f18136db539f8fdefabd51827d1036d6ed9b0bff23c78
SSDEEP

49152:5RCgUNMACvlCtWiY9Kb67hRvzKnf5idFsx3mz35P4XQ:5YgcCvlUWiK64nrWiKi35gXQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
7352a886bca8716fbdf1a17c65a98cb8_JaffaCakes118
unpack001/$R0
unpack001/IDWinService.exe
unpack001/InputDirector.exe
unpack001/InputDirectorSessionHelper.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

7352a886bca8716fbdf1a17c65a98cb8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$R0
.dll windows:4 windows x86 arch:x86

e7a8788df6b39c6a25c86e72e74810c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
SendMessageA
CallNextHookEx

msvcrt

_initterm
_adjust_fdiv
malloc
free

Exports

Exports

_hookNotifyListenerAboutEvents@4
_hooklibCleanup@0
_hooklibInitialize@4

Sections

.text
Size: 4KB - Virtual size: 622B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDWinService.exe
.exe windows:4 windows x86 arch:x86

777bef8fca270ec9ef6412acfd90f2e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

mfc42

ord823
ord800
ord2827
ord540
ord537
ord825

msvcrt

_stricmp
exit
sprintf
wcslen
memmove
strrchr
wcsrchr
swprintf
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
printf

kernel32

GetVersionExA
GetModuleFileNameA
FormatMessageA
lstrlenA
LocalFree
SetConsoleCtrlHandler
GetSystemDirectoryW
lstrcatW
LoadLibraryW
CreateFileW
WaitNamedPipeW
ReadFile
WaitNamedPipeA
CreateFileA
SetNamedPipeHandleState
CloseHandle
FreeLibrary
ResetEvent
WaitForMultipleObjects
CreateEventA
SetEvent
GetLastError
OpenProcess
GetCurrentProcessId
GetModuleFileNameW
GetProcAddress
LoadLibraryA
WaitForSingleObject
TerminateProcess
WriteFile
SetLastError
ProcessIdToSessionId
Sleep

advapi32

CreateServiceA
ChangeServiceConfig2A
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorDacl
SetServiceObjectSecurity
FreeSid
CloseServiceHandle
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
DeleteService
QueryServiceStatus
ControlService
OpenServiceA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
InputDirector.exe
.exe windows:4 windows x86 arch:x86

9d767a0a5cd10317ab46999a849e76ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

ws2_32

sendto
setsockopt
gethostbyaddr
ioctlsocket
recvfrom
ntohs
getsockopt
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
select
recv
ntohl
connect
accept
send
htonl
htons
socket
bind
listen
WSAAsyncSelect
gethostname
WSAStartup
WSACleanup
WSAGetLastError
closesocket
WSACancelAsyncRequest
gethostbyname

mfc42

ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord616
ord656
ord641
ord324
ord2302
ord4234
ord6199
ord3092
ord2642
ord1783
ord4710
ord4853
ord5981
ord4224
ord3874
ord3742
ord3571
ord640
ord818
ord323
ord6215
ord5785
ord2859
ord1640
ord2152
ord1233
ord283
ord5787
ord5788
ord472
ord2753
ord1168
ord2645
ord1654
ord1266
ord6242
ord5271
ord1949
ord686
ord1232
ord384
ord3619
ord2097
ord1146
ord5768
ord6129
ord3753
ord3754
ord4694
ord5148
ord2634
ord6128
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5579
ord5571
ord6061
ord5864
ord3596
ord755
ord5678
ord2754
ord4123
ord5736
ord6194
ord470
ord5875
ord924
ord4129
ord4133
ord4297
ord3693
ord2096
ord2864
ord6197
ord6377
ord6380
ord2289
ord2370
ord5953
ord6874
ord3097
ord2575
ord4396
ord3574
ord609
ord6378
ord6170
ord4200
ord2557
ord4220
ord3582
ord3654
ord2438
ord6270
ord1644
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord2092
ord5484
ord2764
ord4202
ord2621
ord1200
ord2915
ord1768
ord6379
ord2109
ord4160
ord2863
ord4287
ord2827
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord4427
ord366
ord1842
ord674
ord4242
ord5054
ord5282
ord4204
ord2358
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord1576
ord489
ord1907
ord4258
ord2582
ord4402
ord3370
ord3640
ord693
ord3996
ord6907
ord3998
ord3286
ord2639
ord2862
ord6905
ord6007
ord926
ord6675
ord3716
ord3719
ord790
ord793
ord6111
ord4284
ord3699
ord6743
ord6515
ord3301
ord6130
ord2086
ord3476
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord497
ord4259
ord2882
ord5850
ord4715
ord2763
ord3095
ord2301
ord6334
ord6283
ord6282
ord4278
ord6662
ord4398
ord2578
ord4218
ord2023
ord2411
ord3610
ord2614
ord535
ord3089
ord2379
ord6453
ord4275
ord2414
ord3626
ord567
ord1641
ord795
ord3573
ord3721
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord2818
ord537
ord939
ord940
ord941
ord858
ord540
ord860
ord800
ord6394
ord6383
ord5440
ord5450
ord2107
ord2841
ord3663
ord823
ord825
ord2584
ord768

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
__CxxFrameHandler
_purecall
_mbscmp
_XcptFilter
_setmbcp
realloc
wcstombs
memmove
_ftol
tolower
toupper
islower
isalpha
sprintf
atoi
strncpy
localtime
time
_mbsicmp
strchr
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_initterm

kernel32

GlobalLock
GlobalUnlock
WaitForSingleObject
SetEvent
SetThreadPriority
CreateThread
GlobalSize
GetCurrentProcess
GetVersionExA
GetModuleFileNameA
LocalAlloc
InterlockedExchange
RaiseException
GetLastError
GlobalFree
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
WaitForMultipleObjects
GlobalAddAtomA
DeleteAtom
lstrcpyA
lstrlenA
CreateProcessA
GetStartupInfoA
GetCommandLineA
Sleep
CreateMutexA
GetModuleHandleA
GetTickCount
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
ReadFile
WriteFile
GetSystemPowerStatus
InitializeCriticalSection
LeaveCriticalSection
CloseHandle
EnterCriticalSection
CreateEventA
MulDiv
SetPriorityClass
GetCurrentThread

user32

ShowScrollBar
GetSystemMetrics
MapWindowPoints
SetCapture
ReleaseCapture
TabbedTextOutA
DrawTextA
GrayStringA
ShowCursor
SetCursorPos
SetPropA
GetWindowLongA
SetWindowLongA
GetDlgItem
RemovePropA
CallWindowProcA
GetPropA
DrawFocusRect
ScreenToClient
DrawIconEx
CheckMenuItem
AppendMenuA
CreatePopupMenu
GetClientRect
RegisterWindowMessageA
GetSystemMenu
DrawIcon
IsIconic
LockWorkStation
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
MessageBoxA
SendInput
GetForegroundWindow
MapVirtualKeyExA
GetKeyboardLayout
GetWindowTextA
GetClassNameA
SystemParametersInfoA
GetKeyboardLayoutNameA
GetLastInputInfo
GetKeyboardState
EnumClipboardFormats
LoadImageA
GetDlgCtrlID
MapVirtualKeyA
GetMonitorInfoA
MonitorFromPoint
ExitWindowsEx
EnumDisplayMonitors
ReleaseDC
LoadBitmapA
GetClassInfoA
DefWindowProcA
LoadIconA
EndDialog
SetDlgItemTextA
GetParent
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
DialogBoxParamA
GetCursorPos
GetDC
UpdateLayeredWindow
SendMessageA
EnableWindow
InvalidateRect
GetSysColor
GetCursor
LoadCursorA
SetCursor
SetClipboardData
GetClipboardFormatNameA
GetClipboardData
GetClipboardSequenceNumber
CountClipboardFormats
IsClipboardFormatAvailable
OpenClipboard
EmptyClipboard
CloseClipboard
RegisterClipboardFormatA
SetTimer
KillTimer
PostMessageA
SetForegroundWindow

gdi32

GetBitmapDimensionEx
GetTextExtentPoint32A
BeginPath
EndPath
FillPath
DeleteObject
SetTextColor
CreateFontIndirectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
SelectObject
AngleArc
GetBkColor
BitBlt
GetDeviceCaps
CreateFontA
Ellipse
GetObjectA
GetBitmapBits
SetBitmapBits
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
GetTextMetricsA

comdlg32

GetSaveFileNameA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
ConvertSidToStringSidA
IsValidSid
CheckTokenMembership
GetTokenInformation
AllocateAndInitializeSid
EqualSid
LookupAccountSidA
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegFlushKey
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
QueryServiceStatus
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
LookupAccountNameA

shell32

Shell_NotifyIconA
ShellExecuteExA
ord680
DragQueryFileA

comctl32

ImageList_AddMasked
ImageList_Draw
ImageList_SetBkColor
ImageList_EndDrag
ImageList_ReplaceIcon

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InputDirectorSessionHelper.exe
.exe windows:4 windows x86 arch:x86

2e76ba9596a0e6d000d21da6d58ffeb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
gethostname
sendto
setsockopt
ioctlsocket
recvfrom
ntohs
closesocket
htonl
htons
socket
bind
getsockopt
gethostbyname
WSAGetLastError
WSAEventSelect

mfc42

ord3626
ord2414
ord5785
ord1641
ord2859
ord1640
ord2152
ord283
ord5787
ord5788
ord472
ord2753
ord2379
ord6197
ord6380
ord6377
ord4275
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord941
ord939
ord2107
ord2841
ord537
ord2827
ord940
ord6215
ord567
ord323
ord818
ord640
ord3571
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord2614
ord858
ord6394
ord5450
ord6383
ord5440
ord535
ord2818
ord860
ord540
ord800
ord3663
ord1233
ord6442
ord823
ord2446
ord825
ord1576
ord1168

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
strchr
_mbscmp
time
strrchr
strncpy
_purecall
atoi
sprintf
atol
_beginthread
_ftol
memmove
__CxxFrameHandler
_setmbcp
_controlfp

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
SetEvent
CreateProcessA
GetLastError
GetExitCodeThread
WaitForSingleObject
CreateEventA
CreateThread
CloseHandle
WaitForMultipleObjects
CreateWaitableTimerA
SetWaitableTimer
GetSystemTimeAsFileTime
CancelWaitableTimer
GetModuleFileNameA
GetTickCount
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetVersionExA
LocalAlloc
InterlockedExchange
RaiseException
GetModuleHandleA
OpenProcess
GetCurrentThreadId
GetCurrentProcessId
GetUserDefaultLangID
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateNamedPipeA
DisconnectNamedPipe
WriteFile
GetOverlappedResult
ReadFile
ResetEvent
ConnectNamedPipe
GetStartupInfoA
SetLastError

user32

ReleaseCapture
OpenDesktopA
SendInput
GetKeyState
MapVirtualKeyExA
GetKeyboardLayout
LockWorkStation
CopyRect
GetKeyboardState
GetSystemMetrics
SystemParametersInfoA
MapVirtualKeyA
GetMonitorInfoA
MonitorFromPoint
GetKeyboardLayoutNameA
ExitWindowsEx
ShowCursor
GetCursorPos
SetTimer
GetDC
UpdateLayeredWindow
KillTimer
PeekMessageA
SetThreadDesktop
GetMessageA
PostMessageA
GetForegroundWindow
PostQuitMessage
TranslateMessage
DispatchMessageA
SetCursorPos
PostThreadMessageA
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
EnumDisplayMonitors
EnableWindow

gdi32

Ellipse
GetObjectA
CreateCompatibleDC
GetBitmapBits
CreateCompatibleBitmap
SetBitmapBits

advapi32

StartServiceA
ReportEventA
DeregisterEventSource
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegFlushKey
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
QueryServiceStatus
RegisterEventSourceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 8KB - Virtual size: 8KB

e7a8788df6b39c6a25c86e72e74810c7

Headers

File Characteristics

Imports

user32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 622B

.rdata Size: 4KB - Virtual size: 448B

.data Size: 4KB - Virtual size: 40B

shared Size: 4KB - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 142B

777bef8fca270ec9ef6412acfd90f2e8

Headers

File Characteristics

Imports

userenv

mfc42

msvcrt

kernel32

advapi32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 6KB

9d767a0a5cd10317ab46999a849e76ba

Headers

File Characteristics

Imports

wtsapi32

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

Sections

.text Size: 284KB - Virtual size: 280KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 100KB - Virtual size: 96KB

2e76ba9596a0e6d000d21da6d58ffeb8

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 4KB - Virtual size: 622B

.rdata
Size: 4KB - Virtual size: 448B

.data
Size: 4KB - Virtual size: 40B

shared
Size: 4KB - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 142B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 6KB

.text
Size: 284KB - Virtual size: 280KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 100KB - Virtual size: 96KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 6KB