74c3a1e6fb1cb95ba244d44299a1e7b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74c3a1e6fb1cb95ba244d44299a1e7b0_JaffaCakes118
Size

390KB
MD5

74c3a1e6fb1cb95ba244d44299a1e7b0
SHA1

f770b3e0e855b995e1f242d3e7008c1e82fa0eee
SHA256

25af143d3c511d869b7851c617f866d30bdb49678827fe32f66f05994285e71d
SHA512

441e3469142101a9ec559ab10e4e9c331c4c47db6717d8ce655e3b057b042056eadb24826d5ff8548cd2f472f0edbca36b6f6fe36e1b8730aad3aa6e785351c7
SSDEEP

6144:js9BgZwGQN3axgLxJEoeuFHJTWLYyr/5jD6LyQRAqur5D3Iv6o7AMZVkxMPrH:SS83t7Eojp6LY25aLv/YD3BuAaVkoH

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
74c3a1e6fb1cb95ba244d44299a1e7b0_JaffaCakes118
unpack001/$PLUGINSDIR/Processes.dll
unpack001/cgm/cgm.exe
unpack001/cgm/libcurl-4.dll
unpack001/cgm/libpdcurses.dll
unpack001/cgm/libpthread-2.dll
unpack001/rb.exe
unpack001/uninstall.exe
unpack002/$PLUGINSDIR/Processes.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

74c3a1e6fb1cb95ba244d44299a1e7b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cgm/OpenCL.dll
.dll windows:5 windows x86 arch:x86

b7684ccb37a7bc1500a9aa48943b7088

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

01/09/2011, 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:e2:be:5c:9e:af:f1:1d:46:da:d1:72:98:0a:4c:0d:9f:90:4b:b5
Signer

Actual PE Digest

6c:e2:be:5c:9e:af:f1:1d:46:da:d1:72:98:0a:4c:0d:9f:90:4b:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegEnumValueA
RegOpenKeyExA
RegCloseKey

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

clBuildProgram
clCreateBuffer
clCreateCommandQueue
clCreateContext
clCreateContextFromType
clCreateFromGLBuffer
clCreateFromGLRenderbuffer
clCreateFromGLTexture2D
clCreateFromGLTexture3D
clCreateImage2D
clCreateImage3D
clCreateKernel
clCreateKernelsInProgram
clCreateProgramWithBinary
clCreateProgramWithSource
clCreateSampler
clCreateSubBuffer
clCreateUserEvent
clEnqueueAcquireGLObjects
clEnqueueBarrier
clEnqueueCopyBuffer
clEnqueueCopyBufferRect
clEnqueueCopyBufferToImage
clEnqueueCopyImage
clEnqueueCopyImageToBuffer
clEnqueueMapBuffer
clEnqueueMapImage
clEnqueueMarker
clEnqueueNDRangeKernel
clEnqueueNativeKernel
clEnqueueReadBuffer
clEnqueueReadBufferRect
clEnqueueReadImage
clEnqueueReleaseGLObjects
clEnqueueTask
clEnqueueUnmapMemObject
clEnqueueWaitForEvents
clEnqueueWriteBuffer
clEnqueueWriteBufferRect
clEnqueueWriteImage
clFinish
clFlush
clGetCommandQueueInfo
clGetContextInfo
clGetDeviceIDs
clGetDeviceInfo
clGetEventInfo
clGetEventProfilingInfo
clGetExtensionFunctionAddress
clGetGLObjectInfo
clGetGLTextureInfo
clGetImageInfo
clGetKernelInfo
clGetKernelWorkGroupInfo
clGetMemObjectInfo
clGetPlatformIDs
clGetPlatformInfo
clGetProgramBuildInfo
clGetProgramInfo
clGetSamplerInfo
clGetSupportedImageFormats
clReleaseCommandQueue
clReleaseContext
clReleaseEvent
clReleaseKernel
clReleaseMemObject
clReleaseProgram
clReleaseSampler
clRetainCommandQueue
clRetainContext
clRetainEvent
clRetainKernel
clRetainMemObject
clRetainProgram
clRetainSampler
clSetCommandQueueProperty
clSetEventCallback
clSetKernelArg
clSetMemObjectDestructorCallback
clSetUserEventStatus
clUnloadCompiler
clWaitForEvents

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cgm/cgm.exe
.exe windows:4 windows x86 arch:x86

4d686ef145f2c8588e0f887dc641d86d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

opencl

clBuildProgram
clCreateBuffer
clCreateCommandQueue
clCreateContextFromType
clCreateKernel
clCreateProgramWithBinary
clCreateProgramWithSource
clEnqueueNDRangeKernel
clEnqueueReadBuffer
clEnqueueWriteBuffer
clFinish
clGetDeviceIDs
clGetDeviceInfo
clGetPlatformIDs
clGetPlatformInfo
clGetProgramBuildInfo
clGetProgramInfo
clReleaseCommandQueue
clReleaseContext
clReleaseKernel
clReleaseProgram
clRetainProgram
clSetKernelArg

libcurl-4

curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_reset
curl_easy_setopt
curl_global_cleanup
curl_global_init
curl_slist_append
curl_slist_free_all

kernel32

CloseHandle
ContinueDebugEvent
CreateFileMappingA
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetConsoleScreenBufferInfo
GetCurrentProcess
GetEnvironmentVariableA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
SetConsoleCursorPosition
SetEnvironmentVariableA
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForDebugEvent
WideCharToMultiByte

msvcrt

_access
_isatty
_stat
_strdup
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_iob
_isctype
_onexit
_pctype
_setmode
_stricmp
_strnicmp
_winmajor
abort
atexit
atof
atoi
calloc
exit
fclose
fflush
fgetc
fopen
fputc
fread
free
fseek
ftell
fwrite
getenv
localeconv
localtime
malloc
mbstowcs
memchr
memcpy
memmove
memset
perror
qsort
raise
realloc
setlocale
signal
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncat
strncmp
strncpy
strstr
strtok
strtol
vfprintf
wcslen
wcstombs

libpdcurses

cbreak
clearok
delwin
doupdate
echo
endwin
getmaxx
getmaxy
halfdelay
idlok
immedok
initscr
leaveok
mvwhline
mvwprintw
newwin
nocbreak
noecho
refresh
scrollok
stdscr
vw_printw
wattroff
wattron
wclear
wclrtoeol
wgetch
wgetnstr
wnoutrefresh
wprintw
wrefresh
wresize

libpthread-2

pthread_cancel
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_create
pthread_detach
pthread_join
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_self
pthread_setcanceltype

ws2_32

WSAIoctl

Sections

.text
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cgm/example.conf
cgm/libcurl-4.dll
.dll windows:4 windows x86 arch:x86

5200e480b88a9b7c5598f2ab95ac9d33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
FreeLibrary
GetFileType
GetLastError
GetModuleHandleA
GetProcAddress
GetStdHandle
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
PeekNamedPipe
ReadFile
SetLastError
Sleep
SleepEx
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects

msvcrt

_close
_open
_read
_strdup
__dllonexit
__mb_cur_max
_errno
_fstati64
_iob
_isctype
_lseeki64
_pctype
_stati64
_stricmp
_strnicmp
_sys_nerr
_winmajor
abort
calloc
fclose
fflush
fgets
fopen
fputc
fread
free
fseek
fwrite
getenv
gmtime
malloc
mbstowcs
memchr
memcpy
memmove
qsort
realloc
setlocale
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strncmp
strncpy
strrchr
strstr
strtol
strtoul
time
tolower
vfprintf
wcstombs

wldap32

ber_free
ldap_err2stringA
ldap_first_attributeA
ldap_first_entry
ldap_get_dnA
ldap_get_values_lenA
ldap_initA
ldap_memfreeA
ldap_msgfree
ldap_next_attributeA
ldap_next_entry
ldap_search_sA
ldap_set_optionA
ldap_simple_bind_sA
ldap_sslinitA
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 560B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cgm/libpdcurses.dll
.dll windows:4 windows x86 arch:x86

ca42367814bc8b9da8a311326a6f2356

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW

kernel32

CloseHandle
CreateFileMappingA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FlushConsoleInputBuffer
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentProcess
GetCurrentProcessId
GetFileType
GetLargestConsoleWindowSize
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetProcAddress
GetStdHandle
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MapViewOfFile
MultiByteToWideChar
OpenProcess
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputA
SetConsoleActiveScreenBuffer
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleTitleA
SetConsoleWindowInfo
Sleep
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteConsoleOutputA

msvcrt

__dllonexit
__lc_codepage
__mb_cur_max
_errno
_iob
abort
atoi
calloc
clock
exit
fclose
fflush
fopen
fprintf
fputc
fread
free
fwrite
getenv
localeconv
localtime
malloc
memcpy
memmove
sprintf
sscanf
strcpy
strftime
strlen
time
vfprintf
wcslen

user32

CloseClipboard
EmptyClipboard
FindWindowA
GetClipboardData
GetKeyState
GetWindowThreadProcessId
MapVirtualKeyA
MessageBeep
OpenClipboard
SendMessageA
SetClipboardData
wsprintfA

Exports

Exports

COLORS
COLOR_PAIRS
COLS
LINES
Mouse_status
PDC_clearclipboard
PDC_debug
PDC_freeclipboard
PDC_get_input_fd
PDC_get_key_modifiers
PDC_getclipboard
PDC_return_key_modifiers
PDC_save_key_modifiers
PDC_set_blink
PDC_set_line_color
PDC_set_title
PDC_setclipboard
PDC_ungetch
SP
TABSIZE
acs_map
addch
addchnstr
addchstr
addnstr
addrawch
addstr
assume_default_colors
attr_get
attr_off
attr_on
attr_set
attroff
attron
attrset
baudrate
beep
bkgd
bkgdset
border
bottom_panel
box
can_change_color
cbreak
chgat
clear
clearok
clrtobot
clrtoeol
color_content
color_set
copywin
crmode
cur_term
curs_set
curscr
curses_version
def_prog_mode
def_shell_mode
del_curterm
del_panel
delay_output
delch
deleteln
delscreen
delwin
derwin
doupdate
draino
dupwin
echo
echochar
endwin
erase
erasechar
filter
fixterm
flash
flushinp
getattrs
getbegx
getbegy
getbkgd
getbmap
getcurx
getcury
getmaxx
getmaxy
getmouse
getnstr
getparx
getpary
getstr
getwin
halfdelay
has_colors
has_ic
has_il
has_key
hide_panel
hline
idcok
idlok
immedok
inch
inchnstr
inchstr
init_color
init_pair
initscr
innstr
insch
insdelln
insertln
insnstr
insrawch
insstr
instr
intrflush
is_linetouched
is_termresized
is_wintouched
isendwin
keyname
keypad
killchar
leaveok
longname
map_button
meta
mouse_off
mouse_on
mouse_set
mouse_trafo
mouseinterval
mousemask
move
move_panel
mvaddch
mvaddchnstr
mvaddchstr
mvaddnstr
mvaddrawch
mvaddstr
mvchgat
mvcur
mvdelch
mvdeleteln
mvderwin
mvgetch
mvgetnstr
mvgetstr
mvhline
mvinch
mvinchnstr
mvinchstr
mvinnstr
mvinsch
mvinsertln
mvinsnstr
mvinsrawch
mvinsstr
mvinstr
mvprintw
mvscanw
mvvline
mvwaddch
mvwaddchnstr
mvwaddchstr
mvwaddnstr
mvwaddrawch
mvwaddstr
mvwchgat
mvwdelch
mvwdeleteln
mvwgetch
mvwgetnstr
mvwgetstr
mvwhline
mvwin
mvwinch
mvwinchnstr
mvwinchstr
mvwinnstr
mvwinsch
mvwinsertln
mvwinsnstr
mvwinsrawch
mvwinsstr
mvwinstr
mvwprintw
mvwscanw
mvwvline
napms
nc_getmouse
new_panel
newpad
newterm
newwin
nl
nocbreak
nocrmode
nodelay
noecho
nonl
noqiflush
noraw
notimeout
overlay
overwrite
pair_content
panel_above
panel_below
panel_hidden
panel_userptr
panel_window
pechochar
pnoutrefresh
prefresh
printw
putp
putwin
qiflush
raw
raw_output
redrawwin
refresh
replace_panel
request_mouse_pos
reset_prog_mode
reset_shell_mode
resetterm
resetty
resize_term
resize_window
restartterm
ripoffline
saveterm
savetty
scanw
scr_dump
scr_init
scr_restore
scr_set
scrl
scroll
scrollok
set_curterm
set_panel_userptr
set_term
setscrreg
setsyx
setterm
setupterm
show_panel
slk_attr_off
slk_attr_on
slk_attr_set
slk_attroff
slk_attron
slk_attrset
slk_clear
slk_color
slk_init
slk_label
slk_noutrefresh
slk_refresh
slk_restore
slk_set
slk_touch
standend
standout
start_color
stdscr
subpad
subwin
syncok
term_attrs
termattrs
termname
tgetent
tgetflag
tgetnum
tgetstr
tgoto
tigetflag
tigetnum
tigetstr
timeout
top_panel
touchline
touchwin
tparm
tputs
traceoff
traceon
ttytype
typeahead
unctrl
ungetmouse
untouchwin
update_panels
use_default_colors
use_env
vid_attr
vid_puts
vidattr
vidputs
vline
vw_printw
vw_scanw
vwprintw
vwscanw
waddch
waddchnstr
waddchstr
waddnstr
waddrawch
waddstr
wattr_get
wattr_off
wattr_on
wattr_set
wattroff
wattron
wattrset
wbkgd
wbkgdset
wborder
wchgat
wclear
wclrtobot
wclrtoeol
wcolor_set
wcursyncup
wdelch
wdeleteln
wechochar
wenclose
werase
wgetch
wgetnstr
wgetstr
whline
winch
winchnstr
winchstr
winnstr
winsch
winsdelln
winsertln
winsnstr
winsrawch
winsstr
winstr
wmouse_position
wmouse_trafo
wmove
wnoutrefresh
wordchar
wprintw
wredrawln
wrefresh
wresize
wscanw
wscrl
wsetscrreg
wstandend
wstandout
wsyncdown
wsyncup
wtimeout
wtouchln
wvline

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 96B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 512B - Virtual size: 118B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 1024B - Virtual size: 859B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/71
Size: 1024B - Virtual size: 728B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/83
Size: 512B - Virtual size: 112B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/96
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/107
Size: 512B - Virtual size: 248B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cgm/libpthread-2.dll
.dll windows:4 windows x86 arch:x86

51b267abe7da0c9608e1ed8552559287

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetThreadContext
GetThreadPriority
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
LeaveCriticalSection
LoadLibraryA
OpenProcess
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__dllonexit
_beginthreadex
_endthreadex
_errno
_ftime
_iob
_setjmp
abort
calloc
exit
fflush
free
fwrite
longjmp
malloc
memcpy
vfprintf

wsock32

WSAGetLastError
WSASetLastError

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 396B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 512B - Virtual size: 85B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 505B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/71
Size: 512B - Virtual size: 361B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/83
Size: 512B - Virtual size: 56B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/96
Size: 1024B - Virtual size: 899B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/107
Size: 512B - Virtual size: 88B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cgm/phatk110817.cl
cgm/poclbm110817.cl
rb.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\researchbits\client\rb\obj\Release\rb.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 2KB - Virtual size: 2KB

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

b7684ccb37a7bc1500a9aa48943b7088

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31Certificate

Extended Key Usages

Key Usages

6c:e2:be:5c:9e:af:f1:1d:46:da:d1:72:98:0a:4c:0d:9f:90:4b:b5Signer

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 3KB - Virtual size: 3KB

4d686ef145f2c8588e0f887dc641d86d

Headers

File Characteristics

Imports

opencl

libcurl-4

kernel32

msvcrt

libpdcurses

libpthread-2

ws2_32

Sections

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31
Certificate

6c:e2:be:5c:9e:af:f1:1d:46:da:d1:72:98:0a:4c:0d:9f:90:4b:b5
Signer

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 249KB - Virtual size: 248KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 31KB - Virtual size: 30KB

.eh_fram
Size: 512B - Virtual size: 288B

.bss
Size: - Virtual size: 10KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.text
Size: 197KB - Virtual size: 197KB

.data
Size: 512B - Virtual size: 92B

.rdata
Size: 30KB - Virtual size: 30KB

.eh_fram
Size: 512B - Virtual size: 288B

.bss
Size: - Virtual size: 560B

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 1024B - Virtual size: 584B

.rdata
Size: 8KB - Virtual size: 8KB

/4
Size: 512B - Virtual size: 116B

.bss
Size: - Virtual size: 7KB

.edata
Size: 7KB - Virtual size: 7KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

/14
Size: 512B - Virtual size: 96B

/29
Size: 512B - Virtual size: 118B

/45
Size: 3KB - Virtual size: 3KB

/57
Size: 1024B - Virtual size: 859B

/71
Size: 1024B - Virtual size: 728B

/83
Size: 512B - Virtual size: 112B

/96
Size: 1KB - Virtual size: 1KB

/107
Size: 512B - Virtual size: 248B

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 512B - Virtual size: 380B

/4
Size: 512B - Virtual size: 60B