87d5d034979b0e2ffd34c6a18ab5f3b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

87d5d034979b0e2ffd34c6a18ab5f3b3_JaffaCakes118
Size

1.3MB
MD5

87d5d034979b0e2ffd34c6a18ab5f3b3
SHA1

8907967f9eca8b295d093bea7bc572a782ea1222
SHA256

ab9edb49164110482aeeef005f9746743e8eac42b8ce9afebf579d5dfd8df062
SHA512

2f05737730db20f7f69c1cdb74e980e773309510a8eda17ab07aefb5155cc0f9636417e650895020497ad66b5fb45a44fc3ab5693d82926038a5b9d9c9d2c10c
SSDEEP

24576:tSs9l6JNaNU6sB2kipSbTNMICdBTZXHyRS9WczuPKE9+8eCAo:tSsT6zExwb5MNdBTdSRS9Zun+8eC/

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PrierNewasp/Deamon.exe
unpack001/PrierNewasp/Defend.dll
unpack001/PrierNewasp/Hook.dll
unpack001/PrierNewasp/KeyboardPrier.exe
unpack001/PrierNewasp/卸载.exe

Files

87d5d034979b0e2ffd34c6a18ab5f3b3_JaffaCakes118
.rar
PrierNewasp/Deamon.exe
.exe windows:4 windows x86 arch:x86

577a4a145a6e4b6747f79f0aa0ea7fa7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
gethostbyname
setsockopt
bind
listen
htons
ntohl
accept
WSACloseEvent
send
htonl
socket
connect
closesocket
WSACreateEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACleanup
WSAEventSelect
WSARecv
WSASend
WSAStartup
ioctlsocket
ntohs
gethostname
WSAGetLastError
WSASetLastError

kernel32

CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
SetStdHandle
VirtualAlloc
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
UnmapViewOfFile
GetTickCount
MapViewOfFile
CloseHandle
GetLastError
CreateMutexA
SetCurrentDirectoryA
TerminateProcess
Sleep
CreateProcessA
CreateThread
CreateFileMappingA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentThreadId
CreateDirectoryA
GetModuleFileNameA
SetEnvironmentVariableA
InterlockedDecrement
WaitForSingleObject
InterlockedIncrement
InterlockedExchange
PulseEvent
SetLastError
FormatMessageA
GetVersion
GetVersionExW
DeleteFileW
MoveFileExW
MoveFileW
MultiByteToWideChar
GetFileAttributesW
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
WriteFile
GetDiskFreeSpaceW
GetFileInformationByHandle
FlushFileBuffers
WideCharToMultiByte
GetTempPathW
GetEnvironmentVariableW
OpenFileMappingW
CreateFileMappingW
GetSystemTime
SetEvent
CreateMutexW
ReleaseMutex
SignalObjectAndWait
ResetEvent
FindClose
FindNextFileW
FindFirstFileW
GetSystemInfo
LockFileEx
LockFile
QueryPerformanceCounter
VirtualFree
HeapCreate
CreateEventW
UnlockFile
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetCurrentProcessId
GetFullPathNameA
GetFileType
CreateFileA
GetTimeZoneInformation
GetCurrentDirectoryA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
DeleteCriticalSection
HeapDestroy

user32

GetMessageA
GetKeyNameTextA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Sections

.text
Size: 740KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PrierNewasp/Defend.dll
.exe windows:4 windows x86 arch:x86

6db9210c5a55bf71cfbe36b9122b6ed3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CloseHandle
GetLastError
CreateMutexA
CreateProcessA
GetModuleFileNameA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PrierNewasp/Hook.dll
.dll windows:4 windows x86 arch:x86

3bbca40e43525864292083bef6280824

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

kernel32

MapViewOfFile
UnmapViewOfFile
CloseHandle
OpenFileMappingA
LCMapStringW
LCMapStringA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA

Exports

Exports

HookStart
HookStop

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inidata
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PrierNewasp/KeyboardPrier.exe
.exe windows:4 windows x86 arch:x86

5523d60bd999495847c4d8e9b13c2f3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
WSAStartup
WSASend
WSARecv
WSAEventSelect
WSACleanup
ntohs
WSAWaitForMultipleEvents
WSACreateEvent
closesocket
connect
socket
htonl
send
gethostname
WSAGetLastError
WSAEnumNetworkEvents
ntohl
WSACloseEvent
accept
inet_addr
gethostbyname
setsockopt
bind
listen
htons
WSASetLastError

kernel32

FreeResource
GlobalFree
GlobalUnlock
GlobalLock
GetVersionExA
GetProcAddress
GetModuleHandleA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentProcessId
MulDiv
LocalFree
GlobalAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
GetThreadLocale
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
CreateFileA
GetModuleFileNameW
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
FindFirstFileA
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
GetFileAttributesA
GetFileTime
SetErrorMode
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
GetFileType
GetTimeZoneInformation
ExitProcess
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FindNextFileA
RemoveDirectoryA
LockFile
LockFileEx
UnlockFile
GetSystemInfo
FindFirstFileW
FindNextFileW
FindClose
Sleep
ResetEvent
SignalObjectAndWait
ReleaseMutex
CreateMutexW
SetEvent
GetSystemTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTempPathW
FlushFileBuffers
GetFileInformationByHandle
GetDiskFreeSpaceW
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
CreateFileW
GetFileAttributesW
MoveFileW
MoveFileExW
DeleteFileW
GetCurrentThreadId
GetVersionExW
FormatMessageA
SetLastError
PulseEvent
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
CreateEventW
GetModuleFileNameA
CreateProcessA
CreateMutexA
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
GetEnvironmentVariableW
DeleteFileA
SetCurrentDirectoryA
CloseHandle
CreateThread
WinExec
lstrlenA
lstrcatA
lstrcpyA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GlobalHandle

user32

ShowWindow
GetWindowThreadProcessId
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
BeginPaint
EndPaint
WindowFromPoint
GetCursorPos
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
DestroyMenu
GetSysColorBrush
UnregisterClassA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
MoveWindow
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CharUpperA
RemoveMenu
GetMenuItemCount
ClientToScreen
GetSubMenu
LoadMenuA
FrameRect
CopyRect
CopyIcon
LoadCursorA
InflateRect
ReleaseDC
GetDC
GetParent
InvalidateRect
SendMessageA
SetWindowLongA
SetCursor
SetCapture
RedrawWindow
ReleaseCapture
PtInRect
SetWindowTextA
IsDialogMessageA
MessageBeep
GetSysColor
GetKeyState
GetWindowRect
GetClientRect
IsWindow
EnableWindow
GetMenuItemID

gdi32

SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetBkMode
DeleteDC
CreateSolidBrush
DeleteObject
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextColor
GetBkColor
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegQueryValueA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oleaut32

VariantClear
VariantInit
VariantChangeType

wsock32

recv

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 848KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PrierNewasp/KeyboardPrier.txt
PrierNewasp/卸载.exe
.exe windows:4 windows x86 arch:x86

92a3000d16d6756e2e862a588daf7797

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetModuleFileNameW
GetCurrentDirectoryA
GlobalFlags
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FreeResource
MoveFileA
GetFileSize
GetThreadLocale
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
CreateFileA
GetAtomNameA
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetDriveTypeA
EnterCriticalSection
GetSystemTimeAsFileTime
GetLocalTime
SetLocalTime
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetFileType
GetTimeZoneInformation
ExitProcess
ExitThread
HeapSize
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
DebugBreak
SetCurrentDirectoryA
GetACP
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetLocaleInfoW
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcessId
GlobalAddAtomA
CreateEventA
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
MulDiv
LockFile
LockFileEx
UnlockFile
GetSystemInfo
FindFirstFileW
FindNextFileW
ResetEvent
SignalObjectAndWait
ReleaseMutex
CreateMutexW
SetEvent
CreateThread
GetSystemTime
CreateFileMappingW
OpenFileMappingW
GetTempPathW
FlushFileBuffers
GetFileInformationByHandle
GetDiskFreeSpaceW
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
CreateFileW
GetFileAttributesW
MoveFileW
MoveFileExW
DeleteFileW
GetCurrentThreadId
GetVersionExW
FormatMessageA
SetLastError
PulseEvent
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
CreateEventW
FindFirstFileA
FindNextFileA
FindClose
InterlockedCompareExchange
RemoveDirectoryA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetWindowsDirectoryA
GetModuleFileNameA
Sleep
DeleteFileA
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryA
InterlockedExchange

user32

SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
CopyRect
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetDesktopWindow
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
DeleteMenu
LoadCursorA
InflateRect
GetDC
ReleaseDC
TrackPopupMenu
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
UnregisterClassA
DestroyIcon
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageA
PostQuitMessage
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
PostThreadMessageA
MessageBoxA
CharUpperW
CharUpperA
CharLowerW
CharLowerA
TrackPopupMenuEx
GetDialogBaseUnits
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
DestroyMenu
GetSysColor
GetMenuItemInfoA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetSystemMetrics
ScrollWindow
SetWindowPos

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetObjectA
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ModifyWorldTransform
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CreateFontIndirectA
GetTextExtentPoint32A
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsA
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
CreateDCA
SetWindowOrgEx
GetDeviceCaps
CopyMetaFileA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegSetValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegCreateKeyA

shell32

SHGetFileInfoA
ExtractIconA

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

ole32

CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
CoCreateInstance
StringFromGUID2
CLSIDFromString

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysStringByteLen
SysStringLen
SysAllocStringByteLen
SysFreeString
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
SafeArrayGetElemsize

ws2_32

bind
listen
htons
ntohl
accept
WSACloseEvent
setsockopt
htonl
socket
connect
closesocket
WSACreateEvent
WSAWaitForMultipleEvents
gethostbyname
inet_addr
send
WSAEnumNetworkEvents
WSACleanup
WSASetLastError
WSAGetLastError
gethostname
ntohs
ioctlsocket
WSAStartup
WSASend
WSARecv
WSAEventSelect

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

577a4a145a6e4b6747f79f0aa0ea7fa7

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 740KB - Virtual size: 736KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 176B

6db9210c5a55bf71cfbe36b9122b6ed3

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 176B

3bbca40e43525864292083bef6280824

Headers

File Characteristics

Imports

imm32

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

.inidata Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 4KB - Virtual size: 3KB

5523d60bd999495847c4d8e9b13c2f3c

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

wsock32

iphlpapi

Sections

.text Size: 848KB - Virtual size: 844KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 24KB - Virtual size: 23KB

92a3000d16d6756e2e862a588daf7797

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

.text
Size: 740KB - Virtual size: 736KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.inidata
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 848KB - Virtual size: 844KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 164KB - Virtual size: 161KB

.data
Size: 16KB - Virtual size: 29KB

.idata
Size: 16KB - Virtual size: 15KB

.didat
Size: 4KB - Virtual size: 793B

.rsrc
Size: 44KB - Virtual size: 42KB