8765e973e5ed757b2aa7f18690aad751_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8765e973e5ed757b2aa7f18690aad751_JaffaCakes118
Size

910KB
MD5

8765e973e5ed757b2aa7f18690aad751
SHA1

264e76704b49458bea0a32c01923010ce19a7231
SHA256

1f7fae0a75b5894c667078a055ec4d8e5b4fc70f2b7c60cd2e8f27696b507adc
SHA512

5398943e67d0d1e0f2da5a4567e45075cb3c66bd0139c1d9a67adbc9d000e1a9ecc9c781ee31d8a7b59e2862481d894dfcd21a6719ceb57d89ce05ad1ea34eed
SSDEEP

24576:oQ4+jz+tgbbVq7DyKQITXaNnj7wP12PIm/VMxskFAd:S+fXVq7D1Qfj782VmOd

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/nwwf/TASM32.EXE
unpack001/nwwf/TLINK32.EXE
unpack001/nwwf/VB40032.DLL
unpack001/nwwf/nwwf.exe

Files

8765e973e5ed757b2aa7f18690aad751_JaffaCakes118
.zip
nwwf/IMPORT32.LIB
nwwf/TASM32.EXE
.exe windows:1 windows x86 arch:x86

4d4975372a0a6bc337783ec500f55f2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateFileA
DeleteFileA
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetStdHandle
ReadFile
SetFilePointer
VirtualAlloc
VirtualFree
WriteFile
CloseHandle

Sections

CODE
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 34KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nwwf/TLINK32.EXE
.exe windows:1 windows x86 arch:x86

ac20a75c815ef2f23df2514e59356ce0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLocalTime
DeleteFileA
ExitProcess
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
CreateFileA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
FreeLibrary
FileTimeToDosDateTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetTimeZoneInformation
GetVersion
LoadLibraryA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
WritePrivateProfileStringA
GetLastError

user32

MessageBoxA
EnumThreadWindows

Exports

Exports

__GetExceptDLLinfo

Sections

CODE
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 25KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nwwf/VB40032.DLL
.dll windows:1 windows x86 arch:x86

06ed768e6bcd71b31fe8f6ef81e5cd28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt20

_CIexp
_except_handler3
_adjust_fdiv
_initterm
_onexit
__dllonexit
strtoul
_ultoa
atol
_ltoa
exit
_isatty
memcpy
wcslen
_chdrive
_getdrive
strchr
memmove
getenv
_clearfp
_ftol
_chdir
_errno
_getdcwd
_chmod
strncpy
_access
_getcwd
free
__p__pctype
modf
_splitpath
memchr
floor
_CIpow
_adj_fdivr_m32
_adj_fdiv_r
_adj_fdiv_m32i
_adj_fdivr_m64
_adj_fdiv_m64
_adj_fdiv_m32
__p__environ
__p__wenviron
_wgetenv
qsort
_adj_fpatan
_locking
_close
_lseek
_write
_read
_sopen
rename
_purecall
remove
_rmdir
_mkdir
_findfirst
_findnext
_findclose
__doserrno
_commit
wcstod
strtod
wcspbrk
wcsncmp
_fcvt
_ecvt
_itoa
strstr
toupper
strpbrk
strrchr
iswctype
wcschr
wcscat
_wcsicmp
atoi
wcscmp
wcsncpy
_isctype
__p___mb_cur_max
malloc
wcscpy
_strnicmp
_fpreset
_statusfp
_exit

kernel32

CreateFileMappingA
LocalAlloc
LocalFree
SetHandleCount
GetSystemDirectoryA
SetErrorMode
GetCurrentProcessId
FileTimeToLocalFileTime
Sleep
GetSystemTime
LoadLibraryExA
GlobalDeleteAtom
ExitProcess
UnhandledExceptionFilter
GetStartupInfoA
CloseHandle
SetLocalTime
VirtualProtect
GetVersionExA
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
LoadLibraryW
LCMapStringA
LCMapStringW
CompareStringW
GetUserDefaultLangID
GetSystemDefaultLangID
CreateProcessW
RtlUnwind
RaiseException
FormatMessageW
WinExec
GetVersion
GetCurrentProcess
FlushInstructionCache
CompareStringA
lstrcmpiW
MultiByteToWideChar
CreateProcessA
GetUserDefaultLCID
GetLocaleInfoA
FreeResource
WaitForSingleObject
GetExitCodeProcess
VirtualFree
VirtualQuery
VirtualAlloc
GetCurrentThreadId
GlobalSize
WideCharToMultiByte
GetProfileStringA
GetModuleHandleA
GlobalAddAtomA
SearchPathA
GlobalReAlloc
GetFileAttributesA
CreateFileA
GetFullPathNameA
SetLastError
GetFileType
GlobalHandle
SizeofResource
FindResourceA
LoadResource
LockResource
_lwrite
_lread
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
_llseek
GetLastError
_lclose
MulDiv
GetPrivateProfileStringA
IsBadReadPtr
SetCurrentDirectoryA
lstrcmpiA
GetTickCount
GetVolumeInformationA
GetDriveTypeA
GetCurrentDirectoryA
GetShortPathNameA
FindFirstFileA
FindClose
GlobalAlloc
lstrcatA
IsDBCSLeadByte
lstrlenA
GlobalFree
GlobalLock
lstrcpyA
GlobalUnlock
lstrcmpA
GetProcAddress
GetModuleFileNameA
LoadLibraryA
GetLocalTime
FreeLibrary
SetFileAttributesA
GetCommandLineA

user32

SendDlgItemMessageA
ClientToScreen
ScreenToClient
GetMessagePos
FillRect
GetMessageTime
ReleaseDC
SetWindowPos
GetClassNameA
GetParent
InvalidateRect
UpdateWindow
SetMenuDefaultItem
DispatchMessageA
GetDoubleClickTime
TrackPopupMenu
UnhookWindowsHookEx
EnableWindow
IsWindow
PostMessageA
CallWindowProcA
GetWindow
CharNextA
InflateRect
DrawFocusRect
CharPrevA
LoadBitmapA
GetWindowTextA
CopyRect
CharLowerA
GetCaretPos
KillTimer
SetCaretPos
GetWindowDC
DestroyIcon
CharUpperA
IsIconic
GetWindowTextLengthA
IsZoomed
SetFocus
DrawMenuBar
DestroyMenu
WinHelpA
DefMDIChildProcA
SetActiveWindow
FindWindowW
CharUpperBuffA
CharUpperBuffW
LoadStringW
SetWindowsHookExW
CharLowerBuffW
VkKeyScanW
GetKeyboardState
keybd_event
SetKeyboardState
GetForegroundWindow
GetWindowLongA
VkKeyScanA
DeferWindowPos
EndDeferWindowPos
MoveWindow
BeginDeferWindowPos
GetClientRect
GetSystemMenu
IsWindowVisible
SetWindowTextA
wsprintfA
WaitForInputIdle
CloseClipboard
EmptyClipboard
OpenClipboard
SetScrollRange
ShowWindow
IsClipboardFormatAvailable
GetKeyState
IsChild
GetCapture
GetFocus
SendMessageA
MapWindowPoints
GetWindowRect
DdeConnect
DdeFreeStringHandle
DdeFreeDataHandle
DdeCreateStringHandleA
DdeNameService
DdeQueryStringA
DdeQueryConvInfo
DdeUninitialize
DdeInitializeA
DdeSetUserHandle
FindWindowA
SetWindowLongA
SetRect
CharToOemA
LoadStringA
UnregisterClassA
SetWindowWord
GetClassLongA
DestroyWindow
GetAsyncKeyState
SetPropA
GetPropA
RemovePropA
GetTabbedTextExtentA
CreateIcon
CreateCursor
EnumClipboardFormats
DestroyCursor
GetCursor
LoadIconA
IsDialogMessageA
IsRectEmpty
CreateDialogParamA
GetLastActivePopup
PostQuitMessage
MessageBeep
DialogBoxParamA
MessageBoxA
DrawIcon
EndDialog
SetDlgItemTextA
CreatePopupMenu
GetMenu
OffsetRect
BringWindowToTop
LoadAcceleratorsA
TranslateMDISysAccel
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemBuffA
OemToCharA
ShowCursor
PostThreadMessageA
WaitMessage
CallNextHookEx
SetWindowsHookExA
RegisterWindowMessageA
AttachThreadInput
DdeClientTransaction
DdeAbandonTransaction
DdePostAdvise
DdeCreateDataHandle
DdeGetData
DdeGetLastError
SetCursor
PtInRect
SetMenu
DdeDisconnect
GetUpdateRgn
SetCapture
WindowFromPoint
ReleaseCapture
GetScrollPos
SetParent
SetTimer
LoadCursorA
SetScrollPos
SetCursorPos
GetClipboardData
SetClipboardData
SetForegroundWindow
PeekMessageA
GetCursorPos
CheckMenuItem
ModifyMenuA
GetMenuState
GetMenuItemID
GetDlgItem
GetSubMenu
GetMenuStringA
AppendMenuA
GetMenuItemCount
DeleteMenu
RegisterClassA
DefFrameProcA
TabbedTextOutA
IntersectRect
IsWindowEnabled
TranslateMessage
RemoveMenu
EnableMenuItem
GetActiveWindow
InsertMenuA
GetClassInfoA
DrawTextA
GetDC
CharLowerBuffA
GetSystemMetrics
GetSysColor
FrameRect
ValidateRect
CreateMenu
CreateWindowExA
SetWindowContextHelpId
BeginPaint
EndPaint
DefWindowProcA
GetDesktopWindow
GetWindowThreadProcessId

gdi32

OffsetWindowOrgEx
SaveDC
CreateSolidBrush
GetTextExtentPointA
UnrealizeObject
SetBkColor
CreateHatchBrush
CreatePen
SelectObject
SetTextColor
SetBrushOrgEx
PatBlt
StretchBlt
ExtTextOutA
GetClipBox
RealizePalette
SetBkMode
GetTextMetricsA
GetStockObject
GetViewportExtEx
GetDeviceCaps
SelectPalette
MoveToEx
SetROP2
GetObjectA
RestoreDC
GetROP2
LineTo
CreateCompatibleBitmap
IntersectClipRect
Escape
RoundRect
CreateCompatibleDC
DeleteDC
CombineRgn
Ellipse
CreateDCA
ExcludeClipRect
SetRectRgn
Rectangle
GetWindowExtEx
SetWindowOrgEx
CreateRectRgn
TextOutA
SetAbortProc
BitBlt
EnumFontsA
CreateBrushIndirect
Arc
CreatePenIndirect
SetStretchBltMode
GetPixel
Pie
StretchDIBits
CreateBitmap
GetBitmapBits
CopyEnhMetaFileA
CreatePalette
CopyMetaFileA
CreateDIBitmap
GetPaletteEntries
GetNearestColor
ScaleViewportExtEx
SetViewportExtEx
GetDIBits
SetWindowExtEx
SetMapMode
SetViewportOrgEx
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
SelectClipRgn
CreateRectRgnIndirect
PlayMetaFile
CreateICA
EndDoc
StartPage
EndPage
AbortDoc
ResetDCA
CreatePatternBrush
StartDocA
DeleteObject
GetBkColor

advapi32

RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExA
RegCloseKey
RegQueryValueW
RegEnumValueA
RegEnumValueW
RegEnumKeyW
RegDeleteValueA
RegOpenKeyA
RegDeleteKeyW
RegOpenKeyW
RegSetValueExA
RegSetValueExW
RegSetValueW
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegQueryValueA

ole32

OleCreateFromFile
OleQueryCreateFromData
ReadClassStm
OleSaveToStream
CoIsOle1Class
OleDoAutoConvert
OleLoad
OleSave
OleQueryLinkFromData
MkParseDisplayName
CoLockObjectExternal
CreateILockBytesOnHGlobal
OleDuplicateData
CoGetMalloc
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleBuildVersion
BindMoniker
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
OleCreateLinkToFile
GetClassFile
CLSIDFromProgID
OleGetAutoConvert
IsAccelerator
CoCreateInstance
OleSetMenuDescriptor
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
ReadClassStg
WriteClassStg
OleRun
CreateBindCtx
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
ReleaseStgMedium
OleIsRunning
StgCreateDocfile
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
ProgIDFromCLSID
StringFromCLSID
StringFromGUID2
CoFreeUnusedLibraries
CoGetClassObject
IsValidInterface
CoDisconnectObject
CreateStreamOnHGlobal
OleUninitialize
StgIsStorageILockBytes

oleaut32

RegisterTypeLi
SafeArrayGetLBound
DispInvoke
VariantInit
VariantChangeType
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysFreeString
SysAllocStringByteLen
SysStringLen
SysAllocString
SafeArrayDestroy
SysStringByteLen
GetErrorInfo
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
LoadRegTypeLi
LoadTypeLi
CreateDispTypeInfo
DispGetIDsOfNames
OaBuildVersion
VarUI1FromI2
SafeArrayGetUBound
GetActiveObject
VarBstrFromDate
VarBstrFromR4
SafeArrayLock
SafeArrayUnlock
VariantCopy
VariantCopyInd
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayDestroyData
RevokeActiveObject
VarDateFromStr
VarR8FromStr
VarCyFromStr
VarBstrFromCy
VarI2FromStr
VarCyFromR8
SysReAllocStringLen
SafeArrayPutElement
VariantChangeTypeEx
SafeArrayGetElement
SafeArrayGetDim
SafeArrayRedim
VarCyFromI4
VarBstrFromI2
VarBstrFromI4
VarBstrFromR8
SysReAllocString
VarI4FromStr
VarI4FromR8
VarR4FromStr
VarI2FromI4
VarR4FromR8

olepro32

ord254
ord252
ord248
ord251
ord250
ord253

Exports

Exports

AssignRecord
CopyRecord
CreateIExprSrvObj
DestructRecord
DllFunctionCall
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbResetProject
EbResetProjectNormal
GetMem1
GetMem2
GetMem4
GetMem8
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
IntlInitializeTable
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceProject
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFixVar
rtcFreeFile
rtcGetAllSettings
rtcGetDateBstr
rtcGetDateValue
rtcGetDateVar
rtcGetDayOfMonth
rtcGetDayOfWeek
rtcGetErl
rtcGetFileAttr
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetObject
rtcGetPresentDate
rtcGetProjectLCID
rtcGetSecondOfMinute
rtcGetSetting
rtcGetTimeBstr
rtcGetTimeValue
rtcGetTimeVar
rtcGetTimer
rtcGetYear
rtcHexBstrFromVar
rtcHexVarFromVar
rtcIMEStatus
rtcIPMT
rtcIRR
rtcImmediateIf
rtcInStr
rtcInStrChar
rtcInputBox
rtcInputCharCount
rtcInputCharCountVar
rtcInputCount
rtcInputCountVar
rtcIntVar
rtcIsArray
rtcIsDate
rtcIsEmpty
rtcIsError
rtcIsMissing
rtcIsNull
rtcIsNumeric
rtcIsObject
rtcKillFiles
rtcLeftBstr
rtcLeftCharBstr
rtcLeftCharVar
rtcLeftTrimBstr
rtcLeftTrimVar
rtcLeftVar
rtcLenCharVar
rtcLenVar
rtcLog
rtcLowerCaseBstr
rtcLowerCaseVar
rtcMIRR
rtcMacId
rtcMakeDir
rtcMidBstr
rtcMidCharBstr
rtcMidCharVar
rtcMidVar
rtcMsgBox
rtcNPV
rtcNPer
rtcOctBstrFromVar
rtcOctVarFromVar
rtcPMT
rtcPPMT
rtcPV
rtcPackDate
rtcPackTime
rtcPartition
rtcQBColor
rtcR8ValFromBstr
rtcRandomNext
rtcRandomize
rtcRate
rtcRemoveDir
rtcRgb
rtcRightBstr
rtcRightCharBstr
rtcRightCharVar
rtcRightTrimBstr
rtcRightTrimVar
rtcRightVar
rtcSLN
rtcSYD
rtcSaveSetting
rtcSendKeys
rtcSetDateBstr
rtcSetDateVar
rtcSetFileAttr
rtcSetTimeBstr
rtcSetTimeVar
rtcSgnVar
rtcShell
rtcSin
rtcSpaceBstr
rtcSpaceVar
rtcSqr
rtcStrConvVar
rtcStrFromVar
rtcStringBstr
rtcStringVar
rtcSwitch
rtcTan
rtcTrimBstr
rtcTrimVar
rtcTypeName
rtcUpperCaseBstr
rtcUpperCaseVar
rtcVarBstrFromAnsi
rtcVarBstrFromByte
rtcVarBstrFromChar
rtcVarDateFromVar
rtcVarFromError
rtcVarFromFormatVar
rtcVarFromVar
rtcVarStrFromVar
rtcVarType

Sections

.text
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nwwf/nwwf.exe
.exe windows:4 windows x86 arch:x86

0fa4a8e0d350c138054d7e825a03db63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

vb40032

ord100
ord199
ord529
ord595
ord300
ord600
ord306

Sections

.text
Size: 864KB - Virtual size: 868KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d4975372a0a6bc337783ec500f55f2f

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: 121KB - Virtual size: 124KB

DATA Size: 34KB - Virtual size: 60KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: 17KB - Virtual size: 20KB

ac20a75c815ef2f23df2514e59356ce0

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 163KB - Virtual size: 164KB

DATA Size: 25KB - Virtual size: 96KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 12KB

06ed768e6bcd71b31fe8f6ef81e5cd28

Headers

File Characteristics

Imports

msvcrt20

kernel32

user32

gdi32

advapi32

ole32

oleaut32

olepro32

Exports

Exports

Sections

.text Size: 515KB - Virtual size: 515KB

ENGINE Size: 45KB - Virtual size: 44KB

.bss Size: - Virtual size: 7KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 35KB - Virtual size: 35KB

.idata Size: 15KB - Virtual size: 14KB

.edata Size: 12KB - Virtual size: 11KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 35KB - Virtual size: 35KB

0fa4a8e0d350c138054d7e825a03db63

Headers

File Characteristics

Imports

vb40032

Sections

.text Size: 864KB - Virtual size: 868KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 10KB - Virtual size: 12KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

CODE
Size: 121KB - Virtual size: 124KB

DATA
Size: 34KB - Virtual size: 60KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 17KB - Virtual size: 20KB

CODE
Size: 163KB - Virtual size: 164KB

DATA
Size: 25KB - Virtual size: 96KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 12KB

.text
Size: 515KB - Virtual size: 515KB

ENGINE
Size: 45KB - Virtual size: 44KB

.bss
Size: - Virtual size: 7KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 35KB - Virtual size: 35KB

.idata
Size: 15KB - Virtual size: 14KB

.edata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 35KB - Virtual size: 35KB

.text
Size: 864KB - Virtual size: 868KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 12KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB