890b5c767c714c2108153a8ef0da8be8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

890b5c767c714c2108153a8ef0da8be8_JaffaCakes118
Size

1.0MB
MD5

890b5c767c714c2108153a8ef0da8be8
SHA1

112afd22ec101d3a0dbc03610bf079d87257b090
SHA256

837b17ae52d356f7aa2fb6149494ed7b4b362227e8e986f609b0eebf4c545fd0
SHA512

0fe8df850b9a3b1d847d40f42a10d5a437214a7e91296c78d1e0fe5cd342b248ac1fbb9814842ec421175c16f543d0227fe3c5eebccb3aac247b63956e4dcd81
SSDEEP

24576:CT20y6esARBh48qXQ9i32Ld+A8sJNnRirUqld7zABnhKV:CTuTsAd4hA9imLOsJCXTAGV

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PECompact2/PEC2.exe
unpack001/PECompact2/lzma.exe
unpack001/PECompact2/pec2codec_aplib.dll
unpack001/PECompact2/pec2codec_brieflz.dll
unpack001/PECompact2/pec2codec_copy.dll
unpack001/PECompact2/pec2codec_crc32.dll
unpack001/PECompact2/pec2codec_ffce.dll
unpack001/PECompact2/pec2codec_inv.dll
unpack001/PECompact2/pec2codec_jcalg1.dll
unpack001/PECompact2/pec2codec_lzma.dll
unpack001/PECompact2/pec2codec_lzma2.dll
unpack001/PECompact2/pec2codec_messagebox.dll
unpack001/PECompact2/pec2codec_password.dll
unpack001/PECompact2/pec2ldr_default.dll
unpack001/Parser2.RUS
unpack001/Parser2.exe
unpack001/pinch3 Builder.exe

Files

890b5c767c714c2108153a8ef0da8be8_JaffaCakes118
.zip
Log.txt
PECompact2/PEC2.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 99KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/lzma.exe
.exe windows:4 windows x86 arch:x86

7172c0c567e5445003be7b3bd3a52b27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA
CharUpperW

kernel32

GetCommandLineA
GetVersion
GetStringTypeW
GetStringTypeA
LCMapStringA
GetVersionExA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
ReadFile
GetStdHandle
WriteFile
CreateFileA
CloseHandle
GetFileSize
SetFilePointer
SetEndOfFile
HeapAlloc
HeapFree
RtlUnwind
RaiseException
LCMapStringW
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_aplib.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_brieflz.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_copy.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_crc32.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_ffce.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_inv.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 19KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_jcalg1.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 16KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_lzma.dll
.dll windows:4 windows x86 arch:x86

c586ef6d782cd24e07987e632418322e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

UnregisterClassA

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 37KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_lzma2.dll
.dll windows:4 windows x86 arch:x86

f45f21915f5ffbdc59c680ca2dc627c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

MessageBoxA

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 28KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_messagebox.dll
.dll windows:4 windows x86 arch:x86

c49cb99c679d168e9fb1e6c64d97776c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SendMessageA

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2codec_password.dll
.dll windows:4 windows x86 arch:x86

83f729c44a3bd7fdd8137ade5c006f2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

PostMessageA

Exports

Exports

CodecGetProcAddress
GetNumberOfCodecs

Sections

.text
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PECompact2/pec2ldr_default.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

GetAuthorName
GetCompileTimeKnownPECVersion
GetCompiledOffsetOfDecoderStub
GetDecompressionStubSize
GetEntryPointStubSize
GetLoaderName
GetLoaderSize
GetPointerToDecompressionStub
GetPointerToEntryPointStub
GetPointerToLoader
GetSupportedFeatureFlags
SetUsedFeatureFlags

Sections

.text
Size: 20KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Parser2.RUS
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_MEM_READ
Parser2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

v20
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

v21
Size: 611KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

v22
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pinch3 Builder.exe
.exe windows:4 windows x86 arch:x86

aa4919cb7cd7dc9b39e44346c9f9e292

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetProcAddress
LoadLibraryA
lstrcpyA
GetFileAttributesA
lstrlenA
GetModuleFileNameA
DeleteFileA
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
WriteFile
CreateFileA
SizeofResource
LoadResource
FindResourceA
Sleep
GetExitCodeProcess
CreateProcessA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapFree
VirtualFree
HeapCreate
GetStringTypeW
HeapDestroy
GetFileType
GetStdHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

SetTimer
DialogBoxParamA
SendMessageA
SendDlgItemMessageA
wsprintfA
CheckDlgButton
GetWindowLongA
SetWindowLongA
LoadIconA
MessageBoxIndirectA
IsDlgButtonChecked
MessageBoxA
GetDlgItem
EnableWindow
KillTimer
DestroyWindow

comdlg32

GetSaveFileNameA

Sections

.text
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 99KB - Virtual size: 260KB

.rsrc Size: 5KB - Virtual size: 8KB

7172c0c567e5445003be7b3bd3a52b27

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 21KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

09d0478591d4f788cb3e5ea416c25237

Headers

.text
Size: 99KB - Virtual size: 260KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 21KB

.text
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 1KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 1024B - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 1KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 19KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 104KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 80KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 3KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B