89e5cd932526b6d48ce7fc31a0cb3369_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89e5cd932526b6d48ce7fc31a0cb3369_JaffaCakes118
Size

1.2MB
MD5

89e5cd932526b6d48ce7fc31a0cb3369
SHA1

829c2befe8439d1bb83f9fc762d06b1050b080fd
SHA256

a9a2709993baef21b4667c1a0f1d27604c644d73a29a388443858203d0857786
SHA512

9a9669951a3e84da54f5f842d85774e5aee68963a1fbb5a4895ea044b502c3d8f09d40a4d98bbe68a9ea8214876f5d2e424649a63add687ac529646226266493
SSDEEP

12288:L8T4ZmvMQnn8DEtbAiRk2114p9qf9F48GiBQWj09x5PdwBJZSlIHKKYS+/QkvB+3:L8T4ZmvM62un9NGYjo9NkJZGfS+/fCj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89e5cd932526b6d48ce7fc31a0cb3369_JaffaCakes118

Files

89e5cd932526b6d48ce7fc31a0cb3369_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d426a93197947de351aa5402400d0f37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ssleay32

ord78
ord108
ord77
ord183
ord74
ord12
ord110
ord8
ord43
ord75
ord87
ord96
ord48

libeay32

ord254
ord298
ord224
ord2604

dvsskin

ord55
ord56
ord13
ord42
ord44
ord6
ord45
ord47
ord46
ord1
ord41
ord32
ord57
ord5
ord43
ord49
ord48
ord53
ord58
ord14
ord52
ord19
ord9
ord50
ord51
ord54
ord8
ord39
ord16

dvsndkex

?StartChannel@CNetSDK@@QAEHHPBD0H@Z
?SetToolsProc@CNetSDK@@QAEXP6GXPAXIHHHPAEK@Z@Z
?SetGeneralProc@CNetSDK@@QAEXP6GXPAXHHHHHHPAEK01@Z@Z
?SetChannelInfo@CNetSDK@@QAEHIIH@Z
?AddSiteInfo@CNetSDK@@QAEHPBD000HIIII@Z
?Initialize@CNetSDK@@QAEXPAVCWnd@@@Z
??0CNetSDK@@QAE@XZ
??1CNetSDK@@UAE@XZ
?RequestRelayInfo@CNetSDK@@QAEHHHH@Z
?RequestImageInfo@CNetSDK@@QAEHHPAU_tagCOLORHEADER@@@Z
?Uninitialize@CNetSDK@@QAEXXZ
?StopSetup@CNetSDK@@QAEXI@Z
?CheckSetupLogin@CNetSDK@@QAEHIPBD0@Z
?RequestSetupData@CNetSDK@@QAEHIHPBD@Z
?StartSetup@CNetSDK@@QAEHIPBD0@Z
?SetSetupProc@CNetSDK@@QAEXP6GXPAXIHPAEK@Z@Z
?StopChannel@CNetSDK@@QAEXHH@Z

sharememinterface

SMI_ReadCurrentEncodeInfoEx
SMI_ReadCurrentImageInfoEx
SMI_ReadMotionInfo

panutil

ord9
ord20
ord25
ord10
ord15
ord26
ord11

datautils

??0CDataUtilsExt@@QAE@XZ
?GetDatabasePassword@CDataUtilsExt@@QAEKPADK@Z
?GetDatabaseUser@CDataUtilsExt@@QAEKPADK@Z
??1CDataUtilsExt@@UAE@XZ
?GetDatabaseServer@CDataUtilsExt@@QAEKPADK@Z
?GetDatabasePath@CDataUtilsExt@@QAEKPADK@Z
?GetDatabaseType@CDataUtilsExt@@QAEHXZ
?LoadData@CDataUtilsExt@@QAEHH@Z
?SetUseDatabase@CDataUtilsExt@@QAEXHHHPBD000@Z
?GetCreateDatabaseQuery@CDataUtilsExt@@QAEKHPBDPADK@Z
?GetCreateQuery@CDataUtilsExt@@QAEKHPADK@Z
?GetDropQuery@CDataUtilsExt@@QAEKHPADK@Z
?GetTableName@CDataUtilsExt@@QAEKPADK@Z
?GetConnectionString@CDataUtilsExt@@QAEKPADK@Z
?CreateDatabase@CDataUtilsExt@@QAEHHHPBD@Z
?SetUserTableElements@CDataUtilsExt@@QAEHHPAU_tagUSERTABLEINFO@@K@Z
?GetUserDropQueryEx@CDataUtilsExt@@QAEKHPADK@Z
?GetUserTableElementsCount@CDataUtilsExt@@QAEKH@Z
?GetDatabaseTypeEx@CDataUtilsExt@@QAEHH@Z
?SetXmlParserFile@CDataUtilsExt@@QAEXHPBD@Z
?GetItemSearchElementByIndex@CDataUtilsExt@@QAEHHIPAU_tagITEMSEARCHINFO@@@Z
?GetItemSearchElementsCount@CDataUtilsExt@@QAEKH@Z
?GetUseUserTable@CDataUtilsExt@@QAEHH@Z
?GetUseXmlParser@CDataUtilsExt@@QAEHH@Z
?GetXmlParserFile@CDataUtilsExt@@QAEHHPADK@Z
?ValidateXslt@CDataUtilsExt@@QAEHPBD@Z
?GetUserTableElements@CDataUtilsExt@@QAEKHPAU_tagUSERTABLEINFO@@K@Z
?SetItemSearchElement@CDataUtilsExt@@QAEHHPAU_tagITEMSEARCHINFO@@K@Z
?GetUserCreateQueryTest@CDataUtilsExt@@QAEKHPAU_tagUSERTABLEINFO@@KPADK@Z
?GetUserTableNamesByElements@CDataUtilsExt@@QAEKHPADKPAU_tagUSERTABLEINFO@@K@Z
?GetUserTableNames@CDataUtilsExt@@QAEKHPADK@Z
?GetUserFieldsByTable@CDataUtilsExt@@QAEKHPBDPADK@Z
?GetDatabaseName@CDataUtilsExt@@QAEKPADK@Z

deviceutils

??0CDeviceUtilsExt@@QAE@XZ
?GetMapDeviceIndex@CDeviceUtilsExt@@QAEHPBDH@Z
?GetMapDeviceLength@CDeviceUtilsExt@@QAEHPBD@Z
?GetDeviceName@CDeviceUtilsExt@@QAEKHPADK@Z
?GetMaxDeviceIndex@CDeviceUtilsExt@@QAEHXZ
?SetMapDeviceLength@CDeviceUtilsExt@@QAEXPBDH@Z
?SetMapDeviceIndex@CDeviceUtilsExt@@QAEXPBDHH@Z
?SetMaxDeviceIndex@CDeviceUtilsExt@@QAEXH@Z
?SetDeviceLength@CDeviceUtilsExt@@QAEXH@Z
?CheckFileExist@CDeviceUtilsExt@@QAEHHH@Z
?SetDeviceName@CDeviceUtilsExt@@QAEXHPBD@Z
?GetUseExternal@CDeviceUtilsExt@@QAEHH@Z
?GetUseXML@CDeviceUtilsExt@@QAEHH@Z
?GetUseDatabase@CDeviceUtilsExt@@QAEHH@Z
?LoadDevice@CDeviceUtilsExt@@QAEHH@Z
?SetUseDatabase@CDeviceUtilsExt@@QAEXHH@Z
?GetEnableSubDevice@CDeviceUtilsExt@@QAEHH@Z
?GetSubDeviceCount@CDeviceUtilsExt@@QAEIH@Z
?GetEnableDeviceID@CDeviceUtilsExt@@QAEHH@Z
?GetEnablePolling@CDeviceUtilsExt@@QAEHH@Z
?SetParsingOrder@CDeviceUtilsExt@@QAEHHPAHH@Z
?GetParsingOrder@CDeviceUtilsExt@@QAEHHPAHH@Z
?SetXmlParserFile@CDeviceUtilsExt@@QAEXHPBD@Z
?GetXmlParserFile@CDeviceUtilsExt@@QAEHHPADK@Z
?ValidateXslt@CDeviceUtilsExt@@QAEHPBD@Z
?GetSectionData@CDeviceUtilsExt@@QAEPAXHH@Z
?SetSectionData@CDeviceUtilsExt@@QAEXHHHEEAAVCString@@HHPAUPOSEVENTINFO@@@Z
?SetReplaceData@CDeviceUtilsExt@@QAEXHHHEAAVCString@@E0EHH@Z
?SetSectionLength@CDeviceUtilsExt@@QAEXHHH@Z
?SetSubDeviceCount@CDeviceUtilsExt@@QAEXHI@Z
?SetUseLtrim@CDeviceUtilsExt@@QAEXHH@Z
?SetUseRtrim@CDeviceUtilsExt@@QAEXHH@Z
?SetUseXML@CDeviceUtilsExt@@QAEXHH@Z
?SetIgnoreRepeat@CDeviceUtilsExt@@QAEXHH@Z
?GetUseLtrim@CDeviceUtilsExt@@QAEHH@Z
?GetUseRtrim@CDeviceUtilsExt@@QAEHH@Z
?GetIgnoreRepeat@CDeviceUtilsExt@@QAEHH@Z
?GetParsetype@CDeviceUtilsExt@@QAEHH@Z
??1CDeviceUtilsExt@@UAE@XZ

mfc42

ord6142
ord2862
ord3286
ord6008
ord4000
ord3303
ord3287
ord3019
ord2516
ord361
ord2753
ord3089
ord4476
ord3499
ord2515
ord355
ord5860
ord6007
ord5606
ord3986
ord5440
ord6383
ord5450
ord6394
ord3571
ord4376
ord2452
ord5875
ord2405
ord5785
ord1640
ord323
ord5981
ord2302
ord2764
ord4299
ord3706
ord1099
ord2077
ord2820
ord3184
ord3177
ord5651
ord3127
ord3616
ord1979
ord6385
ord5186
ord665
ord354
ord350
ord5442
ord3318
ord2652
ord1669
ord6663
ord6172
ord6696
ord4284
ord656
ord693
ord1768
ord6377
ord2380
ord5065
ord2859
ord3610
ord2582
ord4402
ord3370
ord3640
ord1146
ord2289
ord2370
ord6334
ord3302
ord668
ord2770
ord356
ord923
ord1980
ord5583
ord3181
ord2781
ord1138
ord4673
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord2621
ord1134
ord1199
ord1247
ord2725
ord6282
ord6283
ord1949
ord818
ord2152
ord1153
ord2243
ord640
ord4275
ord3178
ord4058
ord3742
ord3693
ord5787
ord5789
ord5788
ord1871
ord4133
ord4297
ord472
ord283
ord2754
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord6241
ord613
ord5678
ord5736
ord289
ord3797
ord541
ord801
ord6883
ord6143
ord5821
ord3662
ord812
ord2841
ord1176
ord414
ord559
ord713
ord2809
ord2970
ord1270
ord1232
ord4287
ord6144
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord810
ord5571
ord6061
ord5864
ord3596
ord6194
ord5053
ord1706
ord430
ord786
ord2461
ord6389
ord519
ord6311
ord4171
ord5445
ord703
ord404
ord3216
ord4042
ord2504
ord1576
ord5510
ord1652
ord429
ord3754
ord3752
ord6128
ord2634
ord6130
ord6141
ord2233
ord4045
ord5610
ord5604
ord2107
ord6605
ord4160
ord4333
ord2096
ord5861
ord4544
ord3274
ord3579
ord439
ord736
ord5495
ord4083
ord5685
ord4226
ord5683
ord6648
ord816
ord562
ord940
ord2919
ord5856
ord1829
ord2114
ord4480
ord2064
ord3698
ord654
ord765
ord341
ord2381
ord6734
ord6170
ord5781
ord2580
ord4400
ord3630
ord682
ord4243
ord6242
ord2100
ord6880
ord2714
ord2575
ord4396
ord3574
ord609
ord556
ord809
ord2078
ord793
ord1927
ord3753
ord3293
ord6379
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord5265
ord1105
ord858
ord537
ord535
ord941
ord860
ord2818
ord939
ord5607
ord1083
ord1200
ord773
ord501
ord823
ord540
ord5480
ord800
ord4919
ord791
ord825
ord523
ord3717
ord967
ord1995
ord5479
ord3733
ord3398
ord795
ord567
ord3721
ord4424
ord3402
ord5290
ord1776
ord6055
ord2116
ord2123
ord384
ord2097
ord3301
ord2108
ord6140
ord3811
ord6673
ord268
ord1271
ord1567
ord4123
ord4694
ord3317
ord3092
ord500
ord772
ord2086
ord6215
ord1168
ord4224
ord924
ord3998
ord6907
ord6905
ord2642
ord3996
ord2080
ord2864
ord3619
ord1140
ord2614
ord922
ord5710
ord4129
ord3337
ord2763
ord4278
ord6662
ord536
ord4277
ord2915
ord5572
ord2379
ord3873
ord6453
ord3874
ord2645
ord2860
ord470
ord1641
ord2414
ord755
ord3663
ord3626
ord3573
ord4710
ord6197
ord6199
ord4234
ord641
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5797
ord4975
ord4863
ord4335
ord4447
ord4411
ord2032
ord5482
ord5811
ord4779
ord5308
ord5277
ord2124
ord2446
ord5261
ord5579
ord1727
ord2089
ord5903

msvcrt

atoi
_mbscmp
strtok
_splitpath
_purecall
strncpy
free
malloc
_beginthreadex
_CIpow
atof
strncmp
vsprintf
remove
realloc
strrchr
__dllonexit
_onexit
_ftol
_itoa
_stricmp
wcslen
_setmbcp
sscanf
isalpha
isdigit
_mbstok
strtoul
atol
memmove
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
isupper
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@XZ
__CxxFrameHandler
sprintf
??0exception@@QAE@ABV0@@Z
strstr
rename
strchr

kernel32

InterlockedDecrement
LocalAlloc
lstrlenA
FormatMessageA
MulDiv
GlobalSize
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
GetLogicalDrives
GetDriveTypeA
GetModuleHandleA
SetLastError
GetTimeZoneInformation
GetCurrentProcessId
OpenProcess
SetProcessAffinityMask
GetExitCodeThread
GetOverlappedResult
ClearCommError
WaitForMultipleObjects
WaitCommEvent
GetCommMask
ResetEvent
SetCommTimeouts
GetCommState
SetCommMask
BuildCommDCBA
SetCommState
PurgeComm
SetEvent
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetExitCodeProcess
WideCharToMultiByte
MultiByteToWideChar
CreateMutexA
ReleaseMutex
GetStartupInfoA
lstrcpyA
CreateProcessA
SetCurrentDirectoryA
GetVersionExA
WriteFile
CreateFileA
ReadFile
GetCurrentDirectoryA
WinExec
DeleteFileA
MoveFileA
OpenFile
GetFileSize
CreateDirectoryA
GetNumberFormatA
GetTickCount
OutputDebugStringA
SetThreadPriority
ResumeThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
GetWindowsDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
CloseHandle
CreateEventA
LocalFree
Sleep

user32

PeekMessageA
EnableWindow
FillRect
GetClientRect
SendMessageA
CopyRect
MessageBoxA
GetParent
SetCursor
LoadCursorA
SetTimer
GetDesktopWindow
FindWindowA
RedrawWindow
LoadImageA
SetWindowPlacement
PostMessageA
UpdateWindow
SetRect
PtInRect
ClipCursor
GetWindowRect
InvalidateRect
TranslateMessage
IsWindowVisible
GetFocus
GetDoubleClickTime
GetNextDlgGroupItem
ClientToScreen
SetWindowRgn
WindowFromPoint
GetWindowLongA
FrameRect
SetWindowPos
ReleaseDC
GetDC
LoadIconA
DrawIcon
GetSystemMetrics
IsIconic
OffsetRect
GetWindowThreadProcessId
RegisterClassExA
GetSysColorBrush
LoadBitmapA
GetMessageA
InflateRect
SystemParametersInfoA
DrawTextA
DrawEdge
GetSysColor
DispatchMessageA
PostThreadMessageA
IsRectEmpty
GetKeyState
IsWindow
DrawFrameControl
DefWindowProcA
GetClassInfoA
IntersectRect
ScreenToClient
GetCursorPos
TabbedTextOutA
KillTimer
GrayStringA
IsClipboardFormatAvailable
GetMessagePos
InvertRect
SetCapture
wsprintfA
ReleaseCapture
GetCapture
CopyIcon
GetCaretPos

gdi32

RectVisible
TextOutA
ExtTextOutA
Escape
CreatePatternBrush
StretchDIBits
SetRectRgn
FrameRgn
FillRgn
SetPixel
GetRegionData
GetViewportOrgEx
GetWindowOrgEx
Polygon
DeleteDC
SelectClipRgn
PatBlt
PtVisible
CreateCompatibleBitmap
GetBkColor
GetDeviceCaps
GetTextMetricsA
GetCurrentObject
Pie
CreateFontA
Rectangle
GetTextExtentPoint32A
BitBlt
GetPixel
DeleteObject
GetStockObject
GetTextExtentPointA
CreateRectRgn
CombineRgn
CreatePen
CreateHatchBrush
CreateCompatibleDC
SetStretchBltMode
StretchBlt
SelectObject
GetObjectA
CreateSolidBrush
CreateFontIndirectA

advapi32

CryptDeriveKey
RegQueryValueExA
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptGenKey
CryptGetUserKey
CryptGetProvParam
RegCloseKey
CryptHashData
CryptCreateHash
CryptExportKey
CryptEncrypt
CryptDecrypt
RegEnumKeyExA
GetUserNameA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA

shell32

ShellExecuteExA
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ImageList_AddMasked
FlatSB_EnableScrollBar
InitializeFlatSB
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo

ole32

OleUninitialize
OleInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

SysFreeString
VariantClear
VariantCopy
SysStringLen
SysAllocStringLen
GetErrorInfo
SysAllocString

wsock32

select
closesocket
recv
send
connect
getsockopt
inet_ntoa
listen
socket
htons
ioctlsocket
WSASetLastError
WSAStartup
gethostbyname
gethostname

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutOpen
waveOutReset
waveOutClose
waveInUnprepareHeader
waveInStop
waveInReset
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInOpen
mmioDescend
mmioRead
mmioAscend
mmioOpenA
mmioClose
waveInClose

dnsapi

DnsQuery_A

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

netapi32

NetUserEnum

dvrm4fs

?ClearUtilDataBase@CMP4DB@@QAEHDPAXP6GX0HH@Z@Z
?CloseUtilDataBase@CMP4DB@@QAEHH@Z
?CheckDataBase@CMP4DB@@QAEHXZ
?DeleteDiskHeader@CMP4DB@@QAEHD@Z
?GetVolumeCnt@CMP4DB@@QAEKVCString@@@Z
?GetVolumeInfomation@CMP4DB@@QAEHPAK00VCString@@@Z
??1CMP4DB@@UAE@XZ
??0CMP4DB@@QAE@XZ
?MakeNewDataBase@CMP4DB@@QAEHXZ
?GetLastVolumeNo@CMP4DB@@QAEKD@Z
?AddVolume@CMP4DB@@QAEHDK@Z
?OpenUtilDataBase@CMP4DB@@QAEHXZ

ijl15

ord2
ord4
ord3

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

commonlogin

??1CCommonLoginEx@@UAE@XZ
?fLoginDoModal@CCommonLoginEx@@QAEHPAUUSERINFO@@PAU_tagUSERREGINFO@@PAVCWnd@@@Z
??0CCommonLoginEx@@QAE@XZ

Sections

.text
Size: 900KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d426a93197947de351aa5402400d0f37

Headers

File Characteristics

Imports

ssleay32

libeay32

dvsskin

dvsndkex

sharememinterface

panutil

datautils

deviceutils

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

wsock32

winmm

dnsapi

msvcp60

netapi32

dvrm4fs

ijl15

setupapi

commonlogin

Sections

.text Size: 900KB - Virtual size: 896KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 32KB - Virtual size: 42KB

.rsrc Size: 156KB - Virtual size: 154KB

.mrdata Size: 20KB - Virtual size: 20KB

.text
Size: 900KB - Virtual size: 896KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 32KB - Virtual size: 42KB

.rsrc
Size: 156KB - Virtual size: 154KB

.mrdata
Size: 20KB - Virtual size: 20KB