8a48da9d40265fbc9f0e9b06ab7956cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a48da9d40265fbc9f0e9b06ab7956cd_JaffaCakes118
Size

6.5MB
MD5

8a48da9d40265fbc9f0e9b06ab7956cd
SHA1

652434469c55d26bc583ff9191b4f50e52385922
SHA256

00de6a0690119f23bef031c34e7af8c8a8ff6411488fed30cb5fc1aa16c8ab1c
SHA512

fe92b1167d4f9344c7ca5d426ca35337b8e68caa51f67bbe2019fad07eb05c4d8bc3b25f973329f121b587d1970c29ba3df85b78f1e150744c08435553e2f2ff
SSDEEP

98304:tfYYFZ0aFcjM3mTtjMbL90aAwwqNCyCm6dypR8B5Logzc7/xJJJF:tDZbcQWu390Wwqydy+LogzwTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Zap.exe
unpack001/Aero Ultimate7 (Beta)/Explorer/explorer.exe
unpack001/Aero Ultimate7 (Beta)/LSPATCH/LSPatch_1.1.exe
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Aero Ultimate7 (Beta).msstyles
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Shell/Blue/shellstyle.dll
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Shell/Frost/shellstyle.dll
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Shell/Graphit/shellstyle.dll
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Shell/NormalColor/shellstyle.dll
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Shell/Orange/shellstyle.dll
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Shell/Pink/shellstyle.dll
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Shell/Red/shellstyle.dll
unpack003/Visual Styles/Aero Ultimate7 (Beta)/Shell/Teal/shellstyle.dll

Files

8a48da9d40265fbc9f0e9b06ab7956cd_JaffaCakes118
.rar
Aero Ultimate7 (Beta)/Aero Ultimate7 (Beta) Preview.png
.png
Aero Ultimate7 (Beta)/Explorer/Replacer/Desktop.ini
Aero Ultimate7 (Beta)/Explorer/Replacer/Replacer.cmd
.cmd .vbs
Aero Ultimate7 (Beta)/Explorer/Replacer/data
.cab
Clear_WFP_Message.vbs
.vbs
Special.cmd
.cmd .vbs
Zap.exe
.exe windows:1 windows x86 arch:x86

685f13adf8c237dbc6d064cafff5d908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt20

__getmainargs
_adjust_fdiv
__p__commode
_initterm
exit
__p___initenv
_controlfp
_XcptFilter
_exit
strstr
printf
sprintf
__p__fmode
_except_handler3

kernel32

GetLastError
GetModuleFileNameA
GetTempFileNameA
MoveFileExA

Sections

.text
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Aero Ultimate7 (Beta)/Explorer/explorer.exe
.exe windows:5 windows x86 arch:x86

c3eb9567e9430e65e703dca7bb8343fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

advapi32

RegSetValueW
RegEnumKeyExW
GetUserNameW
RegNotifyChangeKeyValue
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
RegCloseKey
RegCreateKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueW

browseui

ord118
ord135
ord107
ord106

gdi32

GetStockObject
CreatePatternBrush
OffsetViewportOrgEx
GetLayout
CombineRgn
CreateDIBSection
GetTextExtentPoint32W
StretchBlt
CreateRectRgnIndirect
CreateRectRgn
GetClipRgn
IntersectClipRect
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
PatBlt
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
OffsetWindowOrgEx
DeleteDC
SetBkColor
BitBlt
ExtTextOutW
GetTextExtentPointW
GetClipBox
GetObjectW
SetTextColor
SetBkMode
CreateFontIndirectW
DeleteObject
GetTextMetricsW
SelectObject
GetDeviceCaps
TranslateCharsetInfo
SetStretchBltMode

kernel32

GetSystemDirectoryW
CreateThread
CreateJobObjectW
ExitProcess
SetProcessShutdownParameters
ReleaseMutex
CreateMutexW
SetPriorityClass
GetCurrentProcess
GetStartupInfoW
GetCommandLineW
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
ResetEvent
LoadLibraryExA
CompareFileTime
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThreadId
GetThreadPriority
GetCurrentThread
GetUserDefaultLangID
Sleep
GetBinaryTypeW
GetModuleHandleExW
SystemTimeToFileTime
GetLocalTime
GetCurrentProcessId
GetEnvironmentVariableW
UnregisterWait
GlobalGetAtomNameW
GetFileAttributesW
MoveFileW
lstrcmpW
LoadLibraryExW
FindClose
FindNextFileW
FindFirstFileW
lstrcmpiA
SetEvent
AssignProcessToJobObject
GetDateFormatW
GetTimeFormatW
FlushInstructionCache
lstrcpynW
GetSystemWindowsDirectoryW
SetLastError
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapAlloc
GetUserDefaultLCID
ReadProcessMemory
OpenProcess
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualFree
VirtualAlloc
ResumeThread
TerminateProcess
TerminateThread
GetSystemDefaultLCID
GetLocaleInfoW
CreateEventW
GetLastError
OpenEventW
DelayLoadFailureHook
WaitForSingleObject
GetTickCount
ExpandEnvironmentStringsW
GetModuleFileNameW
GetPrivateProfileStringW
lstrcmpiW
CreateProcessW
FreeLibrary
GetWindowsDirectoryW
LocalAlloc
CreateFileW
DeviceIoControl
LocalFree
GetQueuedCompletionStatus
CreateIoCompletionPort
SetInformationJobObject
CloseHandle
LoadLibraryW
GetModuleHandleW
ActivateActCtx
DeactivateActCtx
GetFileAttributesExW
GetProcAddress
DeleteCriticalSection
CreateEventA
HeapDestroy
InitializeCriticalSection
MulDiv
InitializeCriticalSectionAndSpinCount
lstrlenW
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
InterlockedExchange
GetModuleHandleA
GetVersionExA
GlobalFree
GetProcessTimes
lstrcpyW
GetLongPathNameW
RegisterWaitForSingleObject

msvcrt

_itow
free
memmove
realloc
_except_handler3
malloc
_ftol
_vsnwprintf

ntdll

RtlNtStatusToDosError
NtQueryInformationProcess

ole32

CoFreeUnusedLibraries
RegisterDragDrop
CreateBindCtx
RevokeDragDrop
CoInitializeEx
CoUninitialize
OleInitialize
CoRevokeClassObject
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
OleUninitialize
DoDragDrop

oleaut32

SysAllocString
VariantClear

shdocvw

ord110
ord125
ord111

shell32

ord182
ord162
SHGetFolderPathW
ord67
ord72
ord90
ord181
ord727
ExtractIconExW
ord137
ord645
ord644
ord2
ord236
ord149
ord147
ord188
ord660
ord201
ord245
ord68
ord723
ord200
SHGetSpecialFolderLocation
ShellExecuteExW
ord100
ord85
ord653
SHGetSpecialFolderPathW
ord196
ord25
ord152
SHBindToParent
ord719
ord732
ord148
SHParseDisplayName
ord154
ord77
ord6
ord193
ord747
ord71
ord17
ord23
ord132
ord680
ord233
ord195
ord155
ord89
ord241
ord134
ord22
SHChangeNotify
SHGetDesktopFolder
SHAddToRecentDocs
ord127
ord21
ord102
DuplicateIcon
ord202
ord82
ord244
ord54
ord161
ord91
ord254
ord60
SHUpdateRecycleBinIcon
SHGetFolderLocation
SHGetPathFromIDListA
ord711
ord731
ord4
ord733
ord190
ord64
ord61
SHGetPathFromIDListW
ord753
ord16
ord18

shlwapi

StrCpyNW
ord215
ord217
ord476
ord157
StrRetToBufW
StrRetToStrW
ord176
ord154
ord439
ord156
SHQueryValueExW
PathIsNetworkPathW
ord513
AssocCreate
ord512
ord171
ord178
ord177
ord193
StrCatW
StrCpyW
ord225
ord413
ord219
ord175
ord164
ord172
SHGetValueW
ord437
StrCmpNIW
PathRemoveBlanksW
PathRemoveArgsW
PathFindFileNameW
StrStrIW
PathGetArgsW
ord563
StrToIntW
SHRegGetBoolUSValueW
SHRegWriteUSValueW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHRegGetUSValueW
SHSetValueW
ord433
PathAppendW
PathUnquoteSpacesW
ord460
ord194
PathQuoteSpacesW
ord244
SHSetThreadRef
SHCreateThreadRef
ord241
ord236
ord279
PathCombineW
ord192
ord204
ord509
SHStrDupW
PathIsPrefixW
PathParseIconLocationW
AssocQueryKeyW
ord16
AssocQueryStringW
StrCmpW
ord174
ord548
ord165
ord240
ord163
ord479
ord9
ord8
SHRegQueryUSValueW
SHRegOpenUSKeyW
SHRegSetUSValueW
PathIsDirectoryW
PathFileExistsW
PathGetDriveNumberW
ord10
StrChrW
PathFindExtensionW
ord260
ord292
PathRemoveFileSpecW
PathStripToRootW
ord250
ord478
ord184
SHOpenRegStream2W
ord212
ord213
ord158
StrDupW
SHDeleteValueW
StrCatBuffW
SHDeleteKeyW
StrCmpIW
ord467
ord346
wnsprintfW
ord197
ord278
StrCmpNW
ord237
ord199

user32

TileWindows
GetDoubleClickTime
GetSystemMetrics
GetSysColorBrush
AllowSetForegroundWindow
LoadMenuW
GetSubMenu
RemoveMenu
SetParent
GetMessagePos
CheckDlgButton
EnableWindow
GetDlgItemInt
SetDlgItemInt
CopyIcon
AdjustWindowRectEx
DrawFocusRect
DrawEdge
ExitWindowsEx
WindowFromPoint
SetRect
AppendMenuW
LoadAcceleratorsW
LoadBitmapW
SendNotifyMessageW
SetWindowPlacement
CheckMenuItem
EndDialog
SendDlgItemMessageW
MessageBeep
GetActiveWindow
PostQuitMessage
MoveWindow
GetDlgItem
RemovePropW
GetClassNameW
GetDCEx
SetCursorPos
ChildWindowFromPoint
ChangeDisplaySettingsW
RegisterHotKey
UnregisterHotKey
SetCursor
SendMessageTimeoutW
GetWindowPlacement
LoadImageW
SetWindowRgn
IntersectRect
OffsetRect
EnumDisplayMonitors
RedrawWindow
SubtractRect
TranslateAcceleratorW
WaitMessage
InflateRect
CallWindowProcW
GetDlgCtrlID
SetCapture
LockSetForegroundWindow
SystemParametersInfoW
FindWindowW
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
GetShellWindow
EnumChildWindows
GetWindowLongW
SendMessageW
RegisterWindowMessageW
GetKeyState
CopyRect
MonitorFromRect
MonitorFromPoint
RegisterClassW
SetPropW
GetWindowLongA
SetWindowLongW
FillRect
GetCursorPos
MessageBoxW
LoadStringW
ReleaseDC
GetDC
EnumDisplaySettingsExW
EnumDisplayDevicesW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
PtInRect
BeginPaint
EndPaint
SetWindowTextW
GetAsyncKeyState
InvalidateRect
GetWindow
ShowWindowAsync
TrackPopupMenuEx
UpdateWindow
DestroyIcon
IsRectEmpty
SetActiveWindow
GetSysColor
DrawTextW
IsHungAppWindow
SetTimer
GetMenuItemID
TrackPopupMenu
EndTask
SendMessageCallbackW
GetClassLongW
LoadIconW
OpenInputDesktop
CloseDesktop
SetScrollPos
ShowWindow
BringWindowToTop
GetDesktopWindow
CascadeWindows
CharUpperBuffW
SwitchToThisWindow
InternalGetWindowText
GetScrollInfo
GetMenuItemCount
CreateWindowExW
DialogBoxParamW
MsgWaitForMultipleObjects
CharNextA
RegisterClipboardFormatW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
PrintWindow
SetClassLongW
GetPropW
GetNextDlgGroupItem
GetNextDlgTabItem
ChildWindowFromPointEx
IsChild
NotifyWinEvent
TrackMouseEvent
GetCapture
GetAncestor
CharUpperW
SetWindowLongA
DrawCaption
ModifyMenuW
InsertMenuW
IsWindowEnabled
GetMenuState
LoadCursorW
GetParent
IsDlgButtonChecked
DestroyWindow
EnumWindows
IsWindowVisible
GetClientRect
UnionRect
EqualRect
GetWindowThreadProcessId
GetForegroundWindow
KillTimer
GetClassInfoExW
DefWindowProcW
RegisterClassExW
GetIconInfo
SetScrollInfo
GetLastActivePopup
SetForegroundWindow
IsWindow
GetSystemMenu
IsIconic
IsZoomed
EnableMenuItem
SetMenuDefaultItem
MonitorFromWindow
GetMonitorInfoW
GetWindowInfo
GetFocus
SetFocus
MapWindowPoints
ScreenToClient
ClientToScreen
GetWindowRect
SetWindowPos
DeleteMenu
GetMenuItemInfoW
SetMenuItemInfoW
CharNextW

uxtheme

GetThemeBackgroundContentRect
GetThemeBool
GetThemePartSize
DrawThemeParentBackground
OpenThemeData
DrawThemeBackground
GetThemeTextExtent
DrawThemeText
CloseThemeData
SetWindowTheme
GetThemeBackgroundRegion
ord47
GetThemeMargins
GetThemeColor
GetThemeFont
GetThemeRect
IsAppThemed

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Aero Ultimate7 (Beta)/LSPATCH/LSPatch_1.1.exe
.exe windows:4 windows x86 arch:x86

e41c25ab7824b3df73334188c40518ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

lstrcpyA
GetCommandLineA
SetErrorMode
lstrlenA
MulDiv
GetTempFileNameA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
FormatMessageA
lstrcatA
GetLastError
_lwrite
_llseek
GlobalUnlock
_lopen
GlobalAlloc
GlobalFree
_lclose
_lcreat
LoadLibraryA
GetProcAddress
FreeLibrary
OpenFile
GetVersionExA
GetCurrentProcess
WinExec
ExitProcess
_lread
LocalFree
GetTempPathA
GlobalLock

user32

GetDC
BeginPaint
EndPaint
InvalidateRect
PostQuitMessage
SendMessageA
DefWindowProcA
GetClientRect
CreateWindowExA
DrawTextA
ReleaseDC
ShowWindow
SetWindowPos
UpdateWindow
SetTimer
LoadIconA
wsprintfA
MessageBoxA
ExitWindowsEx
RegisterClassA
LoadCursorA

gdi32

DeleteObject
GetStockObject
GetDeviceCaps
PatBlt
CreateSolidBrush
TextOutA
SetTextColor
SetBkMode
SelectObject
StretchDIBits
CreateFontA
RealizePalette
SelectPalette
CreatePalette

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

Exports

Exports

_MainWndProc@16
_StubFileWrite@12

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Aero Ultimate7 (Beta)/LSPATCH/info.txt
Aero Ultimate7 (Beta)/Readme.txt
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/Organize.PNG
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/Search.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/SearchOption.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/Searchbar.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/Thumbs.db
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/back.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/bkg.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/details.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/explorer.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/folderoptions.PNG
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/forward.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/icon.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/list.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/newfolder.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/option.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/previewpane.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/refresh.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/stop.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/thumbnails.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/tile.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/toolbar.ini
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/up.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/zoom+.png
.png
Aero Ultimate7 (Beta)/Styler Toolbar/Aero Ultimate7 Toolbar/zoom-.png
.png
Aero Ultimate7 (Beta)/Thumbs.db
Aero Ultimate7 (Beta)/Visual Styles.rar
.rar
Visual Styles/Aero Ultimate7 (Beta).Theme
Visual Styles/Aero Ultimate7 (Beta)/Aero Ultimate7 (Beta).msstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 15.5MB - Virtual size: 15.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_arrow.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_busy.ani
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_ew.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_helpsel.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_link.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_move.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_nesw.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_ns.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_nwse.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_unavail.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/aero_working.ani
Visual Styles/Aero Ultimate7 (Beta)/Cursors/arrow_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/beam_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/busy_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/help_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/move_il.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/no_r.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/size1_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/size2_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/size3_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/size4_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Cursors/wait_i.cur
Visual Styles/Aero Ultimate7 (Beta)/Offical Microsoft Wallpaper.jpg
.jpg
Visual Styles/Aero Ultimate7 (Beta)/Shell/Blue/shellstyle.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Shell/Frost/shellstyle.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Shell/Graphit/shellstyle.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Shell/NormalColor/shellstyle.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Shell/Orange/shellstyle.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Shell/Pink/shellstyle.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Shell/Red/shellstyle.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Shell/Teal/shellstyle.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Styles/Aero Ultimate7 (Beta)/Thumbs.db
Aero Ultimate7 (Beta)/Wallpapers/Offical Microsoft Wallpaper.jpg
.jpg
Aero Ultimate7 (Beta)/Wallpapers/Thumbs.db

Sharing

General

Malware Config

Signatures

Files

685f13adf8c237dbc6d064cafff5d908

Headers

File Characteristics

Imports

msvcrt20

kernel32

Sections

.text Size: 1024B - Virtual size: 584B

.bss Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 156B

.data Size: 512B - Virtual size: 140B

.idata Size: 1024B - Virtual size: 524B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 210B

c3eb9567e9430e65e703dca7bb8343fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

browseui

gdi32

kernel32

msvcrt

ntdll

ole32

oleaut32

shdocvw

shell32

shlwapi

user32

uxtheme

Sections

.text Size: 274KB - Virtual size: 273KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 14KB - Virtual size: 13KB

e41c25ab7824b3df73334188c40518ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 48KB

Headers

File Characteristics

Sections

.rsrc Size: 15.5MB - Virtual size: 15.5MB

.reloc Size: 4KB - Virtual size: 8B

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 116B

.reloc Size: 512B - Virtual size: 8B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 116B

.reloc Size: 512B - Virtual size: 8B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 116B

.reloc Size: 512B - Virtual size: 8B

.text
Size: 1024B - Virtual size: 584B

.bss
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 156B

.data
Size: 512B - Virtual size: 140B

.idata
Size: 1024B - Virtual size: 524B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 210B

.text
Size: 274KB - Virtual size: 273KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 15.5MB - Virtual size: 15.5MB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 512B - Virtual size: 116B

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 116B

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 116B

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 116B

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 116B

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 116B

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 116B

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 116B

.reloc
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB