8a8835e7e078c5d598cc2ed33101c484_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a8835e7e078c5d598cc2ed33101c484_JaffaCakes118
Size

666KB
MD5

8a8835e7e078c5d598cc2ed33101c484
SHA1

79bd5ac9871ed5935c2498ce857b2f152bb677e2
SHA256

14ec20cee07c57dc581c9be74358f72a6dace120aa865cd6032bbdae1dd3a90f
SHA512

df43279041692d2e68e22ef3b09399bb36d670c309e73f2eb6a429745bd2d27548b0e1168d6ebd791683c89b8f4384b80cd9219f6e414a582cb2df95cf714688
SSDEEP

12288:RMHgN/PjlSCOIU3/qDTnlv6thkyImVNvFMUJvN5NTmMbCubfjBF:RMHcjsCOIU3qJSh1Im3vFMA3JbCYdF

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
8a8835e7e078c5d598cc2ed33101c484_JaffaCakes118
unpack001/$PLUGINSDIR/BrandingURL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/Chinese.vlp
unpack001/English.vlp
unpack001/VirtuaNESex.exe
unpack001/info/Setup.exe
unpack001/uninst.exe
unpack002/$PLUGINSDIR/FindProcDLL.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

8a8835e7e078c5d598cc2ed33101c484_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BrandingURL.dll
.dll windows:4 windows x86 arch:x86

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalFree

user32

GetWindowRect
SetCapture
InvalidateRect
SendMessageA
GetCapture
ClientToScreen
EnableWindow
LoadImageA
SetPropA
SetWindowLongA
GetWindowLongA
GetDlgItem
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
RedrawWindow

gdi32

GetObjectA
SetTextColor
CreateFontIndirectA

shell32

ShellExecuteA

Exports

Exports

Set
Unload

Sections

.text
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 839B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
CheatCode/Castlevania (E).gen
CheatCode/SpartanX.vct
CheatCode/Super Mario Bros (E).gen
Chinese.vlp
.dll windows:4 windows x86 arch:x86

46039de89f8560750f5a6dacd1c7a453

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
GetCommandLineA
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

GetVlpLanguage
GetVlpLocaleID
GetVlpVersion

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Disksys.rom
Doc/Cheat_E.txt
Doc/ExtSound_E.txt
Doc/History_E.txt
Doc/Mappers.txt
Doc/NetPlay_E.txt
Doc/Readme_E.txt
English.vlp
.dll windows:4 windows x86 arch:x86

fb80b577eec61d576561a1fb3cd53b9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapCreate
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
GetCommandLineA
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

GetVlpLanguage
GetVlpLocaleID
GetVlpVersion

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirtuaNES.ini
VirtuaNESex.exe
.exe windows:4 windows x86 arch:x86

871513f0f86b8472613899d6a448a6a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
ReleaseMutex
GetVersionExA
GetPrivateProfileStructA
GetCurrentThreadId
GetLocalTime
WritePrivateProfileStructA
WritePrivateProfileStringA
FindClose
GetPrivateProfileStringA
GetPrivateProfileIntA
QueryPerformanceFrequency
GetUserDefaultLCID
FileTimeToLocalFileTime
CreateFileA
GetFileInformationByHandle
FindNextFileA
FileTimeToSystemTime
FindFirstFileA
CreateMutexA
GetModuleFileNameA
SetEndOfFile
CompareStringW
SetEvent
IsBadWritePtr
CreateThread
VirtualFree
VirtualAlloc
HeapDestroy
HeapSize
HeapCreate
GetCurrentProcess
TerminateProcess
HeapReAlloc
TlsGetValue
SetLastError
TlsAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
GetVersion
ExitThread
TlsSetValue
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
ResumeThread
GetTimeZoneInformation
RaiseException
GetSystemTime
HeapAlloc
RtlUnwind
HeapFree
DeleteCriticalSection
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
ReadFile
InitializeCriticalSection
GetStdHandle
GetFileType
SetHandleCount
GetCPInfo
GetACP
SetFilePointer
SetUnhandledExceptionFilter
WideCharToMultiByte
GetOEMCP
LCMapStringA
LCMapStringW
MultiByteToWideChar
UnhandledExceptionFilter
GetStringTypeA
WriteFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetStringTypeW
GetEnvironmentStringsW
IsBadReadPtr
GetEnvironmentStrings
FlushFileBuffers
lstrlenA
DeleteFileA
GetTempPathA
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcmpiA
SetStdHandle
CompareStringA
SetEnvironmentVariableA
CreateDirectoryA
lstrcpyA
Sleep
ResetEvent
CloseHandle
WaitForSingleObject
SetThreadPriority
CreateEventA
IsBadCodePtr

user32

GetDC
wsprintfA
SendDlgItemMessageA
LoadIconA
OffsetRect
GetDlgItem
SetDlgItemTextA
GetClientRect
IsWindow
SetCursor
PtInRect
EndPaint
DrawTextA
DrawEdge
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
IsDialogMessageA
FindWindowA
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DeleteMenu
InsertMenuA
GetWindowLongA
DialogBoxParamA
SetWindowLongA
SendMessageA
LoadCursorA
GetAsyncKeyState
FillRect
CheckRadioButton
InvertRect
EnableMenuItem
GetScrollInfo
SetScrollInfo
GetMenuStringA
ModifyMenuA
IsWindowVisible
SetWindowPlacement
RedrawWindow
DrawMenuBar
SetForegroundWindow
GetWindowPlacement
RegisterClassExA
PostQuitMessage
SetMenu
SetDlgItemInt
CreateWindowExA
GetDlgItemInt
GetMenuItemID
CheckMenuItem
GetMenuItemCount
SetRect
GetCursorPos
ClientToScreen
InvalidateRect
MessageBoxA
ReleaseDC
SetTimer
GetParent
KillTimer
TrackPopupMenu
DefWindowProcA
GetDlgItemTextA
EnableWindow
CheckDlgButton
GetSystemMetrics
IsDlgButtonChecked
LoadMenuA
GetSubMenu
MoveWindow
DestroyMenu
SetFocus
SetWindowPos
PostMessageA
ScreenToClient
MessageBeep
ShowWindow
GetFocus
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateDialogParamA
GetWindowRect
DestroyWindow
BeginPaint
LoadStringA
EndDialog
CallWindowProcA

gdi32

GetSystemPaletteEntries
TextOutA
GetObjectA
SelectObject
CreateFontIndirectA
SetTextColor
SetBkMode
DeleteObject
SetBkColor
ExtTextOutA
GetStockObject
RealizePalette
SelectPalette
CreatePalette
StretchDIBits
AnimatePalette

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegQueryValueExA

shell32

DragFinish
ShellExecuteA
DragAcceptFiles
SHGetPathFromIDListA
DragQueryFileA
SHGetMalloc
SHBrowseForFolderA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

comctl32

ord6
ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Destroy
ImageList_LoadImageA

imm32

ImmAssociateContext

shlwapi

PathIsRelativeA
PathAppendA
StrCmpNIA
PathCanonicalizeA
PathFindExtensionA

wsock32

accept
recv
send
WSACancelAsyncRequest
shutdown
socket
setsockopt
closesocket
htonl
recvfrom
sendto
WSAAsyncSelect
listen
connect
WSAGetLastError
ioctlsocket
WSAAsyncGetHostByName
WSAStartup
WSACleanup
inet_addr
bind
htons
inet_ntoa

Sections

.text
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 981KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VirtuaNESex.txt
info/Setup.exe
.exe windows:4 windows x86 arch:x86

2ca162dfb4fa482f344d9f867513e1ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
GetProcessVersion
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetFileType
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
SetStdHandle
HeapSize
GlobalFlags
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
WaitForSingleObject
lstrcatA
GetFileTime
GetFileSize
GetFileAttributesA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
GetVersion
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalLock
GlobalUnlock
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
FindNextFileA
SetLastError
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
lstrcpyA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcmpA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetFileAttributesExA
GlobalAlloc
GlobalFree
LoadLibraryA
GetTempPathW
GetFileAttributesW
DosDateTimeToFileTime
CreateDirectoryW
CreateFileW
LocalFileTimeToFileTime
SetFileTime
CloseHandle
SetFileAttributesW
WideCharToMultiByte
DeleteFileW
LoadLibraryW
GetProcAddress
FreeLibrary
FindFirstFileA
FindClose
LocalAlloc
GetLastError
MultiByteToWideChar
DeleteFileA
Sleep
LocalFree
TerminateProcess
FormatMessageA

user32

ReleaseDC
GetDC
TabbedTextOutA
GrayStringA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
DestroyMenu
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
GetSysColorBrush
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetFocus
ClientToScreen
GetWindow
GetWindowRect
PtInRect
GetMenuItemCount
GetSubMenu
GetMenuState
GetMenuItemID
GetLastActivePopup
UnhookWindowsHookEx
GetParent
SetFocus
EnableWindow
IsWindowEnabled
SetWindowPos
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetWindowLongA
GetDlgItem
GetSystemMetrics
CharUpperA
RemovePropA
RedrawWindow
EndDialog
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
CreateWindowExA
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA
ShowWindow
PostMessageA
GetClassNameA
GetWindowTextA
SendMessageA
MessageBoxA

gdi32

PtVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
RectVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
DeleteObject
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ord17

wininet

InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionExA
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
roms//.NES
roms//.vct
save/pal_I.sav
uninst.exe
.exe windows:4 windows x86 arch:x86

dd1742eadfc6df18ded3c26ae64ad610

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
ʹ˵_.txt
Ϸ˵.txt

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 3KB

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 839B

.data Size: 512B - Virtual size: 336B

.reloc Size: 512B - Virtual size: 220B

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 518B

46039de89f8560750f5a6dacd1c7a453

Headers

File Characteristics

Imports

kernel32

Exports

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 839B

.data
Size: 512B - Virtual size: 336B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 44KB - Virtual size: 40KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 548KB - Virtual size: 544KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 56KB - Virtual size: 981KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 8KB - Virtual size: 6KB