a32282139771e71ba5d49c05694e78be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a32282139771e71ba5d49c05694e78be_JaffaCakes118
Size

997KB
MD5

a32282139771e71ba5d49c05694e78be
SHA1

cdaca0b1488a266ef1785a46b0767ee41dfd9266
SHA256

79f13fac5e4729d18e806ef9f93648cf77c6ceafc9267e1cfa5cae4046745dec
SHA512

e9b60f03cb7b6ccba2fc91d37a0d525eb085476fbb4dd3530c9cc41b578d1f0a3aad993d56df03afec928f0b2d1ddd0a89a8460cd046b6d7272bee45278c251e
SSDEEP

24576:PuW92VC6YnUyIIfUTMyvDwwvKYTMTR3Gmm:Pd2f/4fUTMypeTR3i

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/spyeye_Cryp1.exe
unpack001/spyeye_Cryp2.exe
unpack001/spyeye_Cryp3.exe
unpack001/spyeye_Cryp4.exe
unpack001/spyeye_Cryp5.exe
unpack001/start_Cryp1.exe
unpack001/start_Cryp2.exe
unpack001/start_Cryp4.exe
unpack001/start_Cryp5.exe

Files

a32282139771e71ba5d49c05694e78be_JaffaCakes118
.rar
spyeye_Cryp1.exe
.exe windows:5 windows x86 arch:x86

dd0f40b4766efcd2590f9d915eb961bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\bGlh\juumvJmu\wafI\oUpgn.pdb

Imports

kernel32

GlobalAddAtomW
CreateMutexA
LoadResource
GetThreadLocale
lstrlenA
lstrcatW
FindCloseChangeNotification
GetSystemDefaultLangID
MoveFileExW
UnlockFile
VirtualProtect
DeleteFileA
ClearCommError
lstrlenW

user32

GetIconInfo
DeleteMenu
HideCaret
GetMenuItemCount
LoadIconA
EnumChildWindows
wsprintfW
GetKeyboardType
IsDialogMessageA
RemoveMenu
DialogBoxIndirectParamA
LoadCursorA
IsCharAlphaA
GetKeyState
GetShellWindow
EndDialog
GetDlgItemTextA

gdi32

RectVisible
SelectObject
GetRgnBox
GetTextExtentPointW
CreateEllipticRgnIndirect
CreatePolygonRgn
SetTextAlign
ExtTextOutA

Exports

Exports

?xmlFOolXqhjDa@@YGFPAIH@Z
?jeJknyrMlQUtajfjjcbel@@YGPAIDPAK@Z
?xdbtjdlwmCk@@YGPAFD@Z
?bMIewQxTbcpZstm@@YGPAEIM@Z
?dqduxALrCgsAhoOqQhIyx@@YGPAIPAGD@Z

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spyeye_Cryp2.exe
.exe windows:5 windows x86 arch:x86

9b396d50fb16a11a1881387b74a19f5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Fzpu\gVPh\pwWoyEqa.pdb

Imports

comdlg32

CommDlgExtendedError
PrintDlgW

gdi32

CreatePalette
SelectPalette
CreateBitmapIndirect
Rectangle
CombineRgn
EndPage

kernel32

SizeofResource
FormatMessageA
MoveFileW
GetComputerNameA
lstrlenW
lstrcatW
GetUserDefaultUILanguage
SetPriorityClass
GetSystemDefaultUILanguage
OpenEventA
ConvertDefaultLocale
SetHandleInformation
GetStdHandle
GetStringTypeExW

user32

GetMenuItemCount
DeleteMenu
IsCharAlphaA
wsprintfW
GetClassLongW
HideCaret
RemoveMenu
GetShellWindow
SetWindowPlacement
SetActiveWindow
GetKeyState
SetDlgItemInt
InsertMenuItemW

Exports

Exports

?nwCyAgseHkKXscaLkbB@@YGFPAIK@Z
?JeAMinmibhnp@@YGPAFJPAE@Z
?CdlOUeQAZegxmCy@@YGFM@Z
?gqCzrtgyKqlnbl@@YGPAXIPAF@Z
?nqqjwGdwcV@@YGXJ_N@Z
?xkGrusUyw@@YGPAIPAM@Z
?lrdXbwyPrVjihOwi@@YGPAIJH@Z

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spyeye_Cryp3.exe
.exe windows:5 windows x86 arch:x86

9cf4d7bcc1f49c1d7a6929a1239d700a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\kxmyMA\ysrx\wppjqA\qVgVxcmj\cVtgr.pdb

Imports

comdlg32

ReplaceTextW
GetOpenFileNameA
GetSaveFileNameW

user32

DrawTextW
GetCursorPos
IsCharAlphaA
DeleteMenu
GetMenuItemCount
InvalidateRect
GetMessageA
GetShellWindow
GetKeyState
wsprintfW
GetDoubleClickTime
KillTimer
HideCaret
RemoveMenu
AppendMenuA

kernel32

FindNextChangeNotification
SetCommMask
DuplicateHandle
GetThreadContext
HeapAlloc
GetModuleHandleW
CancelIo
GetComputerNameExA
RegisterWaitForSingleObject
WaitForSingleObject
lstrcatW
lstrlenW
DeleteCriticalSection

gdi32

PtVisible
RectInRegion
CreateFontIndirectW
PatBlt
EnumFontFamiliesExW
GetFontData

Exports

Exports

?rgFgeioxiGo@@YGXPAKPAH@Z
?yTOXCrZ@@YGPAIHK@Z
?XjAtFlWvUhpU@@YGDI@Z
?uccgsjgc@@YGPAGGPAF@Z
?ysjmZca@@YGXM_N@Z
?ftzxkfeyegtaxB@@YGM_NM@Z
?VpjhuqyXP@@YGPADPAFE@Z

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spyeye_Cryp4.exe
.exe windows:5 windows x86 arch:x86

cec622be61b9c14e8f14a3fe690b2007

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

M:\vrkqhyko\xjCkfpz\UduqJurZ\onna\hvQk.pdb

Imports

gdi32

CreateICW
ExtFloodFill
GetMapMode
StartPage
SetWindowExtEx
IntersectClipRect
GetTextExtentPointA

kernel32

WriteFile
GlobalCompact
EnumResourceLanguagesA
GetLocaleInfoW
VerSetConditionMask
GlobalAddAtomW
GetOverlappedResult
HeapReAlloc
SizeofResource
WaitForSingleObject
lstrcatW
FindFirstChangeNotificationW
lstrlenW
ClearCommError

comctl32

ImageList_AddMasked
ImageList_LoadImageW
DestroyPropertySheetPage

user32

IsCharAlphaA
HideCaret
wsprintfW
GetKeyState
DrawStateA
DeleteMenu
LoadImageW
CharToOemBuffA
GetShellWindow
GetMenuItemCount
CharLowerA
LoadIconW
SetWindowLongA
RemoveMenu

Exports

Exports

?SsBvGpbpaf@@YGJJN@Z
?lcgMpbVjzavnsSRqshkbWy@@YGIM@Z
?gbiKccp@@YGPAEM@Z
?plvHUwjxh@@YGJHK@Z
?nIegbshkONpVtiiPhpgpt@@YGXHPAM@Z
?eDzobEfmZAdkff@@YGXE@Z

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spyeye_Cryp5.exe
.exe windows:5 windows x86 arch:x86

17209f80b4401c8c7b5c9a21e12aff81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\Fpvah\fuQLHwf\bqtpc.pdb

Imports

comdlg32

PrintDlgW
GetSaveFileNameW

kernel32

GetBinaryTypeW
GetCurrentDirectoryW
lstrcatW
CreateDirectoryA
SetThreadExecutionState
CancelIo
SetHandleInformation
lstrlenW
GetTickCount
HeapFree
GetStartupInfoW
GetSystemWindowsDirectoryA
GlobalFlags
LocalFileTimeToFileTime

user32

IsCharAlphaA
SendMessageW
RemoveMenu
wsprintfW
GetShellWindow
DrawTextW
DrawIconEx
HideCaret
GetCursorPos
GetKeyState
CloseDesktop
GetMenuItemCount
DeleteMenu

gdi32

LineDDA
SetBitmapDimensionEx
EndPath
GetTextExtentPointA
ResizePalette
RoundRect
GetFontData
BitBlt
RectVisible

Exports

Exports

?eVElgjD@@YGPAFPAE@Z
?onyduofrbhskpruhEzy@@YGHI@Z
?lMdlfNuiobLWgdgNpbo@@YGI_N@Z
?xyYqgyAqul@@YGKDF@Z
?wakQTYBQs@@YGXF@Z
?lyjtqDxEgs@@YGIPAIF@Z

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
start_Cryp1.exe
.exe windows:5 windows x86 arch:x86

291222a7fd4bfda2c3310cbff4f96e6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\xsjExi\FcDpmy\kljsf.pdb

Imports

user32

WindowFromPoint
MapWindowPoints
GetScrollPos
GetMenuInfo
GetUserObjectInformationA
GetMessageA
CharNextA
wsprintfW
GetWindowRect
GetMenuStringA
GetSysColorBrush
SetScrollPos
HideCaret
MessageBoxA
FindWindowW

gdi32

CreateCompatibleDC
GetSystemPaletteUse
RealizePalette
GetBitmapBits
EnumFontsW
Polyline
MoveToEx
CreateCompatibleBitmap

shlwapi

StrCatBuffW
PathGetArgsW

comctl32

ImageList_GetIcon
ImageList_Create
DestroyPropertySheetPage
InitCommonControlsEx

kernel32

CreateWaitableTimerA
GetFileType
VirtualQuery
EnumResourceNamesA
GetComputerNameW
TryEnterCriticalSection
GlobalLock
GetProcAddress
FoldStringW
SetFileTime
lstrlenW
GetModuleFileNameA
IsValidLanguageGroup
GlobalMemoryStatusEx

Exports

Exports

?xJfTkpYbdhpizMbav@@YGNPA_N@Z
?lNKSlrCrSgejj@@YGKPAHE@Z
?kaHjqCiwoUzpllki@@YGJGK@Z
?pItwbWiicQngApRYun@@YGEPAD_N@Z
?cEnduhJtV@@YGXJ@Z

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
start_Cryp2.exe
.exe windows:5 windows x86 arch:x86

27591eb64ebc8716d5817d6ff321625a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\xyerc\caGVQIW\hBlve\nxbRJse.pdb

Imports

kernel32

GlobalFree
CreateWaitableTimerW
GlobalHandle
DeleteAtom
lstrlenW
FindNextFileW
HeapValidate
GetStringTypeA
SetTimerQueueTimer
GlobalSize
CreateEventA
MoveFileW
WaitForMultipleObjectsEx

user32

CharNextExA
GetWindowRect
SetScrollPos
GetDlgItemTextW
DrawStateA
LoadStringW
GetMenuInfo
GetMenuItemRect
GetScrollPos
FindWindowW
GetDCEx
MonitorFromRect
HideCaret
SetCaretPos
wsprintfW

gdi32

ExtTextOutA
ScaleViewportExtEx
SetBitmapBits
SetLayout
SelectPalette
GetBkMode
SetMapMode

shlwapi

StrCatBuffW
PathGetArgsW

Exports

Exports

?cgxxRjIsmjxPP@@YGPAXD@Z
?QhAWxtni@@YGXGE@Z
?njUwStclQerlnsXeRYuveW@@YGHPAFG@Z
?amDsHKmRzddpVCghCldr@@YGDPAD@Z
?aLaWSQxjuvep@@YGPAIN@Z
?ekstxnfbswqaaJjdTJh@@YGKJ@Z

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
start_Cryp4.exe
.exe windows:5 windows x86 arch:x86

f366383bcd7a18c10baf3a7316bcd01f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\nPqnmgxk\PiEw\srvo\rbuTa.pdb

Imports

shlwapi

StrCatBuffW
PathGetArgsW

gdi32

StretchBlt
BeginPath
SetBrushOrgEx
CreateRoundRectRgn
TranslateCharsetInfo
LineTo
CreatePenIndirect
CreateDIBitmap

kernel32

FindClose
VirtualAlloc
GetSystemWindowsDirectoryA
WriteFile
GetModuleHandleA
TryEnterCriticalSection
GetFileSize
lstrlenW
GetAtomNameA
SetFileAttributesW
SetSystemTimeAdjustment
DisconnectNamedPipe
FreeLibrary

user32

SetScrollPos
FindWindowW
SendDlgItemMessageW
RegisterWindowMessageW
DefFrameProcA
GetMenuInfo
AdjustWindowRect
GetScrollPos
GetActiveWindow
EnableScrollBar
LoadIconW
wsprintfW
GetWindowRect
GetClassInfoExW

Exports

Exports

?kZsalivvetrqPAuckuegs@@YGGF@Z
?bwrwDkbavaqcvosYzdg@@YGMPAD@Z
?jeiikXw@@YGGHN@Z
?HlqRgyfykHVmz@@YGPAGGPAJ@Z
?yoAvKowxlcapCukfl@@YGME@Z
?spirnywsgksaqvgcrx@@YGXDE@Z
?ikjajpdFfviwxmJykeZ@@YGIFD@Z

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
start_Cryp5.exe
.exe windows:5 windows x86 arch:x86

738e98fb88674b5c265ea1f27b179c11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\xstqL\acjd\tgwbsxi\crsacuvF\WkuxVrFy.pdb

Imports

shlwapi

PathGetArgsW
StrCatBuffW

user32

SetScrollPos
IsRectEmpty
BeginPaint
IsZoomed
TabbedTextOutW
wsprintfW
GetUpdateRgn
FindWindowW
GetClassInfoA
GetUpdateRect
GetWindowRect
IsDialogMessageW
GetMenuInfo
GetScrollPos
RegisterClassExW
CallWindowProcA

comctl32

ImageList_Write
PropertySheetW
ImageList_ReplaceIcon

kernel32

FindNextFileA
GetModuleHandleW
SleepEx
SetPriorityClass
SetFileAttributesW
lstrlenW
GetFileInformationByHandle
PulseEvent
FindNextFileW
CloseHandle
SetHandleCount
SearchPathW

comdlg32

CommDlgExtendedError
FindTextW

gdi32

IntersectClipRect
SetAbortProc
Escape
TranslateCharsetInfo
CreateHatchBrush
RectInRegion

Exports

Exports

?ewKJtyTtziqexprNgJema@@YGFPADJ@Z
?bpgkcebbfbhakcvr@@YGPA_NG@Z
?myAlWnodzbcqf@@YGPAXH@Z
?srgipxlPNuhxR@@YGDHF@Z
?GbVsnmphpl@@YGGK@Z
?SbnjGDlMhExaSci@@YGII@Z

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd0f40b4766efcd2590f9d915eb961bf

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 276KB

.rsrc Size: 105KB - Virtual size: 105KB

.reloc Size: 1KB - Virtual size: 1KB

9b396d50fb16a11a1881387b74a19f5f

Headers

File Characteristics

PDB Paths

Imports

comdlg32

gdi32

kernel32

user32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 276KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 1KB - Virtual size: 1KB

9cf4d7bcc1f49c1d7a6929a1239d700a

Headers

File Characteristics

PDB Paths

Imports

comdlg32

user32

kernel32

gdi32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 276KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 1KB - Virtual size: 1KB

cec622be61b9c14e8f14a3fe690b2007

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

comctl32

user32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 276KB

.rsrc Size: 105KB - Virtual size: 105KB

.reloc Size: 1KB - Virtual size: 1KB

17209f80b4401c8c7b5c9a21e12aff81

Headers

File Characteristics

PDB Paths

Imports

comdlg32

kernel32

user32

gdi32

Exports

Exports

Sections

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 276KB

.rsrc
Size: 105KB - Virtual size: 105KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 276KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 276KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 276KB

.rsrc
Size: 105KB - Virtual size: 105KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 276KB

.rsrc
Size: 105KB - Virtual size: 105KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 57KB

.xdata
Size: 66KB - Virtual size: 66KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 53KB

.xdata
Size: 67KB - Virtual size: 67KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 53KB

.xdata
Size: 68KB - Virtual size: 68KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB