a4a9b773f9fc15d1d3d51467c041c169_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4a9b773f9fc15d1d3d51467c041c169_JaffaCakes118
Size

1.1MB
MD5

a4a9b773f9fc15d1d3d51467c041c169
SHA1

1a6af110fc19508aab8592d3c6705ecaa674c7b4
SHA256

cf6165f99beeff17e22fa898e079b02ad5cb304124c95cf50d5e6cc4d209144f
SHA512

fba009a999a90bfda7f224e2c9039d8aaeb127b7b3d586a02e5c6ff5e8c99ae291a1e9f2abf3c79f576ef6af88b57e45b89aea07776a8f20dedffa8e7fda9e9a
SSDEEP

24576:SKCn6QoDqaKIoia36rHXSkpV1AhkjTrjHWsUyU0kkdFnf:Sln6lDa6rXDvhT3x40Nnf

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6132123637/Lib/libbz2.dll
unpack001/6132123637/Lib/libbz2d.dll
unpack001/6132123637/Lib/pthreadVC.dll
unpack001/6132123637/Lib/pthreadVCE.dll
unpack001/6132123637/Lib/pthreadVSE.dll
unpack001/6132123637/Lib/zlib.dll

Files

a4a9b773f9fc15d1d3d51467c041c169_JaffaCakes118
.rar
6132123637/Helper/Assert.h
6132123637/Helper/Base64.h
6132123637/Helper/CRC.h
6132123637/Helper/CRC32.h
6132123637/Helper/Callback.h
6132123637/Helper/CompressX.h
6132123637/Helper/DeleteSelf.h
6132123637/Helper/ErrorHandle.h
.js
6132123637/Helper/File.h
6132123637/Helper/File.h.bak
6132123637/Helper/FileHelper.h
6132123637/Helper/FileVer.h
6132123637/Helper/FileVer.h.bak
6132123637/Helper/GuidTools.h
6132123637/Helper/Helper.h
6132123637/Helper/HzxCipher.h
6132123637/Helper/IdMgr.h
6132123637/Helper/IniFile.h
6132123637/Helper/Int2Type.h
6132123637/Helper/JobPool.h
.js
6132123637/Helper/LateOperator.h
6132123637/Helper/LinkLib.h
6132123637/Helper/LinkList.h
6132123637/Helper/Lock.h
6132123637/Helper/LoopBuffer.h
6132123637/Helper/MemPool.h
6132123637/Helper/NullType.h
6132123637/Helper/ObjectGroup.h
6132123637/Helper/Path.h
6132123637/Helper/Preprocessor.h
6132123637/Helper/QuickMemMgr.h
6132123637/Helper/RegKeyEx.h
6132123637/Helper/STLport移植-补充.txt
6132123637/Helper/ScopeGuard.h
.js
6132123637/Helper/ShortcutHelper.h
6132123637/Helper/Singleton.h
6132123637/Helper/SmartHandle.h
6132123637/Helper/SmartHandle.h.bak
6132123637/Helper/StringEx.h
6132123637/Helper/SyncObject.h
6132123637/Helper/Time.h
6132123637/Helper/Type2Type.h
6132123637/Helper/Types.h
6132123637/Helper/UnCompressX.h
6132123637/Helper/Utility.h
6132123637/Helper/Wait_result.h
6132123637/Helper/WorkQueue.h
6132123637/Helper/array.h
6132123637/Helper/base.h
6132123637/Helper/circle_buf.h
6132123637/Helper/circle_buffer.h
6132123637/Helper/environment.h
6132123637/Helper/md5.h
6132123637/Helper/memptr.h
6132123637/Helper/process_helper.h
6132123637/Helper/programmer-13-memory-pool.htm
.html
6132123637/Helper/pthread.h
6132123637/Helper/scope_guard.h
.js
6132123637/Helper/service2k_helper.h
6132123637/Helper/service9x_helper.h
6132123637/Helper/service_helper.h
6132123637/Helper/share_mem.h
6132123637/Helper/static_check.h
6132123637/Helper/thread.h
6132123637/Helper/thread1.h
6132123637/Helper/trace.h
6132123637/Helper/tree.hxx
6132123637/Helper/typedef.h
6132123637/Helper/ustring.cpp
6132123637/Helper/ustring.h
6132123637/Helper/vssver.scc
6132123637/Helper/wlist.h
6132123637/Lib/BoostLib.lib
6132123637/Lib/BoostLibD.lib
6132123637/Lib/BoostLibMT.lib
6132123637/Lib/BoostLibMTD.lib
6132123637/Lib/BoostLibMTVC.lib
6132123637/Lib/BoostLibMTVCD.lib
6132123637/Lib/BoostThread.lib
6132123637/Lib/BoostThreadD.lib
6132123637/Lib/BoostThreadVC.lib
6132123637/Lib/BoostThreadVCD.lib
6132123637/Lib/CompressX.lib
6132123637/Lib/Helper.lib
6132123637/Lib/HelperD.lib
6132123637/Lib/HelperVC.lib
6132123637/Lib/HelperVCD.lib
6132123637/Lib/IMPLODE.LIB
6132123637/Lib/libbz2.dll
.dll windows:4 windows x86 arch:x86

ff85eb199ab4b34429ba6cf3e0179101

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsSetValue
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
GetLastError
WriteFile
FlushFileBuffers
ReadFile
CloseHandle
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCurrentThreadId
EnterCriticalSection
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
SetFilePointer
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
SetEndOfFile

Exports

Exports

BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6132123637/Lib/libbz2.lib
6132123637/Lib/libbz2d.dll
.dll windows:4 windows x86 arch:x86

4763c67bdc12e7e1e61c92f6ac90fff8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
FatalAppExitA
GetModuleHandleA
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
GetLastError
VirtualFree
VirtualAlloc
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
FlushFileBuffers
ReadFile
EnterCriticalSection
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetConsoleCtrlHandler
SetFilePointer
SetStdHandle
CreateFileA
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
Sleep
LCMapStringA
LCMapStringW
SetEndOfFile
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite

Sections

.text
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6132123637/Lib/libbz2d.lib
6132123637/Lib/liblzo.lib
6132123637/Lib/lzo.lib
6132123637/Lib/lzoDll.lib
6132123637/Lib/lzoLib.lib
6132123637/Lib/lzoLibD.lib
6132123637/Lib/lzoLibS.lib
6132123637/Lib/lzoLibSD.lib
6132123637/Lib/lzoLibVC.lib
6132123637/Lib/lzoLibVCD.lib
6132123637/Lib/pthreadVC.dll
.dll windows:4 windows x86 arch:x86

47d29bd32539a986a535ed88fcc5af59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

SetThreadPriority
GetThreadPriority
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
GetProcessAffinityMask
CloseHandle
TlsSetValue
LoadLibraryA
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
Sleep
InterlockedIncrement
DuplicateHandle
DeleteCriticalSection
CreateEventA
WaitForMultipleObjects
InitializeCriticalSection
FreeLibrary

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6132123637/Lib/pthreadVC.lib
6132123637/Lib/pthreadVCE.dll
.dll windows:4 windows x86 arch:x86

47d29bd32539a986a535ed88fcc5af59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

SetThreadPriority
GetThreadPriority
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
GetProcessAffinityMask
CloseHandle
TlsSetValue
LoadLibraryA
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
Sleep
InterlockedIncrement
DuplicateHandle
DeleteCriticalSection
CreateEventA
WaitForMultipleObjects
InitializeCriticalSection
FreeLibrary

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6132123637/Lib/pthreadVCE.lib
6132123637/Lib/pthreadVSE.dll
.dll windows:4 windows x86 arch:x86

47d29bd32539a986a535ed88fcc5af59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

SetThreadPriority
GetThreadPriority
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
GetProcessAffinityMask
CloseHandle
TlsSetValue
LoadLibraryA
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
Sleep
InterlockedIncrement
DuplicateHandle
DeleteCriticalSection
CreateEventA
WaitForMultipleObjects
InitializeCriticalSection
FreeLibrary

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6132123637/Lib/pthreadVSE.lib
6132123637/Lib/vssver.scc
6132123637/Lib/zlib.dll
.dll windows:4 windows x86 arch:x86

e5c5650f0b0c0414d7e983aacdedc6c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
vsprintf
fflush
fseek
rewind
fputc
malloc
ftell
fprintf
_fdopen
fopen
sprintf
calloc
_initterm

kernel32

GlobalAlloc
GetVersion
GlobalFree

Exports

Exports

adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipWriteInFileInZip
zlibVersion

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6132123637/Lib/zlib.lib
6132123637/Lib/zlibstat.lib
6132123637/Lib/zzlib.lib
6132123637/Net/AdaptersInfo.h
6132123637/Net/DDKLBLInc.h
6132123637/Net/EventSocket.h
6132123637/Net/EventSocket1.h
6132123637/Net/ICMP.H
6132123637/Net/IGMP.H
6132123637/Net/IN.H
6132123637/Net/IN_SYSTM.H
6132123637/Net/IP.H
6132123637/Net/IP_ICMP.H
6132123637/Net/IP_MROUT.H
6132123637/Net/IpAddressChange.h
6132123637/Net/MacAddress.h
6132123637/Net/RasError.h
6132123637/Net/RasInfo.h
6132123637/Net/RouteChange.h
6132123637/Net/RouteInfo.h
6132123637/Net/Sock.h
6132123637/Net/SockAddr.h
6132123637/Net/SockBase.h
6132123637/Net/TCP.H
6132123637/Net/UDP.H
6132123637/Net/Wait_result.h
6132123637/Net/arp.h
6132123637/Net/atl_icmpcom.zip
.zip
CICMPCom.cpp
CICMPCom.h
CICMPCom.rgs
CPDIcmpcom.h
CPIcmpcom.h
Icmpcom.aps
Icmpcom.clw
Icmpcom.cpp
Icmpcom.def
Icmpcom.dsp
Icmpcom.dsw
Icmpcom.h
Icmpcom.idl
Icmpcom.ncb
Icmpcom.opt
Icmpcom.plg
Icmpcom.rc
Icmpcom.tlb
Icmpcom_i.c
Icmpcom_p.c
Icmpcomps.def
Icmpcomps.mk
PingParmList.h
StdAfx.cpp
StdAfx.h
dlldata.c
icmpcom.html
.html
ipexport.h
ping/ICMPComEvents.cpp
ping/ICMPComEvents.h
ping/ReadMe.txt
ping/StdAfx.cpp
ping/StdAfx.h
ping/icmpcom.cpp
ping/icmpcom.h
ping/ping.aps
ping/ping.clw
ping/ping.cpp
ping/ping.dsp
ping/ping.dsw
ping/ping.h
ping/ping.ncb
ping/ping.opt
ping/ping.plg
ping/ping.rc
ping/pingDlg.cpp
ping/pingDlg.h
ping/res/ping.ico
ping/res/ping.rc2
ping/resource.h
resource.h
vbping/atlrun.frm
vbping/atlrun.frx
vbping/vbping.vbp
vbping/vbping.vbw
6132123637/Net/ethernet.h
6132123637/Net/ethertype.h
6132123637/Net/vssver.scc
6132123637/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

ff85eb199ab4b34429ba6cf3e0179101

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 23KB

.reloc Size: 4KB - Virtual size: 3KB

4763c67bdc12e7e1e61c92f6ac90fff8

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 308KB - Virtual size: 305KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 24KB - Virtual size: 30KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

47d29bd32539a986a535ed88fcc5af59

Headers

File Characteristics

Imports

msvcrt

wsock32

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

47d29bd32539a986a535ed88fcc5af59

Headers

File Characteristics

Imports

msvcrt

wsock32

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

47d29bd32539a986a535ed88fcc5af59

Headers

File Characteristics

Imports

msvcrt

wsock32

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

e5c5650f0b0c0414d7e983aacdedc6c6

Headers

File Characteristics

Imports

crtdll

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 23KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 308KB - Virtual size: 305KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 24KB - Virtual size: 30KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 1024B - Virtual size: 692B