acc8d4bedefa9af9e7483292b3d50802_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

acc8d4bedefa9af9e7483292b3d50802_JaffaCakes118
Size

1.5MB
MD5

acc8d4bedefa9af9e7483292b3d50802
SHA1

af975b5a1f180ff10328c9660c62092541475e84
SHA256

b858351c289318aed46abdbca55d01ebcfbc4a60c03721e749b3c4b691df4b43
SHA512

14ad7856a4fb34c0712f5862d2f89112d9bf4c601976f7d59b13f0418a5f00dc4a10a8d7a6a826347d53db4d3ee5b5339088cf9b62fcd9818bdc253603e379f7
SSDEEP

24576:pUaxm1eVGJDSM9iLHwguTnH5vbPV+Bf+hDu2POX2H5lJNh7PSElhTJg7oaHldVB8:ea6JDbVTZDOAH5lLhTdTJDaHldHsYaz

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bass.dll
unpack001/libpng15.dll
unpack001/vcmp-game.dll
unpack001/vcmp-steam.dll

Files

acc8d4bedefa9af9e7483292b3d50802_JaffaCakes118
.7z
.appdata
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 100KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
images/chaticons.png
.png
images/cursor.png
.png
images/healthbar1.png
.png
images/healthbar2.png
.png
images/healthbar3.png
.png
images/splash.png
.png
libpng15.dll
.dll windows:5 windows x86 arch:x86

57b88f2885ea68ab14d4fcfc9db0ac0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Projects\src\libpng-1.5.13\projects\vstudio\Release\libpng15.pdb

Imports

kernel32

ExitProcess
lstrlenA
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetLastError
HeapFree
RtlUnwind
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
RaiseException
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
Sleep
GetProcAddress
GetModuleHandleW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
WriteFile
GetModuleFileNameW
HeapCreate
HeapDestroy
MultiByteToWideChar
ReadFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LoadLibraryW
LCMapStringW
GetStringTypeW
SetFilePointer
SetStdHandle
WriteConsoleW
HeapSize
CloseHandle
CreateFileW

Exports

Exports

png_access_version_number
png_benign_error
png_build_grayscale_palette
png_calloc
png_chunk_benign_error
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_XYZ
png_get_cHRM_XYZ_fixed
png_get_cHRM_fixed
png_get_channels
png_get_chunk_cache_max
png_get_chunk_malloc_max
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_current_pass_number
png_get_current_row_number
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_int_32
png_get_interlace_type
png_get_io_chunk_name
png_get_io_chunk_type
png_get_io_ptr
png_get_io_state
png_get_libpng_ver
png_get_mem_ptr
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pHYs_dpi
png_get_pixel_aspect_ratio
png_get_pixel_aspect_ratio_fixed
png_get_pixels_per_inch
png_get_pixels_per_meter
png_get_progressive_ptr
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sCAL_fixed
png_get_sCAL_s
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_16
png_get_uint_31
png_get_uint_32
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_inches
png_get_x_offset_inches_fixed
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_inch
png_get_x_pixels_per_meter
png_get_y_offset_inches
png_get_y_offset_inches_fixed
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_inch
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_longjmp
png_malloc
png_malloc_default
png_malloc_warn
png_permit_mng_features
png_process_data
png_process_data_pause
png_process_data_skip
png_progressive_combine_row
png_read_end
png_read_image
png_read_info
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_alpha_mode
png_set_alpha_mode_fixed
png_set_bKGD
png_set_background
png_set_background_fixed
png_set_benign_errors
png_set_bgr
png_set_cHRM
png_set_cHRM_XYZ
png_set_cHRM_XYZ_fixed
png_set_cHRM_fixed
png_set_check_for_invalid_index
png_set_chunk_cache_max
png_set_chunk_malloc_max
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_error_fn
png_set_expand
png_set_expand_16
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_filter_heuristics_fixed
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gamma_fixed
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_longjmp_fn
png_set_mem_fn
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_progressive_read_fn
png_set_quantize
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sCAL_fixed
png_set_sCAL_s
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_scale_16
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_text_compression_level
png_set_text_compression_mem_level
png_set_text_compression_method
png_set_text_compression_strategy
png_set_text_compression_window_bits
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_png
png_write_row
png_write_rows
png_write_sig

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sa_vehicle.txd
vcmp-game.dll
.dll windows:5 windows x86 arch:x86

508fa452dfc4ab9145e2cd194230d6e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\spero\client\Release\vcmp-game.pdb

Imports

imm32

ImmAssociateContext

ws2_32

connect
getaddrinfo
send
WSAStartup
WSACleanup
WSAIoctl
ioctlsocket
gethostname
inet_ntoa
recvfrom
inet_addr
htons
getsockname
setsockopt
sendto
bind
socket
closesocket
gethostbyname
getsockopt
ntohs
htonl

psapi

GetModuleFileNameExA
GetModuleInformation
EnumProcessModules

kernel32

GetConsoleCP
CreateDirectoryW
FindNextFileW
FindFirstFileExW
GetFileType
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
VirtualFree
VirtualAlloc
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
ResetEvent
FindFirstFileA
FindClose
FindNextFileA
GetFileAttributesA
CreateDirectoryA
MoveFileA
DeleteFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
Sleep
WideCharToMultiByte
MultiByteToWideChar
SetThreadPriority
WaitForSingleObjectEx
FormatMessageA
LocalFree
GetTickCount
GetCurrentThread
ExitProcess
GetCurrentThreadId
GetModuleHandleA
VirtualProtect
GetVolumeInformationA
GetSystemDirectoryA
CreateThread
IsBadReadPtr
SetUnhandledExceptionFilter
GetCommandLineA
DisableThreadLibraryCalls
SystemTimeToFileTime
GlobalLock
GlobalAlloc
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
FatalAppExitA
GlobalFree
GetLocalTime
GetCurrentProcess
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
InterlockedCompareExchange
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualQuery
GetModuleHandleW
LoadLibraryExA
LoadLibraryExW
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
HeapFree
GetProcessHeap
IsProcessorFeaturePresent
SetFilePointerEx
ReadConsoleW
GetConsoleMode
RaiseException
HeapSize
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
DeleteFileW
TlsGetValue
TlsAlloc
TerminateProcess
CreateEventW
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ExitThread
DecodePointer
EncodePointer
HeapAlloc
FlushFileBuffers
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
OutputDebugStringW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
lstrlenA
lstrlenW
GlobalUnlock

user32

MessageBoxA
SetClipboardData
OpenClipboard
EmptyClipboard
GetClipboardData
CloseClipboard
FindWindowA
MsgWaitForMultipleObjects
ScreenToClient
GetWindowRect
GetRawInputData
GetActiveWindow
GetKeyState
FindWindowExA
GetClientRect
CreateMenu
SendMessageA
GetMonitorInfoA
ShowCursor
GetKeyboardState
GetMenu
MonitorFromWindow
GetRawInputDeviceInfoA
SetWindowPos
SetMenu
AppendMenuA
PostMessageA
RegisterRawInputDevices
AdjustWindowRectEx
GetForegroundWindow
TranslateMessage
GetAsyncKeyState
SetRect
SetWindowLongA
GetWindowLongA
SetWindowTextA
CallWindowProcA
DrawTextA
DrawTextW
SetKeyboardState
GetCursorPos

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
SetMapMode
GetCharWidth32A
SetBkColor
SetTextAlign
TextOutA
SetTextColor
GetObjectA
CreateFontIndirectA
SetBkMode
CreateFontA
CreateDIBSection
GetTextMetricsA
DeleteDC

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHCreateDirectoryExA
SHGetFolderPathA

ole32

CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocStringByteLen
CreateErrorInfo
VariantChangeType
VariantInit
SysFreeString
SysStringByteLen
SetErrorInfo
VariantClear
SysAllocString
GetErrorInfo

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcmp-steam.dll
.dll windows:5 windows x86 arch:x86

508fa452dfc4ab9145e2cd194230d6e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\spero\steamclient\Release\vcmp-game.pdb

Imports

imm32

ImmAssociateContext

ws2_32

connect
getaddrinfo
send
WSAStartup
WSACleanup
WSAIoctl
ioctlsocket
gethostname
inet_ntoa
recvfrom
inet_addr
htons
getsockname
setsockopt
sendto
bind
socket
closesocket
gethostbyname
getsockopt
ntohs
htonl

psapi

GetModuleFileNameExA
GetModuleInformation
EnumProcessModules

kernel32

GetConsoleCP
CreateDirectoryW
FindNextFileW
FindFirstFileExW
GetFileType
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
VirtualFree
VirtualAlloc
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
ResetEvent
FindFirstFileA
FindClose
FindNextFileA
GetFileAttributesA
CreateDirectoryA
MoveFileA
DeleteFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
Sleep
WideCharToMultiByte
MultiByteToWideChar
SetThreadPriority
WaitForSingleObjectEx
FormatMessageA
LocalFree
GetTickCount
GetCurrentThread
ExitProcess
GetCurrentThreadId
GetModuleHandleA
VirtualProtect
GetVolumeInformationA
GetSystemDirectoryA
CreateThread
IsBadReadPtr
SetUnhandledExceptionFilter
GetCommandLineA
DisableThreadLibraryCalls
SystemTimeToFileTime
GlobalLock
GlobalAlloc
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
FatalAppExitA
GlobalFree
GetLocalTime
GetCurrentProcess
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
InterlockedCompareExchange
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualQuery
GetModuleHandleW
LoadLibraryExA
LoadLibraryExW
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
HeapFree
GetProcessHeap
IsProcessorFeaturePresent
SetFilePointerEx
ReadConsoleW
GetConsoleMode
RaiseException
HeapSize
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
DeleteFileW
TlsGetValue
TlsAlloc
TerminateProcess
CreateEventW
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ExitThread
DecodePointer
EncodePointer
HeapAlloc
FlushFileBuffers
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
OutputDebugStringW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
lstrlenA
lstrlenW
GlobalUnlock

user32

MessageBoxA
SetClipboardData
OpenClipboard
EmptyClipboard
GetClipboardData
CloseClipboard
FindWindowA
MsgWaitForMultipleObjects
ScreenToClient
GetWindowRect
GetRawInputData
GetActiveWindow
GetKeyState
FindWindowExA
GetClientRect
CreateMenu
SendMessageA
GetMonitorInfoA
ShowCursor
GetKeyboardState
GetMenu
MonitorFromWindow
GetRawInputDeviceInfoA
SetWindowPos
SetMenu
AppendMenuA
PostMessageA
RegisterRawInputDevices
AdjustWindowRectEx
GetForegroundWindow
TranslateMessage
GetAsyncKeyState
SetRect
SetWindowLongA
GetWindowLongA
SetWindowTextA
CallWindowProcA
DrawTextA
DrawTextW
SetKeyboardState
GetCursorPos

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
SetMapMode
GetCharWidth32A
SetBkColor
SetTextAlign
TextOutA
SetTextColor
GetObjectA
CreateFontIndirectA
SetBkMode
CreateFontA
CreateDIBSection
GetTextMetricsA
DeleteDC

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHCreateDirectoryExA
SHGetFolderPathA

ole32

CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocStringByteLen
CreateErrorInfo
VariantChangeType
VariantInit
SysFreeString
SysStringByteLen
SetErrorInfo
VariantClear
SysAllocString
GetErrorInfo

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 100KB - Virtual size: 288KB

.rsrc Size: 576B - Virtual size: 4KB

Size: - Virtual size: 8KB

Size: 4KB - Virtual size: 3KB

57b88f2885ea68ab14d4fcfc9db0ac0e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 182KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

508fa452dfc4ab9145e2cd194230d6e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 291KB - Virtual size: 291KB

.data Size: 38KB - Virtual size: 1.1MB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 70KB - Virtual size: 69KB

508fa452dfc4ab9145e2cd194230d6e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 291KB - Virtual size: 291KB

.data Size: 38KB - Virtual size: 1.1MB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 70KB - Virtual size: 69KB

.rsrc
Size: 576B - Virtual size: 4KB

.text
Size: 183KB - Virtual size: 182KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 291KB - Virtual size: 291KB

.data
Size: 38KB - Virtual size: 1.1MB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 70KB - Virtual size: 69KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 291KB - Virtual size: 291KB

.data
Size: 38KB - Virtual size: 1.1MB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 70KB - Virtual size: 69KB