b03f74adf77cf993a0867c89a6203de8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b03f74adf77cf993a0867c89a6203de8_JaffaCakes118
Size

1.0MB
MD5

b03f74adf77cf993a0867c89a6203de8
SHA1

9d80728595beba093463c3702d08d60eb32ab03b
SHA256

6ca130ba72f20992d5755b69cd67a807c86bd7884ae4e3dc5440dd668ad1a583
SHA512

ca59130f70e4b8228f55df287647faddceb5cea4ac702c898ff9d757d4d20598ec92e2fdd50a29c5b75ba53704b3ec84127bee1302803aa124c17ba059dbbade
SSDEEP

24576:DCccaofUD+Ik/LS8kOe9bF2FuV2yzc/4FE5TUxk7WvLwmFPC2:W/BMDWTkEQ2p/4e5TUa7Wvc8t

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mircciOper/fp/airc.dll
unpack001/mircciOper/mirc.exe
unpack001/mircciOper/system/aircdll.dll
unpack001/mircciOper/tbwin.dll
unpack001/mircciOper/webview/BARS.MDX
unpack001/mircciOper/webview/CTL_GEN.MDX
unpack001/mircciOper/webview/MDX.DLL
unpack001/mircciOper/webview/VIEWS.MDX
unpack001/mircciOper/webview/kTools.dll
unpack001/mircciOper/webview/nHTMLn_2.92.dll
unpack001/mircciOper/webview/sbar.icl

Files

b03f74adf77cf993a0867c89a6203de8_JaffaCakes118
.rar
mircciOper/QueryAcceptor.mrc
.js
mircciOper/QueryAcceptorAddresses.ini
mircciOper/Soru.txt
mircciOper/Thumbs.db
mircciOper/aliases.ini
mircciOper/aliases1.ini
mircciOper/away.txt
mircciOper/badnick.txt
mircciOper/bans.ini
mircciOper/bd.txt
mircciOper/cLones.ini
mircciOper/chan.txt
mircciOper/chans.txt
mircciOper/clonenick.txt
mircciOper/console.bmp
mircciOper/control.ini
mircciOper/fp/Flood_protection.HLP
mircciOper/fp/airc.dll
.dll windows:4 windows x86 arch:x86

2e543c770dda1f4606b43ca954a894d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcpyA
lstrlenA
lstrcmpA
GetTickCount
CloseHandle
lstrcmpiA
ReadFile
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTime
GetFileAttributesA
SearchPathA
CreateFileA
WriteFile
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind

user32

IsWindow
GetWindowTextA
SetMenu
SendMessageA
FindWindowA
wsprintfA
IsMenu
GetMenu
SetWindowTextA

comdlg32

ChooseColorA

Exports

Exports

DllInfo
EvalText
Flood
Flood2
FloodClear
FloodCount
FloodDel
FloodDelMatch
FloodExpire
FloodGet
FloodOptClear
FloodOptCount
FloodOptDel
FloodOptDelMatch
FloodOptGet
FloodOptGetMatch
FloodOptGets
FloodOptLoad
FloodOptNetchan
FloodOptSave
FloodOptSet
GetMircTitle
GetSystemDir
GetTempDir
GetTitle
GetWindowsDir
HideMenuBar
LoadDll
MatchTok
MatchTokString
OptClear
OptCount
OptDel
OptDelMatch
OptGet
OptGetMatch
OptGets
OptNetchan
OptSet
OptTableAdd
OptTableClear
OptTableCount
OptTableDel
OptTableDelMatch
OptTableLoad
OptTableSave
PickColor
SetMircTitle
SetTitle
ShowMenuBar
UnloadDll
UserAdd
UserChrecAdd
UserChrecDel
UserChrecGet
UserChrecIs
UserCopy
UserCount
UserDel
UserDelChanInfo
UserEntryDel
UserEntryDelW
UserEntryGet
UserEntryGetW
UserEntrySet
UserEntrySetW
UserFlagsGet
UserFlagsGetd
UserFlagsGets
UserFlagsSet
UserGet
UserGetChanInfo
UserHost2Flags
UserHost2FlagsD
UserHost2Handle
UserIbeiAdd
UserIbeiChanCount
UserIbeiChanDel
UserIbeiChanGet
UserIbeiCount
UserIbeiDel
UserIbeiExpire
UserIbeiGet
UserIbeiGetn
UserIbeiMatch
UserIs
UserLastonGet
UserLastonSet
UserLoad
UserNetwAdd
UserNetwClear
UserNetwCount
UserNetwDel
UserNetwGet
UserRen
UserSave
UserSetChanInfo
winamp

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mircciOper/fp/flood.mrc
.js
mircciOper/fp/fp_set.ini
mircciOper/fp/fp_set2.ini
mircciOper/info.bmp
mircciOper/kanalkufur.txt
mircciOper/kufur.txt
mircciOper/mirc.exe
.exe windows:4 windows x86 arch:x86

a189d3a382274c0b8ec9c39163370ba5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeSetEvent
timeKillEvent
mciGetErrorStringA
timeGetDevCaps
mixerClose
mixerSetControlDetails
mciGetDeviceIDA
mciSendStringA
timeBeginPeriod
sndPlaySoundA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerGetControlDetailsA

wsock32

WSASetLastError
sendto
getsockname
bind
recvfrom
socket
listen
inet_addr
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSACancelAsyncRequest
ntohl
gethostname
recv
send
htons
connect
WSAGetLastError
accept
WSAAsyncSelect
shutdown
closesocket
ioctlsocket
htonl
WSACleanup
setsockopt
WSAStartup
ntohs

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

comctl32

ImageList_AddMasked
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

kernel32

CreateEventA
GetSystemDefaultLangID
GetLocaleInfoA
GetSystemDefaultLCID
GetWindowsDirectoryA
SetEndOfFile
lstrlenA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
lstrcatA
lstrcpyA
lstrcatW
lstrlenW
lstrcpyW
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
QueryDosDeviceA
GetFileType
GetFileAttributesA
WinExec
WriteFile
MulDiv
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
_lwrite
_lclose
_hwrite
GlobalSize
OpenFile
_hread
_llseek
_lopen
GetCurrentThreadId
lstrcpynA
SetFilePointer
GetLastError
ReadFile
FlushFileBuffers
LoadLibraryA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
lstrcmpA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
SetErrorMode
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetEnvironmentVariableA
GetShortPathNameA
CompareFileTime
GetFileTime
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetTimeZoneInformation
LocalAlloc
LocalReAlloc
LocalFree
GetTempPathA
SizeofResource
CreateThread
TlsGetValue
TlsSetValue
ExitThread
RtlUnwind
HeapFree
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
SetConsoleCtrlHandler
DeleteFileA
MoveFileA
GetACP
GetOEMCP
GetProcAddress
FreeLibrary
GetCurrentThread
SetThreadPriority
SetEvent
Sleep
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
FindResourceA
GetCPInfo
ExitProcess
GetModuleHandleA
TerminateProcess
LoadResource
LockResource
GetSystemTimeAsFileTime
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TlsFree
SetLastError
TlsAlloc
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
InitializeCriticalSection
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
SetEnvironmentVariableW
VirtualProtect
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
GetCurrentProcessId
HeapSize
CompareStringA
CompareStringW
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RemoveDirectoryA
GetDiskFreeSpaceA
CreateDirectoryA

user32

DdeUnaccessData
DdeAccessData
DdeQueryStringA
DdeCreateDataHandle
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
CallWindowProcA
SetKeyboardState
GetKeyboardState
ToAscii
ScrollDC
DrawIconEx
GetMessageA
GetWindowThreadProcessId
ClipCursor
GetSystemMetrics
FlashWindow
RedrawWindow
ShowScrollBar
WindowFromDC
CharLowerBuffA
CharLowerA
GetWindowDC
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
VkKeyScanA
GetKeyboardLayout
CopyAcceleratorTableA
MapVirtualKeyA
CallNextHookEx
GetCapture
CharUpperBuffA
SystemParametersInfoA
DefMDIChildProcA
GetMenuState
IsMenu
RemoveMenu
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemID
TrackPopupMenu
GetMenuCheckMarkDimensions
RegisterWindowMessageA
SetWindowsHookExA
LoadAcceleratorsA
DispatchMessageA
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorA
IsDialogMessageA
GetForegroundWindow
LoadMenuA
PostQuitMessage
DefFrameProcA
RegisterClassExA
UnhookWindowsHookEx
ChildWindowFromPoint
ValidateRect
InvertRect
DefWindowProcA
DrawFrameControl
RegisterClassA
CreateIconIndirect
FindWindowExA
FindWindowA
OffsetRect
SetScrollInfo
EqualRect
DdeFreeDataHandle
SetActiveWindow
SetWindowLongA
SetMenu
GetCursorPos
GetFocus
GetAsyncKeyState
ClientToScreen
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
EnumClipboardFormats
GetClipboardFormatNameA
CreateWindowExA
GetClipboardData
DestroyWindow
CloseClipboard
GetWindowTextLengthA
GetWindowTextA
WinHelpA
LoadStringA
MessageBeep
GetTopWindow
IsZoomed
GetActiveWindow
IsWindow
IsCharAlphaNumericA
GetDesktopWindow
IsIconic
GetDialogBaseUnits
SetDlgItemInt
GetDlgItemInt
GetSystemMenu
CheckMenuItem
LoadCursorA
SetCursor
CreatePopupMenu
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
AppendMenuA
DrawMenuBar
FrameRect
FillRect
SetWindowTextA
GetClientRect
DestroyIcon
LoadImageA
GetParent
DrawFocusRect
GetSysColor
CheckDlgButton
IsWindowEnabled
GetKeyState
IsDlgButtonChecked
PeekMessageA
MsgWaitForMultipleObjects
BeginPaint
EndPaint
SendMessageA
LoadBitmapA
InvalidateRect
UpdateWindow
KillTimer
EndDialog
SetRect
SetFocus
PostMessageA
PtInRect
DdeNameService
DdeUninitialize
DdeDisconnect
DdeFreeStringHandle
DialogBoxParamA
IsChild
InsertMenuA
ModifyMenuA
GetNextDlgTabItem
EnableMenuItem
ChildWindowFromPointEx
GetScrollPos
GetScrollRange
SetScrollPos
CreateMenu
LoadIconA
EnableWindow
ShowWindow
MoveWindow
SetWindowPos
SetTimer
wsprintfA
SetScrollRange
GetIconInfo
DrawIcon
GetDlgCtrlID
DrawTextA
SetCapture
ReleaseCapture
GetWindowPlacement
SetWindowPlacement
SetForegroundWindow
GetMenuStringA
CreateDialogParamA
GetWindow
CopyRect
SendDlgItemMessageA
GetDC
GetDlgItem
GetWindowRect
MapWindowPoints
ReleaseDC
IsWindowVisible
WindowFromPoint
ScreenToClient
GetWindowLongA
BringWindowToTop
GetClassNameA

gdi32

StretchBlt
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
SelectClipRgn
CombineRgn
CreateRectRgn
GetNearestColor
GetDeviceCaps
GetTextExtentPointA
CreateFontIndirectA
GetDIBits
CreateDIBitmap
ExtFloodFill
CreatePatternBrush
Rectangle
RoundRect
SetStretchBltMode
DeleteDC
SetROP2
SetBkMode
ExtTextOutW
EnumFontFamiliesExA
GetTextCharset
StretchDIBits
PtInRegion
CreatePolygonRgn
GetTextExtentPointW
Polyline
SetPixel
ExcludeClipRect
CreateBitmap
PatBlt
SetWindowOrgEx
GetObjectType
CreateRectRgnIndirect
SetBrushOrgEx
CreateCompatibleDC
GetObjectA
Ellipse
BitBlt
RectInRegion
CreateFontA
CreateSolidBrush
CreateHatchBrush
GetTextMetricsA
SetTextColor
SetBkColor
ExtTextOutA
DeleteObject
SelectObject
GetStockObject
GetPixel
SetPixelV

comdlg32

ChooseFontA
CommDlgExtendedError
ChooseColorA

advapi32

RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconA
SHBrowseForFolderA
SHFileOperationA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
DragQueryPoint
DragQueryFileA
DragFinish
ExtractIconExA
ExtractIconA
FindExecutableA
ShellExecuteA
DragAcceptFiles

ole32

ProgIDFromCLSID
CoCreateInstance
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
OleUninitialize
OleInitialize

oleaut32

SetErrorInfo
LoadRegTypeLi
VariantCopy
DispGetParam
VarR8FromCy
VarR8FromDate
VarCyFromR8
VarDateFromR8
VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mircciOper/mirc.ini
mircciOper/mp3.cs
.js
mircciOper/mp3.ini
mircciOper/note.txt
mircciOper/popups.ini
mircciOper/proxys.txt
mircciOper/reklam.txt
mircciOper/remote.ini
mircciOper/script.ini
mircciOper/script1.cs
.js
mircciOper/script1.ini
mircciOper/script10.ini
.js
mircciOper/script11.ini
mircciOper/script2.ini
mircciOper/script3.ini
mircciOper/script4.cs
mircciOper/script4.ini
mircciOper/script5.ini
mircciOper/script6.ini
mircciOper/script7.ini
mircciOper/script8.ini
mircciOper/script9.ini
mircciOper/servers.ini
mircciOper/system/aircdll.dll
.dll windows:4 windows x86 arch:x86

cd7ac7a60fb2b85c40d924a30415cd36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
HeapFree
GetProcessHeap
GetTickCount
lstrcpyA
lstrlenA
lstrcmpA
HeapAlloc
GetSystemDirectoryA

user32

SetWindowTextA
IsWindow
GetWindowTextA
wsprintfA

Exports

Exports

DLLInfo
Flood
Flood2
FloodClear
FloodDel
FloodDelMatch
FloodExpire
FloodGet
FloodOptClear
FloodOptDel
FloodOptDelMatch
FloodOptGet
FloodOptSet
GetMircTitle
GetSystemDir
GetTitle
GetWindowsDir
LoadDll
SetMircTitle
SetTitle
UnloadDll

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 398B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mircciOper/system/bots.mrc
.js
mircciOper/system/core.mrc
mircciOper/system/yedek_bots.mrc
.js
mircciOper/tbwin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Attach
Detach
GetMouse
GetTBInfo
LoadDll
OnMouse
OnSize
Select
UnloadDll

Sections

CODE
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 213B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mircciOper/temp.bmp
mircciOper/time.bmp
mircciOper/webview/BARS.MDX
.dll windows:4 windows x86 arch:x86

99eee5c933b3e274b3f9aa164c57762c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

InvalidateRect
PostMessageA
SendMessageA
SetWindowLongA
DestroyIcon
CallWindowProcA
GetWindowLongA
DefWindowProcA
CreateWindowExA
DestroyWindow
GetKeyState
LoadIconA
GetClientRect
FillRect
LoadImageA
GetParent
EnableWindow

gdi32

GetObjectA
CreateBrushIndirect
DeleteDC
Rectangle
CreatePen
SelectObject
StretchBlt
BitBlt
CreateCompatibleDC
DeleteObject

shell32

ExtractIconExA

comctl32

ImageList_ReplaceIcon
ImageList_Add
ImageList_Replace
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

msvcrt

??2@YAPAXI@Z
malloc
_adjust_fdiv
_initterm
free
_itoa
_stricmp
strncpy
__CxxFrameHandler
atoi
??3@YAXPAX@Z

kernel32

DisableThreadLibraryCalls

Exports

Exports

getMDXHeader

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mircciOper/webview/CTL_GEN.MDX
.dll windows:4 windows x86 arch:x86

36f31ad565ef7d1c14a9e5b079ac75ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
DisableThreadLibraryCalls
ReadFile
LoadLibraryA
CloseHandle
FreeLibrary

user32

PostMessageA
CallWindowProcA
GetScrollPos
LoadImageA
SetWindowPos
EnableWindow
GetScrollInfo
MoveWindow
DestroyWindow
SetCursor
UnregisterClassA
RegisterClassA
SendMessageA
GetCursorPos
ScreenToClient
DefWindowProcA
GetWindowLongA
SetWindowLongA
MessageBoxA
ClientToScreen
GetWindowRect
CreateWindowExA
GetParent
GetClientRect
GetSysColorBrush
FillRect
BeginPaint
GetSysColor
EndPaint
GetCursor
SetScrollPos
SetScrollInfo

gdi32

LineTo
MoveToEx
CreatePen
DeleteObject
SelectObject

comctl32

InitCommonControlsEx

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetMalloc

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
free
strchr
__CxxFrameHandler
??2@YAPAXI@Z
atoi
strncpy
wcslen
??3@YAXPAX@Z
_onexit
_stricmp
_itoa

Exports

Exports

getMDXHeader

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mircciOper/webview/MDX.DLL
.dll windows:4 windows x86 arch:x86

34b86dab5c0b41a24220fe3732aef3a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
WaitForSingleObject
ReleaseMutex
CreateFileMappingA
UnmapViewOfFile
CloseHandle
GetProcAddress
SetLastError
GetModuleFileNameA
LoadLibraryA
GetLastError
FreeLibrary
GlobalSize
GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
GetCurrentProcessId
CreateMutexA

user32

SetWindowPos
GetWindowLongA
PostMessageA
DrawTextA
CreateWindowExA
SetWindowLongA
GetSysColorBrush
RedrawWindow
ChildWindowFromPointEx
GetParent
GetDlgCtrlID
GetWindowRect
ScreenToClient
MoveWindow
GetActiveWindow
SendMessageA
GetDlgItem
SetFocus
ShowWindow
InvalidateRgn
DestroyIcon
GetSysColor
CallWindowProcA
GetClientRect
GetClassNameA
EnumChildWindows
DestroyWindow
EnableWindow
MapWindowPoints
GetWindow
RegisterClipboardFormatA
LoadStringA

gdi32

DeleteDC
GetTextFaceA
GetTextMetricsA
SelectObject
CreateCompatibleDC
DeleteObject
GetObjectA
CreateFontIndirectA
CreateBrushIndirect
GetStockObject
GetBkColor
GetTextColor
SetTextColor
SetBkColor

shell32

ExtractIconExA
DragQueryFileA

ole32

ReleaseStgMedium

msvcrt

_initterm
_onexit
malloc
sprintf
vsprintf
__dllonexit
atoi
strtol
strncpy
_adjust_fdiv
_strdup
__CxxFrameHandler
??2@YAPAXI@Z
free
_stricmp
_itoa
??3@YAXPAX@Z

Exports

Exports

ControlFromPoint
ConvertCoords
DLLInfo
DynamicControl
ErrorInfo
GetFont
LoadDll
MarkDialog
MoveControl
Remove
SetBorderStyle
SetColor
SetControlMDX
SetDialog
SetFont
SetMDXStyle
SetMircVersion

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mircciOper/webview/VIEWS.MDX
.dll windows:4 windows x86 arch:x86

07056cc36c129798d605c78512f748e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetLastError
GlobalFree
GlobalLock
GlobalUnlock
GetCurrentProcessId

user32

CallWindowProcA
SendMessageA
SetTimer
InvalidateRect
KillTimer
LoadStringA
MapWindowPoints
DestroyIcon
RedrawWindow
DefWindowProcA
GetWindowLongA
PostMessageA
LoadIconA
UpdateWindow
GetScrollInfo
SetScrollInfo
ScreenToClient
SetWindowLongA
SetFocus
GetClientRect
MessageBoxA
GetSysColorBrush
FillRect
GetSysColor
GetFocus
GetCursorPos

gdi32

GetBkColor
SetTextColor
CreateDIBPatternBrushPt
SelectObject
PatBlt
CreateSolidBrush
DeleteObject
SetBkMode
SetBkColor
GetTextExtentPoint32A
Ellipse
CreateRectRgnIndirect
SelectClipRgn

shell32

DragQueryFileA
ExtractIconExA

comctl32

InitCommonControlsEx
ImageList_SetOverlayImage
ImageList_Remove
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
DoDragDrop
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
atoi
free
vsprintf
__CxxFrameHandler
malloc
_adjust_fdiv
_itoa
_initterm
_stricmp
_strnicmp
_strdup
_purecall

Exports

Exports

getMDXHeader

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mircciOper/webview/WBVreadme.txt
mircciOper/webview/fvr.hsh
mircciOper/webview/kTools.dll
.dll windows:4 windows x86 arch:x86

c01152398391dfa538915a1eefe78c32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Brad\My Documents\Shattered\kTools\Release\kTools.pdb

Imports

kernel32

MapViewOfFile
CreateFileMappingA
GetPrivateProfileStringA
lstrcpyA
lstrcmpiA
CloseHandle
UnmapViewOfFile
HeapSize
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
InitializeCriticalSection
HeapReAlloc
VirtualAlloc
LoadLibraryA
RtlUnwind
GetLocaleInfoA
ExitProcess
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

user32

FindWindowExA
SetFocus
CallWindowProcA
PostMessageA
GetClientRect
GetDlgItem
MoveWindow
SetParent
CreateWindowExA
GetWindowRect
IsWindow
DestroyWindow
GetDC
DrawTextA
GetWindowLongA
SetWindowLongA
SendMessageA
wsprintfA
MessageBoxA

shell32

ExtractIconExA

Exports

Exports

CountIcons
CreatePb
CreateSb
DestroyPb
DestroySb
DllInfo
DockSwitchbar
DockToolbar
DockWindow
LoadDll
PbSetBarColor
PbSetBgColor
PbSetParts
PbSetText
SbAutoResize
SbSetBgColor
SbSetIcon
SbSetPadding
SbSetParts
SbSetText
SbSetTipText
UnDock
UnloadDll
dkChangeSide

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mircciOper/webview/nHTMLn_2.92.dll
.dll windows:4 windows x86 arch:x86

69f3875ae7b4d0c7b04ae076dd01174e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
HeapAlloc
HeapFree
HeapReAlloc
lstrcmpA
lstrcpyA
GetProcessHeap
MapViewOfFile
CreateFileMappingA
CloseHandle
UnmapViewOfFile

user32

SendMessageA
wsprintfA
GetClassNameA
GetClientRect
CallWindowProcA
FindWindowExA
GetDesktopWindow
SetCursor
LoadCursorA
GetDlgItem
SetCapture
ReleaseCapture
IsWindow
EnumChildWindows
GetWindowTextA
SetWindowLongA
ShowWindow

ole32

OleUninitialize
OleInitialize
CoGetClassObject

oleaut32

DispGetParam
VariantClear
SysFreeString
VariantInit

Exports

Exports

LoadDll
UnloadDll
attach
back
caption
capture
cursor
detach
find
forward
handler
home
item
margins
name
navigate
print
ready
refresh
release
search
select
selected
stop
url
version
zoom

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mircciOper/webview/ngs.hsh
mircciOper/webview/sbar.icl
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mircciOper/webview/wbv.mrc
.js

Sharing

General

Malware Config

Signatures

Files

2e543c770dda1f4606b43ca954a894d7

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 3KB

a189d3a382274c0b8ec9c39163370ba5

Headers

File Characteristics

Imports

winmm

wsock32

version

mpr

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 16KB - Virtual size: 172KB

.rsrc Size: 244KB - Virtual size: 242KB

cd7ac7a60fb2b85c40d924a30415cd36

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1024B - Virtual size: 910B

.data Size: 512B - Virtual size: 372B

.reloc Size: 512B - Virtual size: 398B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 19KB - Virtual size: 19KB

DATA Size: 512B - Virtual size: 220B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 213B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 512B

99eee5c933b3e274b3f9aa164c57762c

Headers

File Characteristics

Imports

user32

gdi32

shell32

comctl32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 16KB - Virtual size: 172KB

.rsrc
Size: 244KB - Virtual size: 242KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1024B - Virtual size: 910B

.data
Size: 512B - Virtual size: 372B

.reloc
Size: 512B - Virtual size: 398B

CODE
Size: 19KB - Virtual size: 19KB

DATA
Size: 512B - Virtual size: 220B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 213B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB