b438629a8c11532b86754837bf3b694c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b438629a8c11532b86754837bf3b694c_JaffaCakes118
Size

4.4MB
MD5

b438629a8c11532b86754837bf3b694c
SHA1

3281561653869c86c4cf78c68e85d1f0dad73c73
SHA256

6ff9b4e2c4d92ff6af10b13690fce059cfe164c94178e10a054a8806ab2fb533
SHA512

566b21cdd3337945f8d954a9801136750cf73f7e2481c95488f7390f51b7247808697ad3130d32399fcb3514fef5aa80c134895a0b2c6597348f4b7da1392ac7
SSDEEP

98304:U79Jt3G9UnNiq0nyIN7O9K4UU/N2r7OEMithcxcZ4bWUZSduR:U709UnYqmyIN7OdD/m6Evtyc4ZZauR

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 7 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Filters/DeDynamic.AX	acprotect
static1/unpack001/Filters/Gabest/AviSplitter.AX	acprotect
static1/unpack001/Filters/Gabest/CDDAReader.AX	acprotect
static1/unpack001/Filters/Gabest/CDXAReader.AX	acprotect
static1/unpack001/Filters/Gabest/FlicSource.AX	acprotect
static1/unpack001/Filters/Gabest/MatroskaSplitter.AX	acprotect
static1/unpack001/Filters/Gabest/RealMediaSplitter.AX	acprotect

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
b438629a8c11532b86754837bf3b694c_JaffaCakes118
unpack001/$PLUGINSDIR/INSTALLOPTIONS.DLL
unpack001/$PLUGINSDIR/KILLPROCDLL.DLL
unpack001/$PLUGINSDIR/STARTMENU.DLL
unpack001/ConvertIt/ConvertIt.EXE
unpack001/Filters/DeDynamic.AX
unpack001/Filters/Gabest/AviSplitter.AX
unpack001/Filters/Gabest/CDDAReader.AX
unpack001/Filters/Gabest/CDXAReader.AX
unpack001/Filters/Gabest/FlicSource.AX
unpack001/Filters/Gabest/MatroskaSplitter.AX
unpack001/Filters/Gabest/RealMediaSplitter.AX
unpack001/NetPlug1.EXE
unpack001/UnInst.EXE
unpack001/ViPlay.EXE

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/UnInst.EXE	nsis_installer_1

Files

b438629a8c11532b86754837bf3b694c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1bed3305885b0ca596d9cbba22baf78a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
CreateWindowExA
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
GetDlgItem
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
SetClipboardData
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INSTALLOPTIONS.DLL
.dll windows:4 windows x86 arch:x86

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
MapWindowPoints
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadImageA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KILLPROCDLL.DLL
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/STARTMENU.DLL
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
ConvertIt/ConvertIt.DAT
.zip
PLEDIT.CFG
addfile.bmp
loadlist.bmp
newlist.bmp
plclose.bmp
pledit.bmp
plminimize.bmp
plnext.bmp
plpause.bmp
plplay.bmp
plprev.bmp
plstop.bmp
removefile.bmp
savelist.bmp
scrollbar.bmp
ConvertIt/ConvertIt.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

��٠�
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��??
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ViPConv!
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Filters/DeDynamic.AX
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

LordFox
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Filters/Gabest/AviSplitter.AX
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

LordFox
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Filters/Gabest/CDDAReader.AX
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

LordFox
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Filters/Gabest/CDXAReader.AX
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

LordFox
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Filters/Gabest/FlicSource.AX
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

LordFox
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Filters/Gabest/MatroskaSplitter.AX
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

LordFox
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Filters/Gabest/RealMediaSplitter.AX
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

LordFox
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GIF.GIF
.jpg
Langs/Chinese_gb2312.lng
Langs/English.lng
NetPlug1.DOC
.doc windows office2003
NetPlug1.EXE
.exe windows:4 windows x86 arch:x86

ecce19cf2b4601ed3791a1430af4320b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegOpenKeyExA

comctl32

InitCommonControlsEx

gdi32

GetStockObject

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA

user32

LoadIconA

Sections

tnx
Size: 38KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Skins/Alisio.VSZ
.zip
FSMAIN.BMP
FSSKIN.CFG
MAIN.BMP
PLEDIT.CFG
PLadd.bmp
PLall.bmp
PLinvert.bmp
PLnone.bmp
PLopen.bmp
PLremove.bmp
PLsave.bmp
Pledit.bmp
README.TXT
SKIN.CFG
audiopen.bmp
audiostream.bmp
close.bmp
desktop.bmp
dropindicator.bmp
exit.bmp
fullscreen.bmp
minimize.bmp
next.bmp
numbers.bmp
offsetdown.bmp
offsetleft.bmp
offsetright.bmp
offsetup.bmp
ontop.bmp
open.bmp
pause.bmp
play.bmp
playlist.bmp
posbar.bmp
preferences.bmp
previous.bmp
repeat.bmp
screenshot.bmp
scrollbar.bmp
seekback.bmp
seekfwd.bmp
shuffle.bmp
skin.bmp
stop.bmp
subopen.bmp
subtitles.bmp
text.bmp
voldec.bmp
volinc.bmp
volmute.bmp
volume.bmp
zoomdec.bmp
zoominc.bmp
zoomzero.bmp
Skins/Alize.VSZ
.zip
FSMAIN.BMP
FSSKIN.CFG
MAIN.BMP
PLEDIT.CFG
PLadd.bmp
PLall.bmp
PLinvert.bmp
PLnone.bmp
PLopen.bmp
PLremove.bmp
PLsave.bmp
Pledit.bmp
README.TXT
SKIN.CFG
audiopen.bmp
audiostream.bmp
close.bmp
desktop.bmp
dropindicator.bmp
exit.bmp
fullscreen.bmp
minimize.bmp
next.bmp
numbers.bmp
offsetdown.bmp
offsetleft.bmp
offsetright.bmp
offsetup.bmp
ontop.bmp
open.bmp
pause.bmp
play.bmp
playlist.bmp
posbar.bmp
preferences.bmp
previous.bmp
repeat.bmp
screenshot.bmp
scrollbar.bmp
seekback.bmp
seekfwd.bmp
shuffle.bmp
skin.bmp
stop.bmp
subopen.bmp
subtitles.bmp
text.bmp
voldec.bmp
volinc.bmp
volmute.bmp
volume.bmp
zoomdec.bmp
zoominc.bmp
zoomzero.bmp
Skins/Cool.VSZ
.zip
BT-Desk.bmp
BT-EXIT.bmp
BT-Fscreen.bmp
BT-MINI.bmp
BT-ONTOP.bmp
BT-PAUSE.bmp
BT-PLAY.bmp
BT-Repeat.bmp
BT-STOP.bmp
BT-Shuffle.bmp
BT-close.bmp
BT-next.bmp
BT-open.bmp
BT-plist.bmp
BT-prev.bmp
Cool.bmp
Dropindicator.bmp
FS-Line.bmp
FS-Pause.bmp
FS-Play.bmp
FS-main.bmp
FSSKIN.CFG
Fs-Text.bmp
MAIN.bmp
Mute.bmp
PL-Add.bmp
PL-All.bmp
PL-Deselect.bmp
PL-Invert.bmp
PL-Load.bmp
PL-Remove.bmp
PL-Save.bmp
PLEDIT.CFG
Pl-Exit.bmp
Pl-Play.bmp
Playlist.bmp
Pref.bmp
Progress.bmp
README.TXT
SKIN.CFG
Screenshot.bmp
Scrollbar.bmp
Time.bmp
Voleq.bmp
text.bmp
Skins/DivX Player Clone.VSZ
.zip
README.TXT
SKIN.CFG
duration.bmp
exit.bmp
fullscreen.bmp
main.bmp
menu.bmp
minimize.bmp
next.bmp
open.bmp
pause.bmp
play.bmp
prev.bmp
progress.bmp
screenshot.bmp
stop.bmp
text.bmp
time.bmp
volume.bmp
Skins/HARDCoRE Player.VSZ
.zip
README.TXT
SHUFFLE.BMP
SKIN.CFG
bminus.bmp
boption.bmp
boptions.bmp
bpad.bmp
bpl.bmp
bplus.bmp
close.bmp
duration.bmp
exit.bmp
fast.bmp
ff.bmp
fullscreen.bmp
main.bmp
menu.bmp
minimize.bmp
mute.bmp
newlist.bmp
next.bmp
normal.bmp
numbers.bmp
onthetop.bmp
open.bmp
pause.bmp
play.bmp
posbar.bmp
prev.bmp
repeat.bmp
rew.bmp
screenshot.bmp
skins.bmp
slow.bmp
stop.bmp
sub.bmp
text.bmp
volume.bmp
Skins/HighSea.VSZ
.zip
BToptions.bmp
Dropindicator.bmp
Main.bmp
PL-Add.bmp
PL-All.bmp
PL-Deselect.bmp
PL-Invert.bmp
PL-Load.bmp
PL-Remove.bmp
PL-Save.bmp
PLEDIT.CFG
Phyloo.bmp
Pl-Exit.bmp
Pl-Play.bmp
Playlist.bmp
README.TXT
SKIN.CFG
Scrollbar.bmp
bt100.bmp
bt200.bmp
bt50.bmp
btclose.bmp
btdesk.bmp
btexit.bmp
btfscreen.bmp
btmini.bmp
btmute.bmp
btnext.bmp
btontop.bmp
btopen.bmp
btpause.bmp
btplay.bmp
btplist.bmp
btprev.bmp
btrepeat.bmp
btshuffle.bmp
btstop.bmp
ontop.bmp
progress.bmp
screenshot.bmp
time.bmp
volume.bmp
Skins/INTERLUDE.VSZ
.zip .ps1 polyglot
Audio.bmp
Backward.bmp
Bookmark.bmp
Close.bmp
Deskmode.bmp
Dropindicator.bmp
Dynamic.bmp
Exit.bmp
Forward.bmp
Fullscreen.bmp
Goto.bmp
Light.bmp
List.bmp
MAIN.bmp
Minimize.bmp
MoveDown.bmp
MoveLeft.bmp
MoveRight.bmp
MoveUp.bmp
Mute.bmp
Next.bmp
OnTop.bmp
Open.bmp
OpenDVD.bmp
Options.bmp
PLAYLIST.bmp
PLEDIT.CFG
PLadd.bmp
PLopen.bmp
PLrem.bmp
PLsave.bmp
PLsel.bmp
PLsort.bmp
Pause.bmp
Play.bmp
Posbar.bmp
Previous.bmp
README.TXT
Repeat.bmp
SKIN.CFG
Scrollbar.bmp
Shuffle.bmp
Speed05.bmp
Speed1.bmp
Speed2.bmp
SpeedCycle.bmp
Stop.bmp
Sub.bmp
Text.bmp
Time.bmp
Volume.bmp
ZoomCycle.bmp
ZoomMenu.bmp
ZoomMin.bmp
ZoomPlus.bmp
ZoomReset.bmp
ZoomYmin.bmp
ZoomYplus.bmp
Skins/KENWOOD RD-VH7PC.VSZ
.zip
Skins/MPlayer.VSZ
.zip
Skins/Magellan.VSZ
.zip
Skins/MicroDVD Clone.VSZ
.zip
Skins/Phylblue.VSZ
.zip
Skins/PowerDVD.VSZ
.zip
Skins/PowerDivx3 NextGen Clone.VSZ
.zip
Skins/QuickTime Clone.VSZ
.zip
Skins/RadLight 3 Clone.VSZ
.zip
Skins/RealViPlay.VSZ
.zip
Skins/TViPlay.VSZ
.zip
Skins/VIPfilmdriverRCD.VSZ
.zip
Skins/WMP 9 Miniplayer.VSZ
.zip
Skins/WiNYL.VSZ
.zip
Skins/Windows98 Thai Edition.VSZ
.zip
Skins/hLAND - DigitalVideo.VSZ
.zip
Skins/hLAND divXmaster.VSZ
.zip
UnInst.EXE
.exe windows:4 windows x86 arch:x86

1bed3305885b0ca596d9cbba22baf78a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
CreateWindowExA
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
GetDlgItem
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
SetClipboardData
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ViPlay.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

LordFox
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 458KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
˵ļ.TXT
үƷ.URL

Sharing

General

Malware Config

Signatures

Files

1bed3305885b0ca596d9cbba22baf78a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 288KB

.rsrc Size: 7KB - Virtual size: 8KB

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 930B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

Headers

File Characteristics

Sections

�����٠� Size: - Virtual size: 448KB

����?? Size: 210KB - Virtual size: 212KB

ViPConv! Size: 8KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

LordFox Size: - Virtual size: 40KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 288KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

��٠�
Size: - Virtual size: 448KB

��??
Size: 210KB - Virtual size: 212KB

ViPConv!
Size: 8KB - Virtual size: 12KB

LordFox
Size: - Virtual size: 40KB

LordFox
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 2KB - Virtual size: 4KB

LordFox
Size: - Virtual size: 176KB

LordFox
Size: 102KB - Virtual size: 104KB

.rsrc
Size: 2KB - Virtual size: 4KB

LordFox
Size: - Virtual size: 120KB

LordFox
Size: 68KB - Virtual size: 72KB

.rsrc
Size: 2KB - Virtual size: 4KB

LordFox
Size: - Virtual size: 128KB

LordFox
Size: 75KB - Virtual size: 76KB

.rsrc
Size: 2KB - Virtual size: 4KB

LordFox
Size: - Virtual size: 112KB

LordFox
Size: 69KB - Virtual size: 72KB

.rsrc
Size: 2KB - Virtual size: 4KB

LordFox
Size: - Virtual size: 224KB

LordFox
Size: 127KB - Virtual size: 128KB

.rsrc
Size: 2KB - Virtual size: 4KB

LordFox
Size: - Virtual size: 200KB

LordFox
Size: 122KB - Virtual size: 124KB

.rsrc
Size: 2KB - Virtual size: 4KB