bc2b7f16b2e02fa799f88cc0c81d67e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc2b7f16b2e02fa799f88cc0c81d67e5_JaffaCakes118
Size

261KB
MD5

bc2b7f16b2e02fa799f88cc0c81d67e5
SHA1

d450f38bf48b0d2b34e2ddc88877d0305089f714
SHA256

d0318d90aa8ad3daae6f0af515505277d3f6ec7e2572400c5ed331a97da9e306
SHA512

7b717821dc86f2abdc2f82784b52d6f050cb4622bc8832ca16d04b57c6502dfa44c5a44da492900a9c211bec4dba5c64e07d747d217822a847bf3707deabc48b
SSDEEP

6144:Ms5R2JaTyXHBrYtaz70UMSId2pg71+8vQSnYmOGiB:1GEyX0g0/Scd7LvOmOGiB

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
bc2b7f16b2e02fa799f88cc0c81d67e5_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/$SYSDIR/$_14_.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack001/$TEMP/$_8_.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$SYSDIR/$SYSDIR/$_14_.exe	nsis_installer_1
static1/unpack001/$SYSDIR/$SYSDIR/$_14_.exe	nsis_installer_2

Files

bc2b7f16b2e02fa799f88cc0c81d67e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/$SYSDIR/$_14_.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/validate.ini
$TEMP/$_8_.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8f8d0e59800d15e4fb7c4b4c0c6ac275

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueW
SHDeleteValueW

kernel32

FlushFileBuffers
GetProcAddress
LoadLibraryA
GetLogicalDrives
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
VirtualQueryEx
GetSystemTime
CommConfigDialogW
EnumResourceNamesW
LoadResource
HeapUnlock
WriteProfileSectionW
GetCommProperties
GetAtomNameW
OpenMutexW
GlobalFree
GetDriveTypeW
GetSystemWindowsDirectoryW
HeapDestroy
GetTempPathW
VirtualProtectEx
GetSystemPowerStatus
FindResourceExW
lstrcmpiW
GetProcessIoCounters
LocalSize
GetPrivateProfileSectionW
CreateDirectoryExW
CallNamedPipeW
GetWriteWatch
MapViewOfFileEx
GetCompressedFileSizeA
TlsFree
GetFullPathNameW
GetTempFileNameW
GetDefaultCommConfigW
EndUpdateResourceW
MoveFileW
OpenFileMappingW
GetEnvironmentVariableA
EraseTape
FormatMessageA
GlobalMemoryStatusEx
FindFirstChangeNotificationW
GetDiskFreeSpaceExW
BuildCommDCBAndTimeoutsW
GetProcessVersion
GetProcessHeaps
OpenSemaphoreW
IsBadCodePtr
CreateIoCompletionPort
WriteFileEx
SetFileAttributesA
FindResourceA
GlobalAddAtomW
GetPrivateProfileStringW
DeleteFileW
CreateProcessW
GetProfileSectionW
GetTempPathA
CreateMailslotW
GetFileSize
GetDriveTypeA
GetBinaryTypeW
FindAtomW
ExitThread
CopyFileW
GlobalUnfix
ReleaseMutex
GlobalAlloc
GetCurrentDirectoryW
DefineDosDeviceA
WritePrivateProfileStructW
MapViewOfFile
SetPriorityClass
LoadModule
CreateNamedPipeA
CreateRemoteThread
GetVolumeInformationW
FindNextFileW
GetCurrentThread
GetTickCount
OpenMutexA
GetSystemDirectoryA
SetFirmwareEnvironmentVariableW
FindNextChangeNotification
HeapWalk
GetStartupInfoW
WaitForMultipleObjects
GetTempFileNameA
FatalAppExitW
CreateSemaphoreW
BeginUpdateResourceA
FindNextFileA
FindResourceExA
GlobalReAlloc
FileTimeToDosDateTime
GlobalFindAtomW
SetFileTime
DeleteAtom
lstrcmpW
FindFirstChangeNotificationA
IsBadStringPtrW
LoadLibraryExW
FreeLibraryAndExitThread
GetNamedPipeInfo
GetFileSizeEx
GetFullPathNameA
IsBadReadPtr
ExpandEnvironmentStringsA
LocalLock
FlushInstructionCache
CompareFileTime
GetModuleFileNameW
GetThreadPriority
CreateMutexW
GetCommandLineW
WaitNamedPipeW
GetNumaNodeProcessorMask
CloseHandle
GetEnvironmentStringsW
CreateFileA
FindFirstFileA
GetEnvironmentVariableW
CreateFileMappingW
CopyFileA
GetVolumeInformationA
CreateMailslotA
GlobalHandle
lstrcatW
EnumResourceTypesW
GetLogicalDriveStringsW
SetFileShortNameW
GetSystemTimeAsFileTime
GetFileAttributesExW
LockResource
GetTapePosition
SetCurrentDirectoryA
GetPrivateProfileStructW
GetProfileIntA
GetProfileStringW
SetEnvironmentVariableA
SleepEx
CreateEventW
GetPrivateProfileSectionNamesA
ContinueDebugEvent
GetQueuedCompletionStatus
GetCompressedFileSizeW
SetEnvironmentVariableW
HeapAlloc
SetHandleCount
GetVersionExW
lstrlenW
MulDiv
CreateSemaphoreA
ResetEvent
GlobalGetAtomNameW
GetFileTime
GetPrivateProfileSectionNamesW
BackupWrite
MultiByteToWideChar
GetSystemDirectoryW
GetPrivateProfileIntA
LocalReAlloc
GetProcessTimes
DisconnectNamedPipe
SetTapeParameters
LocalFree
GetShortPathNameA
lstrcpynA
SetStdHandle
DebugBreak
EndUpdateResourceA
GetComputerNameW
GetWindowsDirectoryW
CreateMutexA
MoveFileExA
GetFileAttributesA
GetVersionExA
GetLastError
GetProcessAffinityMask
GetCommTimeouts
CreateDirectoryA
CreateFileW
CreateEventA
FindFirstFileW
ClearCommError
VirtualFree
CancelIo
OpenFileMappingA
FlushViewOfFile
GetModuleHandleA
DebugActiveProcess
RemoveDirectoryW
GetFileAttributesW
FormatMessageW
HeapCreate
GetProfileSectionA
IsBadWritePtr
SetProcessPriorityBoost
GetFirmwareEnvironmentVariableA
GetLongPathNameA
GetCurrentProcessId
SetDefaultCommConfigA
HeapCompact
GetFirmwareEnvironmentVariableW
HeapSetInformation
GetProfileIntW
TerminateThread
GetPrivateProfileStringA
LockFileEx
SetComputerNameW
HeapValidate
WideCharToMultiByte
GetPrivateProfileIntW
BackupRead
GetLongPathNameW
GlobalSize
UnlockFile
SetCurrentDirectoryW
SetFileApisToANSI
GetProcessPriorityBoost
SetCommConfig
FindResourceW
GlobalAddAtomA
GetTapeStatus
GetDiskFreeSpaceW
GetDefaultCommConfigA
GlobalUnWire
HeapSize
EscapeCommFunction
GlobalWire
GetCommandLineA
WaitCommEvent
InterlockedCompareExchange
CreateDirectoryW
CancelDeviceWakeupRequest
OpenFile
DuplicateHandle
InitAtomTable
LocalHandle
CreateThread
ReadFileScatter
VirtualAllocEx
LoadLibraryW
MoveFileA
GetLogicalDriveStringsA
GlobalUnlock
SetFileAttributesW
lstrcmpiA
GetModuleHandleW
ResetWriteWatch
WriteProfileStringW
WritePrivateProfileStructA
GetThreadPriorityBoost
OpenThread
GetNumaHighestNodeNumber
GetSystemInfo
DeleteFileA
Sleep
IsBadHugeWritePtr
SizeofResource
EnumResourceLanguagesA
GetThreadSelectorEntry
SetEndOfFile
EnumResourceTypesA
GetPrivateProfileStructA
IsBadHugeReadPtr
GetCurrentDirectoryA
GetDiskFreeSpaceExA
MoveFileExW
QueryDosDeviceW
PostQueuedCompletionStatus
FatalExit
FreeLibrary
InterlockedIncrement
HeapFree
ClearCommBreak
GetNamedPipeHandleStateW
BuildCommDCBW
SuspendThread
UpdateResourceW
SetProcessShutdownParameters
LocalShrink
DefineDosDeviceW
GetVersion
SetFilePointerEx
TlsSetValue
FindCloseChangeNotification
LockFile
ReadFile
GetProcessWorkingSetSize
CreateDirectoryExA
DebugActiveProcessStop
GetLocalTime
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
GetThreadContext
VirtualQuery
VirtualProtect
VirtualAlloc
ResumeThread
GetCurrentProcess
SetThreadContext
SetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
InterlockedDecrement
TlsAlloc
TlsGetValue
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
RaiseException

user32

OffsetRect
GetWindowTextW
IntersectRect
InflateRect
ClientToScreen
RealGetWindowClassA
EnumChildWindows
GetClassNameA
GetWindowThreadProcessId
GetParent
GetWindowLongA
SetWindowTextW
TranslateMessage
DispatchMessageW
SetWindowLongA
SetActiveWindow
CreateDialogParamA
SendMessageW
CharUpperW
CharLowerW
SetPropW
RemovePropA
GetPropW
DestroyWindow
SetWindowLongW
GetPropA
PostMessageW
SetPropA
BringWindowToTop
GetWindowRect
GetWindowLongW
SendMessageA
GetClientRect
RealGetWindowClassW
RemovePropW
CreateDialogParamW
MsgWaitForMultipleObjects
GetClassNameW
GetDlgItem
GetWindowTextA
MoveWindow
PeekMessageW

oleaut32

SysFreeString
VariantInit
VarCmp
VariantClear
VariantChangeType
SysAllocString
VariantCopy
SysStringLen

Exports

Exports

DllAction
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 2KB - Virtual size: 2KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 2KB - Virtual size: 2KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 385KB - Virtual size: 384KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 27KB

.rsrc
Size: 1024B - Virtual size: 876B

.reloc
Size: 78KB - Virtual size: 78KB