bd1f01a629debc3269c8bb04f7493b46_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd1f01a629debc3269c8bb04f7493b46_JaffaCakes118
Size

504KB
MD5

bd1f01a629debc3269c8bb04f7493b46
SHA1

9b006d50f7b556a55afcd7263bfd12de1c689866
SHA256

35697c677a405eab7a5e5c8e093811f028edfdd90a2038cc5250ddca21385d12
SHA512

12a1ec8c1664c7b377572ef45f758a52b0e00050b105b777d27b509a7ec060f9c7e5ad7d3d290735c3c7ef4417766091087acb1004a78f93316a38abf4b6d311
SSDEEP

6144:nAXDX6dmCsRQRroDWzwvExndCprrPxr5bZe1dO4V7Zf6fkcY9gmhGuvB1OOb7Q:Kc8DWMcxdUrlr9ZI7Fqqgm4w7Q

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd1f01a629debc3269c8bb04f7493b46_JaffaCakes118

Files

bd1f01a629debc3269c8bb04f7493b46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da5518329f8de046ae83a65323d0a2e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

GetRunningObjectTable
OleIsCurrentClipboard
CreateOleAdviseHolder
StringFromIID
MkParseDisplayName
DoDragDrop
CoImpersonateClient
OleCreateStaticFromData
CoGetInterfaceAndReleaseStream
GetHGlobalFromStream
OleGetIconOfClass
OleLoadFromStream
IsAccelerator
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleDestroyMenuDescriptor
CreateBindCtx
CoCreateGuid
OleSaveToStream
CoUnmarshalInterface
CoResumeClassObjects
StringFromCLSID
OleSave
CoGetMalloc
CoTreatAsClass
IIDFromString
CoLoadLibrary
CreateGenericComposite
CreateFileMoniker
StgCreateStorageEx
CoMarshalInterface
BindMoniker
CoGetObject
OleLockRunning
CreateItemMoniker
OleCreateFromData
OleGetClipboard
CoGetClassObject
OleSetContainedObject
GetHGlobalFromILockBytes
OleCreate
RevokeDragDrop
CoSuspendClassObjects
CoTaskMemRealloc
CoCreateInstanceEx
GetClassFile
CoQueryProxyBlanket
CoRegisterMessageFilter
CoRevokeClassObject
CreateStreamOnHGlobal
WriteClassStm
CreateClassMoniker
OleLoad
OleDraw
OleInitialize
CLSIDFromString
CoCopyProxy
CoTaskMemFree
StgOpenStorage
CoReleaseMarshalData
OleRun
OleUninitialize
StgIsStorageFile
OleTranslateAccelerator
OleCreateMenuDescriptor
WriteClassStg
OleCreateFromFile
OleFlushClipboard
OleRegEnumVerbs
OleQueryCreateFromData
StgCreateDocfile
OleRegGetUserType
CreateDataAdviseHolder
ReadClassStg
CoDisconnectObject
OleSetMenuDescriptor
ReleaseStgMedium
ReadFmtUserTypeStg
CoSetProxyBlanket
OleQueryLinkFromData
StgOpenStorageOnILockBytes
OleDuplicateData
CoTaskMemAlloc
OleSetClipboard
CoRevertToSelf
CLSIDFromProgID
CoInitializeEx
CoInitializeSecurity
OleIsRunning
CoCreateInstance
ReadClassStm
RegisterDragDrop
PropVariantClear
CoUninitialize
StgIsStorageILockBytes
ProgIDFromCLSID
FreePropVariantArray
CoRegisterMallocSpy
CoFreeUnusedLibraries
StringFromGUID2
CoInitialize
WriteFmtUserTypeStg
CoRevokeMallocSpy
OleRegGetMiscStatus
OleCreateLinkToFile
SetConvertStg
CoLockObjectExternal
CoMarshalInterThreadInterfaceInStream
OleCreateLinkFromData
CoRegisterClassObject
CoFileTimeNow

kernel32

Module32FirstW
GlobalMemoryStatus
GetCurrentDirectoryW
SetFileTime
DeviceIoControl
GetProfileSectionA
IsValidCodePage
GlobalUnlock
CreateDirectoryExA
GetThreadLocale
SetProcessAffinityMask
IsValidLocale
SetVolumeLabelA
GetWindowsDirectoryA
lstrcpyW
lstrcpynW
CreateToolhelp32Snapshot
LockResource
LoadResource
MultiByteToWideChar
GetCommProperties
DeleteVolumeMountPointA
GetModuleHandleW
FlushViewOfFile
GetSystemDefaultLCID
GetCurrentThreadId
GetLocaleInfoA
WaitForSingleObjectEx
ResetEvent
GetStartupInfoA
CreatePipe
VerifyVersionInfoA
_lopen
VerLanguageNameA
IsDBCSLeadByte
SetVolumeMountPointA
OpenFileMappingA
FindResourceExA
Thread32First
RemoveDirectoryA
GetThreadContext
VirtualFree
RaiseException
InterlockedExchangeAdd
MoveFileExA
QueueUserWorkItem
GetModuleHandleA
BuildCommDCBA
MapViewOfFile
GlobalFindAtomW
LCMapStringW
VirtualFreeEx
EnumResourceNamesW
QueryPerformanceFrequency
InterlockedExchange
QueryDosDeviceA
ReleaseMutex
GetDateFormatW
GetSystemDirectoryA
GetDriveTypeA
GetTempPathA
lstrlenA
FindAtomW
WaitForMultipleObjectsEx
SetEvent
_lclose
CreateDirectoryW
SetConsoleCtrlHandler
HeapSize
SetStdHandle
Sleep
OpenSemaphoreA
InterlockedIncrement
lstrcatA
GetNumberFormatA
VirtualUnlock
FreeConsole
ReadProcessMemory
OpenSemaphoreW
GetSystemTime
GetConsoleCP
GetShortPathNameA
GetConsoleMode
OutputDebugStringA
GetProfileStringA
GetPriorityClass
GetLogicalDrives
GetTempFileNameA
SetEndOfFile
DefineDosDeviceA
PulseEvent
ClearCommError
GetEnvironmentStringsW
SetFilePointerEx
SuspendThread
FreeEnvironmentStringsA
TlsGetValue
DeleteCriticalSection
CreateWaitableTimerA
GetStringTypeA
SetFilePointer
GetVolumeInformationA
WinExec
Toolhelp32ReadProcessMemory
FindFirstVolumeW
GetAtomNameA
GetSystemInfo
GetQueuedCompletionStatus
lstrcmpiW
OpenFile
LocalLock
EnumCalendarInfoA
EnumResourceTypesA
GetCurrentThread
GetComputerNameA
AddAtomW
GetTickCount
VirtualProtectEx
OpenMutexW
lstrcmpW
SetWaitableTimer
SetThreadExecutionState
GetVolumeNameForVolumeMountPointW
TryEnterCriticalSection
TerminateThread
WritePrivateProfileStringA
LoadLibraryExA
AllocConsole
Heap32First
GetVolumePathNameA
CreateProcessW
GetExitCodeThread
Process32First
CreateEventW
VirtualProtect
FileTimeToLocalFileTime
ReadConsoleInputA
GetTimeZoneInformation
GlobalMemoryStatusEx
CreateNamedPipeA
RtlFillMemory
LocalSize
FindFirstChangeNotificationW
GetCPInfo
OpenEventA
GetFullPathNameW
BeginUpdateResourceA
DebugActiveProcess
GlobalReAlloc
ExpandEnvironmentStringsA
GlobalFree
SetCommState
PurgeComm
GetConsoleOutputCP
FindNextVolumeW
EnumResourceLanguagesA
WideCharToMultiByte
GetUserDefaultLCID
GetCompressedFileSizeW
GetPrivateProfileStringA
GetDiskFreeSpaceExW
GlobalFlags
WriteProfileStringA
WaitCommEvent
GetCurrencyFormatA
LocalUnlock
FormatMessageW
UnlockFileEx
CopyFileA
LocalReAlloc
GetCommConfig
GetTempFileNameW
IsDebuggerPresent
OpenProcess
WaitNamedPipeA
GetBinaryTypeA
WritePrivateProfileSectionA
WriteProfileStringW
SetProcessPriorityBoost
EndUpdateResourceW
SetCommMask
WaitForDebugEvent
VirtualAlloc
Process32NextW
IsBadStringPtrA
OpenMutexA
GlobalGetAtomNameA
MoveFileW
FindVolumeClose
GlobalGetAtomNameW
EnumResourceNamesA
GetOverlappedResult
CreateMutexA
WritePrivateProfileStructA
WaitNamedPipeW
TransmitCommChar
GetLongPathNameW
GetTempPathW
GetPrivateProfileSectionA
GetDiskFreeSpaceA
CreateFileMappingA
LeaveCriticalSection
WritePrivateProfileStringW
CreateProcessA
FileTimeToSystemTime
LoadLibraryA
SwitchToThread
MapViewOfFileEx
GetVersionExW
_lcreat
GetCPInfoExA
SetErrorMode
FindResourceW
WritePrivateProfileSectionW
GetCommMask
WriteFile
IsBadReadPtr
Module32NextW
SetTapePosition
CreateFileW
TlsFree
UpdateResourceW
LockFile
GlobalFindAtomA
HeapDestroy
CompareStringW
SearchPathA
VerifyVersionInfoW
GetWindowsDirectoryW
ProcessIdToSessionId
DuplicateHandle
SystemTimeToTzSpecificLocalTime
GetSystemTimeAdjustment
GetLogicalDriveStringsA
SetCurrentDirectoryW
HeapReAlloc
LocalFree
LockFileEx
GetCommState
GlobalDeleteAtom
_lread
GetProcessHeaps
GetComputerNameExA
FlushConsoleInputBuffer
Module32First
GetModuleFileNameW
InitializeCriticalSection
lstrcmpiA
FreeLibrary
ReadDirectoryChangesW
SetCurrentDirectoryA
GetCommandLineA
SetLastError
GetExitCodeProcess
SetPriorityClass
GlobalLock
FindResourceA
CreateSemaphoreA
CompareFileTime
WriteConsoleW
GetStringTypeExW
lstrcpyA
GetFileSizeEx
ExitProcess
OutputDebugStringW
GetModuleFileNameA
CreateWaitableTimerW
DosDateTimeToFileTime
GetSystemDefaultLangID
GetDateFormatA
GetLocaleInfoW
CopyFileW
DeleteFileA
VirtualAllocEx
DeleteFileW
GetPrivateProfileStringW
CompareStringA
DeleteFiber
GetACP
SetSystemTime
SetUnhandledExceptionFilter
GetFileAttributesA
WaitForSingleObject
FreeEnvironmentStringsW
SetCommTimeouts
MoveFileA
GetStartupInfoW
WriteConsoleA
GetStringTypeExA
FindFirstFileA
Heap32Next
GetVersion
VirtualLock
SetHandleCount
GetProcessWorkingSetSize
DebugBreak
SetFileAttributesA
InitializeCriticalSectionAndSpinCount
Heap32ListFirst
FileTimeToDosDateTime
SetNamedPipeHandleState
FindNextFileA
GetProcessTimes
VirtualQueryEx
GetDiskFreeSpaceExA
GetPrivateProfileSectionNamesA
WriteConsoleOutputW
_lwrite
IsProcessorFeaturePresent
GetFileInformationByHandle
MoveFileExW
CreateFileA
VerSetConditionMask
LocalFileTimeToFileTime
ResumeThread
Process32Next
GetCurrentProcessId
GetLocalTime
Thread32Next
GetFullPathNameA
CopyFileExW
HeapValidate
SetCommConfig
UnmapViewOfFile
IsDBCSLeadByteEx
WriteFileEx
GetVolumePathNameW
FatalAppExitA
GetTapeParameters
GetDiskFreeSpaceW
ContinueDebugEvent
GetStringTypeW
FindNextFileW
CommConfigDialogW
CreateFiber
GetProcAddress
ConnectNamedPipe
GetProcessVersion
GetProfileIntA
SetFileAttributesW
RemoveDirectoryW
FlushFileBuffers
TlsAlloc
LocalAlloc
WriteProcessMemory
GetProcessAffinityMask
UnlockFile
CreateThread
InterlockedDecrement
ExitThread
SearchPathW
SetThreadLocale
DeleteAtom
DisconnectNamedPipe
_llseek
EnumCalendarInfoExW
IsBadWritePtr
GetCommandLineW
ConvertThreadToFiber
GetPrivateProfileIntA
GetComputerNameW
DisableThreadLibraryCalls
IsBadStringPtrW
LoadLibraryW
GlobalAddAtomW
GetFileTime
UpdateResourceA
SetConsoleMode
SetMailslotInfo
FindNextChangeNotification
SetProcessWorkingSetSize
GetProfileIntW
_hwrite
IsBadCodePtr
EndUpdateResourceA
GlobalSize
SetLocalTime
GetLastError
UnhandledExceptionFilter
BackupRead
GetFileSize
GlobalAddAtomA
QueueUserAPC
FindResourceExW
lstrlenW
InterlockedCompareExchange
GetCurrentDirectoryA
GetTimeFormatW
CreateEventA
GetProfileStringW
lstrcpynA
SwitchToFiber
FindFirstChangeNotificationA
LocalHandle
Beep
HeapFree
OpenEventW
PostQueuedCompletionStatus
GetNumberFormatW
GetUserDefaultUILanguage
CreateMailslotA
GetEnvironmentStrings
SizeofResource
LCMapStringA
EnumUILanguagesW
QueryDosDeviceW
ReadFile
SetVolumeLabelW
ReleaseSemaphore
OpenThread
GetEnvironmentVariableA
EscapeCommFunction
GetSystemWindowsDirectoryA
FlushInstructionCache
SystemTimeToFileTime
AreFileApisANSI
SetThreadPriority
LocalCompact
CreateSemaphoreW
GetFileAttributesW
GetSystemDirectoryW
GetSystemTimeAsFileTime
DeleteVolumeMountPointW
WritePrivateProfileStructW
GlobalHandle
FindClose
EnumSystemLocalesA
FreeResource
GlobalAlloc
SetTimeZoneInformation
RtlUnwind
SetProcessShutdownParameters
GetSystemPowerStatus
GetLongPathNameA
FindCloseChangeNotification
Heap32ListNext
SetHandleInformation
EnterCriticalSection
lstrcmpA
HeapAlloc
GetFileAttributesExA
GetConsoleScreenBufferInfo
lstrcatW
EnumSystemLanguageGroupsW
GetProcessHeap
GetHandleInformation
_hread
TerminateProcess
GetCommTimeouts
GetFileAttributesExW
MulDiv
GetStdHandle
GetVolumeNameForVolumeMountPointA
CopyFileExA
CreateNamedPipeW
GetEnvironmentVariableW
QueryPerformanceCounter
GetOEMCP
HeapCompact
CreateFileMappingW
GetDriveTypeW
SetEnvironmentVariableW
FindFirstFileExW
FindFirstFileW
SetCommBreak
CreateIoCompletionPort
GetPrivateProfileStructA
SetupComm
Process32FirstW
SetComputerNameW
SetThreadContext
GetPrivateProfileIntW
TlsSetValue
CancelIo
PeekNamedPipe
GetThreadTimes
GetCurrentProcess
GetLogicalDriveStringsW
SetConsoleTitleW
EnumLanguageGroupLocalesW
OpenFileMappingW
GetCommModemStatus
GetTimeFormatA
ClearCommBreak
ConvertDefaultLocale
SetConsoleCursorPosition
CreateMutexW
EnumCalendarInfoW
BackupWrite
SetEnvironmentVariableA
LoadLibraryExW
SleepEx
GetVolumeInformationW
SetThreadAffinityMask
GetComputerNameExW
CloseHandle
GetMailslotInfo
GetUserDefaultLangID
BeginUpdateResourceW
VirtualQuery

comctl32

ImageList_SetImageCount
ImageList_GetIcon
ImageList_Copy
CreateToolbarEx
InitializeFlatSB
ImageList_SetFlags
ImageList_DragMove
ImageList_Read
_TrackMouseEvent
ImageList_LoadImage
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_DrawIndirect
ImageList_GetBkColor
ImageList_Draw
PropertySheetW
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DrawEx
ImageList_Add
ImageList_ReplaceIcon
PropertySheetA
ImageList_GetDragImage
ImageList_Merge
CreatePropertySheetPageW
CreatePropertySheetPageA
FlatSB_ShowScrollBar
ImageList_Replace
ord17
ImageList_AddIcon
InitCommonControlsEx
FlatSB_EnableScrollBar
ImageList_GetImageCount
DrawStatusTextW
CreateUpDownControl
ImageList_DragShowNolock
ImageList_GetIconSize
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_SetBkColor
ImageList_Duplicate
ImageList_SetIconSize
ImageList_Write
ImageList_Create
ImageList_SetDragCursorImage
MakeDragList
ImageList_AddMasked
ImageList_DragEnter
ImageList_LoadImageA
DestroyPropertySheetPage
ImageList_DragLeave
CreateStatusWindowW
ImageList_Remove

user32

SetLayeredWindowAttributes
EndDeferWindowPos
GetClipboardOwner
GetDlgItemTextW
GetMenuItemID
GetClipboardFormatNameW
EnumDesktopWindows
ArrangeIconicWindows
OpenWindowStationA
ChangeClipboardChain
IsCharAlphaNumericA
GetCapture
GetClassInfoW
GetTabbedTextExtentA
ReleaseCapture
GetCursor
GetSystemMenu
SetMenu
GetWindowLongA
GetDoubleClickTime
WaitForInputIdle
SystemParametersInfoA
GetOpenClipboardWindow
InsertMenuA
EnableScrollBar
DrawFrameControl
ClipCursor
InsertMenuItemA
SetClipboardViewer
RegisterClipboardFormatA
CheckDlgButton
WinHelpA
GetScrollRange
ChildWindowFromPointEx
DrawMenuBar
LoadImageA
DialogBoxParamA
GetWindowRect
DestroyCursor
IsChild
SetWindowsHookExA
SetPropW
AttachThreadInput
MessageBoxIndirectA
GetThreadDesktop
DrawTextA
DdeFreeStringHandle
AppendMenuA
ValidateRgn
EnumChildWindows
DdePostAdvise
IsDialogMessage
LoadIconA
CallNextHookEx
LoadAcceleratorsA
SetMenuItemBitmaps
CreateWindowExA
SetMessageExtraInfo
ToAsciiEx
DefMDIChildProcW
MonitorFromWindow
CharLowerA
GetMenuItemInfoW
GetKeyboardState
SendInput
ShowCursor
ShowCaret
GetMessageTime
CreateIconIndirect
DialogBoxParamW
ToUnicodeEx
SetWindowPos
LoadBitmapW
FindWindowW
GetMenu
EqualRect
EndPaint
GetClipboardData
DrawIconEx
UnregisterHotKey
AdjustWindowRect
TileChildWindows
CheckMenuRadioItem
GetCaretBlinkTime
SendNotifyMessageA
GetMenuCheckMarkDimensions
DdeAccessData
OemToCharBuffA
GetMenuItemInfoA
DdeInitializeW
CharUpperBuffA
LoadImageW
ValidateRect
RegisterDeviceNotificationW
CascadeWindows
CharLowerW
GetClassWord
FlashWindowEx
CheckRadioButton
SetThreadDesktop
SetWindowPlacement
TrackPopupMenu
CharUpperW
ToAscii
ShowScrollBar
AdjustWindowRectEx
GetDlgItemTextA
CheckMenuItem
SetWindowLongA
BroadcastSystemMessage
CreateWindowExW
PtInRect
PackDDElParam
SetCursor
EnumWindows
EnumDisplaySettingsW
UnpackDDElParam
IsIconic
CharLowerBuffW
CopyImage
LockWindowUpdate
AnimateWindow
GetClassNameA
MessageBoxExA
GetGUIThreadInfo
SetDlgItemTextA
GetParent
GetMenuContextHelpId
GetClassInfoA
SetCaretPos
UpdateWindow
UnregisterClassW
GetInputState
GetWindowRgn
SetWindowTextA
GetWindowWord
SystemParametersInfoW
DlgDirListComboBoxA
LoadCursorA
GetClassInfoExA
LoadMenuIndirectA
IsCharAlphaNumericW
GetWindowLongW
DefWindowProcW
GetSystemMetrics
ExcludeUpdateRgn
PostQuitMessage
wvsprintfA
IsDlgButtonChecked
DdeFreeDataHandle
GetWindowInfo
SetScrollInfo
SetCursorPos
CharToOemBuffA
wsprintfW
GetQueueStatus
CharUpperBuffW
CloseDesktop
SetKeyboardState
CopyAcceleratorTableA
BringWindowToTop
MessageBoxA
DestroyWindow
GetMonitorInfoW
CopyAcceleratorTableW
MapVirtualKeyW
BeginPaint
GetWindowThreadProcessId
ToUnicode
FindWindowA
DefFrameProcA
LoadStringA
DdeGetLastError
DeleteMenu
GetNextDlgTabItem
CharToOemA
GetKeyboardLayoutNameA
ReplyMessage
GetUserObjectInformationA
WaitMessage
GetWindowContextHelpId
GetClassNameW
FrameRect
SetScrollRange
GetKeyboardLayoutList
GetSubMenu
IsRectEmpty
RemoveMenu
LoadMenuA
FillRect
LoadBitmapA
EmptyClipboard
SetClassLongA
GetSysColor
GetWindowPlacement
GetDCEx
EnableWindow
WindowFromDC
DdeGetData
RegisterWindowMessageA
RealChildWindowFromPoint
GetUpdateRgn
CreateIcon
GetMessageExtraInfo
TabbedTextOutW
DrawStateA
CreateMenu
GetUpdateRect
DdeClientTransaction
SetPropA
DrawTextExW
GetPropW
GetMenuStringW
SetForegroundWindow
FindWindowExW
DefMDIChildProcA
GetMenuState
MapVirtualKeyA
ScrollDC
GetClipCursor
GetCaretPos
SetMenuDefaultItem
SetMenuInfo
DestroyMenu
wsprintfA
GetScrollBarInfo
InvalidateRgn
DeferWindowPos
OffsetRect
GetClassLongA
EnumDisplaySettingsA
DialogBoxIndirectParamA
SetMenuItemInfoW
ChildWindowFromPoint
WinHelpW
CreateIconFromResource
GetLastActivePopup
WindowFromPoint
SetParent
DestroyAcceleratorTable
CountClipboardFormats
CloseWindowStation
TrackPopupMenuEx
SetTimer
TabbedTextOutA
GetForegroundWindow
SetActiveWindow
GetWindowTextLengthW
LoadIconW
PostThreadMessageW
DdeNameService
GetTopWindow
GetFocus
SetWindowLongW
CreateCursor
DrawIcon
DefDlgProcA
IsClipboardFormatAvailable
OpenInputDesktop
GetCursorInfo
GetDlgItemInt
GetUserObjectInformationW
ShowOwnedPopups
MonitorFromPoint
ReleaseDC
OpenIcon
GetWindowModuleFileNameW
RegisterHotKey
GetNextDlgGroupItem
DdeCreateStringHandleW
GetClientRect
LockSetForegroundWindow
TranslateMDISysAccel
CreateDialogIndirectParamA
GetMenuBarInfo
UnhookWinEvent
SendMessageTimeoutW
TranslateAcceleratorA
GetMenuStringA
mouse_event
MapDialogRect
DlgDirListA
DdeCreateStringHandleA
GetClipboardFormatNameA
MsgWaitForMultipleObjects
GetDC
SetWindowsHookExW
EnumDisplayMonitors
RemovePropW
OemToCharA
DialogBoxIndirectParamW
RegisterClassExW
OpenDesktopW
PostMessageW
CreateIconFromResourceEx
TrackMouseEvent
InflateRect
DrawTextW
GetAncestor
SendDlgItemMessageW
EnumThreadWindows
GetMonitorInfoA
GetKeyNameTextW
IsWindow
GetKeyNameTextA
GetProcessWindowStation
GrayStringA
IsDialogMessageW
LoadAcceleratorsW
CharPrevA
OpenClipboard
GetKeyboardLayout
CloseClipboard
OpenWindowStationW
GetClassLongW
GetMenuItemCount
IsMenu
PeekMessageW
GetKeyState
RedrawWindow
FlashWindow
GetDialogBaseUnits
MapVirtualKeyExA
DestroyCaret
CreateDialogIndirectParamW
GetWindowTextW
GetDlgItem
VkKeyScanExA
LoadCursorFromFileW
CopyIcon
SetWindowRgn
AllowSetForegroundWindow
GetWindowTextLengthA
LoadKeyboardLayoutA
IsCharUpperA
CreateCaret
SubtractRect
IsWindowUnicode
GetTitleBarInfo
DrawStateW
keybd_event
CreatePopupMenu
SendDlgItemMessageA
IntersectRect
GetSysColorBrush
FindWindowExA
GetWindow
GetWindowDC
SetClassLongW
GetScrollInfo
KillTimer
InvalidateRect
SwitchDesktop
EndDialog
SetMenuItemInfoA
IsCharAlphaA
SetFocus
ScreenToClient
MonitorFromRect
GetScrollPos
IsWindowVisible
LoadMenuW
CloseWindow
DispatchMessageW
ReuseDDElParam
DlgDirSelectExA
DrawAnimatedRects
GetClassInfoExW
MessageBeep
GetComboBoxInfo
ModifyMenuW
BeginDeferWindowPos
SetDlgItemInt
GetDlgCtrlID
IsCharLowerA
CreateDialogParamA
InsertMenuItemW
OpenDesktopA
NotifyWinEvent
UnregisterClassA
GetAsyncKeyState
IsZoomed
SetDlgItemTextW
DlgDirSelectComboBoxExA
LookupIconIdFromDirectoryEx
SetRectEmpty
HiliteMenuItem
EnumClipboardFormats
DlgDirListComboBoxW
GetMenuDefaultItem
SetWindowContextHelpId
GetMessageW
CallMsgFilterA
UnhookWindowsHookEx
DefFrameProcW
DefWindowProcA
GetClipboardViewer
ChangeDisplaySettingsW
CallWindowProcW
DdeInitializeA
GetMenuInfo
DdeCreateDataHandle
GetDesktopWindow
DragDetect
MoveWindow
PeekMessageA
LoadMenuIndirectW
RegisterClipboardFormatW
SetClipboardData
RegisterClassA
RemovePropA
GetMessagePos
DdeDisconnect
SendMessageA
SwapMouseButton
UnionRect
CreateAcceleratorTableA
DrawCaption
DdeQueryStringA
SetScrollPos
LoadStringW
InsertMenuW
IsDialogMessageA
SetProcessWindowStation
ScrollWindowEx
ModifyMenuA
VkKeyScanA
AppendMenuW
GetMessageA
SetCapture
HideCaret
MenuItemFromPoint
ClientToScreen
IsWindowEnabled
DdeQueryStringW
SetWindowTextW
PostMessageA
IsCharLowerW
SendMessageW
CallWindowProcA
SetRect
CreateAcceleratorTableW
LoadCursorW
GetIconInfo
RegisterWindowMessageW
MsgWaitForMultipleObjectsEx
ExitWindowsEx
SetDoubleClickTime
GetMenuItemRect
FreeDDElParam
GetLastInputInfo
CharNextW
PostThreadMessageA
ScrollWindow
CharNextExA
GrayStringW
InvertRect
GetPropA
CopyRect
LoadCursorFromFileA
ActivateKeyboardLayout
UnregisterDeviceNotification
CreateMDIWindowA
TranslateMessage
CreateMDIWindowW
GetWindowTextA
InSendMessage
CreateDesktopW
SetMenuContextHelpId
wvsprintfW
DrawEdge
SendMessageTimeoutA
MapWindowPoints
DrawFocusRect
MessageBoxW
GetActiveWindow
DdeUninitialize
CharNextA
SetUserObjectSecurity
ShowWindow
CharLowerBuffA
DispatchMessageA
GetUserObjectSecurity
EnableMenuItem
SendNotifyMessageW
GetCursorPos
DestroyIcon
LookupIconIdFromDirectory
SetCaretBlinkTime
DrawTextExA
RegisterClassW
CreateDialogParamW
TranslateAcceleratorW
CharUpperA
VkKeyScanW
RegisterClassExA
ShowWindowAsync
MapVirtualKeyExW
TileWindows
ChangeDisplaySettingsA

winspool.drv

WritePrinter
DeletePrintProcessorA
FindFirstPrinterChangeNotification
EndPagePrinter
AddFormW
EnumJobsW
EnumFormsW
OpenPrinterA
PrinterProperties
SetPrinterW
ord204
FreePrinterNotifyInfo
StartDocPrinterA
SetJobW
SetPrinterDataW
EndDocPrinter
DeviceCapabilitiesA
EnumPortsW
AddPrinterDriverA
GetJobW
StartDocPrinterW
AbortPrinter
SetPrinterA
DocumentPropertiesW
DeviceCapabilitiesW
GetPrinterDriverA
GetPrinterDriverDirectoryA
EnumPrintersW
EnumPortsA
OpenPrinterW
EnumPrintersA
FindNextPrinterChangeNotification
AddPrinterA
EnumPrinterDriversA
GetJobA
GetFormW
ClosePrinter
DocumentPropertiesA
DeletePrinterDriverA
DeletePrinter
StartPagePrinter
GetPrinterA
EnumJobsA
DeletePrintProcessorW
GetPrinterW
DeleteFormW

shell32

SHGetFileInfoA
SHFileOperationA
SHGetDesktopFolder
DragQueryFileA
ord155
SHGetSpecialFolderLocation
DuplicateIcon
DragQueryPoint
SHAppBarMessage
ExtractIconA
CommandLineToArgvW
SHGetSpecialFolderPathA
DragQueryFileW
SHGetPathFromIDListA
FindExecutableW
DragAcceptFiles
SHBrowseForFolderA
SHFileOperationW
SHGetMalloc
SHCreateDirectoryExW
SHCreateDirectoryExA
ShellExecuteW
ExtractIconExA
ShellExecuteExW
SHGetFileInfoW
SHBindToParent
SHChangeNotify
SHAddToRecentDocs
SHGetInstanceExplorer
SHGetFolderLocation
SHGetFolderPathW
SHGetSpecialFolderPathW
SHEmptyRecycleBinA
Shell_NotifyIconW
ShellExecuteA
ShellExecuteExA
SHFreeNameMappings
SHGetDataFromIDListA
SHBrowseForFolderW
FindExecutableA
DragFinish
ExtractIconExW
SHGetFolderPathA
DoEnvironmentSubstW
Shell_NotifyIconA
SHGetDataFromIDListW
SHGetPathFromIDListW
ExtractIconW

Exports

Exports

װ��Ɍ�5F �t��2��`�$��Du��=��\/�>�U�T")��L�6��զ o��W��j�)�!��ٵ��P�,��O�E]aU��9t}��]��{�i2[�4�9��x�8F�Υ��d��8�FD��Z� ��k%��5��V��k�cY�.:�;�]Z�G=x2��?�Q��ԟ�_��$�$2�\��\�\�`_K��X��Ч�׬�UE1=��})Ed��V�X�x'�p�4��!�Y)�UW�|5��ET��ޣ�WX��?be��'�Kg�`��+�$�X!pj2Y �z��r��,1�]p��W�I� ��Y^��Cb��W9պ�)+H�J" �ֲ��=�,��eB}�d�Z�܀t��N|�I��"�q��ܴ�WS��P�|��+gsP�թ��\�|�� S:�T �GuѾ)^Q\�X��b��[�q��Z��R��Q�Km��Ү�cT�2��ߦM;*�M�)��8k�X��X��n;h��.$��욾kI3FieMY�}�)Re��~�t.�蒔s��dY��\��D]HKB�g=[ �!��n�X� B9�y|}0��xX�2;^ʟ��O��j��y}�?΅�_&�uq��Z�icp��N�Hn�&*"�Jl=��7(�Hq`D#ȏ*<��UЪ�4�`��^1�ƫPP��`�kd=@&.$}�_�&T0�_Ԍt��S�b�*/y�I��^��ۊaG(W� �*�f�J�\��w�8ʮ��R��H��p�{�� '�w��0��Gn�4��I�&- ��a�� O�zrgI�Q�E�{�0�amHN�i^e��D�^#LT�6��'l�H'c8#I�nv�S�[�¼��m�]V��ض��C�ti[vS%��IH:}lIА�`��\[��A ��σ�s(��AW�Y��9m1�N`b1�\��0 C1�b?vi�!L��i��Cx>��(`��ȩ2��]/�+-�[߹�Ox}��,,}ч]��x�e'��F�5yq��i��vhnX��.�U�ϕ��7e�h�n�$��S� ��Jpt��a@�J�Z#Z��o>#a5��]��{��(��|�C��JZ�s,Q�"��QC!E�!�Q��E.cz�L2Ǚ�J?8�^]��o��llC��y�8'x�8tUorS��Z��5�R�\��Vٗ=5S�tH�cUR��h��(+6��3е.��IR� ��A��L4��;�M95s��_rf�q6�l��|�{�6W3En��V�Ԍ�JP�~v��5A�/6��s��j�'��Ӭ+5?4Ӄ��O�� %��޳��giu��w��=�h�K�|<B�7ή�1��!��)!c�_�i��e��i��/O`�;A��w��+/,5��A�9Y�u��E��SԸ ,y <"��H�c˩C��v��w�}�l��[wF��Ot �u Jmiw yS��G�)� ��k}��Qè?^/d�-= ��sY$q�2��cˑq�i�mc��x8Z�B(|ԁՍ�.�� cQ^�$��BF��5�ə`3�r|��%��:�!f�~��!~1?��}ʜ��5]Ep�S�4�4/L��II�g�HYI=7)�: u�>��/1=M�v��$p2ǘz"#+&��eO�K�n-LE��c�R�Ի"��$�?�<�E��9'��_�t'.��#��>ßz\W��X�Jw{�f�PS'��X��#Dل`��A�5+~0>�e�h�k��ڲuJ/��uH�GMd&Ι�d�b��`�q�� @��)��$�xֵBY{��Zx�;�q[��h�jO��0�]0nރ�i�� X�߂�O��X��4 $��[�_��j��"��6�z"�s�Q�C�g��3��E�l��׮QO�m��+�r/��4#�yO�8`9T|��c~Cbo�* �<?�^a,��t'��?�t��$P�e�xv��/M&R{�d4�}�w51��mqWZ�֓��7-��)��!<l��I! �a� 0��w6��v��˅� q�)�k�Ip<�&��gZ�D��]uy7*N�*�Q3��O<��z��g[<�L�y��G��t��q�y��0�qѡ?�C�^��<�"��5��+LE��&Y��[��Z�X�%ґ��M�$[��Q��Aj�_��U�|͜j %�s�ѓ��%+d;v��h��#�D�I��grH.�!�n��/��k�>Ζ &��]��e#�k��r��5�'��z �1嵧��yc��1�=�b�hxg�fQ�'�ns��E�~)�b�6pR�7�f�z�I�/��R�Ъ]��rg~�*��^�jF�P)*J��b��YpP9�0��]E�N�5koB�:Pu��)�u]�L��.�{L3��K�_�W�J~��X��H5PӪG��-�7��֬�Ͱ:*��>c�Y_-<ON�� sj��6=�ДM��3��5�:�5�Lzl��z��!=��a�|6ÿO/Y��ti� �@ٚ�ե ��E>Ӱ_K��t�gCG8,�I�S/�fY?%��8K�풓�-t�[��йx��C�d��Vc3�b�N�Z�w%Q.UԢ�A ��Y��[a5�L�E߅��G�'V Ni��ooڈX��$��J��7hu��!��җo�K��^*킟�Vm`ܶ��a�0m��"��u��*�>]M�X��Q2LPH�V��|��1v�f݌��AhxwWQE%�x�ZD�)|.��2B��~�ovh�֏�W[��5��id�bMoOm�`�q��%+��L�b��\��Qec��9�

Sections

.text
Size: - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 468KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da5518329f8de046ae83a65323d0a2e9

Headers

File Characteristics

Imports

ole32

kernel32

comctl32

user32

winspool.drv

shell32

Exports

Exports

Sections

.text Size: - Virtual size: 203KB

.rdata Size: - Virtual size: 156KB

.data Size: - Virtual size: 98KB

.rsrc Size: 24KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 116KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 468KB - Virtual size: 464KB

.reloc Size: 4KB - Virtual size: 168B

.text
Size: - Virtual size: 203KB

.rdata
Size: - Virtual size: 156KB

.data
Size: - Virtual size: 98KB

.rsrc
Size: 24KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 116KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 468KB - Virtual size: 464KB

.reloc
Size: 4KB - Virtual size: 168B