c010d531422b65f9a46225c8f58c3417_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c010d531422b65f9a46225c8f58c3417_JaffaCakes118
Size

261KB
MD5

c010d531422b65f9a46225c8f58c3417
SHA1

a37f73028d0073e11b81e71bc12242ec7c7f8ec0
SHA256

0e6504d4b4d6143bd0aadf811b94672797379fb1858ac05a34950cfd8874d679
SHA512

5b22140e348f6bcaa77d88c4121080cda333cb0a9bb1c3f55ea080e008a5ddd8d35626831318ef74f54e890a988bb23709cd4d185c8a1037bcadbabffcb46847
SSDEEP

6144:9UikZyKSg7DtJdWutkrRsFCeJvBZYOVMbHjyIN1Ypm8+bCjKNK:9pAdttk8aIiD3NOpmThNK

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
c010d531422b65f9a46225c8f58c3417_JaffaCakes118
unpack001///uninstall.exe
unpack001//1souaddressbar.dll
unpack001//1soutoolbar.dll
unpack001//uninst.exe

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001///uninstall.exe	nsis_installer_1
static1/unpack001//uninst.exe	nsis_installer_1

Files

c010d531422b65f9a46225c8f58c3417_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4d9f2d696a1448e0e2c8c002cee54df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
FindNextFileA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetCommandLineA

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
ExitWindowsEx

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
//uninstall.exe
.exe windows:4 windows x86 arch:x86

b4d9f2d696a1448e0e2c8c002cee54df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
FindNextFileA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetCommandLineA

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
ExitWindowsEx

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/1SouAuxToolBar.xml
/1SouMainToolBar.xml
.xml
/1sou_tb_buttons.xml
/1sou_tb_commands.xml
/1sou_tb_settings.xml
/1souaddressbar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

392643fde6b24585bef8123ea6faf63b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrCSpnA
StrChrA
PathRemoveBlanksA

kernel32

GetModuleFileNameA
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
FlushInstructionCache
GetCurrentProcess
LocalAlloc
LocalReAlloc
LocalFree
GetCurrentThreadId
GetVersionExA
CloseHandle
OpenProcess
GetCurrentProcessId
lstrcmpA
GetLastError

user32

DefWindowProcA
GetFocus
GetWindowLongA
EnumThreadWindows
GetClassNameA
CharLowerA
EnumChildWindows
SetFocus
GetWindowTextA
GetPropA
SetPropA
CharNextA
GetWindowTextLengthA
LoadCursorA
SetCursor
IsWindow
RemovePropA
SetWindowTextA
CallWindowProcA
UnhookWindowsHookEx
GetParent
SendMessageA
SetWindowLongA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

ole32

CoCreateInstance
CoInitialize

oleaut32

DispCallFunc
VariantInit
SysAllocStringByteLen
VariantClear
SysStringByteLen
SysAllocStringLen
LoadRegTypeLi
SysStringLen
RegisterTypeLi
SysFreeString
LoadTypeLi
SysAllocString

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
memcmp
free
_beginthread
_CxxThrowException
strcpy
wcscmp
wcslen
strlen
memset
??2@YAPAXI@Z
_adjust_fdiv
??1type_info@@UAE@XZ
_purecall
_EH_prolog
__CxxFrameHandler
malloc
tolower
_except_handler3
memcpy
strstr
_strlwr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/1soutoolbar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e6e2de870fd83bec1f0b5248f1bf4713

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

shlwapi

PathFindExtensionA
PathFileExistsA

wininet

FindFirstUrlCacheEntryA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
FindCloseUrlCache
FindNextUrlCacheEntryA
DeleteUrlCacheEntry

setupapi

SetupIterateCabinetA

kernel32

DebugBreak
OutputDebugStringA
FindNextFileA
FindClose
Sleep
GetTickCount
SetLastError
FindFirstFileA
CloseHandle
WriteFile
CreateFileA
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
RemoveDirectoryA
DeleteFileA
lstrlenW
MulDiv
GetModuleFileNameA
GetTempFileNameA
TerminateThread
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
lstrcmpiA
DisableThreadLibraryCalls
lstrcpynA
lstrcatA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
TlsSetValue
TlsFree
InterlockedDecrement
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetCommandLineA
CreateThread
ResumeThread
ExitThread
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
GetFullPathNameA
RtlUnwind
LocalFree
lstrcpyA
InterlockedIncrement
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
TlsGetValue
GetDriveTypeA
SetStdHandle
FlushFileBuffers
ReadFile
UnhandledExceptionFilter
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
LoadLibraryA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetFilePointer
SetEndOfFile
TerminateProcess
LCMapStringA
LCMapStringW
TlsAlloc
GetTimeZoneInformation

user32

GetDlgCtrlID
IntersectRect
EqualRect
GetSystemMetrics
CheckMenuItem
CreatePopupMenu
TrackPopupMenu
AppendMenuA
TranslateMessage
ClientToScreen
GetCapture
GetComboBoxInfo
SetActiveWindow
UnhookWindowsHookEx
LoadCursorFromFileA
IsWindowVisible
OffsetRect
GetMenuItemInfoA
LoadBitmapA
SetWindowsHookExA
PostMessageA
CreateAcceleratorTableA
DestroyWindow
RedrawWindow
GetDlgItem
DestroyAcceleratorTable
IsChild
GetWindow
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
SetCapture
ReleaseCapture
GetSysColor
GetMessagePos
CreateWindowExA
SystemParametersInfoA
SetRectEmpty
GetFocus
GetKeyState
SetFocus
PtInRect
GetWindowDC
RegisterWindowMessageA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
MoveWindow
GetClientRect
UnregisterClassA
DispatchMessageA
LoadImageA
CharNextA
wvsprintfA
DefWindowProcA
DrawTextA
LoadStringA
CopyRect
DrawEdge
DrawStateA
FillRect
LoadCursorA
wsprintfA
GetClassInfoExA
DestroyMenu
SetWindowPos
KillTimer
SetTimer
ShowWindow
InvalidateRect
UpdateWindow
MapWindowPoints
ScreenToClient
GetWindowRect
GetDC
ReleaseDC
SendMessageA
GetWindowLongA
SetWindowLongA
MessageBoxA
WindowFromPoint
SetCursor
CallNextHookEx
IsWindow
GetParent
GetCursorPos
InflateRect
DestroyCursor
CharLowerBuffA
GetClassNameA

gdi32

DeleteObject
SetBkColor
CreateFontA
SetTextColor
GetObjectA
SelectObject
DeleteDC
CreateFontIndirectA
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetStockObject
CreateSolidBrush
ExtTextOutA
CreateBrushIndirect
GetTextExtentPoint32A
TextOutW
CreatePatternBrush
CreateBitmap
EnumFontFamiliesExA
CreatePen
SetBkMode
Rectangle

advapi32

RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegSetValueA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoInitialize
OleRun
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
RegisterDragDrop
ReleaseStgMedium
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
VarBstrCat
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
GetErrorInfo

comctl32

ord17
ImageList_Duplicate
ImageList_Draw
ImageList_Destroy
ImageList_LoadImageA
ImageList_GetImageCount
InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/about.html
.html
/logo.bmp
/nav.bmp
/nav_hot.bmp
/options.html
.html
/uninst.exe
.exe windows:4 windows x86 arch:x86

b4d9f2d696a1448e0e2c8c002cee54df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
FindNextFileA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetCommandLineA

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
ExitWindowsEx

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4d9f2d696a1448e0e2c8c002cee54df

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 3.6MB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

b4d9f2d696a1448e0e2c8c002cee54df

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 3.6MB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

392643fde6b24585bef8123ea6faf63b

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

e6e2de870fd83bec1f0b5248f1bf4713

Headers

File Characteristics

Imports

winmm

shlwapi

wininet

setupapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 240KB - Virtual size: 239KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 14KB

.SHARED
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB