c8f33aebcfa11f236e37f939dbc9f933_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8f33aebcfa11f236e37f939dbc9f933_JaffaCakes118
Size

6.9MB
MD5

c8f33aebcfa11f236e37f939dbc9f933
SHA1

93ca7b86efb57bd45309300a063f532174cc6200
SHA256

b2425a372548050da11bd568f8dfa736e1e952c58d0c7da86e70fcde8b4801da
SHA512

594cc5ef291ca1d6200e97372d301c4babe28192870dd034211c68d8e983bf9cbbb466ee04652587163cf76a427da345bf292a4282e265f448699fb64b286921
SSDEEP

98304:st9o7zuUkzTSM7HGDkJWPEssPZ/vWSTKQ8ey2qre2M+WW/yz8epS1y4WcrS7pFAE:stqTkzzmD25PZzKQTVr+WdhQ877gh+1

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
c8f33aebcfa11f236e37f939dbc9f933_JaffaCakes118
unpack001/$PLUGINSDIR/BgoIxFYLpEH.dll
unpack001/$PLUGINSDIR/glqBSuBCAUw.dll
unpack001/$PLUGINSDIR/lsmtChRlwlI.dll

Files

c8f33aebcfa11f236e37f939dbc9f933_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 15.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BgoIxFYLpEH.dll
.dll windows:5 windows x86 arch:x86

bc1f551874c8285ceb4a9f8c2c9f8af0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
GetProcAddress
GetOEMCP
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetTimeZoneInformation
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
IsValidCodePage
LoadLibraryW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
EncodePointer
RaiseException
GetCommandLineA
DecodePointer
GetCurrentThreadId
GetLastError
WideCharToMultiByte
GlobalAlloc
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
VirtualAlloc
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CloseHandle
ReadFile
GetFileSize
CreateFileW
GlobalFree
lstrcpyW
lstrcpynW

user32

wsprintfW
CallMsgFilterW
CharToOemW
OemToCharW

shell32

SHLoadInProc
ExtractAssociatedIconW
ShellExecuteExW

oleaut32

SysAllocString
VarBoolFromDate
VarDateFromI4
VarR4FromDate
VarUI1FromUI2
VariantTimeToSystemTime
SysAllocStringByteLen
SystemTimeToVariantTime
VarBstrCmp
SysAllocStringLen
SysStringByteLen
SysFreeString
VarDateFromUI4
VarI2FromR4
VarBstrFromDec
DispInvoke

imagehlp

ImageNtHeader
MapFileAndCheckSumA
UpdateDebugInfoFile
ImageRvaToVa
GetImageUnusedHeaderBytes
ImageGetCertificateData

snmpapi

SnmpUtilOidNCmp
SnmpUtilVarBindListFree
SnmpUtilOidAppend
SnmpUtilOctetsNCmp
SnmpSvcGetEnterpriseOID
SnmpUtilVarBindFree
SnmpUtilOidCpy

setupapi

SetupGetFieldCount
SetupQueueRenameW
CM_Get_Device_Interface_List_SizeW
CM_Get_Depth
CM_Register_Device_Interface_ExA
SetupInitializeFileLogA

rtm

RtmHoldDestination
MgmGetNextMfe
RtmGetListEnumRoutes
MgmGetProtocolOnInterface

crypt32

CertFindSubjectInCTL
CryptMsgCountersignEncoded
CertEnumSystemStoreLocation
CertOpenSystemStoreW

rtutils

RouterLogEventStringW
RouterLogEventDataW
LogErrorW
TracePutsExA
MprSetupProtocolFree
LogEventW

p2p

PeerGroupDeleteRecord
PeerGroupUnregisterEvent
PeerGroupRegisterEvent
PeerIdentityGetFriendlyName

authz

AuthzFreeAuditEvent
AuthzUninstallSecurityEventSource
AuthzInitializeContextFromSid
AuthzInitializeContextFromAuthzContext
AuthzReportSecurityEventFromParams
AuthziLogAuditEvent
AuthzFreeResourceManager
AuthzRegisterSecurityEventSource
AuthzCachedAccessCheck
AuthzEnumerateSecurityEventSources
AuthzInitializeResourceManager

imgutil

IdentifyMIMEType
DitherTo8

Exports

Exports

CFLmTvsGYhngrw
GqovlWwuB
ISQqPWkZPNwXwWHCE
JEfPdNsbSQ
OtPOjtN
TBJEktGD
TMPNtPIarvgEJz
TprMbWFZoUiuWussU
UWtUlYe
WACNR
ZvovFw
dZaPuBfHhrvrRzZ
fEOVQPBWs
iBMfWdq
jfsnjWhFlSsrKTTPP
vEyzhpwvVbGNrds
xfYciAKNGbPExSYkzdP
xjEqlCCyVAUhcspO
zeIwVr

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GGACMkew.mp3
$PLUGINSDIR/glqBSuBCAUw.dll
.dll windows:5 windows x86 arch:x86

89cea696bf8865d3d2863bb5aa2c597b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetStdHandle
SetLastError
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
RtlUnwind
GetCurrentThreadId
GetCommandLineA
EncodePointer
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcpynW
GlobalFree
LoadLibraryA
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetFileSize
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
WriteFile
GetModuleFileNameW
LoadLibraryExW
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
HeapReAlloc
CloseHandle
CreateFileW
MultiByteToWideChar
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
Sleep

winspool.drv

AdvancedDocumentPropertiesW
AddPortA
EnumPrintProcessorsA

shell32

SHGetSpecialFolderPathW
ShellExecuteA
SHBrowseForFolderA

oleaut32

SysAllocStringLen
SysAllocStringByteLen
VarBstrCmp
SysStringByteLen
SysFreeString
SysAllocString

comdlg32

PrintDlgW
ReplaceTextW
GetOpenFileNameW
PageSetupDlgW

advapi32

RegUnLoadKeyA
OpenSCManagerW
OpenServiceW
AddAccessDeniedObjectAce
RegEnumKeyExA
LookupPrivilegeValueA
RegQueryMultipleValuesA
StartServiceW
ObjectCloseAuditAlarmA
RegSetKeySecurity
GetLengthSid
ClearEventLogW
SetPrivateObjectSecurity
LogonUserW

winhttp

WinHttpReadData
WinHttpSendRequest
WinHttpTimeToSystemTime
WinHttpGetProxyForUrl
WinHttpCreateUrl
WinHttpSetStatusCallback

authz

AuthzFreeHandle
AuthzCachedAccessCheck
AuthzUnregisterSecurityEventSource
AuthzFreeAuditEvent
AuthzInitializeResourceManager
AuthzInitializeContextFromSid
AuthzAccessCheck
AuthzRegisterSecurityEventSource
AuthzFreeResourceManager
AuthziLogAuditEvent
AuthzFreeContext
AuthzReportSecurityEventFromParams
AuthzGetInformationFromContext
AuthzInitializeContextFromAuthzContext
AuthzUninstallSecurityEventSource

pdh

PdhGetFormattedCounterArrayA
PdhEnumMachinesW
PdhMakeCounterPathA

version

GetFileVersionInfoW
VerQueryValueA
VerFindFileA
GetFileVersionInfoSizeW
VerFindFileW
GetFileVersionInfoSizeA
VerQueryValueW
VerInstallFileA
VerInstallFileW
GetFileVersionInfoA

oleacc

CreateStdAccessibleProxyA
AccessibleObjectFromEvent
ObjectFromLresult
CreateStdAccessibleProxyW
GetStateTextA
AccessibleChildren
AccessibleObjectFromPoint
WindowFromAccessibleObject
AccessibleObjectFromWindow
GetRoleTextA
GetOleaccVersionInfo

oledlg

OleUIInsertObjectW
ord6
OleUIEditLinksW
OleUIBusyW
OleUIConvertW
ord1
OleUIChangeSourceW
ord4
ord7
ord2
ord3
OleUIChangeIconW
OleUIAddVerbMenuW
OleUIUpdateLinksW

comctl32

ord386
_TrackMouseEvent
ImageList_SetIconSize
ImageList_Read
UninitializeFlatSB

rtutils

RouterGetErrorStringW
TraceVprintfExA
RouterLogEventW

imagehlp

GetImageConfigInformation
BindImageEx
SymEnumerateSymbols
MakeSureDirectoryPathExists
SymGetModuleBase
MapAndLoad
UpdateDebugInfoFile
ImageDirectoryEntryToData
BindImage
SymUnDName
SymUnloadModule
MapFileAndCheckSumW
ImageGetCertificateHeader
GetTimestampForLoadedLibrary

imm32

ImmGetCandidateWindow
ImmGetRegisterWordStyleA
ImmEnumRegisterWordW
ImmConfigureIMEA
ImmUnregisterWordW
ImmGetRegisterWordStyleW
ImmIsUIMessageW
ImmSimulateHotKey
ImmGetOpenStatus
ImmSetCompositionStringA
ImmDestroyContext
ImmGetIMEFileNameA
ImmRegisterWordA
ImmAssociateContext

winfax

FaxStartPrintJobW
FaxSetGlobalRoutingInfoW
FaxSendDocumentForBroadcastW
FaxGetPortW
FaxSetRoutingInfoA

snmpapi

SnmpUtilAsnAnyFree
SnmpUtilUTF8ToUnicode
SnmpUtilAsnAnyCpy
SnmpSvcAddrIsIpx
SnmpUtilOidAppend
SnmpUtilUnicodeToUTF8
SnmpUtilOctetsNCmp
SnmpUtilMemAlloc
SnmpTfxOpen
SnmpSvcSetLogLevel

imgutil

CreateDDrawSurfaceOnDIB
ComputeInvCMAP
CreateMIMEMap
DitherTo8
GetMaxMIMEIDBytes
SniffStream
IdentifyMIMEType
DecodeImage

rtm

RtmGetDestInfo
RtmReadAddressFamilyConfig
RtmReleaseRoutes
RtmGetExactMatchRoute
RtmReleaseEntityInfo
RtmWriteAddressFamilyConfig
RtmCreateDestEnum
RtmAddRoute
RtmAddNextHop
RtmRegisterClient
RtmGetEntityInfo
RtmBlockSetRouteEnable
RtmCreateRouteList
RtmLockNextHop

loadperf

UpdatePerfNameFilesA
UnloadPerfCounterTextStringsA
UpdatePerfNameFilesW

mprapi

MprAdminPortDisconnect
MprAdminBufferFree
MprConfigServerGetInfo
MprAdminUserReadProfFlags
MprAdminPortEnum
MprInfoDelete
MprInfoCreate
MprAdminUserServerConnect
MprConfigTransportEnum
MprAdminUserGetInfo

uxtheme

CloseThemeData
DrawThemeIcon

crypt32

CryptGetDefaultOIDDllList
CertGetCRLContextProperty
CertCreateCertificateChainEngine
PFXIsPFXBlob
CryptFindCertificateKeyProvInfo
CertVerifyRevocation
CryptEnumOIDInfo
CryptEncodeObjectEx
CryptSignAndEncodeCertificate
CertEnumSystemStoreLocation
CryptSetKeyIdentifierProperty

Exports

Exports

AFRPrcwtsTrHdy
DxqPjbLMC
EBRRi
GEmSfzGIJrIjbQl
GbdvVZRlYcSaawQ
GdGAeldzJAWECniyU
JmbObGCmmkwXlYUi
KXOzg
KvQwznHeEtmk
LQJnSnwfxqCLJR
LbzYDcwRRtbkAZnv
MOmArbjbGOHqxLVmmp
MwFIgCmxDCmtgtlIIFef
OcjTYQZNIYuEMjzHfEPP
PebiQtLgqROlUijWZWd
PfzfSMxNJdk
RAWInENOUrbUObAe
RrNOe
SISTLBgk
SuusyaWPczsPfRE
TefVmlyBDDDiZAr
WAYvutqKwUTeLEUT
YZxGcTlHeIBNPpKxh
ZYunfQrLadAvURZuw
ZmQlwevlcZB
aTTtVGG
aWDUhS
auDZuIup
bilZtqdUODTLam
cVrMxnaLIS
cmcFvqJ
drDWNUfGb
eqqgpBcm
fVDWeM
gZNDZDvctIZ
hCfLhpMPlEB
hiDqkJWWgHXdXRvBD
iwJKwBodhKsBfgWDav
kDiSogyBxZbXTbFaE
kvOgSEQcn
qUAfnNwTZOnYgGMLF
rJfWBdVrXr
vcoovAm
wsJDLejvGh
xoMtuwqBqITaXI
yVNBcNxX
zWGLbKHjFl
znEHtEHRGAjXFeD

Sections

.text
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/lsmtChRlwlI.dll
.dll windows:5 windows x86 arch:x86

d15ec8af845214f145e09ad1a15af1b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GetModuleFileNameA
QueryPerformanceCounter
GetStartupInfoW
GetFileType
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
WriteFile
GetStdHandle
GetProcAddress
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
TlsFree
DeleteCriticalSection
DecodePointer
HeapSize
VirtualAlloc
GetLastError
RaiseException
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetCurrentProcessId
IsProcessorFeaturePresent
EncodePointer
VirtualQuery
VirtualProtect
GetSystemInfo
WideCharToMultiByte
GlobalAlloc
lstrcpynW
GlobalFree
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

wsprintfW

gdi32

SetDIBColorTable
GetDCPenColor
GetClipRgn
LineDDA
DPtoLP
SetBoundsRect
SetROP2
GetBitmapDimensionEx

winspool.drv

DeletePrintProvidorW
DeleteMonitorA
DeletePrinter
GetJobW
DeleteFormW
AddMonitorA
AddFormA

oleaut32

VariantCopy
VarCmp
VariantClear
SysAllocString

comdlg32

GetOpenFileNameA
ChooseColorA
GetFileTitleW
FindTextW
ReplaceTextW
PageSetupDlgW

oleacc

AccessibleChildren
GetStateTextW
AccessibleObjectFromEvent
AccessibleObjectFromPoint

p2pgraph

PeerGraphGetNextItem
PeerGraphShutdown
PeerGraphGetNodeInfo
PeerGraphCreate
PeerGraphSetNodeAttributes
PeerGraphGetProperties
PeerGraphAddRecord

resutils

ResUtilFindSzProperty
ResUtilGetPropertyFormats
ResUtilEnumProperties

imgutil

GetMaxMIMEIDBytes
IdentifyMIMEType
DecodeImage
DitherTo8
CreateMIMEMap
ComputeInvCMAP
CreateDDrawSurfaceOnDIB
SniffStream

authz

AuthzInitializeContextFromSid
AuthzReportSecurityEventFromParams
AuthzInitializeContextFromToken
AuthziLogAuditEvent
AuthzFreeResourceManager
AuthzRegisterSecurityEventSource
AuthzInstallSecurityEventSource
AuthzFreeAuditEvent
AuthzEnumerateSecurityEventSources
AuthzCachedAccessCheck
AuthzUnregisterSecurityEventSource
AuthzUninstallSecurityEventSource
AuthzInitializeResourceManager

imagehlp

EnumerateLoadedModules
UpdateDebugInfoFileEx
SymGetModuleBase
UnDecorateSymbolName
SymSetOptions
MapFileAndCheckSumW

powrprof

ReadGlobalPwrPolicy
IsPwrSuspendAllowed
GetActivePwrScheme
SetSuspendState

psapi

GetDeviceDriverBaseNameW
GetProcessMemoryInfo
GetDeviceDriverFileNameW
GetWsChanges
GetPerformanceInfo
GetModuleBaseNameA
GetProcessImageFileNameW
GetProcessImageFileNameA
GetMappedFileNameW
EnumProcessModules
QueryWorkingSet

winhttp

WinHttpSetTimeouts
WinHttpReceiveResponse

mprapi

MprAdminServerConnect
MprAdminInterfaceDisconnect
MprConfigGetFriendlyName
MprAdminIsDomainRasServer
MprAdminIsServiceRunning
MprConfigInterfaceGetHandle
MprAdminInterfaceCreate
MprAdminInterfaceDelete
MprConfigTransportDelete
MprAdminSendUserMessage
MprAdminInterfaceEnum
MprInfoBlockSet
MprAdminMIBEntrySet
MprAdminConnectionGetInfo

winfax

FaxAccessCheck
FaxCompleteJobParamsA
FaxSetPortA
FaxEnumPortsW
FaxEnumGlobalRoutingInfoA
FaxPrintCoverPageW
FaxGetPageData
FaxGetLoggingCategoriesW
FaxSetLoggingCategoriesA
FaxGetJobW

setupapi

SetupDiBuildDriverInfoList
CM_Create_DevNode_ExW
CM_Get_Hardware_Profile_InfoW
CM_Get_DevNode_Custom_PropertyW
SetupGetBackupInformationW
SetupDiSetSelectedDriverA
SetupScanFileQueue
SetupDiGetClassDescriptionExA
CM_Next_Range
SetupDiSetDeviceInstallParamsW
SetupDiGetClassRegistryPropertyW

Exports

Exports

ADtkjuaWTpNpwIiG
AvYbqQyEGmSz
BFxRrThoPor
DZBrGLsAsdZ
DiwaWszezlRPG
GPAzsaXTBPg
GssMSuQX
IavWeJRm
JuZWerGtgf
KcjnYeflvGLf
NrTnKjWWQlUtUZUVNIVy
QBUZSDQathBJGn
QFDxQKBtTutgi
QxcligiOPGBkLAtSVXfl
TOCbMHNEnK
UNkMIPlpDYcR
UlEAtDsYpglvtHKLa
VniZZGeVfkqanJpyAem
VzUNnRnKmrifG
XWopFwFXy
XaszAFpDsQriyhcGeb
YXBcKDffMgMVuawYtU
YjUncqmBxc
YsBtYxJITvkhZddhp
ZREJNn
ZtsePkLYBRWdkBTXAq
aqiSJUQKYibXeCykBi
bLfzHAqvhPCmuPNdRin
bstFV
clcZhkpmpEtAGpK
dQDWN
fXqngGkaYrOLjtmbmpK
flIOH
fxFEePUcKis
hNjWtCuQlJjtgfGN
hkhlJclueNF
llIneGKTlcjNIlNbFjmh
pXfmIDhRvGLOgPCXD
poaWW
qVUEpoSiyc
rmpujkbscxeKsAVryFL
tXQexhzHcYP
uULDl
viBOi
yVGBKrsomMgmQwajAz
yqGXiMB

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 452KB

.ndata Size: - Virtual size: 1.5MB

.rsrc Size: 8KB - Virtual size: 15.8MB

bc1f551874c8285ceb4a9f8c2c9f8af0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

imagehlp

snmpapi

setupapi

rtm

crypt32

rtutils

p2p

authz

imgutil

Exports

Exports

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 40KB - Virtual size: 39KB

89cea696bf8865d3d2863bb5aa2c597b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

shell32

oleaut32

comdlg32

advapi32

winhttp

authz

pdh

version

oleacc

oledlg

comctl32

rtutils

imagehlp

imm32

winfax

snmpapi

imgutil

rtm

loadperf

mprapi

uxtheme

crypt32

Exports

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 1.5MB

.rsrc
Size: 8KB - Virtual size: 15.8MB

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 40KB - Virtual size: 39KB

.text
Size: 319KB - Virtual size: 318KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 478KB - Virtual size: 477KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 19KB - Virtual size: 19KB