d1a606a782340af82b5c1904fa5a9a02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1a606a782340af82b5c1904fa5a9a02_JaffaCakes118
Size

8.2MB
MD5

d1a606a782340af82b5c1904fa5a9a02
SHA1

dd5c2f4ef35a7ee4f0281800df470ed61a9c0fc1
SHA256

12888d358d252a41feccde8c3363610657f22878eec77279fc249fca47959a7b
SHA512

c44f432408b5d344540ea1ce9f8297a0f7a6606e67ef82169fc1ec89b92993d509da401f1f28c2ef70abaa1474534f44b7c8ab65ea4391ed126a8d112930123f
SSDEEP

196608:j6jBvrhjRbrL0f7tAe+dHMLywGWo22P1ianTUd/2AVnEMjT:j0dNjR3L0xAe+day5j2INUd/WMf

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
d1a606a782340af82b5c1904fa5a9a02_JaffaCakes118
unpack001/$PLUGINSDIR/AbOBLWqkEsI.dll
unpack001/$PLUGINSDIR/giIpvpzqgFS.dll
unpack001/$PLUGINSDIR/xCxmScGcibn.dll

Files

d1a606a782340af82b5c1904fa5a9a02_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 16.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AbOBLWqkEsI.dll
.dll windows:5 windows x86 arch:x86

3b9cc1ce439e4a9ca90e1dc2f6e0badc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
SizeofResource
GetFileSize
ReadFile
FindResourceW
FindResourceExW
HeapAlloc
WideCharToMultiByte
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
FreeLibrary
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LockResource
GetOEMCP
GetConsoleCP
GetConsoleMode
CreateFileW
SetFilePointerEx
GetACP
IsValidCodePage
FlushFileBuffers
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetProcAddress
LoadLibraryA
LoadLibraryW
CreateEventA
CloseHandle
LocalFree
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
InterlockedIncrement
SetLastError
GetTimeZoneInformation
IsDebuggerPresent
ExitProcess
SetStdHandle
SetEnvironmentVariableA
MultiByteToWideChar
EnumSystemLocalesW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
WriteFile
LoadLibraryExW
ExitThread
CreateThread
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
GetCPInfo
InterlockedDecrement
GetCommandLineA
RtlUnwind
RaiseException
GetLastError
DecodePointer
EncodePointer
SetWaitableTimer
CreateWaitableTimerW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToFileTime
ResumeThread
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
Sleep
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
OpenEventA
GetSystemTimeAsFileTime
FormatMessageA
LoadResource

ole32

OleLockRunning
CoRegisterChannelHook
CoGetTreatAsClass
CoIsOle1Class
OleConvertOLESTREAMToIStorageEx
OleRegEnumVerbs

oleaut32

CreateTypeLi
VarR8FromDec
LHashValOfNameSysA
OaBuildVersion
VarI2FromUI2
SafeArrayCopy
VarI4FromUI4
VariantCopyInd
VarBstrCmp
VarCyFromI4
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocStringLen
SysAllocString
VarCyFromStr

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetFileTitleA
PageSetupDlgA
PrintDlgA
ChooseFontW
ReplaceTextW
GetFileTitleW
FindTextW

setupapi

SetupFindFirstLineA
SetupDiClassGuidsFromNameA
SetupDiSetClassInstallParamsW
CM_Query_Remove_SubTree_Ex
SetupDiClassGuidsFromNameExA
CM_Get_Resource_Conflict_DetailsA
SetupGetBinaryField

oleacc

GetStateTextW
AccessibleChildren
GetOleaccVersionInfo
GetRoleTextA
WindowFromAccessibleObject

dsprop

ADsPropCreateNotifyObj
ADsPropSendErrorMessage

resutils

ResUtilFindBinaryProperty
ResUtilFindExpandSzProperty
ResUtilGetPropertyFormats
ResUtilSetResourceServiceStartParameters
ClusWorkerCreate

oledlg

ord4
ord3
OleUIAddVerbMenuW
ord6
OleUIConvertW
ord5
OleUIChangeSourceW
OleUIInsertObjectW
ord12

rtutils

TraceDumpExW
RouterGetErrorStringA
RouterLogEventStringA
RouterGetErrorStringW
TraceDeregisterW
LogErrorA
LogEventA
TraceGetConsoleW

authz

AuthzEnumerateSecurityEventSources
AuthzAddSidsToContext
AuthzCachedAccessCheck
AuthzInitializeContextFromSid
AuthzOpenObjectAudit

secur32

LsaGetLogonSessionData
AddCredentialsW
InitSecurityInterfaceA
CompleteAuthToken
LsaRegisterPolicyChangeNotification
EncryptMessage
AcquireCredentialsHandleA
AcquireCredentialsHandleW
GetSecurityUserInfo

snmpapi

SnmpUtilOidCmp
SnmpUtilUnicodeToAnsi
SnmpUtilUnicodeToUTF8
SnmpUtilIdsToA
SnmpUtilOidFree
SnmpUtilUTF8ToUnicode
SnmpUtilOctetsCpy
SnmpSvcInitUptime
SnmpUtilVarBindFree
SnmpUtilPrintAsnAny
SnmpUtilOidAppend
SnmpUtilVarBindCpy

imagehlp

FindExecutableImage
ImageGetCertificateData
ReBaseImage
SetImageConfigInformation
UnMapAndLoad
UpdateDebugInfoFileEx
SymGetSearchPath

pdh

PdhFormatFromRawValue
PdhEnumMachinesA
PdhEnumLogSetNamesW
PdhOpenQueryA
PdhConnectMachineA
PdhParseCounterPathA
PdhBindInputDataSourceW
PdhVbUpdateLog
PdhEnumObjectsA
PdhCalculateCounterFromRawValue
PdhVbOpenLog
PdhCloseLog
PdhEnumMachinesW

p2p

PeerEndEnumeration
PeerPnrpResolve
PeerGroupEnumRecords
PeerPnrpUnregister
PeerPnrpGetEndpoint
PeerFreeData
PeerNameToPeerHostName
PeerGroupShutdown
PeerGetNextItem
PeerIdentityGetDefault
PeerGroupDeleteRecord
PeerIdentityGetCert

user32

wsprintfW

Exports

Exports

BHllQwkABxOeHINR
BIMSZVqCDTDaOzHNDhL
DABvwv
DTDUStQIlsyomlLC
FCwttlv
FEzztxbMF
GPpvvWMtg
IyVxxkhaFyra
KzxpSnPNeyJcvcAyXkBW
Lts
MIwmaChRXD
MYKtmLAkIuXqToZgIgQh
NPRbowTatkVctxMJx
NjPlT
OEqcTBGfrA
PNMZCIkayOITe
RMCCIj
SMwmYRZtit
SQiisLBcsnieC
SWRFjDye
SwxcQtjb
TSVdXXHwpve
TqyqIt
VZCsDHAbXmHoR
YlLAsI
Yrcder
aLHDsYeWsYBxAzEqnxq
biiLcZWDyV
dgHiERw
eqnYZmjgfpMIDqdK
fYHsuZpACwBkx
fraEUGFGlJlgSAWQDnv
hGIYoURZXN
hGedBbOLvFTeo
iLeBg
kIBRQRWnn
kyAXddFpnAVyoNtMjjP
mcMPnWXzWTGfFN
pbEWQfOQxYvIVB
qzEensy
rQdAuWUkY
tzJyg
zRlxn

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Qoqk.gif
.gif
$PLUGINSDIR/giIpvpzqgFS.dll
.dll windows:5 windows x86 arch:x86

c237ba315c57f0cb221a976063035fee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
CreateFileW
IsValidCodePage
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetModuleHandleW
LoadLibraryW
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalFree
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RaiseException
InitializeCriticalSectionAndSpinCount
RtlUnwind
UnhandledExceptionFilter
GetProcessHeap
HeapAlloc
GetModuleFileNameW
WriteFile
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
HeapFree
GetLastError
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetLastError
SetUnhandledExceptionFilter

gdi32

ScaleWindowExtEx
GetStockObject
CreateICA
StartDocW
GetCharABCWidthsW
CreateCompatibleBitmap
UpdateICMRegKeyA
CreatePolyPolygonRgn
SetGraphicsMode
GdiComment

winspool.drv

PrinterProperties
SetPortA
AddPrinterConnectionA
FreePrinterNotifyInfo
EnumPrintProcessorsW
GetPrinterDriverA
GetPrinterA
DeletePrintProvidorA
ConfigurePortA
DeletePrinterConnectionW

shell32

ExtractIconW
CommandLineToArgvW
DragQueryPoint
ExtractIconExW
SHGetInstanceExplorer
SHLoadInProc
DuplicateIcon
SHFileOperationA
ShellExecuteExW
SHChangeNotify
SHFileOperationW
DoEnvironmentSubstW

ole32

CoDisconnectObject
MkParseDisplayName
OleDestroyMenuDescriptor
WriteFmtUserTypeStg
CoBuildVersion
CoGetMarshalSizeMax
StgGetIFillLockBytesOnFile
WriteClassStg
CoIsOle1Class
CoRegisterClassObject
GetConvertStg
OleCreateLinkFromData

oleaut32

VariantInit
VarR8FromI1
VarUI1FromUI2
VarR4FromDate
VarR4FromI4
VarR8FromI4
SafeArrayDestroy
SafeArrayGetLBound
VarUI1FromI1
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SafeArrayRedim
SafeArrayCreate
VarDateFromI4

comdlg32

ChooseColorA
GetSaveFileNameA
ChooseColorW
GetFileTitleA
PageSetupDlgA
PageSetupDlgW
FindTextA
ChooseFontA
PrintDlgA
CommDlgExtendedError
ReplaceTextW
GetSaveFileNameW
FindTextW
GetFileTitleW

advapi32

RegSetValueA
RegCreateKeyExW
SetThreadToken

oledlg

ord4
ord5
ord6
OleUIUpdateLinksW
OleUIChangeSourceW
OleUIAddVerbMenuW
ord12
ord2

psapi

GetModuleBaseNameW
GetDeviceDriverBaseNameW
GetMappedFileNameW
GetModuleFileNameExW
GetProcessImageFileNameA
GetDeviceDriverFileNameA
GetModuleFileNameExA
EmptyWorkingSet
EnumDeviceDrivers
GetModuleBaseNameA
GetWsChanges
GetDeviceDriverFileNameW
GetProcessMemoryInfo
GetMappedFileNameA

setupapi

SetupCopyErrorA
CM_Modify_Res_Des
CM_Enumerate_EnumeratorsW
SetupRemoveFromDiskSpaceListA
SetupDiInstallClassExA
SetupDiGetClassDevPropertySheetsW
SetupPrepareQueueForRestoreW
SetupDiDestroyClassImageList
SetupQueueDeleteSectionW
CM_Get_Device_ID_List_ExA
CM_Enumerate_Enumerators_ExW

loadperf

UnloadPerfCounterTextStringsA
LoadPerfCounterTextStringsW
UpdatePerfNameFilesA
UpdatePerfNameFilesW
UnloadPerfCounterTextStringsW
SetServiceAsTrustedA
LoadPerfCounterTextStringsA
InstallPerfDllA
RestorePerfRegistryFromFileW
BackupPerfRegistryToFileW
InstallPerfDllW
SetServiceAsTrustedW

winhttp

WinHttpQueryAuthSchemes
WinHttpReadData
WinHttpTimeToSystemTime
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpWriteData
WinHttpDetectAutoProxyConfigUrl
WinHttpSetTimeouts
WinHttpCheckPlatform
WinHttpSetOption

p2p

PeerGetItemCount
PeerGroupExportConfig
PeerPnrpEndResolve
PeerGroupOpen
PeerGroupCloseDirectConnection
PeerGroupSendData
PeerIdentityExport
PeerIdentityGetXML
PeerGroupPeerTimeToUniversalTime
PeerPnrpGetEndpoint
PeerIdentityDelete
PeerGroupAddRecord

uxtheme

GetThemeBackgroundExtent
GetThemeBool
GetThemeSysColorBrush
GetThemeString
EnableThemeDialogTexture
GetThemeFont
GetThemePosition
GetThemeBackgroundRegion

resutils

ResUtilSetDwordValue
ResUtilFindExpandSzProperty
ResUtilGetResourceDependencyByName
ResUtilGetPrivateProperties

secur32

QuerySecurityPackageInfoW
FreeContextBuffer
LsaConnectUntrusted
SealMessage
LsaEnumerateLogonSessions
GetUserNameExW
QuerySecurityContextToken
RevertSecurityContext

winfax

FaxEnumRoutingMethodsW
FaxSendDocumentForBroadcastW
FaxGetConfigurationA
FaxSetPortA
FaxSetJobA
FaxClose
FaxSendDocumentForBroadcastA
FaxEnumRoutingMethodsA
FaxStartPrintJobA
FaxGetLoggingCategoriesW

authz

AuthzReportSecurityEventFromParams
AuthzOpenObjectAudit
AuthzInitializeContextFromAuthzContext
AuthzInitializeContextFromToken
AuthzRegisterSecurityEventSource
AuthzAddSidsToContext
AuthzInstallSecurityEventSource
AuthzFreeHandle
AuthzCachedAccessCheck
AuthzFreeContext
AuthzUnregisterSecurityEventSource
AuthzFreeResourceManager
AuthzUninstallSecurityEventSource
AuthzEnumerateSecurityEventSources
AuthziLogAuditEvent

pdh

PdhVbOpenQuery
PdhOpenLogA
PdhVbOpenLog
PdhGetFormattedCounterArrayW
PdhLookupPerfNameByIndexW
PdhVbGetLogFileSize
PdhCloseQuery

rtutils

TraceVprintfExW
TraceRegisterExW
LogErrorA
RouterLogEventDataA
RouterLogEventW
TraceDeregisterW
TraceVprintfExA

mprapi

MprConfigServerBackup
MprAdminServerGetInfo
MprAdminIsServiceRunning
MprAdminGetErrorString
MprAdminMIBEntryDelete
MprAdminUpgradeUsers

version

VerFindFileW
VerInstallFileW
VerInstallFileA
GetFileVersionInfoSizeA

dsprop

ADsPropShowErrorDialog
ADsPropGetInitInfo
ADsPropSetHwnd
ADsPropCheckIfWritable

rtm

MgmGroupEnumerationGetNext
RtmAddRoute
MgmDeleteGroupMembershipEntry
InsertIntoTable
MgmReleaseInterfaceOwnership
NextMatchInTable
RtmCreateEnumerationHandle

imm32

ImmGetIMEFileNameA
ImmDestroyContext
ImmRegisterWordW
ImmSetCompositionStringA
ImmReleaseContext
ImmGetGuideLineW
ImmGetDescriptionA
ImmUnregisterWordW
ImmGetRegisterWordStyleW
ImmAssociateContext
ImmConfigureIMEW
ImmSetStatusWindowPos
ImmSetConversionStatus

Exports

Exports

AhJsTAKnQVQJGdIedp
EPz
EzoKKiBcKiq
FPmJlaY
KDrKhmyhatgKzQz
MODagQoGwhTaQpa
NSHiOrsWojRHuvSuw
UqhvaedVz
WEGVNpcgpVCmRtFiT
WNleVLuvegdEtRvZ
WYmDgDuQTvs
WfibJYWGuCmD
XODgXBntAFdGVqblg
XfmcSWQmfDDIDLqs
YFuTNKyK
cQUVCXWTDhHwnruonbx
dhTRvVtgLOTxBApBZ
foWxcn
lVNFboWueFBItTPq
mOboZEI
pPXxYFoQy
pelBzzxNzNvJsS

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/xCxmScGcibn.dll
.dll windows:5 windows x86 arch:x86

adef45b86eab311fe53264de3a443a84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
SetStdHandle
SetFilePointerEx
WriteConsoleW
LCMapStringW
CompareStringW
OutputDebugStringW
CloseHandle
CreateFileW
GetProcAddress
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetModuleFileNameW
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
GetProcessHeap
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
HeapAlloc
HeapFree
GetLastError
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GlobalFree
lstrcpynW
GlobalAlloc
WideCharToMultiByte

shell32

DuplicateIcon
SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellAboutW
SHGetInstanceExplorer
SHGetDataFromIDListA
SHGetDataFromIDListW
SHChangeNotify
Shell_NotifyIconW
ExtractIconW
SHGetDesktopFolder
SHBrowseForFolderA
ShellExecuteA
ExtractIconA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

comdlg32

ChooseColorA
GetSaveFileNameW

authz

AuthzAddSidsToContext
AuthzFreeHandle
AuthzCachedAccessCheck
AuthzUnregisterSecurityEventSource
AuthzUninstallSecurityEventSource
AuthzInitializeResourceManager
AuthzRegisterSecurityEventSource
AuthziLogAuditEvent
AuthzFreeContext
AuthzInitializeContextFromToken
AuthzReportSecurityEventFromParams
AuthzOpenObjectAudit
AuthzInitializeContextFromSid
AuthzFreeAuditEvent

rtutils

RouterGetErrorStringW
LogErrorA
RouterLogEventDataA
RouterLogEventValistExA

dsprop

ADsPropSendErrorMessage
ADsPropShowErrorDialog
IsSheetAlreadyUp

imm32

ImmGetCompositionStringW
ImmConfigureIMEA
ImmGetRegisterWordStyleW
ImmGetDescriptionW
ImmIsUIMessageW
ImmGetDescriptionA
ImmGetGuideLineW
ImmCreateContext
ImmSimulateHotKey
ImmGetCandidateListW
ImmGetDefaultIMEWnd
ImmGetConversionListA
ImmSetStatusWindowPos
ImmGetCandidateListA

p2pgraph

PeerGraphUnregisterEvent
PeerGraphSetPresence
PeerGraphSetProperties
PeerGraphListen
PeerGraphOpen
PeerGraphEnumConnections
PeerGraphDelete
PeerGraphAddRecord
PeerGraphExportDatabase
PeerGraphFreeData

rtm

RtmReleaseNextHopInfo
RtmGetChangeStatus
RtmGetEnumNextHops
RtmGetOpaqueInformationPointer

oledlg

ord8
OleUIObjectPropertiesW
OleUIChangeSourceW
ord9
ord11
ord4
OleUIEditLinksW
ord6
OleUIAddVerbMenuW
ord3
ord7
OleUIBusyW
OleUIConvertW

setupapi

CM_Free_Res_Des
SetupDiGetDeviceInfoListDetailA
SetupRemoveSectionFromDiskSpaceListA

winfax

FaxSetJobA
FaxSetGlobalRoutingInfoA
FaxSendDocumentW
FaxEnumJobsA

version

VerInstallFileW
GetFileVersionInfoSizeA
VerFindFileW
GetFileVersionInfoW

snmpapi

SnmpUtilOidCpy
SnmpUtilOidCmp
SnmpSvcInitUptime
SnmpUtilAsnAnyCpy
SnmpUtilOctetsCpy
SnmpUtilPrintOid

user32

wsprintfW

Exports

Exports

AwLdjlS
BdJUub
DSPLuYABXRTf
DtysRUELbxJET
EodlgiIAHdkjcV
FrOkt
HRflBWIQVDeAVYg
JwbVBkBbrkdnMZfHONy
MMZAKzfd
OcPuRtxxpStL
OhEbVbsM
PJmCdaYipzlV
PpQjbb
QPyNTJxcQawzfmeettF
QSNEMUObzHiobV
RDCoYqIzffsLRqKbOrM
UDGkRQWekJxGODz
VZXyBgSjQZGVKXc
WrzoL
YGXhOoOuTcUpDeAC
ZsOPjXmZlJuKqqqBACt
alBockH
atpTwdgHT
bisNhjniMYYwFDcySF
dKgsm
dcOGAkgjsDwJFjIRBUbr
eDzBBDmgJQTpUev
eYwVyPidq
gxjoXtpeEAhi
inbU
jEJDgmCDYnikLcPrszN
jQIVwmQDyRossSZoV
jxZIGIsLwYw
mApyFJufkeQvaB
njSGQxYqlZVge
oxtvVoTLmFtDyl
rajvipC
vJeMyaZRjiRO

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 1.3MB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 16.0MB

3b9cc1ce439e4a9ca90e1dc2f6e0badc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

comdlg32

setupapi

oleacc

dsprop

resutils

oledlg

rtutils

authz

secur32

snmpapi

imagehlp

pdh

p2p

user32

Exports

Exports

Sections

.text Size: 415KB - Virtual size: 414KB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 12KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 63KB - Virtual size: 63KB

c237ba315c57f0cb221a976063035fee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winspool.drv

shell32

ole32

oleaut32

comdlg32

advapi32

oledlg

psapi

setupapi

loadperf

winhttp

p2p

uxtheme

resutils

secur32

winfax

authz

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 16.0MB

.text
Size: 415KB - Virtual size: 414KB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 12KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 63KB - Virtual size: 63KB

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 38KB - Virtual size: 38KB

.text
Size: 245KB - Virtual size: 244KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 234KB - Virtual size: 234KB