d748c29d2c4775750824df17208cae3e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d748c29d2c4775750824df17208cae3e_JaffaCakes118
Size

3.0MB
MD5

d748c29d2c4775750824df17208cae3e
SHA1

657f77eabcc2da6a7d675a7dbb03df6317699beb
SHA256

9723afef93bb4c7e7be7d0f4c255bdd4e4b17117808010d11707acef3ab33c31
SHA512

e910fa006b9b16f81c7c53d8e1a58391a2447391ecd67748d91c6b3db1350c9ab93035e891e3f6d4b5678428bdbb818657199e083eece048f241f0761c50606c
SSDEEP

98304:Ake8uDzrt7fcsUx+MQN8LfVrh61TJut14TSb:Ak9uSN+Mk8L9+10MSb

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
d748c29d2c4775750824df17208cae3e_JaffaCakes118
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$TEMP/photoinstrument-3.5.exe
unpack001/$TEMP/windll.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

d748c29d2c4775750824df17208cae3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
CreateSemaphoreA
CreateThread
DeleteFileA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
MulDiv
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

_write
__dllonexit
_errno
_iob
abort
fflush
fputc
fputs
free
fwrite
malloc
memcpy
realloc
strcmp
strcpy
strlen

user32

CallWindowProcA
CharPrevA
CreateWindowExA
DestroyWindow
EnableWindow
FindWindowExA
GetClientRect
GetDlgItem
GetFocus
GetWindowLongA
GetWindowRect
IsWindowVisible
RegisterWindowMessageA
SendMessageA
SetDlgItemTextA
SetWindowLongA
SetWindowTextA
ShowWindow
wsprintfA

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
getsockname
htons
inet_addr
ioctlsocket
recv
select
send
shutdown
socket

Exports

Exports

download
download_quiet

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/photoinstrument-3.5.exe
.exe windows:5 windows x86 arch:x86

483f0c4259a9148c34961abbda6146c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/windll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

bcab0c6c8736d64354a44b4c0b36e4c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
GetAtomNameA
GetCommandLineA
SetEndOfFile
DosDateTimeToFileTime
GetCurrentThread
GetFileSizeEx
ExitProcess
GetProfileStringW
OpenEventW
GetBinaryTypeA
SystemTimeToFileTime
GetSystemDefaultUILanguage
FindResourceA
HeapWalk
SleepEx
CreateTimerQueueTimer
SetCurrentDirectoryW
lstrcatA
GetFileAttributesExW
IsValidLocale
BindIoCompletionCallback
GetThreadPriority
GetModuleHandleW
GetLocaleInfoW
VerLanguageNameW
SetFilePointer
SetProcessWorkingSetSize
IsValidLanguageGroup
UpdateResourceA
LCMapStringW
GetEnvironmentStrings
PostQueuedCompletionStatus
EnumSystemLocalesA
GetTempFileNameA
CreateToolhelp32Snapshot
FlushFileBuffers
GetFileType
SetNamedPipeHandleState
GetLargestConsoleWindowSize
GetProcessAffinityMask
SuspendThread
SearchPathA
SetEnvironmentVariableA
GlobalFlags
CreateFileMappingW
CreateWaitableTimerA
RemoveDirectoryA
PulseEvent
GlobalDeleteAtom
SetStdHandle
GetStartupInfoA
SetInformationJobObject
RaiseException
CompareFileTime
GetConsoleOutputCP
IsWow64Process
WaitNamedPipeW
FindFirstFileExW
GetDateFormatW
ReadProcessMemory
OpenEventA
LoadResource
CreateJobObjectW
CreateProcessW
QueueUserAPC
SetConsoleCursorPosition
PeekConsoleInputW
PeekConsoleInputA
GetFileAttributesW
IsValidCodePage
HeapSize
WriteProfileStringA
SetConsoleTitleA
GetVolumeInformationW
SetSystemTime
EnumResourceNamesA
GetStringTypeExW
DeleteTimerQueueEx
ChangeTimerQueueTimer
GetFileTime
AddAtomW
LocalSize
CreateSemaphoreA
TerminateProcess
GetLogicalDriveStringsA
IsBadWritePtr
DeleteFileW
Beep
GetTapeParameters
SetVolumeMountPointW
SetComputerNameA
FindFirstVolumeW
GetThreadLocale
GetShortPathNameA
SizeofResource
GetProfileIntA
GetTempPathW
ConvertDefaultLocale
SetFilePointerEx
GetVolumePathNamesForVolumeNameW
WinExec
OpenThread
EnterCriticalSection
EnumResourceLanguagesW
FileTimeToSystemTime
GetTimeFormatA
FindNextChangeNotification
SetProcessShutdownParameters
GetComputerNameA
GetModuleHandleA
CreateThread
HeapFree
CopyFileA
HeapAlloc
CloseHandle
CreateFileMappingA
InterlockedIncrement
CreateProcessA
LeaveCriticalSection
InterlockedExchange
GetTickCount
VirtualQuery
CreateDirectoryA
InitializeCriticalSection
LocalFree
ExpandEnvironmentStringsA
GlobalAlloc
MapViewOfFile
WriteFile
GetModuleFileNameA
UnmapViewOfFile
LoadLibraryA
DeleteFileA
Sleep
WaitForSingleObject
GetProcAddress
ReadFile
GetCurrentProcessId
GlobalGetAtomNameW

user32

GetMenuStringA
CharNextA
MapVirtualKeyA
GetTopWindow
ChangeDisplaySettingsA
DrawFrameControl
CallWindowProcA
GetClassLongW
SetDlgItemInt
EndDialog
CopyAcceleratorTableA
ReleaseDC
GetWindowTextW
GetGUIThreadInfo
TrackMouseEvent
LoadMenuW
SetProcessDefaultLayout
FindWindowExA
MapWindowPoints
GetMenuState
DispatchMessageW
GetSystemMenu
SetMenuItemInfoW
IsIconic
SetPropA
GetDlgItemTextA
ReplyMessage
SendMessageW
SetProcessWindowStation
MapDialogRect
GetDoubleClickTime
CreateIconIndirect
GetDlgItem
GetWindowWord
GetShellWindow
DestroyCursor
BroadcastSystemMessageW
IsMenu
GetUpdateRgn
SetWindowLongW
GetScrollRange
OpenWindowStationW
RegisterHotKey
InternalGetWindowText
IsRectEmpty
DestroyAcceleratorTable
GetClassLongA
DrawStateA
TranslateAcceleratorA
GetComboBoxInfo
GetWindowRect
EnumDisplaySettingsW
PackDDElParam
UnregisterClassW
ExitWindowsEx
AppendMenuA
CheckMenuItem
SetRectEmpty
WinHelpW
wsprintfW
LookupIconIdFromDirectory
SetSysColors
GetScrollPos
OpenDesktopW
SetClassLongW
IsWindow
GetFocus
CharLowerA
GetScrollInfo
DrawIcon
CopyIcon
BeginPaint
EnableMenuItem
GetWindowPlacement
TranslateAcceleratorW
FillRect
DrawTextExA
SetTimer
CharLowerBuffW
HideCaret
CreateDialogParamA
GetWindowDC
TranslateMDISysAccel
MsgWaitForMultipleObjectsEx
MapVirtualKeyW
DialogBoxParamA
PostThreadMessageA
SendNotifyMessageW
EnableScrollBar
PtInRect
SetScrollInfo
WaitForInputIdle
GetDCEx
GetCursorPos
OpenDesktopA
IsDialogMessageA
LoadIconW
MonitorFromRect
InvalidateRect
FindWindowW
GetDesktopWindow
FreeDDElParam
UnregisterHotKey
DefWindowProcW
GrayStringA
ModifyMenuW
SetCursor
DrawTextW
CharNextExA
DestroyCaret
InSendMessageEx
AttachThreadInput
SetWindowPlacement
DrawIconEx
InsertMenuW
GetKeyNameTextA
PostMessageW
GetCursor
SendNotifyMessageA
GetPropW
FindWindowA
CreateWindowExA
RegisterClassExA
DispatchMessageA
SetWindowLongA
GetClassNameA
UnhookWindowsHookEx
PeekMessageA
DefWindowProcA
GetMessageA
GetClientRect
GetWindowThreadProcessId
GetWindowLongA
SetParent

shlwapi

StrDupW
PathRemoveFileSpecW
SHDeleteKeyA
UrlUnescapeW
PathIsDirectoryW
PathFindExtensionA
StrStrIA
StrCpyW
StrToIntExW
SHSetValueW
AssocCreate
PathFileExistsA
PathGetCharTypeA
PathGetCharTypeW
PathGetArgsW
SHCreateStreamOnFileW
wnsprintfA
PathRemoveFileSpecA
StrStrA
PathFindFileNameW
StrCatBuffW
UrlEscapeW
PathAddExtensionW
PathStripToRootW
PathBuildRootW
PathIsPrefixW
StrChrA
SHRegGetBoolUSValueW
SHRegGetValueW
UrlCreateFromPathW
PathIsUNCServerW
PathSkipRootW
PathIsUNCW
PathIsUNCServerShareW
StrDupA

advapi32

RegCreateKeyExA
RegOpenKeyExA
GetSecurityDescriptorSacl
RegEnumKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
LookupAccountNameA
RegSetValueExA
SetNamedSecurityInfoA
ConvertSidToStringSidA
ClearEventLogW
CreateServiceW
RegDeleteKeyW
ReportEventA
RegEnumValueA
RegisterEventSourceA
MakeAbsoluteSD
RegOpenKeyA
RegOpenCurrentUser
RegisterServiceCtrlHandlerExA
ImpersonateNamedPipeClient
OpenServiceW
EnumDependentServicesW
SetTokenInformation
RegCreateKeyW
IsTokenRestricted
OpenProcessToken
ChangeServiceConfigW
CloseServiceHandle
StartServiceW
IsTextUnicode
RegFlushKey
QueryServiceStatus
RegEnumKeyA
QueryServiceConfig2W
ControlService
GetOldestEventLogRecord
QueryServiceStatusEx
RegSaveKeyW
RegConnectRegistryA
RegQueryInfoKeyW
NotifyBootConfigStatus
QueryServiceLockStatusA
RegUnLoadKeyA
MapGenericMask
RegOpenKeyExW
QueryServiceConfigW

shell32

SHBrowseForFolderW
SHSetLocalizedName
ExtractIconW
ShellAboutW
SHPathPrepareForWriteW
DragAcceptFiles
SHParseDisplayName
ExtractIconA
SHGetSettings
SHGetPathFromIDListW
CommandLineToArgvW
SHFileOperationW
SHGetFolderPathA
SHGetFileInfoA

gdi32

GetGlyphOutlineA
PolyPolyline
GetTextExtentPointA
CreateBrushIndirect
SetMapperFlags
GetStockObject
EnumFontFamiliesExA
FillPath
ScaleViewportExtEx
CreateHatchBrush
GetTextMetricsW
CreateDCW
GetBitmapDimensionEx
BeginPath
RealizePalette
EnumFontsA
ExtTextOutW
AbortPath
GetCurrentObject
GetDIBits
UpdateColors
GetTextCharacterExtra
GetMetaFileA
GetTextAlign
EndDoc
StretchDIBits
SetBkColor
DeleteMetaFile
Chord
GetBitmapBits
InvertRgn
GetEnhMetaFileBits
CreateDIBPatternBrushPt
GetLayout
PlayEnhMetaFileRecord
GetDCOrgEx
GetTextExtentExPointA
SetPolyFillMode
GetClipRgn
SetBitmapDimensionEx
CreatePen
GetRegionData
GetObjectA
RemoveFontResourceW
CreateScalableFontResourceA
GetViewportExtEx
Polygon
TranslateCharsetInfo
ExtFloodFill
SetMiterLimit
ResizePalette
CreateBitmapIndirect
GetObjectW
CreateICW
GetEnhMetaFileA
ExtCreateRegion
DescribePixelFormat
GetBkColor
ExtEscape
EnumFontFamiliesExW
CreateICA
EqualRgn
DeleteObject
CreateMetaFileA
CloseMetaFile
EnumFontFamiliesA
GetMapMode
ExtTextOutA
Ellipse
SetBrushOrgEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 150KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 16KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 24KB

.edata Size: 512B - Virtual size: 95B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

483f0c4259a9148c34961abbda6146c1

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 82KB - Virtual size: 81KB

.itext Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 6KB

.rsrc Size: 69KB - Virtual size: 69KB

bcab0c6c8736d64354a44b4c0b36e4c6

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 7KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 150KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 16KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 24KB

.edata
Size: 512B - Virtual size: 95B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 82KB - Virtual size: 81KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 6KB

.rsrc
Size: 69KB - Virtual size: 69KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB