da466a4f9f0ab222941da09d45b1dcb1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da466a4f9f0ab222941da09d45b1dcb1_JaffaCakes118
Size

4.7MB
MD5

da466a4f9f0ab222941da09d45b1dcb1
SHA1

71bd307fa448f2315b67124181f0e14ff895076c
SHA256

1c162d76280e3e207220eb08aad3f13384e2c34fcb4d23f9164e9bffa541f346
SHA512

711f9058853228f163733404c4b05c266fcebc944aa3af49b4fa582bec143632f7c0293f1c6c84e15dd51c04b22e171f33b09d5ab305bb63cf844058f011e43e
SSDEEP

98304:6JXnZSvFh2uFehYr/p4ps7TsY0Du+3r30j1LArjya7HnEYz0p4J:6xnwvFhFFcs/p4psfQbU1EhHTJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/IBCopy.exe	upx
static1/unpack001/InfoBase.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IBCopy.exe
unpack002/out.upx
unpack001/InfoBase.DE
unpack001/InfoBase.exe
unpack003/out.upx
unpack001/Macros/FileSort.exe
unpack001/winhlp32.exe

Files

da466a4f9f0ab222941da09d45b1dcb1_JaffaCakes118
.zip
Anniversaries-Hebrew.txt
Anniversaries-Jewish Holydays.txt
Anniversaries.ubi
Data/AutoCorr.ubi
Data/Base.ibi
Data/File-Link.rpl
Data/High-ANSI.rpl
Data/PaleMoon-Link.rpl
Data/SpeclChr.rpl
Data/Stacks.ubi
Data/Tags.ubi
Data/Templates.ubi
Files/Keys.jpg
.jpg
Html-Help/de/back.jpg
.jpg
Html-Help/de/data.js
Html-Help/de/icons/1.gif
.gif
Html-Help/de/icons/11.gif
.gif
Html-Help/de/icons/2.gif
.gif
Html-Help/de/icons/arrowdn.gif
.gif
Html-Help/de/icons/arrowrt.gif
.gif
Html-Help/de/icons/blank.gif
.gif
Html-Help/de/icons/cminus.gif
.gif
Html-Help/de/icons/cplus.gif
.gif
Html-Help/de/icons/daminus.gif
.gif
Html-Help/de/icons/daplus.gif
.gif
Html-Help/de/icons/downangle.gif
.gif
Html-Help/de/icons/line.gif
.gif
Html-Help/de/icons/minus.gif
.gif
Html-Help/de/icons/plus.gif
.gif
Html-Help/de/icons/sline.gif
.gif
Html-Help/de/icons/sminus.gif
.gif
Html-Help/de/icons/splus.gif
.gif
Html-Help/de/icons/tminus.gif
.gif
Html-Help/de/icons/tplus.gif
.gif
Html-Help/de/icons/tshaped.gif
.gif
Html-Help/de/icons/uaminus.gif
.gif
Html-Help/de/icons/uaplus.gif
.gif
Html-Help/de/icons/upangle.gif
.gif
Html-Help/de/images/hideall.gif
.gif
Html-Help/de/images/next.gif
.gif
Html-Help/de/images/previous.gif
.gif
Html-Help/de/images/print.gif
.gif
Html-Help/de/images/showall.gif
.gif
Html-Help/de/index.htm
.js
Html-Help/de/indexh.htm
Html-Help/de/languages.js
Html-Help/de/style.css
Html-Help/de/topics/Anhang.htm
.js
Html-Help/de/topics/Beispiele.htm
.js
Html-Help/de/topics/Codes.htm
.js
Html-Help/de/topics/Editor.htm
.js
Html-Help/de/topics/Editoren.htm
.js
Html-Help/de/topics/Einleitung.htm
.js
Html-Help/de/topics/Einstellungen.htm
.js
Html-Help/de/topics/Erweiterungen.htm
.js
Html-Help/de/topics/Extras.htm
.js
Html-Help/de/topics/Fenster.htm
.js
Html-Help/de/topics/File.htm
.js
Html-Help/de/topics/Hotkeys.htm
.js
Html-Help/de/topics/Logo.htm
Html-Help/de/topics/Notes.htm
.js
Html-Help/de/topics/PopUp.htm
.js
Html-Help/de/topics/Stacks.htm
.js
Html-Help/de/topics/Stapel.htm
.js
Html-Help/de/topics/Suchen.htm
.js
Html-Help/de/topics/System.htm
.js
Html-Help/de/topics/User.htm
.js
Html-Help/de/topics/View.htm
.js
Html-Help/de/topics/Zettel.htm
.js
Html-Help/de/topics/Zettelspiess.gif
.gif
Html-Help/de/topics/ex-1.gif
.gif
Html-Help/de/topics/ex-2.gif
.gif
Html-Help/de/topics/ex-3.gif
.gif
Html-Help/de/topics/ex-4.gif
.gif
Html-Help/de/topics/ex-5.gif
.gif
Html-Help/de/topics/files.gif
.gif
Html-Help/de/topics/global.gif
.gif
Html-Help/de/topics/is.jpg
.jpg
Html-Help/de/topics/local.gif
.gif
Html-Help/de/topics/replace.gif
.gif
Html-Help/de/topics/template/btn_next_n.gif
.gif
Html-Help/de/topics/template/btn_prev_n.gif
.gif
Html-Help/de/webhelpbookmark.htm
.js
Html-Help/de/webhelpcontents.htm
.js
Html-Help/de/webhelpframe.htm
.js
Html-Help/de/webhelpindex.htm
.js
Html-Help/de/webhelpleft.htm
Html-Help/de/webhelplefth.htm
Html-Help/de/webhelpsearch.htm
.js
Html-Help/de/webhelptoolbar.htm
Html-Help/de/webhelptop.htm
.js
Html-Help/de/webhelptoph.htm
Html-Help/en/back.jpg
.jpg
Html-Help/en/data.js
Html-Help/en/icons/1.gif
.gif
Html-Help/en/icons/11.gif
.gif
Html-Help/en/icons/2.gif
.gif
Html-Help/en/icons/arrowdn.gif
.gif
Html-Help/en/icons/arrowrt.gif
.gif
Html-Help/en/icons/blank.gif
.gif
Html-Help/en/icons/cminus.gif
.gif
Html-Help/en/icons/cplus.gif
.gif
Html-Help/en/icons/daminus.gif
.gif
Html-Help/en/icons/daplus.gif
.gif
Html-Help/en/icons/downangle.gif
.gif
Html-Help/en/icons/line.gif
.gif
Html-Help/en/icons/minus.gif
.gif
Html-Help/en/icons/plus.gif
.gif
Html-Help/en/icons/sline.gif
.gif
Html-Help/en/icons/sminus.gif
.gif
Html-Help/en/icons/splus.gif
.gif
Html-Help/en/icons/tminus.gif
.gif
Html-Help/en/icons/tplus.gif
.gif
Html-Help/en/icons/tshaped.gif
.gif
Html-Help/en/icons/uaminus.gif
.gif
Html-Help/en/icons/uaplus.gif
.gif
Html-Help/en/icons/upangle.gif
.gif
Html-Help/en/images/hideall.gif
.gif
Html-Help/en/images/next.gif
.gif
Html-Help/en/images/previous.gif
.gif
Html-Help/en/images/print.gif
.gif
Html-Help/en/images/showall.gif
.gif
Html-Help/en/index.htm
.js
Html-Help/en/indexh.htm
Html-Help/en/languages.js
Html-Help/en/style.css
Html-Help/en/topics/Anhang.htm
.js
Html-Help/en/topics/Beispiele.htm
.js
Html-Help/en/topics/Codes.htm
.js
Html-Help/en/topics/Editor.htm
.js
Html-Help/en/topics/Editoren.htm
.js
Html-Help/en/topics/Einleitung.htm
.js
Html-Help/en/topics/Einstellungen.htm
.js
Html-Help/en/topics/Erweiterungen.htm
.js
Html-Help/en/topics/Extras.htm
.js
Html-Help/en/topics/Fenster.htm
.js
Html-Help/en/topics/File.htm
.js
Html-Help/en/topics/Hotkeys.htm
.js
Html-Help/en/topics/Logo.htm
Html-Help/en/topics/Notes.htm
.js
Html-Help/en/topics/PopUp.htm
.js
Html-Help/en/topics/Stacks.htm
.js
Html-Help/en/topics/Stapel.htm
.js
Html-Help/en/topics/Suchen.htm
.js
Html-Help/en/topics/System.htm
.js
Html-Help/en/topics/User.htm
.js
Html-Help/en/topics/View.htm
.js
Html-Help/en/topics/Zettel.htm
.js
Html-Help/en/topics/Zettelspiess.gif
.gif
Html-Help/en/topics/ex-1.gif
.gif
Html-Help/en/topics/ex-2.gif
.gif
Html-Help/en/topics/ex-3.gif
.gif
Html-Help/en/topics/ex-4.gif
.gif
Html-Help/en/topics/ex-5.gif
.gif
Html-Help/en/topics/files.gif
.gif
Html-Help/en/topics/global.gif
.gif
Html-Help/en/topics/is.jpg
.jpg
Html-Help/en/topics/local.gif
.gif
Html-Help/en/topics/replace.gif
.gif
Html-Help/en/topics/template/btn_next_n.gif
.gif
Html-Help/en/topics/template/btn_prev_n.gif
.gif
Html-Help/en/webhelpbookmark.htm
.js
Html-Help/en/webhelpcontents.htm
.js
Html-Help/en/webhelpframe.htm
.js
Html-Help/en/webhelpindex.htm
.js
Html-Help/en/webhelpleft.htm
Html-Help/en/webhelplefth.htm
Html-Help/en/webhelpsearch.htm
.js
Html-Help/en/webhelptoolbar.htm
Html-Help/en/webhelptop.htm
.js
Html-Help/en/webhelptoph.htm
IBCopy.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 268KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 152KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InfoBase-en.chm
.chm
InfoBase.DE
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InfoBase.chm
.chm
InfoBase.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 691KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Keys.jpg
.jpg
LastVisits.ubi
LinkMenu.ubi
Macros/FileSort.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Macros/Macro-1.au3
Macros/Macro-2.au3
Macros/Macro-3.au3
Macros/toHandy.au3
OpenWith.ubi
Picker.ubi
SearchHistory.ubi
Spell/GT_Neu.adm
Spell/american.adm
Spell/british.adm
Spell/french.adm
Spell/german-gt3.adm
Spell/hebrew.adm
Spell/italian.adm
Spell/spanish.adm
Spell/technical.adm
UserMenu.ubi
WhatsNew.txt
Win7Help.txt
winhlp32.exe
.exe windows:5 windows x86 arch:x86

6a8de8772de38bd81eb16c604a66176c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winhlp32.pdb

Imports

msvcrt

isalpha
strtol
strtoul
_strcmpi
strstr
strncpy
strchr
_stricmp
atoi
_fullpath
_except_handler3
strrchr
atol
tolower
_exit
_strnicmp
strncmp
??3@YAXPAX@Z
??2@YAPAXI@Z
remove
_itoa
toupper
isspace
_chdrive
_c_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
isdigit
memmove

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

kernel32

MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GetProfileStringA
GetSystemDefaultLangID
GlobalReAlloc
GlobalAlloc
GetTimeZoneInformation
FindClose
FindFirstFileA
GetFileInformationByHandle
_llseek
GetSystemDirectoryA
GetModuleHandleW
GetProfileIntA
CloseHandle
GetVersionExA
GetStartupInfoA
MapViewOfFile
CreateFileMappingA
GetCurrentThread
GetModuleFileNameA
IsValidLocale
GlobalSize
VirtualAlloc
VirtualFree
_lclose
_lcreat
_lwrite
_lread
GetLastError
_lopen
SetEndOfFile
SetFilePointer
DeleteFileA
FindNextFileA
GetTickCount
SetCurrentDirectoryA
CopyFileA
MoveFileA
SetFileAttributesA
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
ExpandEnvironmentStringsA
SearchPathA
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
GetCurrentDirectoryA
GetSystemWindowsDirectoryA
GetWindowsDirectoryA
lstrcmpiA
GetFileAttributesA
GetModuleHandleA
SetErrorMode
LoadLibraryA
GetBinaryTypeA
FreeLibrary
Sleep
GetProcAddress
WinExec
GetUserDefaultLCID
CompareStringA
MulDiv
LocalSize
lstrcpynA
IsDBCSLeadByte
lstrcpyA
lstrlenA
LocalAlloc
LocalReAlloc
LocalFree
GetLocaleInfoA

gdi32

EnumFontFamiliesExA
GetTextAlign
SetTextAlign
GetTextColor
GetBkColor
Escape
SetAbortProc
StartDocA
EndDoc
CreateDCA
StartPage
EndPage
GetSystemPaletteEntries
CreatePen
IntersectClipRect
UnrealizeObject
SetBrushOrgEx
CreatePatternBrush
GetTextExtentPoint32A
CreateFontA
CreateRectRgn
SetRectRgn
CombineRgn
InvertRgn
PatBlt
ExtTextOutA
GetTextExtentPointW
GetTextExtentPointA
SetBkMode
TextOutW
TextOutA
GetTextCharset
GetTextMetricsA
MoveToEx
LineTo
Rectangle
GetStockObject
SetPixel
CreateCompatibleBitmap
GetTextFaceA
SetROP2
TranslateCharsetInfo
GetObjectA
DeleteObject
GetNearestColor
CreateCompatibleDC
SelectObject
SetTextColor
SetBkColor
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
PlayMetaFile
DeleteDC
CreateDiscardableBitmap
CreateSolidBrush
BitBlt
SetStretchBltMode
StretchBlt
CreateICA
GetDeviceCaps
CreatePalette
SaveDC
SetMapMode
SetWindowOrgEx
LPtoDP
RestoreDC
SetMetaFileBitsEx
CreateBitmap
SetDIBits
CreateDIBitmap
SelectPalette
RealizePalette
DeleteMetaFile
CreateFontIndirectA

user32

CheckDlgButton
EnumWindows
RegisterClassA
UnregisterClassA
DrawFocusRect
GetAsyncKeyState
ValidateRect
EnumChildWindows
GetWindowDC
CopyRect
CreateDialogParamA
IsDialogMessageA
ScrollWindow
SetScrollRange
GetScrollPos
SetScrollPos
ReleaseCapture
GetClassNameA
EnumThreadWindows
DialogBoxParamA
OffsetRect
KillTimer
GetFocus
PeekMessageA
GetSysColorBrush
BeginPaint
EndPaint
ChildWindowFromPoint
GetMessagePos
MonitorFromPoint
GetMonitorInfoA
SetWindowPos
SetCursor
ClientToScreen
FrameRect
InflateRect
SetCapture
SetMessageQueue
GetMessageA
TranslateAcceleratorA
wsprintfA
CallWindowProcA
PostMessageA
GetParent
GetClientRect
SetDlgItemTextA
GetWindowLongA
GetDlgItemTextA
GetWindowTextLengthA
IsWindowEnabled
EndDialog
SetWindowLongA
SetFocus
EnableWindow
IsClipboardFormatAvailable
GetDlgItem
SendDlgItemMessageA
CharNextA
CharPrevA
WinHelpA
CharLowerA
GetSysColor
InvertRect
SetRect
GetActiveWindow
IsWindow
FillRect
SetTimer
ShowWindow
IsWindowVisible
SetActiveWindow
InvalidateRect
SendMessageA
GetWindowRect
SetForegroundWindow
IsIconic
FindWindowA
CreatePopupMenu
AppendMenuA
GetKeyState
DrawMenuBar
GetMenu
DeleteMenu
EnableMenuItem
CheckMenuItem
DestroyWindow
SetWindowTextA
VkKeyScanA
GetWindow
GetSystemMetrics
TranslateMessage
IsDlgButtonChecked
MoveWindow
DestroyMenu
InsertMenuA
CreateMenu
GetWindowTextA
CreateWindowExA
TrackPopupMenu
GetCursorPos
GetMenuItemCount
GetSubMenu
SetMenu
LoadMenuA
LoadStringA
CharUpperA
GetDesktopWindow
MessageBoxA
LoadBitmapA
PtInRect
ShowScrollBar
InvalidateRgn
UpdateWindow
ReleaseDC
GetDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
CharNextW
RegisterClassExA
LoadIconA
LoadImageA
IsRectEmpty
SetRectEmpty
SystemParametersInfoA
EqualRect
IsZoomed
RegisterWindowMessageA
SetProcessDefaultLayout
GetProcessDefaultLayout
LoadCursorA
LoadAcceleratorsA
PostQuitMessage
DefWindowProcA
DispatchMessageA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 268KB

UPX1 Size: 152KB - Virtual size: 156KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 326KB - Virtual size: 326KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 22KB - Virtual size: 22KB

Headers

File Characteristics

Sections

CODE Size: 30KB - Virtual size: 29KB

DATA Size: 1024B - Virtual size: 1012B

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 320KB - Virtual size: 320KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 691KB - Virtual size: 692KB

.rsrc Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Sections

CODE Size: 1.8MB - Virtual size: 1.8MB

DATA Size: 13KB - Virtual size: 12KB

BSS Size: - Virtual size: 5KB

.idata Size: 13KB - Virtual size: 13KB

.tls Size: - Virtual size: 72B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 126KB - Virtual size: 126KB

.rsrc Size: 317KB - Virtual size: 317KB

Headers

File Characteristics

Sections

CODE Size: 72KB - Virtual size: 71KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 5KB - Virtual size: 5KB

6a8de8772de38bd81eb16c604a66176c

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

Sections

.text Size: 227KB - Virtual size: 226KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 49KB - Virtual size: 48KB

UPX0
Size: - Virtual size: 268KB

UPX1
Size: 152KB - Virtual size: 156KB

.rsrc
Size: 4KB - Virtual size: 8KB

CODE
Size: 326KB - Virtual size: 326KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 22KB - Virtual size: 22KB

CODE
Size: 30KB - Virtual size: 29KB

DATA
Size: 1024B - Virtual size: 1012B

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 320KB - Virtual size: 320KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 691KB - Virtual size: 692KB

.rsrc
Size: 12KB - Virtual size: 12KB

CODE
Size: 1.8MB - Virtual size: 1.8MB

DATA
Size: 13KB - Virtual size: 12KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 13KB - Virtual size: 13KB

.tls
Size: - Virtual size: 72B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 126KB - Virtual size: 126KB

.rsrc
Size: 317KB - Virtual size: 317KB

CODE
Size: 72KB - Virtual size: 71KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 227KB - Virtual size: 226KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 49KB - Virtual size: 48KB