dae3119dd247e6b6c23a46f4642e25ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dae3119dd247e6b6c23a46f4642e25ef_JaffaCakes118
Size

716KB
MD5

dae3119dd247e6b6c23a46f4642e25ef
SHA1

360c9568f03797efcb91df684749aa16c075ec90
SHA256

45682be404fd6a6e0d870303805749e889cf3bc64baf93f59a0140b110921776
SHA512

a8c195e7e9d53b44c464cf4c89848ca8252f1a4d0fd3a7876fe9e780943e346d858dc1b0f30d5cc589798484264b65049ab1e3c16da64755f1a48bba465f4eb9
SSDEEP

12288:FwuhVHZn5CxYbxbLRkPXWd7RK4C2fOV7nqQEPSieRYkPmORGmiebM0:6u/Z5CSbiPy7Ri2fc7qtSRRYkDRZieg0

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
dae3119dd247e6b6c23a46f4642e25ef_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$R0
unpack001/Assist/3721/CNS1.dll
unpack001/Assist/3721/CNS1.exe
unpack001/Assist/3721/CnsMinKP2K.sys
unpack001/Assist/3721/CnsMinKPXP.sys

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

dae3119dd247e6b6c23a46f4642e25ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

53af423e71461e7568c151f60e773b66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
MulDiv
ExitProcess
SetUnhandledExceptionFilter
WriteProcessMemory
GetCurrentProcess
VirtualProtect
GlobalUnlock
FreeResource
DisableThreadLibraryCalls
CreateFileA
LocalFree
GetLastError
GetFileSize
ReadFile
Sleep
CreateThread
InterlockedDecrement
SetLastError
FreeLibrary
lstrcmpA
GetTickCount
MultiByteToWideChar
lstrlenA
GetModuleHandleA
GetProcAddress
GetVersionExA
FindResourceA
LoadResource
SizeofResource
LockResource
CloseHandle
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
GetVersion

user32

GetWindowRect
SetTimer
CreateWindowExA
SetWindowLongA
DrawIconEx
DefWindowProcA
FindWindowExA
EnumThreadWindows
PostMessageA
SendMessageTimeoutA
RegisterWindowMessageA
SetForegroundWindow
MapWindowPoints
RemovePropA
IsWindow
SystemParametersInfoA
GetWindow
GetWindowLongA
CallWindowProcA
CallWindowProcW
DestroyWindow
GetForegroundWindow
SetWindowLongW
IsWindowUnicode
GetPropA
LoadStringA
SendMessageA
GetWindowTextA
PtInRect
KillTimer
CheckDlgButton
LoadMenuA
GetSubMenu
TrackPopupMenu
SetPropA
DestroyMenu
DialogBoxParamA
MessageBoxA
EnableWindow
IsWindowVisible
ShowWindow
SetWindowPos
ClientToScreen
DrawIcon
DestroyIcon
LoadIconA
SetWindowTextA
SetDlgItemTextA
IsDlgButtonChecked
EndDialog
GetClassNameA
GetParent
BeginPaint
GetMessagePos
ScreenToClient
GetSysColor
GetClientRect
DrawTextA
EndPaint
LoadCursorA
SetCursor
GetAncestor
GetCapture
GetDC
ReleaseDC
SetCapture
ReleaseCapture
InvalidateRect
GetDesktopWindow
GetDlgItem

gdi32

GetDeviceCaps
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateBitmap
DeleteDC
DeleteObject
CreatePen
CreateSolidBrush
Rectangle
SetBkMode
SetBkColor
GetNearestColor
SetTextColor
GetPixel
SelectObject
CreateFontIndirectA
GetObjectA

advapi32

RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
StringFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

VariantInit
OleLoadPicture
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHSetValueA
SHDeleteValueA
SHDeleteKeyA
StrCpyNW
SHGetValueA

msvcrt

??3@YAXPAX@Z
strstr
atol
localtime
strftime
time
sscanf
_mbsnbcpy
strrchr
__CxxFrameHandler
_wcsnicmp
wcslen
_snprintf
_wcsicmp
fclose
strncmp
fread
??2@YAPAXI@Z
ftell
fseek
fopen
_mbsrchr
memmove
_mbschr
memchr
_beginthreadex
strncpy
tolower
_except_handler3
free
malloc
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_strnicmp
_stricmp
_ltoa

wininet

InternetCrackUrlA

Exports

Exports

ActionEx
DllRegisterServer
DllUnregisterServer
EventInvoke
FreeGifAni
LoadGifAni
PauseGifAni
PlayGifAni
SCEventInvoke
SetPositionGifAni
StartActiveXCatch
StopGifAni
UpdateAlert

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Assist/3721/CNS1.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3ac9aa35e8945422ae6ab7a26f950f29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
FreeLibrary
SetLastError
LoadLibraryA
GetLastError
GetFileAttributesW
GetVersion
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetVersionExA
CreateFileA
DeviceIoControl
GetCurrentProcessId
OutputDebugStringA
CloseHandle

user32

DialogBoxParamA
IsDlgButtonChecked
GetWindowRect
SetWindowPos
EndDialog
LoadStringA
GetDlgItem
SetWindowTextA
SendDlgItemMessageA
GetPropA
SetPropA
GetDesktopWindow
CheckDlgButton

advapi32

RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA

shlwapi

SHDeleteKeyA

msvcrt

malloc
_except_handler3
strrchr
_strlwr
_snprintf
strstr
??3@YAXPAX@Z
__dllonexit
_onexit
_initterm
_adjust_fdiv
free

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Assist/3721/CNS1.exe
.exe windows:4 windows x86 arch:x86

06d6ff9d301d81a259c79b2bfbf44662

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CreateProcessA
CopyFileA
DeleteFileA
GetTickCount
GetVersionExA
CreateFileA
DeviceIoControl
GetCurrentProcessId
CloseHandle
GetTempPathA
GetStartupInfoA

user32

GetDesktopWindow
DialogBoxParamA
SetPropA
GetPropA
SendDlgItemMessageA
IsDlgButtonChecked
GetWindowRect
ShowWindow
SetWindowPos
SetForegroundWindow
CheckDlgButton
EndDialog
LoadStringA
GetDlgItem
SetWindowTextA

advapi32

RegOpenKeyA
RegQueryValueExA
RegEnumKeyA
RegCloseKey

shlwapi

SHDeleteKeyA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
malloc
strrchr
_strlwr
??3@YAXPAX@Z
strstr
_snprintf

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Assist/3721/CnsMin1.dat
Assist/3721/CnsMinKP2K.sys
.sys windows:5 windows x86 arch:x86

3c6047d93411381d11cc976328b3a8a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\CnsMin\FSD\CnsMinKP\200sys\objfre_w2K_x86\i386\CnsMinKP.pdb

Imports

ntoskrnl.exe

PsSetCreateProcessNotifyRoutine
strncmp
IoGetCurrentProcess
_except_handler3
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateThreadNotifyRoutine
IoRegisterShutdownNotification
IoRegisterFsRegistrationChange
_wcslwr
ExInitializeNPagedLookasideList
KeInitializeEvent
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
ObfDereferenceObject
IoGetDeviceObjectPointer
IoDetachDevice
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
IofCallDriver
IofCompleteRequest
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
RtlAppendUnicodeToString
wcscat
wcslen
wcscpy
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlAppendStringToString
_snprintf
RtlCompareString
_strlwr
RtlAppendUnicodeStringToString
ObQueryNameString
RtlCopyUnicodeString
RtlCompareUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IoAttachDeviceToDeviceStack
ExFreePool
KeSetEvent
IoFreeIrp
KeWaitForSingleObject
KeGetCurrentThread
IoAllocateIrp
memmove
_stricmp
IoCreateNotificationEvent
PsGetCurrentThreadId
PsGetCurrentProcessId
MmIsAddressValid
ExInitializeResourceLite
ExDeleteResourceLite
KeLeaveCriticalRegion
ExAcquireResourceSharedLite
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExQueueWorkItem
ObfReferenceObject
KeDelayExecutionThread
ZwDeleteFile
_snwprintf
RtlFreeUnicodeString
ZwSetValueKey
ZwDeleteValueKey
ZwQueryValueKey
ZwOpenKey
PsLookupProcessByProcessId
ZwQueryInformationProcess
ExGetPreviousMode
ZwTerminateProcess
KeServiceDescriptorTable
wcsncpy
strstr
ZwEnumerateKey
ZwEnumerateValueKey
ZwDeleteKey
strrchr
RtlUnicodeStringToInteger
wcschr
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwCreateKey
RtlInitUnicodeString
IoDeleteSymbolicLink
strncpy
IoDeleteDevice

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Assist/3721/CnsMinKPXP.sys
.sys windows:5 windows x86 arch:x86

e287c285123ece1e70cdbff5603cce08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\CnsMin\FSD\CnsMinKP\200sys\objfre_wxp_x86\i386\CnsMinKP.pdb

Imports

ntoskrnl.exe

PsSetCreateProcessNotifyRoutine
strncmp
IoGetCurrentProcess
_except_handler3
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
PsSetCreateThreadNotifyRoutine
IoRegisterShutdownNotification
IoRegisterFsRegistrationChange
_wcslwr
ExInitializeNPagedLookasideList
KeInitializeEvent
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoGetDeviceObjectPointer
MmGetSystemRoutineAddress
IoDetachDevice
InterlockedPopEntrySList
InterlockedPushEntrySList
IofCallDriver
IofCompleteRequest
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
RtlAppendUnicodeToString
wcscat
wcslen
wcscpy
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlAppendStringToString
_snprintf
RtlCompareString
_strlwr
RtlAppendUnicodeStringToString
ObQueryNameString
RtlCopyUnicodeString
RtlCompareUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IoAttachDeviceToDeviceStack
strncpy
ExFreePoolWithTag
IoFreeIrp
KeWaitForSingleObject
KeGetCurrentThread
IoAllocateIrp
memmove
_stricmp
IoCreateNotificationEvent
PsGetCurrentThreadId
PsGetCurrentProcessId
MmIsAddressValid
ExInitializeResourceLite
ExDeleteResourceLite
KeLeaveCriticalRegion
ExAcquireResourceSharedLite
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExQueueWorkItem
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
ObfReferenceObject
KeDelayExecutionThread
ZwDeleteFile
_snwprintf
RtlFreeUnicodeString
ZwSetValueKey
ZwDeleteValueKey
ZwQueryValueKey
ZwOpenKey
PsLookupProcessByProcessId
ZwQueryInformationProcess
ExGetPreviousMode
ZwTerminateProcess
KeServiceDescriptorTable
wcsncpy
strstr
ZwEnumerateKey
ZwEnumerateValueKey
ZwDeleteKey
strrchr
RtlUnicodeStringToInteger
wcschr
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwCreateKey
RtlInitUnicodeString
IoDeleteSymbolicLink
KeSetEvent
IoDeleteDevice

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Assist/3721/CnsminKP.vxd
Assist/3721/cns1.dat

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 4KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

53af423e71461e7568c151f60e773b66

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

shlwapi

msvcrt

wininet

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 44KB

.rsrc Size: 52KB - Virtual size: 50KB

.reloc Size: 8KB - Virtual size: 5KB

3ac9aa35e8945422ae6ab7a26f950f29

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 860B

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1018B

06d6ff9d301d81a259c79b2bfbf44662

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

Sections

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 44KB

.rsrc
Size: 52KB - Virtual size: 50KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 860B

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1018B

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 948B

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 5KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 2KB - Virtual size: 2KB