eaf4b47a50b26ba64b929a8af4bd6b18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eaf4b47a50b26ba64b929a8af4bd6b18_JaffaCakes118
Size

295KB
MD5

eaf4b47a50b26ba64b929a8af4bd6b18
SHA1

2ba5348bc4c1cf2a433f923d312574e76173ef98
SHA256

d28550fd2598e0d974e624f2ff4a86d3132c8375cbfdd84f7bae15629fe3d53f
SHA512

b1989315e5b51313eec8d0a77cfee76786f69924fdd1c6235c0431506a01e0f91135d50e84178e803477d7b18e0eaa3e2bbf4638302ab86a6c52c6db9051dfd4
SSDEEP

6144:yG5Ou2vB05ZWT63xNEeM/BnaO3vHlzP82S/vSalBAYYBnSkf7I+F2/fKN:yG5BA65i0x+fnaO3vHVBSXzlBPCSk8+1

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack002/APT.exe
unpack003/AKLT.exe
unpack004/CLT.exe
unpack004/dll.dll
unpack004/driver.sys
unpack006/TestRegmon.exe

Files

eaf4b47a50b26ba64b929a8af4bd6b18_JaffaCakes118
.rar
测试工具/KillTesting/APT.rar
.rar
APT.exe
.exe windows:1 windows x86 arch:x86

22e476f430804a8688fb54ca9ce950b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

AdjustTokenPrivileges

gdi32

BitBlt

ole32

CLSIDFromProgID

oleaut32

GetActiveObject

user32

CheckRadioButton

shell32

ShellExecuteA

psapi

EnumProcessModules

comctl32

ImageList_ReplaceIcon

ntdll

NtQuerySystemInformation

Sections

.text
Size: 32KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
license.txt
测试工具/LeakTesting/AKLT.rar
.rar
AKLT.exe
.exe windows:4 windows x86 arch:x86

f7b53e22ae28427ec1e9963564654a03

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
floor
_setjmp
_isnan
_lseek
_close
_fstat
_open
_read
_write

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetLastError
FormatMessageA
GetCurrentThreadId
Sleep
HeapFree
HeapAlloc
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
TerminateThread
GetCurrentProcessId
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
GetVersionExA
FreeLibrary
LoadLibraryA
GetProcAddress
GlobalAlloc
GlobalFree
CreateFileA
WriteFile
MulDiv
GetLocalTime
HeapReAlloc
QueryPerformanceFrequency

msvcrt

strlen
strcpy
strcat
strncpy
memcpy
longjmp
free
fseek
ftell
malloc
fread
fopen
fclose
exit
_iob
fprintf
sprintf
fwrite
fflush
ferror
getenv
sscanf
strcmp
strncmp
localtime
mktime
gmtime

user32

MessageBoxA
GetCursorPos
ScreenToClient
ChildWindowFromPoint
GetDlgCtrlID
SetWindowPos
AnimateWindow
GetForegroundWindow
MapVirtualKeyA
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
GetKeyboardState
AttachThreadInput
GetWindowThreadProcessId
GetKeyState
GetAsyncKeyState
ReleaseDC
GetSystemMetrics
WaitForInputIdle
keybd_event
IsWindowVisible
IsWindowEnabled
EnableWindow
EnumWindows
GetKeyboardLayout
MapVirtualKeyExA
ToAsciiEx
ShowCursor
InvalidateRect
ShowWindow
FillRect
BeginPaint
EndPaint
DefWindowProcA
LoadIconA
RegisterClassExA
CreateWindowExA
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource
GetIconInfo
SetWindowTextA
SetWindowLongA
SendMessageA
GetWindowLongA
SetCapture
CallWindowProcA
ReleaseCapture
GetWindowRect
RedrawWindow
UpdateWindow
DrawStateA
GetWindowTextLengthA
GetWindowTextA
ValidateRect
GetParent
MapWindowPoints
GetSysColor
GetSysColorBrush
PostMessageA
SetCursor
GetClientRect
GetCapture
LoadCursorA
MoveWindow
DestroyWindow
RemovePropA
SetPropA
GetPropA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
AdjustWindowRect
CreateAcceleratorTableA
IsZoomed
SetCursorPos
LoadImageA
SystemParametersInfoA
SetFocus
GetFocus
IsChild
GetClassNameA
EnumChildWindows
OpenClipboard
EmptyClipboard
CloseClipboard
GetDC
DrawIconEx

gdi32

CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetStockObject
GetObjectType
DeleteObject
SetDIBits
GetObjectA
GetDIBits
CreateDIBSection
SetTextColor
SetBkColor
CreateRectRgnIndirect
SelectClipRgn
SetBkMode
TextOutA
GetTextExtentPoint32A
CreatePen
MoveToEx
LineTo
CreateSolidBrush
GetDeviceCaps
CreateFontA
SetTextAlign
SelectPalette
RealizePalette
SetStretchBltMode
StretchDIBits
StretchBlt
SetROP2

comctl32

InitCommonControls
InitCommonControlsEx

ole32

CoInitialize
RevokeDragDrop

shell32

ShellExecuteA
ShellExecuteExA

winmm

timeEndPeriod

Sections

.code
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.flat
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
测试工具/LeakTesting/CLT.rar
.rar
CLT.exe
.exe windows:5 windows x86 arch:x86

f01205a1dff18f1ff97e0dbea0a6fe62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwCreatePort
RtlAdjustPrivilege
ZwOpenProcess
RtlImageDirectoryEntryToData
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwQueueApcThread
swprintf
RtlInitUnicodeString
ZwSetSystemInformation
memset

shlwapi

PathRemoveFileSpecA
PathFileExistsA

comctl32

ImageList_Create
ImageList_ReplaceIcon
ord17

kernel32

CloseHandle
LoadLibraryExA
GetModuleHandleA
OpenThread
LoadLibraryA
DeleteFileW
CreateThread
GetTempPathA
ExitProcess
MoveFileExA
CreateRemoteThread
Sleep
GetTempPathW
SetCurrentDirectoryA
GetCurrentDirectoryW
lstrcmpiA
VirtualAlloc
CopyFileA
GetTempFileNameA
GetModuleFileNameA

user32

LoadIconA
GetMessageA
CreateDialogParamA
PostQuitMessage
LoadBitmapA
GetSystemMetrics
DispatchMessageA
PostMessageA
GetDlgItem
SetWindowLongA
TranslateMessage
IsDialogMessageA
SendMessageA

advapi32

ControlService
SetFileSecurityA
OpenSCManagerA
StartServiceA
GetTokenInformation
OpenProcessToken
CloseServiceHandle
OpenServiceA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dll.dll
.dll windows:5 windows x86 arch:x86

6fa1da4ee53dcd8bbe2e7033ada49b9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwRequestWaitReplyPort
ZwConnectPort

kernel32

CloseHandle

Sections

.text
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver.sys
.dll windows:5 windows x86 arch:x86

d9c9c4541168665f44917e3ddc4a00d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

DbgPrint

Sections

.text
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
测试工具/LeakTesting/SPT.rar
.rar
SPT.exe
.exe windows:4 windows x86 arch:x86

383a9c0aff7064e6d829d9db7eae6af1

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

40:c2:7b:1f:54:e2:19:bd:32:e9:f8:1b:66:ea:86:d2
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/07/2006, 00:00

Not After

06/07/2007, 23:59

Subject

CN=System Safety Limited,O=System Safety Limited,POSTALCODE=N.A.,STREET=\#24 Tangerine Street,L=Belmopan,ST=N.A.,C=BZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:c2:2e:5f:a7:31:3a:63:72:af:b9:1a:20:39:96:1c:7b:44:89:8f
Signer

Actual PE Digest

00:c2:2e:5f:a7:31:3a:63:72:af:b9:1a:20:39:96:1c:7b:44:89:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateJobObjectW
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
LocalFree
FormatMessageW
CloseHandle
GetCurrentProcess
FreeResource
WriteFile
CreateFileW
LockResource
LoadResource
SizeofResource
FindResourceW
OpenProcess
LocalAlloc
Process32NextW
Process32FirstW
GetLastError
CreateToolhelp32Snapshot
Thread32Next
OpenThread
Thread32First
TerminateThread
AssignProcessToJobObject
SetThreadContext
GetThreadContext
SuspendThread
ResumeThread
VirtualProtectEx
WriteProcessMemory
DebugActiveProcess
OpenSemaphoreW
GetExitCodeProcess
CreateProcessW
CreateSemaphoreW
DeleteFileW
GetTempPathW
ExitProcess
LCMapStringA
GetOEMCP
GetACP
SetStdHandle
SetFilePointer
GetCPInfo
GetLocaleInfoA
GetSystemInfo
LCMapStringW
VirtualProtect
HeapSize
FlushFileBuffers
TerminateJobObject
TerminateProcess
CreateRemoteThread
WaitForSingleObject
GetModuleHandleA
GetVersionExA
RtlUnwind
GetSystemTimeAsFileTime
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InterlockedExchange
VirtualQuery
HeapAlloc
LoadLibraryA
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetStringTypeA
WideCharToMultiByte
GetStringTypeW

user32

PostThreadMessageW
SetWinEventHook
SetWindowsHookExW
UnhookWindowsHookEx
EnumWindows
GetWindowThreadProcessId
EnumChildWindows
IsWindow
PostMessageW
EndTask
UnhookWinEvent

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
测试方法.txt
测试工具/RDTesting/RDT.rar
.rar
TestRegmon.exe
.exe windows:4 windows x86 arch:x86

809c8dcd5dc296a46a79426ccf4eb3d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\study\c++\myproject\testregmon\release\TestRegmon.pdb

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
ExitProcess
HeapReAlloc
RaiseException
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
SetEnvironmentVariableA
SetErrorMode
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringW
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
lstrlenW
InterlockedDecrement
GetLastError
SetLastError
GlobalAddAtomW
GlobalUnlock
GlobalFree
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleW
GetProcAddress
FreeResource
SizeofResource
WriteFile
CreateFileW
LockResource
LoadResource
FindResourceW
CreateThread
ResumeThread
Sleep
GetCurrentProcessId
TerminateProcess
OpenProcess
WaitForSingleObject
CreateProcessW
GetWindowsDirectoryW
DeleteFileW
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcess

user32

GetSysColorBrush
LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
PtInRect
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetWindowPos
ShowWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetSysColor
DestroyMenu
CopyRect
GetWindowTextW
GetWindow
SetFocus
UnhookWindowsHookEx
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
UnregisterClassW
CharUpperW
GetClassInfoExW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
EnableWindow
PostMessageW
GetWindowThreadProcessId
GetForegroundWindow
wsprintfW
DrawIcon
GetClientRect
GetSystemMetrics
SendMessageW
IsIconic
LoadStringW
AppendMenuW
GetSystemMenu
LoadIconW
UnregisterClassA

gdi32

DeleteDC
GetStockObject
GetDeviceCaps
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
CreateBitmap
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW
GetObjectW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegRestoreKeyW
OpenProcessToken
RegSaveKeyW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22e476f430804a8688fb54ca9ce950b0

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

oleaut32

user32

shell32

psapi

comctl32

ntdll

Sections

.text Size: 32KB - Virtual size: 144KB

.rsrc Size: 7KB - Virtual size: 8KB

f7b53e22ae28427ec1e9963564654a03

Headers

File Characteristics

Imports

crtdll

kernel32

msvcrt

user32

gdi32

comctl32

ole32

shell32

winmm

Sections

.code Size: 9KB - Virtual size: 9KB

.text Size: 83KB - Virtual size: 83KB

.data Size: 70KB - Virtual size: 329KB

.rsrc Size: 4KB - Virtual size: 4KB

.flat Size: 512B - Virtual size: 173B

f01205a1dff18f1ff97e0dbea0a6fe62

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

comctl32

kernel32

user32

advapi32

ole32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 36B

.rsrc Size: 76KB - Virtual size: 76KB

6fa1da4ee53dcd8bbe2e7033ada49b9a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 512B - Virtual size: 138B

.rdata Size: 512B - Virtual size: 192B

.reloc Size: 512B - Virtual size: 34B

d9c9c4541168665f44917e3ddc4a00d5

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 512B - Virtual size: 25B

.rdata Size: 512B - Virtual size: 114B

.reloc Size: 512B - Virtual size: 24B

383a9c0aff7064e6d829d9db7eae6af1

.text
Size: 32KB - Virtual size: 144KB

.rsrc
Size: 7KB - Virtual size: 8KB

.code
Size: 9KB - Virtual size: 9KB

.text
Size: 83KB - Virtual size: 83KB

.data
Size: 70KB - Virtual size: 329KB

.rsrc
Size: 4KB - Virtual size: 4KB

.flat
Size: 512B - Virtual size: 173B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 36B

.rsrc
Size: 76KB - Virtual size: 76KB

.text
Size: 512B - Virtual size: 138B

.rdata
Size: 512B - Virtual size: 192B

.reloc
Size: 512B - Virtual size: 34B

.text
Size: 512B - Virtual size: 25B

.rdata
Size: 512B - Virtual size: 114B

.reloc
Size: 512B - Virtual size: 24B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

40:c2:7b:1f:54:e2:19:bd:32:e9:f8:1b:66:ea:86:d2
Certificate

00:c2:2e:5f:a7:31:3a:63:72:af:b9:1a:20:39:96:1c:7b:44:89:8f
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 133B

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 52KB - Virtual size: 48KB