eb3f30ce9d996b3dfe98d4ce21a2a905_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb3f30ce9d996b3dfe98d4ce21a2a905_JaffaCakes118
Size

1.1MB
MD5

eb3f30ce9d996b3dfe98d4ce21a2a905
SHA1

c8f5ecbae0aceb06a056f2269a92b76621b859ca
SHA256

1703825859888eb5a28f877a3340fda10ae7d537e5b743ef829e289cbd3de939
SHA512

bbd0b94a5829cf8bf4732620bee673dd01b3d353e34bc49402da3827a4107612e2bef5feea38f1d2b307ee01f41667f5375939c27e65674b3be2ba8c86be1d26
SSDEEP

24576:5jlEf6wjYru82OwOlYShREjS7WcQDVo6wOUsZhHg6mON1nEYmFf:nECIqH2clnPEbcQC65ZhHghp

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Modtw.exe
unpack001/date/mod_Agnes.dll
unpack001/date/mod_AntiCrash.dll
unpack001/date/mod_Christie.dll
unpack001/date/mod_Dorren.dll
unpack001/date/mod_Hane.dll
unpack001/date/mod_Honey.dll
unpack001/date/mod_Kukurand.dll
unpack001/date/mod_Potato.dll
unpack001/date/mod_kukulite.dll
unpack001/date/mod_kukutelop.dll
unpack001/date/mod_nanalite.dll
unpack001/date/pakecore.dll

Files

eb3f30ce9d996b3dfe98d4ce21a2a905_JaffaCakes118
.rar
Modtw.exe
.exe windows:5 windows x86 arch:x86

c63ba316533609531fac22f3877f847b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GlobalFree
GlobalUnlock
GlobalLock
GetProcAddress
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalAlloc

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/alert.wav
date/command.txt
date/log_Potato/Mabi_Item.ini
date/log_Potato/Mabi_Skill.ini
date/log_Potato/Mabi_cook.ini
date/log_Potato/Mabi_mini.ini
date/log_Potato/Mabi_mission.ini
date/log_Potato/mod_Potato_Auto.ini
date/log_Potato/mod_Potato_Disable.ini
date/log_Potato/mod_Potato_Hide.ini
date/log_Potato/mod_Potato_Other.ini
date/logo.bbs
date/mod.txt
date/mod_Agnes.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/mod_AntiCrash.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/mod_AntiCrash.ini
date/mod_Christie.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

CODE
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/mod_Dorren.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/mod_Hane.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

CODE
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/mod_Hane.ini
date/mod_Honey.dll
.dll windows:5 windows x86 arch:x86

87c2a3dc5b7b3e7c75b6e046921bb6f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileIntA
Sleep
GetProcAddress
GetModuleHandleA
DeleteFileA
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSectionAndSpinCount
ReadFile
CreateFileA
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap

shell32

ShellExecuteA

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
date/mod_Kukurand.dll
.dll windows:4 windows x86 arch:x86

f1329a849e6f9c438a8d5b0e0a0e39c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
GlobalFree
GlobalAlloc
VirtualProtect
IsBadWritePtr
lstrcmpiA
GetProcAddress
DisableThreadLibraryCalls
GetPrivateProfileIntA
Sleep
DeleteFileA
lstrcpyA
GetModuleFileNameA
GetModuleHandleA

msvcr80

fclose
fopen_s
_strdate_s
vfprintf
_strtime_s
fprintf
memcpy

shlwapi

PathRemoveFileSpecA
PathAppendA

Exports

Exports

GetConsoleProcessCnt
Initialize
RecvH00k
SendH00k
Terminate

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
date/mod_Kukurand.ini
date/mod_Potato.dll
.dll windows:5 windows x86 arch:x86

4916679cc064fa003f0e453a98fe6e91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
ReleaseDC
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
LoadIconW
GetSystemMetrics
GetSysColor
GetDC
FrameRect
FillRect
DrawTextExW
DrawFocusRect
CharUpperBuffW
CharNextW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
CreateDirectoryW
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualFree
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
RoundRect
Rectangle
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectW
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
ExtTextOutW
ExtFloodFill
Ellipse
DeleteObject
DeleteDC
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
Chord
BitBlt
Arc

winmm

PlaySoundW

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 70KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/mod_Potato.ini
date/mod_kukulite.dll
.dll windows:5 windows x86 arch:x86

48eb5ccc532e7d0d8f00e6637d4469f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetCommandLineA
GetPrivateProfileIntA
TerminateProcess
FindFirstFileA
GetProcAddress
GetPrivateProfileStringA
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
GetCurrentProcessId
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
CreateFileA
ReadFile
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapSize
ExitProcess
GetTimeZoneInformation
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
WriteFile
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA

user32

MoveWindow
GetWindowThreadProcessId
SetWindowTextA
ShowWindow
GetCursorPos
GetAsyncKeyState
EnumWindows
MessageBeep
GetClassNameA

ws2_32

ntohl
htonl
htons
ntohs

winmm

timeKillEvent
timeSetEvent
PlaySoundA

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
date/mod_kukulite.ini
date/mod_kukulite.ini1
date/mod_kukulite.inv2.ini
date/mod_kukutelop.dll
.dll windows:4 windows x86 arch:x86

f5045d240e13d6d6868c975622231d69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileIntA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetLastError
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
HeapSize
ExitProcess
GetTimeZoneInformation
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
LoadLibraryA
CreateFileA
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
SetEnvironmentVariableA

ws2_32

htonl
htons
ntohs
ntohl

winmm

timeKillEvent

Exports

Exports

Initialize
RecvHook
SaveTelop
SendHook
Terminate

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
date/mod_kukutelop.ini
date/mod_kukutelop.txt
date/mod_nanalite.dll
.dll windows:5 windows x86 arch:x86

30dc79023369c0230e77c420e3458e2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharNextW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrlenA
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualFree
Sleep
SignalObjectAndWait
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

winmm

timeSetEvent
timeKillEvent

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
date/mod_nanalite.ini
date/pakecore.dll
.dll windows:5 windows x86 arch:x86

06c7e9d31701f979f973f1ce878e5c93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
InitializeCriticalSection
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
DisableThreadLibraryCalls
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
DeleteCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetFileInformationByHandle
GetLastError
GetFileSize
ReadFile
WriteFile
GetSystemInfo
CloseHandle
SetFilePointer
SetEndOfFile
GetFileType
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
InterlockedExchangeAdd
Sleep
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
RaiseException
RtlUnwind
HeapReAlloc
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetModuleHandleW
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
HeapSize
GetACP
GetOEMCP
IsValidCodePage

shlwapi

PathAppendA
PathRemoveFileSpecA

Exports

Exports

Initialize
RecvHook
SendHook
Terminate

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c63ba316533609531fac22f3877f847b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 106KB - Virtual size: 108KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 33KB - Virtual size: 33KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 133B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 35KB - Virtual size: 34KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 137B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 37KB - Virtual size: 37KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 136B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 35KB - Virtual size: 34KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 134B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 38KB - Virtual size: 38KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 132B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 106KB - Virtual size: 108KB

CODE
Size: 33KB - Virtual size: 33KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 133B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 35KB - Virtual size: 34KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 137B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 37KB - Virtual size: 37KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 136B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 35KB - Virtual size: 34KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 134B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 38KB - Virtual size: 38KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 132B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 446B

.rsrc
Size: 512B - Virtual size: 432B

.reloc
Size: 512B - Virtual size: 492B

.text
Size: 397KB - Virtual size: 397KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 70KB

.idata
Size: 6KB - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 134B

.reloc
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 45KB - Virtual size: 45KB

.text
Size: 376KB - Virtual size: 376KB

.rdata
Size: 76KB - Virtual size: 75KB