f6adeeadfbd370816e4cf22e13a8aa80_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f6adeeadfbd370816e4cf22e13a8aa80_JaffaCakes118
Size

30.2MB
MD5

f6adeeadfbd370816e4cf22e13a8aa80
SHA1

9302219ee20e28cc23684c2efa4db250554bb5e7
SHA256

f28711542218b72a926ac9490ad33798b52a9f7789c53c995c06d7fd3025a445
SHA512

8fe48e0b224dbd1a1175b720cf7b72210e2033a1e92a91b42d15dce5d001dd7fadc6e2aa14fa0ab98db6e451449740b705337291101b1540159277f3af28c288
SSDEEP

786432:iW4gRmgh1ePVkgPQdbrcgLfWLec1QQBLG3jw02t:iiHeP6gPQdn/wuQMa

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ERoot_1.3.1.exe
unpack001/Eroot 1.2.exe
unpack001/Eroot 1.3.3.exe

Files

f6adeeadfbd370816e4cf22e13a8aa80_JaffaCakes118
.rar
EROOT.docx
.docx office2007
ERoot_1.3.1.exe
.exe windows:5 windows x86 arch:x86

d81ba56fc990b9d28aae08d27d0f6907

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dabao21\RootTool\RootGUI\Release\RootGUI.pdb

Imports

kernel32

SleepEx
FormatMessageA
GetTickCount
PeekNamedPipe
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
GetCurrentDirectoryW
LoadLibraryW
GetModuleHandleW
GetACP
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
CreateDirectoryW
MulDiv
InterlockedIncrement
InterlockedDecrement
FindFirstFileW
SetHandleInformation
SetEvent
GetExitCodeProcess
FindClose
CreateEventW
CreatePipe
FindNextFileW
DeviceIoControl
GetDateFormatA
GetTimeFormatA
DeleteFileA
MoveFileA
DeleteFileW
FindFirstFileExW
SetFileAttributesW
LoadLibraryExA
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
GetDriveTypeW
EnterCriticalSection
DeleteCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetFullPathNameA
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
QueryPerformanceCounter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetFileInformationByHandle
ExitThread
GetSystemTimeAsFileTime
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSection
SetLastError
GetFileAttributesW
GetFileAttributesA
ReleaseMutex
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
CreateMutexW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileTime
SetFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
WriteFile
SetFilePointer
CreateFileA
LocalFree
GetTempPathA
CreateMutexA
GetModuleFileNameA
GetTempPathW
GetModuleFileNameW
CopyFileW
OpenProcess
CreateProcessW
GetCommandLineW
WaitForSingleObject
CreateThread
GetFileSize
WaitForMultipleObjects
GetTempFileNameA
GetLastError
CreateProcessA
Sleep
TerminateThread
WideCharToMultiByte
ExitProcess
CloseHandle
MultiByteToWideChar
CreateFileW
ReadFile
GetFullPathNameW

user32

DrawTextW
CharPrevW
MessageBoxW
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetClientRect
IsIconic
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
InvalidateRgn
SetRect
CreateAcceleratorTableW
GetWindowRect
ScreenToClient
SetWindowRgn
SwitchToThisWindow
BringWindowToTop
FindWindowExA
PostMessageW
GetWindowThreadProcessId
EnumWindows
DefWindowProcW
IsWindow
ShowWindow
DispatchMessageW
TranslateMessage
SetFocus
GetMessageW
EnableWindow
GetWindow
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
MoveWindow
GetSysColor
SetWindowPos
SystemParametersInfoW
GetParent
SendMessageW
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetKeyState
GetDC
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
DestroyWindow
GetFocus
MapWindowPoints
FillRect
GetWindowTextLengthW
GetWindowTextW
TrackMouseEvent
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
OffsetRect
InflateRect
SetCursor
wvsprintfW
IntersectRect
CharNextW

gdi32

StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
SetTextColor
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
CreateDIBSection
CreatePen
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
DeleteObject
CreateRoundRectRgn
RoundRect
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
GetDeviceCaps
GetObjectA
SetStretchBltMode
ExtTextOutW
SetBkColor
LineTo
MoveToEx
DeleteDC
SetBkMode
CreatePenIndirect

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam

shell32

ShellExecuteA
SHCreateDirectoryExW
SHCreateDirectoryExA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

gdiplus

GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown

shlwapi

PathFindFileNameW
PathFindFileNameA

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

ws2_32

htonl
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
closesocket
getpeername
getsockopt
htons
ntohs
getsockname
setsockopt
send
recv
WSAGetLastError
WSAStartup
WSACleanup
bind

iphlpapi

GetAdaptersInfo
GetExtendedTcpTable

wldap32

ord211
ord22
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord143

Sections

.text
Size: 779KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Eroot 1.2.exe
.exe windows:5 windows x86 arch:x86

d81ba56fc990b9d28aae08d27d0f6907

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dabao24 1\RootTool\RootGUI\Release\RootGUI.pdb

Imports

kernel32

SleepEx
FormatMessageA
GetTickCount
PeekNamedPipe
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
GetCurrentDirectoryW
LoadLibraryW
GetModuleHandleW
GetACP
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
CreateDirectoryW
MulDiv
InterlockedIncrement
InterlockedDecrement
FindFirstFileW
SetHandleInformation
SetEvent
GetExitCodeProcess
FindClose
CreateEventW
CreatePipe
FindNextFileW
DeviceIoControl
GetDateFormatA
GetTimeFormatA
DeleteFileA
MoveFileA
DeleteFileW
FindFirstFileExW
SetFileAttributesW
LoadLibraryExA
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
GetDriveTypeW
EnterCriticalSection
DeleteCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetFullPathNameA
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
QueryPerformanceCounter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetFileInformationByHandle
ExitThread
GetSystemTimeAsFileTime
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSection
SetLastError
GetFileAttributesW
GetFileAttributesA
ReleaseMutex
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
CreateMutexW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileTime
SetFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
WriteFile
SetFilePointer
CreateFileA
LocalFree
GetTempPathA
CreateMutexA
GetModuleFileNameA
GetTempPathW
GetModuleFileNameW
CopyFileW
OpenProcess
CreateProcessW
GetCommandLineW
WaitForSingleObject
CreateThread
GetFileSize
WaitForMultipleObjects
GetTempFileNameA
GetLastError
CreateProcessA
Sleep
TerminateThread
WideCharToMultiByte
ExitProcess
CloseHandle
MultiByteToWideChar
CreateFileW
ReadFile
GetFullPathNameW

user32

DrawTextW
CharPrevW
MessageBoxW
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetClientRect
IsIconic
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
InvalidateRgn
SetRect
CreateAcceleratorTableW
GetWindowRect
ScreenToClient
SetWindowRgn
SwitchToThisWindow
BringWindowToTop
FindWindowExA
PostMessageW
GetWindowThreadProcessId
EnumWindows
DefWindowProcW
IsWindow
ShowWindow
DispatchMessageW
TranslateMessage
SetFocus
GetMessageW
EnableWindow
GetWindow
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
MoveWindow
GetSysColor
SetWindowPos
SystemParametersInfoW
GetParent
SendMessageW
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetKeyState
GetDC
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
DestroyWindow
GetFocus
MapWindowPoints
FillRect
GetWindowTextLengthW
GetWindowTextW
TrackMouseEvent
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
OffsetRect
InflateRect
SetCursor
wvsprintfW
IntersectRect
CharNextW

gdi32

StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
SetTextColor
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
CreateDIBSection
CreatePen
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
DeleteObject
CreateRoundRectRgn
RoundRect
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
GetDeviceCaps
GetObjectA
SetStretchBltMode
ExtTextOutW
SetBkColor
LineTo
MoveToEx
DeleteDC
SetBkMode
CreatePenIndirect

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam

shell32

ShellExecuteA
SHCreateDirectoryExW
SHCreateDirectoryExA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

gdiplus

GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown

shlwapi

PathFindFileNameW
PathFindFileNameA

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

ws2_32

htonl
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
closesocket
getpeername
getsockopt
htons
ntohs
getsockname
setsockopt
send
recv
WSAGetLastError
WSAStartup
WSACleanup
bind

iphlpapi

GetAdaptersInfo
GetExtendedTcpTable

wldap32

ord211
ord22
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord143

Sections

.text
Size: 779KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Eroot 1.3.3.exe
.exe windows:5 windows x86 arch:x86

d81ba56fc990b9d28aae08d27d0f6907

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dabao23\RootTool\RootGUI\Release\RootGUI.pdb

Imports

kernel32

SleepEx
FormatMessageA
GetTickCount
PeekNamedPipe
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
GetCurrentDirectoryW
LoadLibraryW
GetModuleHandleW
GetACP
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
CreateDirectoryW
MulDiv
InterlockedIncrement
InterlockedDecrement
FindFirstFileW
SetHandleInformation
SetEvent
GetExitCodeProcess
FindClose
CreateEventW
CreatePipe
FindNextFileW
DeviceIoControl
GetDateFormatA
GetTimeFormatA
DeleteFileA
MoveFileA
DeleteFileW
FindFirstFileExW
SetFileAttributesW
LoadLibraryExA
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
GetDriveTypeW
EnterCriticalSection
DeleteCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetFullPathNameA
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
QueryPerformanceCounter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetFileInformationByHandle
ExitThread
GetSystemTimeAsFileTime
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSection
SetLastError
GetFileAttributesW
GetFileAttributesA
ReleaseMutex
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
CreateMutexW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileTime
SetFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
WriteFile
SetFilePointer
CreateFileA
LocalFree
GetTempPathA
CreateMutexA
GetModuleFileNameA
GetTempPathW
GetModuleFileNameW
CopyFileW
OpenProcess
CreateProcessW
GetCommandLineW
WaitForSingleObject
CreateThread
GetFileSize
WaitForMultipleObjects
GetTempFileNameA
GetLastError
CreateProcessA
Sleep
TerminateThread
WideCharToMultiByte
ExitProcess
CloseHandle
MultiByteToWideChar
CreateFileW
ReadFile
GetFullPathNameW

user32

DrawTextW
CharPrevW
MessageBoxW
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetClientRect
IsIconic
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
InvalidateRgn
SetRect
CreateAcceleratorTableW
GetWindowRect
ScreenToClient
SetWindowRgn
SwitchToThisWindow
BringWindowToTop
FindWindowExA
PostMessageW
GetWindowThreadProcessId
EnumWindows
DefWindowProcW
IsWindow
ShowWindow
DispatchMessageW
TranslateMessage
SetFocus
GetMessageW
EnableWindow
GetWindow
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
MoveWindow
GetSysColor
SetWindowPos
SystemParametersInfoW
GetParent
SendMessageW
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetKeyState
GetDC
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
DestroyWindow
GetFocus
MapWindowPoints
FillRect
GetWindowTextLengthW
GetWindowTextW
TrackMouseEvent
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
OffsetRect
InflateRect
SetCursor
wvsprintfW
IntersectRect
CharNextW

gdi32

StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
SetTextColor
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
CreateDIBSection
CreatePen
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
DeleteObject
CreateRoundRectRgn
RoundRect
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
GetDeviceCaps
GetObjectA
SetStretchBltMode
ExtTextOutW
SetBkColor
LineTo
MoveToEx
DeleteDC
SetBkMode
CreatePenIndirect

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam

shell32

ShellExecuteA
SHCreateDirectoryExW
SHCreateDirectoryExA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

gdiplus

GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown

shlwapi

PathFindFileNameW
PathFindFileNameA

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

ws2_32

htonl
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
closesocket
getpeername
getsockopt
htons
ntohs
getsockname
setsockopt
send
recv
WSAGetLastError
WSAStartup
WSACleanup
bind

iphlpapi

GetAdaptersInfo
GetExtendedTcpTable

wldap32

ord211
ord22
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord143

Sections

.text
Size: 779KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d81ba56fc990b9d28aae08d27d0f6907

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

psapi

ws2_32

iphlpapi

wldap32

Sections

.text Size: 779KB - Virtual size: 779KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 10.1MB - Virtual size: 10.1MB

.rsrc Size: 365KB - Virtual size: 364KB

.reloc Size: 70KB - Virtual size: 69KB

d81ba56fc990b9d28aae08d27d0f6907

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

psapi

ws2_32

iphlpapi

wldap32

Sections

.text Size: 779KB - Virtual size: 779KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 9.8MB - Virtual size: 9.8MB

.rsrc Size: 365KB - Virtual size: 364KB

.reloc Size: 69KB - Virtual size: 68KB

d81ba56fc990b9d28aae08d27d0f6907

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

psapi

ws2_32

iphlpapi

wldap32

Sections

.text Size: 779KB - Virtual size: 779KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 9.9MB - Virtual size: 9.9MB

.rsrc Size: 365KB - Virtual size: 364KB

.reloc Size: 69KB - Virtual size: 69KB

.text
Size: 779KB - Virtual size: 779KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 10.1MB - Virtual size: 10.1MB

.rsrc
Size: 365KB - Virtual size: 364KB

.reloc
Size: 70KB - Virtual size: 69KB

.text
Size: 779KB - Virtual size: 779KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 9.8MB - Virtual size: 9.8MB

.rsrc
Size: 365KB - Virtual size: 364KB

.reloc
Size: 69KB - Virtual size: 68KB

.text
Size: 779KB - Virtual size: 779KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 9.9MB - Virtual size: 9.9MB

.rsrc
Size: 365KB - Virtual size: 364KB

.reloc
Size: 69KB - Virtual size: 69KB