f9981880662bb99bd4b24a6fed644367_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9981880662bb99bd4b24a6fed644367_JaffaCakes118
Size

908KB
MD5

f9981880662bb99bd4b24a6fed644367
SHA1

91ed6960b8fd600d43481e7991c793e1725655d6
SHA256

8e15abfc4d604b90258587d7032516c5c57b7df90a8982486b5025cb7fccbb42
SHA512

6b53b89c74550226592f343525929b19a204a5aecf0516fdb4457521888c26cb14b111ebadcce44fd276b7ee2d127c2692be4de942d670b98d84b4b0daabfb73
SSDEEP

24576:ObzVpEClJ2DGKnAhvdEiCN6tS+jvxGVg24Rt8ow3xCG0:OXfECDiAdEdN9OAEeoyxc

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha-exptizerpro-fzh/Setup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/nsWeb.dll
unpack002/$TEMP/fzhexp/1.exe
unpack002/$WINDIR/eSellerateControl350.dll
unpack002/$WINDIR/eSellerateEngine.dll
unpack002/exptizer.exe
unpack002/uninst.exe

Files

f9981880662bb99bd4b24a6fed644367_JaffaCakes118
.zip
ha-exptizerpro-fzh/Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

FOX!
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FOX!
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Lasefox
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/fzhexp/1.exe
.exe windows:5 windows x86 arch:x86

c56a25fa4336eeb10723b3537ba4876d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
LocalAlloc
GetLastError
GetCurrentProcess
GetPrivateProfileIntA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetPrivateProfileStringA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
GetProcAddress
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
LoadLibraryA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
CloseHandle
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
LocalFree
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/eSellerateControl350.dll
.dll regsvr32 windows:4 windows x86 arch:x86

87b275451940fe86c3b1f10a8bfe6850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrlenA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
SetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiA
DisableThreadLibraryCalls
CompareStringW
CompareStringA
RtlUnwind
GetStringTypeW
GetStringTypeA
DeleteFileA
MoveFileA
SetFileAttributesA
GetTempFileNameA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
CloseHandle
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
SetFilePointer
LCMapStringA
LCMapStringW

user32

GetForegroundWindow
GetWindowLongA
CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysReAllocString
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/eSellerateEngine.dll
.dll windows:4 windows x86 arch:x86

844e3ce531035c1816fe862b01cc8851

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
htons
WSAStartup
closesocket
recv
send
socket
WSAAsyncSelect
connect
WSAGetLastError
ioctlsocket
gethostbyname

kernel32

DeleteFileA
Sleep
GetSystemTime
SetFileAttributesA
GetTempPathA
CreateDirectoryA
GetDriveTypeA
GetDiskFreeSpaceA
FreeLibrary
GetProcAddress
LoadLibraryA
MoveFileA
lstrcpyA
LocalFree
lstrcmpiA
LocalAlloc
lstrlenA
lstrcpynA
lstrlenW
MultiByteToWideChar
GlobalDeleteAtom
GlobalAddAtomA
GetCurrentProcessId
GlobalUnlock
GlobalLock
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
DeleteCriticalSection
VirtualFree
CreateFileA
HeapDestroy
GetOEMCP
GetACP
SizeofResource
InitializeCriticalSection
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
GetLocalTime
GetTimeZoneInformation
InterlockedIncrement
InterlockedDecrement
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
IsBadReadPtr
SetEndOfFile
CompareStringA
WaitForSingleObject
CloseHandle
FindResourceA
LoadResource
LockResource
GetTickCount
WideCharToMultiByte
GetTempFileNameA
FindFirstFileA
FindClose
GetModuleFileNameA
GetWindowsDirectoryA
GetVolumeInformationA
GlobalMemoryStatus
GetStringTypeA
GetStringTypeW
SetStdHandle
GetCPInfo
FlushFileBuffers
SetFilePointer
IsBadCodePtr
CompareStringW
HeapCreate
SetEnvironmentVariableA

user32

LoadCursorA
CharNextA
RegisterClassA
GetWindowThreadProcessId
ReuseDDElParam
UnpackDDElParam
CreateWindowExA
DefWindowProcA
GetWindowLongA
OpenClipboard
GetClipboardData
SetClassLongA
LoadIconA
GetClassLongA
CloseClipboard
MessageBeep
CallWindowProcA
SetRect
OffsetRect
GetAsyncKeyState
UnregisterClassA
RedrawWindow
DialogBoxParamA
EndDialog
PeekMessageA
TranslateMessage
DispatchMessageA
SetTimer
KillTimer
DrawEdge
InvalidateRect
UpdateWindow
DrawFocusRect
FillRect
GetDlgItemTextA
GetSysColor
DrawTextA
ShowWindow
EnableWindow
GetWindowTextA
SetWindowTextA
GetDC
ReleaseDC
ScreenToClient
SetWindowPos
GetWindowRect
MoveWindow
SetFocus
PostMessageA
GetDlgItem
GetCursorPos
SendMessageA
GetClientRect
CopyRect
IsWindow
GetForegroundWindow
DestroyWindow
SetWindowLongA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
CreateDIBitmap
DeleteDC
CreateFontIndirectA
GetObjectA
DeleteObject
SetTextColor
SelectObject
GetTextExtentPoint32A
GetDeviceCaps

comdlg32

PrintDlgA
GetSaveFileNameA

comctl32

ord17
ord6

advapi32

RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetMalloc
ShellExecuteExA

ole32

CLSIDFromString
OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

SafeArrayCreateVector
VariantInit
VariantClear

Exports

Exports

MVESD_Entry2

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.txt
exptizer.chm
.chm
exptizer.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 929KB - Virtual size: 929KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license.txt
uninst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

FOX!
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FOX!
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Lasefox
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/modern-header.bmp
˵.txt
.url
.rtf
.rtf
ha-exptizerpro-fzh/kaishile.com.htm
.html
ha-exptizerpro-fzh/˵.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

FOX! Size: - Virtual size: 576KB

FOX! Size: 19KB - Virtual size: 20KB

Lasefox Size: 3KB - Virtual size: 4KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 644B

c56a25fa4336eeb10723b3537ba4876d

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 224KB - Virtual size: 228KB

87b275451940fe86c3b1f10a8bfe6850

Headers

File Characteristics

Imports

FOX!
Size: - Virtual size: 576KB

FOX!
Size: 19KB - Virtual size: 20KB

Lasefox
Size: 3KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 228KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 32KB - Virtual size: 30KB

.reloc
Size: 20KB - Virtual size: 17KB

CODE
Size: 929KB - Virtual size: 929KB

DATA
Size: 12KB - Virtual size: 12KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 68KB - Virtual size: 68KB

FOX!
Size: - Virtual size: 576KB

FOX!
Size: 19KB - Virtual size: 20KB

Lasefox
Size: 3KB - Virtual size: 4KB