gh0strat | fedcfef0adc0b6302184c4f177b029d2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fedcfef0adc0b6302184c4f177b029d2_JaffaCakes118
Size

252KB
MD5

fedcfef0adc0b6302184c4f177b029d2
SHA1

b81aee2f1ed304760ca9cf59fe35e1c91882d1b8
SHA256

1d91da9717ca1b65d777b4588109405d47425b12e7a73d6f6ba1d5dad041d23a
SHA512

456667d27e6dd2f89699eac448ce669f6ecd4d7cd2b1070d28516648330c5aae59075819d63424b0818731bce49263d33e0d35985f523a381805b8da53339adc
SSDEEP

6144:ta+1VBWHg9DNYtEHhvj3TBlSnobrMsAo:EaVB6gQqHtj3T39Q1

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 10 IoCs

resource	yara_rule
sample	family_gh0strat
static1/unpack001/CERTIFICATE	family_gh0strat
static1/unpack002/CERTIFICATE	family_gh0strat
static1/unpack003/CERTIFICATE	family_gh0strat
static1/unpack004/CERTIFICATE	family_gh0strat
static1/unpack005/CERTIFICATE	family_gh0strat
static1/unpack006/CERTIFICATE	family_gh0strat
static1/unpack007/CERTIFICATE	family_gh0strat
static1/unpack008/CERTIFICATE	family_gh0strat
static1/unpack009/CERTIFICATE	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
fedcfef0adc0b6302184c4f177b029d2_JaffaCakes118
unpack001/CERTIFICATE
unpack002/CERTIFICATE
unpack003/CERTIFICATE
unpack004/CERTIFICATE
unpack005/CERTIFICATE
unpack006/CERTIFICATE
unpack007/CERTIFICATE
unpack008/CERTIFICATE
unpack009/CERTIFICATE

Files

fedcfef0adc0b6302184c4f177b029d2_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.vbs
.rdata
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/2052/DLL/102
.rsrc/2052/EXE/101
.rsrc/2052/version.txt
.text
CERTIFICATE
.exe .vbs windows:4 windows x86 arch:x86 polyglot

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetTempPathA
CloseHandle
GetLocalTime
SetFilePointer
CreateFileA
WriteFile
Sleep
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
WinExec
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 208KB - Virtual size: 208KB

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 208KB - Virtual size: 208KB

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 208KB - Virtual size: 208KB

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 208KB - Virtual size: 208KB

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 208KB - Virtual size: 208KB

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 208KB - Virtual size: 208KB

471190d5fd80d473ed5b56f8f4f0f1f3

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 208KB - Virtual size: 208KB