07aab5f2aeacf2355bef57901379cd01_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07aab5f2aeacf2355bef57901379cd01_JaffaCakes118
Size

311KB
MD5

07aab5f2aeacf2355bef57901379cd01
SHA1

35ed20a8a4dd9b0a83ed051f1e2b5b0ba42c0b47
SHA256

abec3d9944231af2d9b1ae8116c29afd608ea631911ba0bf9d57738b41d942f8
SHA512

d3458da7e10998f39b47cc45fd1733a9ab60c587abeb5055df72c7f5edbb9e5c825320315f7bb841c0d6658c7a1c5e061ea65a985e270ed0136071e1d5719af7
SSDEEP

6144:ADctdrsunrntuCp6TRqElp0Of2d2MqNeAyfw/9fIztSNriYdIAGiCJehAIA9xqE8:AGiurt8TRb+Ld2MMyfwlmWrDBRA9xr8

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PSAPI.DLL
unpack001/VNCHooks.dll
unpack001/WinVNC.exe
unpack001/hook.dll
unpack001/ncafec.exe
unpack001/omnithread_rt.dll
unpack001/zlib.dll

Files

07aab5f2aeacf2355bef57901379cd01_JaffaCakes118
.zip
FINDRAMD.EXE
FORMAT.COM
HIMEM.SYS
PSAPI.DLL
.dll windows:4 windows x86 arch:x86

3b5b4bad881057af15fc35648ebcf206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

NtAllocateVirtualMemory
RtlNtStatusToDosError
_stricmp
RtlUnwind
atoi
_chkstk
NtStopProfile
sprintf
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
RtlUnicodeToOemN
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
DbgPrint
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
lstrcpyA
GetProcessHeap
LocalFree
SetLastError
LocalAlloc
SetProcessWorkingSetSize
lstrlenA
GetSystemInfo
HeapAlloc

imagehlp

SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymUnloadModule
SymSetOptions
SymInitialize
SymGetSearchPath

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RAMDRIVE.SYS
SETRAMD.BAT
VNCHooks.dll
.dll windows:4 windows x86 arch:x86

10663ae9d2327fc3832135f92cef5c87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAddAtomA
GetModuleHandleA
GetModuleFileNameA
GlobalDeleteAtom

user32

GetClientRect
PostMessageA
GetWindowRect
IsWindowVisible
GetUpdateRgn
ClientToScreen
GetPropA
SetPropA
GetCursor
CallNextHookEx
EnumWindows
MessageBoxA
RemovePropA
SetWindowsHookExA
UnhookWindowsHookEx
RegisterWindowMessageA

gdi32

DeleteObject
GetRegionData
CreateRectRgn

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

msvcrt

??3@YAXPAX@Z
free
sprintf
malloc
_initterm
_adjust_fdiv
_strdup
??2@YAPAXI@Z

Exports

Exports

SetHook
SetKeyboardFilterHook
SetMouseFilterHook
UnSetHook

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 826B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinVNC.exe
.exe windows:4 windows x86 arch:x86

3e77c3e3fa0ce99c83d31d3cab555757

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

setsockopt
socket
closesocket
shutdown
bind
htonl
htons
connect
WSACleanup
listen
accept
getpeername
getsockname
send
recv
WSAStartup
inet_addr
gethostname
gethostbyname
ioctlsocket

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
CreateProcessA
GetModuleFileNameA
Sleep
SetProcessShutdownParameters
GetStartupInfoA
GetModuleHandleA
AllocConsole
SetEndOfFile
SetFilePointer
CreateFileA
ExitProcess
CloseHandle
WriteFile
GetStdHandle
OutputDebugStringA
WriteConsoleA
GetLastError
GetComputerNameA
GetCurrentThreadId
GlobalAddAtomA
GlobalDeleteAtom
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexA
OpenProcess
GetCurrentProcessId
GetVersionExA
GetSystemTime
SystemTimeToFileTime
WinExec

user32

SetDlgItemInt
SetWindowTextA
GetDlgItemInt
EnableWindow
GetDlgItem
ExitWindowsEx
GetUserObjectInformationA
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenInputDesktop
OpenDesktopA
PostThreadMessageA
TranslateMessage
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
LoadStringA
EnableMenuItem
DestroyMenu
LoadIconA
LoadMenuA
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
GetClipboardOwner
GetClipboardData
SendMessageA
DefWindowProcA
FindWindowA
EnumWindows
IsWindowVisible
SetPropA
RemovePropA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetIconInfo
DrawIconEx
LoadCursorA
RegisterClassExA
CreateWindowExA
SystemParametersInfoA
EnumDisplaySettingsA
ChangeDisplaySettingsA
KillTimer
ChangeClipboardChain
DestroyWindow
PostMessageA
SetClipboardViewer
PeekMessageA
GetMessageA
DispatchMessageA
RegisterWindowMessageA
GetDlgItemTextA
MessageBoxA
SetRectEmpty
UnionRect
IsRectEmpty
PostQuitMessage
GetSubMenu
GetForegroundWindow
GetCursorPos
WindowFromPoint
GetClassNameA
GetWindowRect
GetThreadDesktop
IntersectRect
GetSystemMetrics
mouse_event
GetKeyboardState
keybd_event
SetDlgItemTextA
SetTimer
MessageBeep
GetWindowLongA
SetWindowLongA
SetForegroundWindow
EndDialog
DialogBoxParamA
GetDC
ReleaseDC
GetPropA

gdi32

GetRegionData
CreateRectRgn
CreateRectRgnIndirect
CombineRgn
GdiFlush
SelectObject
BitBlt
CreateDIBSection
GetStockObject
CreatePalette
SelectPalette
RealizePalette
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
DeleteDC
GetSystemPaletteEntries
DeleteObject

advapi32

RegCreateKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegOpenKeyA
RegDeleteValueA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
OpenProcessToken
ImpersonateLoggedOnUser
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
GetUserNameA
RevertToSelf

shell32

Shell_NotifyIconA

vnchooks

UnSetHook
SetKeyboardFilterHook
SetMouseFilterHook
SetHook

omnithread_rt

??0init_t@omni_thread@@QAE@XZ
??1omni_thread@@MAE@XZ
?start@omni_thread@@QAEXXZ
?unlock@omni_mutex@@QAEXXZ
?lock@omni_mutex@@QAEXXZ
??1omni_mutex@@QAE@XZ
??0omni_mutex@@QAE@XZ
??0omni_thread@@IAE@PAXW4priority_t@0@@Z
?wait@omni_condition@@QAEXXZ
?start_undetached@omni_thread@@IAEXXZ
??0omni_condition@@QAE@PAVomni_mutex@@@Z
?signal@omni_condition@@QAEXXZ
?set_priority@omni_thread@@QAEXW4priority_t@1@@Z
?join@omni_thread@@QAEXPAPAX@Z
??1omni_condition@@QAE@XZ
?sleep@omni_thread@@SAXKK@Z
?create@omni_thread@@SAPAV1@P6APAXPAX@Z0W4priority_t@1@@Z
?create@omni_thread@@SAPAV1@P6AXPAX@Z0W4priority_t@1@@Z

zlib

_deflateEnd@4
_deflate@8
_deflateInit2_@32

msvcrt

strncpy
strncat
_iob
fprintf
exit
atol
tolower
sscanf
__CxxFrameHandler
memmove
memcmp
memcpy
??2@YAPAXI@Z
srand
sprintf
malloc
time
ctime
_errno
strncmp
__dllonexit
_onexit
_except_handler3
??3@YAXPAX@Z
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
vsprintf
free
rand
_strdup

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hook.dll
.dll windows:4 windows x86 arch:x86

8fa420ec10640b15a867e4602d80e994

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetVersionExA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetClassNameA
CallNextHookEx
GetAsyncKeyState

Exports

Exports

RemoveHook
RemoveHook_App
SetHook
SetHook_App

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ncafec.exe
.exe windows:4 windows x86 arch:x86

c2009e6ec8f38b440644001aeb5861e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetDevCapsA
mixerOpen
mixerGetNumDevs
mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetControlDetailsA
mixerSetControlDetails

ws2_32

WSAGetLastError
send
recv
connect
recvfrom
htonl
bind
WSAAsyncSelect
ioctlsocket
WSASocketA
WSAIoctl
gethostname
gethostbyname
inet_ntoa
sendto
shutdown
WSAStartup
WSACleanup
setsockopt
closesocket
htons
socket
inet_addr

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

hook

SetHook
RemoveHook
RemoveHook_App
SetHook_App

kernel32

GetFileSize
CloseHandle
CreateFileA
SetSystemTime
DeleteFileA
CopyFileA
GetWindowsDirectoryA
WinExec
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetDiskFreeSpaceA
GetProcAddress
GetDriveTypeA
GetLogicalDrives
LoadLibraryA
ExitThread
WaitForSingleObject
CreateEventA
ResumeThread
SetThreadPriority
CreateThread
GlobalFree
GlobalAlloc
GetModuleHandleA
GlobalMemoryStatus
GetCurrentProcessId
GetCurrentProcess
GetVersionExA
ReleaseMutex
GetLastError
CreateMutexA
GetComputerNameA
GetModuleFileNameA
SetFileAttributesA
GetFileAttributesA
FindClose
FindFirstFileA
MulDiv
GetTickCount
SetEvent
WaitForMultipleObjects
WriteFile
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreA
TlsSetValue
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
TlsAlloc
TlsGetValue
GetSystemTime
GetVersion
CreatePipe
CreateProcessA
GetExitCodeProcess
TerminateProcess
TerminateThread
SetFilePointer
SetEndOfFile
GlobalReAlloc
GlobalUnlock
GlobalLock
GetFullPathNameA
FreeResource
HeapSize
ExitProcess
HeapReAlloc
SetUnhandledExceptionFilter
HeapAlloc
TlsFree
SetLastError
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
RtlUnwind
VirtualQuery
InterlockedExchange
HeapDestroy
HeapCreate
ReadFile
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
VirtualProtect
GetSystemInfo
GetSystemTimeAsFileTime
GetLocaleInfoW
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement

user32

InflateRect
CallWindowProcA
EnableWindow
SetDlgItemTextA
GetDlgItem
GetFocus
GetWindowRect
SetWindowLongA
GetSysColor
DialogBoxParamA
DefWindowProcA
SetMenuDefaultItem
TrackPopupMenu
CreateDialogParamA
PostQuitMessage
LoadIconA
GetDlgItemTextA
EndDialog
BeginPaint
EndPaint
CopyRect
GetDC
ReleaseDC
GetClientRect
DrawTextA
SetRect
KillTimer
GetMenuItemID
GetForegroundWindow
DestroyWindow
EnumWindows
SetWindowPos
SetActiveWindow
SetForegroundWindow
SetFocus
GetCursorPos
SetCursorPos
GetDesktopWindow
CreateWindowExA
UpdateWindow
RegisterClassExA
MessageBoxA
LoadStringA
LoadMenuA
GetSubMenu
LoadCursorA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DestroyCursor
wsprintfA
PeekMessageA
TranslateMessage
SetTimer
DestroyMenu
DispatchMessageA
SystemParametersInfoA
GetWindowThreadProcessId
GetWindowTextA
IsWindowVisible
SendMessageA
FindWindowExA
ExitWindowsEx
GetSystemMetrics
FindWindowA
CharUpperBuffA
IsIconic
GetWindowLongA
IsWindow
ShowWindow
InvalidateRect
PostMessageA
LoadImageA
GetClassNameA

gdi32

SetWindowOrgEx
CreateCompatibleBitmap
GetClipBox
CombineRgn
CreateFontIndirectA
GetCurrentObject
LineTo
MoveToEx
SetBkMode
SetTextColor
CreateDCA
GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDIBSection
BitBlt
GetDIBColorTable
CreatePen
GetStockObject
Rectangle
CreateBrushIndirect
SelectObject
PatBlt
ExtCreateRegion
DeleteObject
GetObjectA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
InitializeSecurityDescriptor

shell32

Shell_NotifyIconA

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize

oleaut32

OleLoadPicture

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
omnithread_rt.dll
.dll windows:4 windows x86 arch:x86

70eff6b665a3d3f9e1ed223fe515d5e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreA
CloseHandle
SetThreadPriority
TlsSetValue
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
TlsAlloc
ResumeThread
TlsGetValue
Sleep
GetSystemTime
RtlUnwind
RaiseException
CreateThread
ExitThread
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
TlsFree
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

??0init_t@omni_thread@@QAE@XZ
??0omni_condition@@QAE@PAVomni_mutex@@@Z
??0omni_mutex@@QAE@XZ
??0omni_mutex_lock@@QAE@AAVomni_mutex@@@Z
??0omni_semaphore@@QAE@I@Z
??0omni_semaphore_lock@@QAE@AAVomni_semaphore@@@Z
??0omni_thread@@IAE@PAXW4priority_t@0@@Z
??0omni_thread@@QAE@P6APAXPAX@Z0W4priority_t@0@@Z
??0omni_thread@@QAE@P6AXPAX@Z0W4priority_t@0@@Z
??0omni_thread_fatal@@QAE@H@Z
??1omni_condition@@QAE@XZ
??1omni_mutex@@QAE@XZ
??1omni_mutex_lock@@QAE@XZ
??1omni_semaphore@@QAE@XZ
??1omni_semaphore_lock@@QAE@XZ
??1omni_thread@@MAE@XZ
??4init_t@omni_thread@@QAEAAV01@ABV01@@Z
??4omni_thread_fatal@@QAEAAV0@ABV0@@Z
??4omni_thread_invalid@@QAEAAV0@ABV0@@Z
??_7omni_thread@@6B@
??_Fomni_semaphore@@QAEXXZ
??_Fomni_thread@@QAEXXZ
??_Fomni_thread_fatal@@QAEXXZ
?acquire@omni_mutex@@QAEXXZ
?broadcast@omni_condition@@QAEXXZ
?common_constructor@omni_thread@@AAEXPAXW4priority_t@1@H@Z
?count@init_t@omni_thread@@0HA
?create@omni_thread@@SAPAV1@P6APAXPAX@Z0W4priority_t@1@@Z
?create@omni_thread@@SAPAV1@P6AXPAX@Z0W4priority_t@1@@Z
?exit@omni_thread@@SAXPAX@Z
?get_time@omni_thread@@SAXPAK0KK@Z
?id@omni_thread@@QAEHXZ
?join@omni_thread@@QAEXPAPAX@Z
?lock@omni_mutex@@QAEXXZ
?next_id@omni_thread@@0HA
?next_id_mutex@omni_thread@@0PAVomni_mutex@@A
?nt_priority@omni_thread@@CAHW4priority_t@1@@Z
?post@omni_semaphore@@QAEXXZ
?priority@omni_thread@@QAE?AW4priority_t@1@XZ
?release@omni_mutex@@QAEXXZ
?run@omni_thread@@EAEXPAX@Z
?run_undetached@omni_thread@@EAEPAXPAX@Z
?self@omni_thread@@SAPAV1@XZ
?set_priority@omni_thread@@QAEXW4priority_t@1@@Z
?signal@omni_condition@@QAEXXZ
?sleep@omni_thread@@SAXKK@Z
?start@omni_thread@@QAEXXZ
?start_undetached@omni_thread@@IAEXXZ
?state@omni_thread@@QAE?AW4state_t@1@XZ
?timedwait@omni_condition@@QAEHKK@Z
?trywait@omni_semaphore@@QAEHXZ
?unlock@omni_mutex@@QAEXXZ
?wait@omni_condition@@QAEXXZ
?wait@omni_semaphore@@QAEXXZ
?yield@omni_thread@@SAXXZ

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib.dll
.dll windows:4 windows x86 arch:x86

f86ae3774358e3107ed306b68ebe9eeb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
CloseHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

_adler32@12
_compress2@20
_compress@16
_crc32@12
_deflate@8
_deflateCopy@8
_deflateEnd@4
_deflateInit2_@32
_deflateInit_@16
_deflateParams@12
_deflateReset@4
_deflateSetDictionary@12
_get_crc_table@0
_inflate@8
_inflateEnd@4
_inflateInit2_@16
_inflateInit_@12
_inflateReset@4
_inflateSetDictionary@12
_inflateSync@4
_inflateSyncPoint@4
_uncompress@16
_zError@4
_zlibVersion@0

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b5b4bad881057af15fc35648ebcf206

Headers

File Characteristics

Imports

ntdll

kernel32

imagehlp

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 1024B - Virtual size: 914B

10663ae9d2327fc3832135f92cef5c87

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 344B

.SharedD Size: 4KB - Virtual size: 36B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 826B

3e77c3e3fa0ce99c83d31d3cab555757

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

vnchooks

omnithread_rt

zlib

msvcrt

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 20KB - Virtual size: 22KB

.rsrc Size: 48KB - Virtual size: 46KB

8fa420ec10640b15a867e4602d80e994

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

c2009e6ec8f38b440644001aeb5861e3

Headers

File Characteristics

Imports

winmm

ws2_32

snmpapi

hook

kernel32

user32

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1024B - Virtual size: 914B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 344B

.SharedD
Size: 4KB - Virtual size: 36B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 826B

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 20KB - Virtual size: 22KB

.rsrc
Size: 48KB - Virtual size: 46KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 40KB - Virtual size: 36KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 3KB