0801b6fdb0d3a5f678a52d3f68dc7863_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0801b6fdb0d3a5f678a52d3f68dc7863_JaffaCakes118
Size

970KB
MD5

0801b6fdb0d3a5f678a52d3f68dc7863
SHA1

a44e7e153116b7beb5e6ebb8e19a771a4bfdd253
SHA256

9bd554be696cb7ac20f630f845535e94556cb7d87bf6410dc03f339d7a940635
SHA512

74d2ec9ec8cbe80abd21da3c9f7783dfce02d5dffc0802c23477af2383fb00f96c5a976fb9fee1664ac668dd928bd943a053dabb8167a74ec4b6f01ee7209993
SSDEEP

24576:9CjiACtFW0ck2/KFOa9/rpsEdFaNB7uw7+bgb:IGtOSt9/NjaL7uw5

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
0801b6fdb0d3a5f678a52d3f68dc7863_JaffaCakes118
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/libiconv-2.dll
unpack001/libintl-8.dll
unpack001/magic1.dll
unpack001/mingwm10.dll
unpack001/mkvextract.exe
unpack001/regex2.dll
unpack001/zlib1.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

0801b6fdb0d3a5f678a52d3f68dc7863_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 712KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 31KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

a4cdec8650dfe0ec28dd3e52e25dae2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

CreateFontIndirectA
DeleteObject
GetDeviceCaps

kernel32

GetACP
GetModuleHandleA
GlobalAlloc
GlobalFree
MulDiv
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA

user32

DialogBoxParamA
EndDialog
GetDC
LoadIconA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetWindowTextA
ShowWindow
wsprintfA

Exports

Exports

LangDialog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

bdab983d6ad23427df2ffbe18eafb197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

GetTextMetricsA
SelectObject

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetModuleHandleA
GlobalAlloc
GlobalFree
MulDiv
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA

ole32

CoTaskMemFree

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

user32

CallWindowProcA
CheckDlgButton
CreateDialogParamA
DestroyWindow
DispatchMessageA
EnableWindow
GetClientRect
GetDC
GetDlgItem
GetMessageA
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
LoadIconA
MoveWindow
PostMessageA
ReleaseDC
ScreenToClient
SendMessageA
SetWindowLongA
SetWindowTextA
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

a4d9ccb79010dc08617de79e5fce07f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
LoadLibraryA
MultiByteToWideChar
VirtualAlloc
VirtualProtect
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_errno
fflush
free
malloc
memcpy

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 264B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/external_links.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

4fb4d15e957b6564bf15c23e80f0202a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

SetTextColor

kernel32

GetCurrentDirectoryA
GetFileAttributesA
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
SetCurrentDirectoryA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

user32

CallWindowProcA
CharNextA
CharPrevA
CreateDialogParamA
CreateWindowExA
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
GetClientRect
GetDlgItem
GetMessageA
GetPropA
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
IsWindow
KillTimer
LoadCursorA
MapDialogRect
MapWindowPoints
RemovePropA
SendMessageA
SetCursor
SetPropA
SetTimer
SetWindowLongA
SetWindowPos
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libiconv-2.dll
.dll windows:4 windows x86 arch:x86

4b10c1ef119ea3d46439977b03f17e1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte

msvcrt

_strdup
__dllonexit
__lc_codepage
__mb_cur_max
_errno
abort
fflush
free
malloc
memcpy
qsort
sprintf
strchr
strcmp
strcpy
strlen
strncmp

Exports

Exports

_libiconv_version
aliases2_lookup
aliases_lookup
iconv_canonicalize
libiconv
libiconv_close
libiconv_open
libiconv_relocate
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 816KB - Virtual size: 815KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 536B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libintl-8.dll
.dll windows:4 windows x86 arch:x86

20f0bf0b7c3dee59835e4d9d93d2ad03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libiconv-2

libiconv
libiconv_open
libiconv_set_relocation_prefix

kernel32

CloseHandle
CreateEventA
DeleteCriticalSection
EnterCriticalSection
GetACP
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetThreadLocale
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetEvent
Sleep
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fstat
_getcwd
_open
_read
_strdup
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_flsbuf
_iob
_isctype
_pctype
_snprintf
_snwprintf
_stricmp
_vsnprintf
_vsnwprintf
abort
bsearch
calloc
fclose
fflush
fgets
fopen
fputc
fputwc
free
fwrite
getenv
localeconv
malloc
memcpy
qsort
realloc
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strstr
strtoul
tolower
vfwprintf
wcschr
wcslen

Exports

Exports

__printf__
_get_output_format
_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_msg
_nl_language_preferences_default
_nl_load_domain
_nl_locale_name
_nl_locale_name_default
_nl_locale_name_posix
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
_nl_state_lock
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_hash_string
libintl_lock_destroy
libintl_lock_init
libintl_lock_lock
libintl_lock_unlock
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_once
libintl_recursive_lock_destroy
libintl_recursive_lock_init
libintl_recursive_lock_lock
libintl_recursive_lock_unlock
libintl_relocate
libintl_rwlock_destroy
libintl_rwlock_init
libintl_rwlock_rdlock
libintl_rwlock_unlock
libintl_rwlock_wrlock
libintl_set_relocation_prefix
libintl_snprintf
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_vasnprintf
libintl_vasnwprintf
libintl_version
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsnprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
locale_charset
ngettext
textdomain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
magic1.dll
.dll windows:4 windows x86 arch:x86

d8adf44f90c973053779f7dd96649e25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

regex2

regcomp
regerror
regexec
regfree

zlib1

inflate
inflateEnd
inflateInit2_

kernel32

AddAtomA
DeleteCriticalSection
EnterCriticalSection
FindAtomA
GetAtomNameA
GetFileAttributesA
GetLastError
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
Sleep

msvcrt

_close
_dup2
_mktemp
_open
_read
_strdup
_unlink
_utime
_write
__dllonexit
__mb_cur_max
_access
_assert
_errno
_findclose
_findfirst
_findnext
_fstati64
_fullpath
_iob
_isctype
_lseeki64
_pctype
_pipe
_stati64
abort
asctime
calloc
ctime
exit
fclose
fflush
fgets
fopen
fprintf
fputc
free
fwrite
getenv
gmtime
localtime
malloc
memcpy
memset
qsort
realloc
sprintf
strchr
strcpy
strcspn
strerror
strlen
strncmp
strrchr
strstr
strtod
strtol
strtoul
time
tolower
toupper
vfprintf
vsprintf

Exports

Exports

DllGetVersion
magic_buffer
magic_check
magic_close
magic_compile
magic_descriptor
magic_errno
magic_error
magic_file
magic_load
magic_open
magic_setflags

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mingwm10.dll
.dll windows:4 windows x86 arch:x86

2870205e38265f891e17ab096ac00cf1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_assert
_errno
abort
calloc
fflush
free
malloc
memset

kernel32

AddAtomA
DeleteCriticalSection
EnterCriticalSection
FindAtomA
GetAtomNameA
GetLastError
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue

Exports

Exports

__mingwthr_key_dtor
__mingwthr_remove_key_dtor

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 256B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mkvextract.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
regex2.dll
.dll windows:4 windows x86 arch:x86

034666ac012e8ddbed7c20dac60b4b4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
__mb_cur_max
_assert
_errno
_isctype
_pctype
_stricmp
abort
calloc
fflush
free
getenv
malloc
memcpy
memmove
memset
realloc
strchr
tolower
toupper

Exports

Exports

DllGetVersion
re_comp
re_compile_fastmap
re_compile_pattern
re_exec
re_match
re_match_2
re_search
re_search_2
re_set_registers
re_set_syntax
re_syntax_options
regcomp
regerror
regexec
regfree

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 256B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib1.dll
.dll windows:4 windows x86 arch:x86

07761085e6d5abbc4cbf0976d6b9a264

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

_fdopen
__dllonexit
_errno
_filelengthi64
_vsnprintf
abort
clearerr
fclose
fflush
fgetpos
fopen
fprintf
fputc
fread
free
fsetpos
fwrite
malloc
memcpy
memset
sprintf
strcat
strcpy
strerror
strlen

Exports

Exports

DllGetVersion
_dist_code
_length_code
_tr_align
_tr_flush_block
_tr_init
_tr_stored_block
_tr_tally
adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
deflate_copyright
get_crc_table
gzclearerr
gzclose
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflatePrime
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
inflate_copyright
inflate_fast
inflate_table
uncompress
zError
z_errmsg
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 144B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 140B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 712KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 31KB - Virtual size: 2.4MB

.rsrc Size: 23KB - Virtual size: 23KB

a4cdec8650dfe0ec28dd3e52e25dae2c

Headers

File Characteristics

Imports

gdi32

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 28B

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 73B

.idata Size: 1024B - Virtual size: 752B

.rsrc Size: 512B - Virtual size: 340B

.reloc Size: 512B - Virtual size: 252B

bdab983d6ad23427df2ffbe18eafb197

Headers

File Characteristics

Imports

gdi32

kernel32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 244B

.bss Size: - Virtual size: 5KB

.edata Size: 512B - Virtual size: 101B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 292B

.reloc Size: 512B - Virtual size: 356B

a4d9ccb79010dc08617de79e5fce07f9

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 20B

.rdata Size: 1024B - Virtual size: 540B

.bss Size: - Virtual size: 264B

.edata Size: 512B - Virtual size: 160B

.idata Size: 1024B - Virtual size: 880B

.reloc Size: 1024B - Virtual size: 620B

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 140B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 712KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 31KB - Virtual size: 2.4MB

.rsrc
Size: 23KB - Virtual size: 23KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 28B

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 73B

.idata
Size: 1024B - Virtual size: 752B

.rsrc
Size: 512B - Virtual size: 340B

.reloc
Size: 512B - Virtual size: 252B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 244B

.bss
Size: - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 101B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 292B

.reloc
Size: 512B - Virtual size: 356B

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 20B

.rdata
Size: 1024B - Virtual size: 540B

.bss
Size: - Virtual size: 264B

.edata
Size: 512B - Virtual size: 160B

.idata
Size: 1024B - Virtual size: 880B

.reloc
Size: 1024B - Virtual size: 620B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 176B

.bss
Size: - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 363B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 140B

.reloc
Size: 512B - Virtual size: 416B

.text
Size: 74KB - Virtual size: 74KB

.data
Size: 512B - Virtual size: 16B

.rdata
Size: 816KB - Virtual size: 815KB

.bss
Size: - Virtual size: 536B

.edata
Size: 512B - Virtual size: 370B

.idata
Size: 1024B - Virtual size: 772B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 58KB - Virtual size: 58KB

.data
Size: 1024B - Virtual size: 548B

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 98KB - Virtual size: 97KB

.data
Size: 1024B - Virtual size: 784B

.rdata
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 325B

.idata
Size: 2KB - Virtual size: 2KB