0d7178cf8205fe4d03031b70216d0992_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d7178cf8205fe4d03031b70216d0992_JaffaCakes118
Size

9.9MB
MD5

0d7178cf8205fe4d03031b70216d0992
SHA1

a45d9e31b0bc72876575225a3e8e51f9a1ff802c
SHA256

a7db104ba7141eb18f2a107c06bea5a569d06a00b7addf3bc50cf622a39f9434
SHA512

1be4067ae49cada04fb6e9ee18ee57c6566ce65bba3e8a353b73cc885eab414943bf18146f4c6b36a0d0989159d6c6ab5697e369bf187536e771dcc88da83c56
SSDEEP

196608:umRvvZ5IlM9kD7G+BjdgP5PCWypvURrLBEA1nvsLpUmvfC:/vvX5CDaF+vKHBX1ELaGC

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ChaosOne.exe
unpack001/FAM 1.0.0.exe
unpack001/fam 2.4.1.exe
unpack001/丶콺.exe
unpack001/ڵ/WarcraftIIIAutoRefresh.exe

Files

0d7178cf8205fe4d03031b70216d0992_JaffaCakes118
.zip
ChaosOne.exe
.exe windows:4 windows x86 arch:x86

0a2ac581c08a65ec40f2d014bd0a5a5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord861
ord324
ord2362
ord4229
ord6330
ord942
ord4704
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord2567
ord6051
ord1768
ord4390
ord5286
ord3397
ord3569
ord1143
ord567
ord556
ord2294
ord1137
ord5568
ord1197
ord2910
ord3087
ord1634
ord4155
ord2858
ord1088
ord2114
ord1980
ord690
ord2385
ord5201
ord389
ord2755
ord2371
ord4219
ord6451
ord755
ord470
ord5949
ord1563
ord1194
ord6195
ord858
ord922
ord765
ord692
ord823
ord2634
ord5977
ord2078
ord2859
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord6372
ord2357
ord3605
ord3716
ord3614
ord656
ord2281
ord925
ord3737
ord818
ord4270
ord3693
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord668
ord665
ord1971
ord5180
ord354
ord3173
ord2773
ord2762
ord356
ord353
ord3393
ord3728
ord810
ord2857
ord2088
ord384
ord686
ord3172
ord2507
ord355
ord927
ord6004
ord3995
ord5706
ord5679
ord3785
ord4120
ord2293
ord4124
ord3494
ord1567
ord1941
ord2144
ord1230
ord2235
ord6193
ord4294
ord640
ord5781
ord1633
ord323
ord2372
ord5871
ord5785
ord6168
ord4198
ord941
ord859
ord536
ord2354
ord6376
ord6655
ord6374
ord6871
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord4992
ord4847
ord4370
ord5261
ord6211
ord538
ord540
ord860
ord2810
ord537
ord940
ord535
ord2406
ord3621
ord3658
ord2613
ord1165
ord1229
ord2506
ord800
ord609
ord616
ord809
ord641
ord3566
ord815
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4667
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord795
ord1569

msvcrt

_CxxThrowException
atoi
atof
__CxxFrameHandler
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
exit
_XcptFilter
_exit
floor
_wfopen
_wcsicmp
toupper
_itoa
ceil
memmove
wcscmp
_CIpow
_ftol
malloc
free
fwrite
fopen
fseek
ftell
fclose
fread
tolower
_purecall
rand
sprintf
_wsplitpath
_wcsicoll
swprintf
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_wtoi
time
srand
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp

kernel32

CreateFileW
TerminateThread
WriteFile
SetFilePointer
GetSystemTime
SetLastError
ReadFile
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
GetStartupInfoW
FindFirstChangeNotificationW
CreateThread
ReleaseMutex
GetLastError
CreateMutexW
ReadProcessMemory
GetModuleFileNameW
Sleep
FindCloseChangeNotification
WideCharToMultiByte
VirtualFree
FindNextChangeNotification
WaitForSingleObject
VirtualAlloc
InterlockedDecrement
GlobalUnlock
GlobalAlloc
SetCurrentDirectoryW
lstrcpyW
WriteProcessMemory
CreateDirectoryW
CloseHandle
OpenProcess
GetCurrentProcess
VirtualProtectEx
GetLocalTime
SystemTimeToTzSpecificLocalTime
lstrlenW
DeleteFileW
MoveFileW
GlobalLock
MultiByteToWideChar
lstrlenA
LocalFree
GetTickCount

user32

GetForegroundWindow
UnhookWindowsHookEx
CopyRect
GetKeyState
GetAsyncKeyState
SendInput
CallNextHookEx
PostMessageW
FindWindowW
SendMessageW
SetWindowsHookExW
ClientToScreen
GetClientRect
GetSystemMetrics
EnableWindow
LoadIconW
LoadBitmapW
AppendMenuW
GetSystemMenu
DrawIcon
IsIconic
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
ReleaseDC
GetDC
KillTimer
GetMonitorInfoW
MonitorFromWindow
GetDesktopWindow
MoveWindow
GetWindowRect
ShowWindow
SetForegroundWindow
GetClassInfoW
SetTimer
SetCursor
DrawTextW
GetWindowDC
SystemParametersInfoW
SetWindowRgn
RedrawWindow
LoadCursorW
GetSysColorBrush
SetRect
InvalidateRect
MessageBeep
MessageBoxW
GetWindowThreadProcessId
OffsetRect
InflateRect
UnionRect
IntersectRect
IsRectEmpty
LoadMenuW
GetSubMenu
GetCursorPos

gdi32

CreateDIBitmap
CreateRectRgn
CombineRgn
CreateFontIndirectW
CreateFontW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectW
GetDIBits
DeleteObject
SetDeviceGammaRamp
CreateDCW
GetDeviceGammaRamp
DeleteDC

advapi32

RegCreateKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VariantClear
SysFreeString

gdiplus

GdipSaveImageToFile
GdipSetImagePalette
GdipCreateBitmapFromScan0
GdipSetPropertyItem
GdipDeleteFont
GdipBitmapGetPixel
GdipDrawString
GdipDeleteBrush
GdipCreateSolidFill
GdipGetPropertySize
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipMeasureString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDeleteFontFamily
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCloneBrush
GdipFillRectangleI
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipImageGetFrameDimensionsList
GdipDisposeImage
GdiplusShutdown
GdipGetImageEncoders
GdipCreateBitmapFromStream
GdipGetAllPropertyItems
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipGetImageEncodersSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipImageGetFrameDimensionsCount

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Mode@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEHH@Z
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
??_7?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wsock32

gethostname
ntohs
ntohl
ioctlsocket
connect
WSACleanup
getpeername
recv
send
WSAStartup
htonl
bind
listen
accept
WSAGetLastError
select
recvfrom
sendto
inet_addr
socket
closesocket
gethostbyname
htons

winmm

sndPlaySoundW
mciGetErrorStringW
mciSendCommandW
PlaySoundW

msvcirt

??6ostream@@QAEAAV0@PBD@Z
?cout@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

shlwapi

PathFileExistsW

ws2_32

WSAIoctl

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 612KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FAM 1.0.0.exe
.exe windows:4 windows x86 arch:x86

9484ff95324843a133a8f5a07ac50e7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
ord588
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord591
ord592
__vbaExitProc
__vbaFileCloseAll
__vbaI4Abs
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaBoolVar
__vbaBoolVarNull
__vbaFpR8
__vbaRefVarAry
_CIsin
ord632
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaPrintObj
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaVarDiv
ord530
ord531
ord716
__vbaFPException
ord717
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaInStr
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord579
__vbaI4Var
ord689
__vbaVarCmpEq
__vbaLateMemCall
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
ord614
__vbaFpI4
__vbaRecDestructAnsi
ord617
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
ord618
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
ord619
__vbaForEachVar
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FOCS3 Another 8.8zi(Test).w3x
fam 2.4.1.exe
.exe windows:4 windows x86 arch:x86

ba31963897d9b22626bdffc3603f95f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaStrI2
ord690
__vbaVargParmRef
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaVarSetVarAddref
__vbaCopyBytes
__vbaVarCmpNe
__vbaForEachCollAd
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
ord593
__vbaExitProc
ord594
__vbaFileCloseAll
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord599
__vbaBoolVar
ord520
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
ord709
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaCheckType
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
ord570
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarCmpEq
ord610
__vbaAryLock
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaUI1Str
__vbaCastObj
__vbaStrMove
ord618
__vbaForEachVar
_allmul
_CItan
__vbaNextEachCollAd
__vbaFPInt
__vbaAryUnlock
__vbaUI1Var
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
丶콺.exe
.exe windows:4 windows x86 arch:x86

b97c92510f7ec9367abb9c02aff234c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
GetACP
UnhandledExceptionFilter
HeapSize
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
RaiseException
HeapCreate
VirtualFree
GetEnvironmentStringsW
GetEnvironmentStrings
HeapDestroy
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
WriteFile
HeapAlloc
ReadFile
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitProcess
HeapFree
TerminateProcess
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetFileAttributesA
GetFileTime
GetFileSize
FileTimeToSystemTime
GetTickCount
FileTimeToLocalFileTime
FindFirstFileA
GetFullPathNameA
GetVolumeInformationA
FindClose
LockFile
SetEndOfFile
UnlockFile
VirtualAlloc
IsBadWritePtr
FlushFileBuffers
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateMutexA
SetFilePointer
CreateFileA
GetProfileStringA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetThreadLocale
SizeofResource
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
SetLastError
FormatMessageA
LocalFree
WritePrivateProfileStringA
GetPrivateProfileIntA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
lstrlenA
GlobalUnlock
GlobalFree
InterlockedDecrement
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetVersion
SetUnhandledExceptionFilter
LCMapStringA
GetLastError

user32

SetRect
GetNextDlgGroupItem
CopyAcceleratorTableA
InvalidateRect
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
PtInRect
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DestroyMenu
LoadStringA
wvsprintfA
MapDialogRect
SetWindowContextHelpId
GetDC
ReleaseDC
EndDialog
CreateDialogIndirectParamA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
ScreenToClient
CopyRect
CharNextA
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
DestroyWindow
CreateWindowExA
GetClassLongA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
GetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowRect
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
InflateRect
GetSysColorBrush
GetTopWindow
IsChild
GetWindowPlacement
IsWindowVisible
PeekMessageA
SetWindowsHookExA
GetParent
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
EnableWindow
LoadMenuA
GetSubMenu
PostMessageA
KillTimer
GetAsyncKeyState
GetCursorPos
mouse_event
SetCursorPos
GetSystemMetrics
GetClientRect
DrawIcon
GetScrollPos
GetSystemMenu
AppendMenuA
SendMessageA
SetScrollRange
SetScrollPos
SetTimer
RemovePropA
UnregisterClassA
GetDesktopWindow
GetWindow
GetPropA
SetPropA
DefWindowProcA
LoadIconA
LoadCursorA
FindWindowA
MessageBeep
GetLastActivePopup
IsIconic
SetForegroundWindow
CallWindowProcA
IsWindowUnicode
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
HideCaret

gdi32

DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
IntersectClipRect
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SetViewportOrgEx
SetMapMode
OffsetViewportOrgEx
GetStockObject
SetBkMode
RestoreDC
SaveDC
SelectObject
DeleteDC
GetObjectA
SetBkColor
PatBlt
GetClipBox
SetTextColor
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

shell32

Shell_NotifyIconA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
VariantCopy
SysAllocString
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ڵ/WarcraftIIIAutoRefresh.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ڵ/WarcraftIIIAutoRefresh_Config.dat
ڵ/оּ.txt
Ŀĳ  ȭ.reg

Sharing

General

Malware Config

Signatures

Files

0a2ac581c08a65ec40f2d014bd0a5a5f

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

msvcp60

wsock32

winmm

msvcirt

psapi

shlwapi

ws2_32

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 612KB - Virtual size: 608KB

9484ff95324843a133a8f5a07ac50e7e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 300KB - Virtual size: 298KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 84KB - Virtual size: 81KB

ba31963897d9b22626bdffc3603f95f5

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 416KB - Virtual size: 415KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 34KB

b97c92510f7ec9367abb9c02aff234c4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 36KB - Virtual size: 35KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 48KB - Virtual size: 45KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 612KB - Virtual size: 608KB

.text
Size: 300KB - Virtual size: 298KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 84KB - Virtual size: 81KB

.text
Size: 416KB - Virtual size: 415KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 34KB

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 36KB - Virtual size: 35KB

.text
Size: 48KB - Virtual size: 45KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 12B