0e48e247d741feaaa9d1c1d7dc7a5ae0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e48e247d741feaaa9d1c1d7dc7a5ae0_JaffaCakes118
Size

471KB
MD5

0e48e247d741feaaa9d1c1d7dc7a5ae0
SHA1

b66ad32b60cf9f495430b0cd0c85e7c40f0c57e7
SHA256

3b3ae4650872904f45bd8de58072f51b9bf7ec11d90870b1595e1905a7ca8af1
SHA512

5043aa083dd0b905fc956b5932931401fea3b908cf0b3be9bc88b499328bc25c8f00c6d02ed7fc055d1a57d92c574d2a5fe16a7ed34fb04f7b7256094fa388ae
SSDEEP

12288:JoFiJ9Uj39I++gQDJUgNDZQvn+rSvJuCl4zk3:JoFiOj39IFxUgNDZQP+rRCqk3

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
0e48e247d741feaaa9d1c1d7dc7a5ae0_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$_3_/CLEO_SDK/demo_plugins/bin/FileSystemOperations.cleo
unpack001/$_3_/CLEO_SDK/demo_plugins/bin/IniFiles.cleo
unpack001/$_3_/CLEO_SDK/demo_plugins/bin/IntOperations.cleo
unpack001/CLEO.asi
unpack001/CLEO/FileSystemOperations.cleo
unpack001/CLEO/IniFiles.cleo
unpack001/CLEO/IntOperations.cleo
unpack001/bass.dll
unpack001/vorbisFile.dll
unpack001/vorbisHooked.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

0e48e247d741feaaa9d1c1d7dc7a5ae0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OPI_ROOT.ini
$PLUGINSDIR/SB_ROOT.ini
$_2_/data/sa/SASCM.INI
$_2_/data/sa/classes.db
$_2_/data/sa/opcodes.txt
.ps1
$_3_/CLEO_SDK/CLEO.h
$_3_/CLEO_SDK/CLEO.lib
$_3_/CLEO_SDK/CLEO_SDK.chm
.chm
$_3_/CLEO_SDK/demo_plugins/CLEO.h
$_3_/CLEO_SDK/demo_plugins/CLEO.lib
$_3_/CLEO_SDK/demo_plugins/CLEO_plugins.sln
$_3_/CLEO_SDK/demo_plugins/FileSystemOperations/FileSystemOperations.vcproj
.xml
$_3_/CLEO_SDK/demo_plugins/FileSystemOperations/dllmain.c
$_3_/CLEO_SDK/demo_plugins/FileSystemOperations/opcodes.c
$_3_/CLEO_SDK/demo_plugins/FileSystemOperations/opcodes.h
$_3_/CLEO_SDK/demo_plugins/FileSystemOperations/stdafx.h
$_3_/CLEO_SDK/demo_plugins/IniFiles/IniFiles.vcproj
.xml
$_3_/CLEO_SDK/demo_plugins/IniFiles/IniFiles.vcproj.Rubbish.Dmitrijj.user
.xml
$_3_/CLEO_SDK/demo_plugins/IniFiles/dllmain.c
$_3_/CLEO_SDK/demo_plugins/IniFiles/opcodes.c
$_3_/CLEO_SDK/demo_plugins/IniFiles/opcodes.h
$_3_/CLEO_SDK/demo_plugins/IniFiles/stdafx.h
$_3_/CLEO_SDK/demo_plugins/IntOperations/IntOperations.vcproj
.xml
$_3_/CLEO_SDK/demo_plugins/IntOperations/IntOperations.vcproj.Rubbish.Dmitrijj.user
.xml
$_3_/CLEO_SDK/demo_plugins/IntOperations/dllmain.c
$_3_/CLEO_SDK/demo_plugins/IntOperations/opcodes.c
$_3_/CLEO_SDK/demo_plugins/IntOperations/opcodes.h
$_3_/CLEO_SDK/demo_plugins/IntOperations/stdafx.h
$_3_/CLEO_SDK/demo_plugins/bin/FileSystemOperations.cleo
.dll windows:5 windows x86 arch:x86

2db9b233bfe458dcab37e310294308c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Users\Dmitrijj\Documents\Visual Studio 2010\Projects\CLEO_plugins\bin\FileSystemOperations.pdb

Imports

cleo.asi

_CLEO_RegisterOpcode@8
_CLEO_GetIntOpcodeParam@4
_CLEO_SetThreadCondResult@8
_CLEO_ReadStringOpcodeParam@12
_CLEO_GetVersion@0

msvcrt

sprintf
memset
strcmp

kernel32

DeleteFileA
FindNextFileA
MoveFileA
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose

user32

MessageBoxA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/CLEO_SDK/demo_plugins/bin/IniFiles.cleo
.dll windows:5 windows x86 arch:x86

4740eb3657d73a07a6f99c84692e0ca2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Users\Dmitrijj\Documents\Visual Studio 2010\Projects\CLEO_plugins\bin\IniFiles.pdb

Imports

cleo.asi

_CLEO_SetFloatOpcodeParam@8
_CLEO_GetVersion@0
_CLEO_GetOperandType@4
_CLEO_RegisterOpcode@8
_CLEO_GetIntOpcodeParam@4
_CLEO_SetThreadCondResult@8
_CLEO_WriteStringOpcodeParam@8
_CLEO_ReadStringOpcodeParam@12
_CLEO_GetFloatOpcodeParam@4
_CLEO_SetIntOpcodeParam@8
_CLEO_SkipOpcodeParams@8

msvcrt

strcat
atof
strcpy
_itoa
sprintf

kernel32

GetPrivateProfileStringA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA

user32

MessageBoxA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/CLEO_SDK/demo_plugins/bin/IntOperations.cleo
.dll windows:5 windows x86 arch:x86

d39470591fb89d07a6314a80058494b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cleo.asi

_CLEO_RegisterOpcode@8
_CLEO_GetIntOpcodeParam@4
_CLEO_SetIntOpcodeParam@8
_CLEO_GetVersion@0

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLEO.asi
.dll windows:5 windows x86 arch:x86

33a95cd1586ffc69e160bd30e91f8847

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Games\GTA San Andreas\cleo.pdb

Imports

bass

BASS_Set3DPosition
BASS_ErrorGetCode
BASS_Apply3D
BASS_Set3DFactors
BASS_Init
BASS_StreamFree
BASS_StreamCreateFile
BASS_ChannelPlay
BASS_ChannelPause
BASS_ChannelSetPosition
BASS_ChannelBytes2Seconds
BASS_ChannelGetLength
BASS_ChannelIsActive
BASS_ChannelGetAttribute
BASS_ChannelSetAttribute
BASS_ChannelFlags
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_Free
BASS_GetVersion

kernel32

ExitProcess
VirtualProtect
GetModuleHandleA
FreeLibrary
FindClose
FindNextFileA
LoadLibraryA
FindFirstFileA
CreateDirectoryA
SetCurrentDirectoryA
GetFileAttributesA
GetProcAddress
SetEndOfFile
CreateFileW
LoadLibraryW
RaiseException
EncodePointer
DecodePointer
RtlUnwind
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
SetFilePointer
ReadFile
CloseHandle
Sleep
HeapSize
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
WriteConsoleW
SetStdHandle
CreateFileA
HeapReAlloc
GetProcessHeap

user32

MessageBoxA
GetKeyState

Exports

Exports

_CLEO_GetFloatOpcodeParam@4
_CLEO_GetGameVersion@0
_CLEO_GetIntOpcodeParam@4
_CLEO_GetOperandType@4
_CLEO_GetVersion@0
_CLEO_ReadStringOpcodeParam@12
_CLEO_RecordOpcodeParams@8
_CLEO_RegisterOpcode@8
_CLEO_RetrieveOpcodeParams@8
_CLEO_SetFloatOpcodeParam@8
_CLEO_SetIntOpcodeParam@8
_CLEO_SetThreadCondResult@8
_CLEO_SkipOpcodeParams@8
_CLEO_ThreadJumpAtLabelPtr@8
_CLEO_WriteStringOpcodeParam@8
missionLocals
opcodeParams
staticThreads

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLEO/FileSystemOperations.cleo
.dll windows:5 windows x86 arch:x86

2db9b233bfe458dcab37e310294308c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Users\Dmitrijj\Documents\Visual Studio 2010\Projects\CLEO_plugins\bin\FileSystemOperations.pdb

Imports

cleo.asi

_CLEO_RegisterOpcode@8
_CLEO_GetIntOpcodeParam@4
_CLEO_SetThreadCondResult@8
_CLEO_ReadStringOpcodeParam@12
_CLEO_GetVersion@0

msvcrt

sprintf
memset
strcmp

kernel32

DeleteFileA
FindNextFileA
MoveFileA
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose

user32

MessageBoxA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLEO/IniFiles.cleo
.dll windows:5 windows x86 arch:x86

4740eb3657d73a07a6f99c84692e0ca2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Users\Dmitrijj\Documents\Visual Studio 2010\Projects\CLEO_plugins\bin\IniFiles.pdb

Imports

cleo.asi

_CLEO_SetFloatOpcodeParam@8
_CLEO_GetVersion@0
_CLEO_GetOperandType@4
_CLEO_RegisterOpcode@8
_CLEO_GetIntOpcodeParam@4
_CLEO_SetThreadCondResult@8
_CLEO_WriteStringOpcodeParam@8
_CLEO_ReadStringOpcodeParam@12
_CLEO_GetFloatOpcodeParam@4
_CLEO_SetIntOpcodeParam@8
_CLEO_SkipOpcodeParams@8

msvcrt

strcat
atof
strcpy
_itoa
sprintf

kernel32

GetPrivateProfileStringA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA

user32

MessageBoxA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLEO/IntOperations.cleo
.dll windows:5 windows x86 arch:x86

d39470591fb89d07a6314a80058494b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cleo.asi

_CLEO_RegisterOpcode@8
_CLEO_GetIntOpcodeParam@4
_CLEO_SetIntOpcodeParam@8
_CLEO_GetVersion@0

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLEO4.chm
.chm
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 92KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vorbisFile.dll
.dll windows:5 windows x86 arch:x86

af994122bbfcf1c47f473141958b5364

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
LoadLibraryA
FindFirstFileA
DisableThreadLibraryCalls
FindClose

user32

MessageBoxA

vorbishooked

ord1
ord2
ord3
ord4
ord5
ord6
ord7
ord8
ord9
ord10
ord11
ord12
ord13
ord14
ord15
ord16
ord17
ord18
ord19
ord20
ord21
ord22
ord23
ord24
ord25
ord26
ord27
ord28
ord29
ord30
ord31
ord32
ord33
ord34

Exports

Exports

ov_bitrate
ov_bitrate_instant
ov_clear
ov_comment
ov_crosslap
ov_halfrate
ov_halfrate_p
ov_info
ov_open
ov_open_callbacks
ov_pcm_seek
ov_pcm_seek_lap
ov_pcm_seek_page
ov_pcm_seek_page_lap
ov_pcm_tell
ov_pcm_total
ov_raw_seek
ov_raw_seek_lap
ov_raw_tell
ov_raw_total
ov_read
ov_read_float
ov_seekable
ov_serialnumber
ov_streams
ov_test
ov_test_callbacks
ov_test_open
ov_time_seek
ov_time_seek_lap
ov_time_seek_page
ov_time_seek_page_lap
ov_time_tell
ov_time_total

Sections

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 98B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vorbisHooked.dll
.dll windows:4 windows x86 arch:x86

8ec5f91b35a203372803c35e3faa6597

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ogg

ogg_sync_clear
ogg_stream_init
ogg_sync_wrote
ogg_sync_buffer
ogg_sync_init
ogg_stream_packetout
ogg_stream_pagein
ogg_stream_reset_serialno
ogg_page_serialno
ogg_sync_pageseek
ogg_sync_reset
ogg_page_granulepos
ogg_page_eos
ogg_stream_reset
ogg_page_continued
ogg_stream_packetpeek
ogg_stream_clear

vorbis

vorbis_synthesis_headerin
vorbis_block_clear
vorbis_comment_init
vorbis_info_clear
vorbis_comment_clear
vorbis_info_init
vorbis_packet_blocksize
vorbis_synthesis_halfrate
vorbis_synthesis_halfrate_p
vorbis_synthesis_restart
vorbis_synthesis_read
vorbis_synthesis_pcmout
vorbis_synthesis_blockin
vorbis_synthesis_trackonly
vorbis_info_blocksize
vorbis_block_init
vorbis_synthesis_init
vorbis_synthesis
_analysis_output_always
vorbis_synthesis_lapout
vorbis_window
vorbis_dsp_clear

kernel32

RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetStdHandle
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
ReadFile

Exports

Exports

ov_bitrate
ov_bitrate_instant
ov_clear
ov_comment
ov_crosslap
ov_halfrate
ov_halfrate_p
ov_info
ov_open
ov_open_callbacks
ov_pcm_seek
ov_pcm_seek_lap
ov_pcm_seek_page
ov_pcm_seek_page_lap
ov_pcm_tell
ov_pcm_total
ov_raw_seek
ov_raw_seek_lap
ov_raw_tell
ov_raw_total
ov_read
ov_read_float
ov_seekable
ov_serialnumber
ov_streams
ov_test
ov_test_callbacks
ov_test_open
ov_time_seek
ov_time_seek_lap
ov_time_seek_page
ov_time_seek_page_lap
ov_time_tell
ov_time_total

Sections

.text
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 19KB - Virtual size: 18KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2db9b233bfe458dcab37e310294308c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cleo.asi

msvcrt

kernel32

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 934B

.reloc Size: 512B - Virtual size: 180B

4740eb3657d73a07a6f99c84692e0ca2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cleo.asi

msvcrt

kernel32

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 4B

.reloc Size: 512B - Virtual size: 172B

d39470591fb89d07a6314a80058494b3

Headers

DLL Characteristics

File Characteristics

Imports

cleo.asi

user32

Sections

.text Size: 512B - Virtual size: 502B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 934B

.reloc
Size: 512B - Virtual size: 180B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 512B - Virtual size: 502B

.rdata
Size: 512B - Virtual size: 320B

.reloc
Size: 512B - Virtual size: 82B

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 144KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 934B

.reloc
Size: 512B - Virtual size: 180B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 512B - Virtual size: 502B

.rdata
Size: 512B - Virtual size: 320B

.reloc
Size: 512B - Virtual size: 82B

.rsrc
Size: 568B - Virtual size: 4KB