1186321cd7ca58b4c496d907d1e28788_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1186321cd7ca58b4c496d907d1e28788_JaffaCakes118
Size

171KB
MD5

1186321cd7ca58b4c496d907d1e28788
SHA1

697b0b886288b20c54026bf0c1974ea868d2ef7d
SHA256

9e7dcb317a5601a23cb16ecd3439f6262f789daf3e7eb5911d72d718020a6c0e
SHA512

26ee63ecf668104eef8c21d6fff75c99356e888f86101b5ebab5918fdf60f1412f2e7d5864a4f1d9a67d655cd0152b96ff3407a3c2f027b965f072631868f865
SSDEEP

3072:ZVR4DTOVlxQBjMEAiymOt6B4CQ3pNVC3Cb4XE46K+IW5xe93mcPb7eWPNwN/6eNm:fR4fO/ursk4CKDVC3ikY5o3mcXPNwN/0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1186321cd7ca58b4c496d907d1e28788_JaffaCakes118

Files

1186321cd7ca58b4c496d907d1e28788_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ec860245bf6e4f7e1d98c8a14353bdd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

ioctlsocket
accept
connect
recv
select
send
shutdown
socket
WSACleanup
WSAStartup
inet_addr
gethostbyaddr
WSAGetLastError
gethostbyname
gethostname
htons
closesocket

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

aswengldr

avldrCreateHandle
avldrLoadModule
avldrCloseModule
BtsSchedule
avlicInitializeAndValidate
avldrGetEngineInformation
avlicClose
avlicGetLicense
avlicFindFeatureById
avlicGetLockData

shlwapi

SHDeleteKeyW

kernel32

GetCurrentProcess
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
OutputDebugStringW
GetSystemDirectoryW
ExitProcess
SetErrorMode
GetVersionExW
SetUnhandledExceptionFilter
SetThreadLocale
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetFileAttributesW
GlobalMemoryStatus
GetSystemInfo
LocalAlloc
LocalFree
GetLongPathNameW
WriteFile
GetTempPathW
GetTempFileNameW
WaitForSingleObject
TerminateThread
GetExitCodeThread
lstrlenW
CreateProcessW
GetSystemTime
SystemTimeToFileTime
WritePrivateProfileStringW
FindNextFileW
CreateMutexW
ReleaseMutex
CreateThread
GetSystemTimeAsFileTime
OpenEventW
SetEvent
SetFileAttributesW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
MulDiv
CreateEventW
PulseEvent
WaitForMultipleObjects
ResetEvent
GetFileSize
ReadFile
SetFilePointer
SetEndOfFile
CreateWaitableTimerW
SetWaitableTimer
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
GetUserDefaultLCID
GetVolumeInformationW
lstrcatW
GetTickCount
GetPrivateProfileIntW
GetPrivateProfileStringW
GetModuleFileNameW
SetLastError
LoadLibraryExW
GetConsoleOutputCP
GetCPInfo
GetLocaleInfoW
Sleep
LeaveCriticalSection
LoadLibraryW
GetComputerNameW
EnterCriticalSection
FreeLibrary
FindClose
GetLastError
FindFirstFileW
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
HeapFree
GetProcessHeap
CompareFileTime
HeapAlloc
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
LoadLibraryA
RaiseException
InterlockedCompareExchange
GetShortPathNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CloseDesktop
CreateWindowExW
RegisterClassW
SetThreadDesktop
CreateDesktopW
SwitchDesktop
OpenDesktopW
DefWindowProcW
EndPaint
BeginPaint
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
DrawTextW
LoadStringW
wsprintfW
GetThreadDesktop
LoadCursorW
GetDC
ReleaseDC
GetSystemMetrics
CopyRect
SetRect
GetParent
GetForegroundWindow
GetWindowThreadProcessId
GetClassNameW
GetWindowLongW
GetClientRect
MapWindowPoints
GetWindowRect
UnionRect
EqualRect
GetDesktopWindow
IsWindow
EnumWindows
ShowWindow

gdi32

EnumFontFamiliesExW
GetTextExtentPointW
GetDeviceCaps
TranslateCharsetInfo
CreateDCW
GetStockObject
SetMapMode
SelectObject
GetObjectW
CreateFontIndirectW
StartDocW
StartPage
EndDoc
EndPage
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetBitmapBits
SetBitmapBits
CreateBitmap
CreatePatternBrush
PatBlt
DeleteObject
GetTextExtentPoint32W

advapi32

GetSecurityDescriptorDacl
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegDeleteKeyW
AddAccessAllowedAce
GetAclInformation
GetAce
GetLengthSid
EqualSid
DeleteAce
InitializeAcl
AddAce
AllocateAndInitializeSid
GetFileSecurityW
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegSetValueW
RegQueryInfoKeyW
LookupAccountSidW

shell32

SHGetSpecialFolderPathW

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

aswcmnis

sha256GenerateHash
MD5Final
MD5Update
cyphSimpleCode
MD5Init
mdaGenerate

aswcmnos

dep_fsGetFileInfoHandle
dep_strFreeString
dep_strCurrToNewUtf8
dep_strUnicodeToNormalFlags
fsGetRootNameS
dep_fsGetFileAttributesX
dep_fsCreateFolderX
dep_fsRemoveFolderRecursive
dep_fsRemoveFolder
dep_fsDeleteFile
dep_fsExtractDriveRoot
dep_fsSetFilePointer
dep_fsDuplicateFile
dep_fsReadFile
dep_fsOpenFile
dep_strUnicodeToNewNormal
dep_osIsWin64
dep_fsCloseFile
dep_fsGetFileSizeHandle
dep_fsOpenFileX

aswcmnbs

??1CGenericFile@@UAE@XZ
??0CGenericFile@@QAE@XZ
?InitTempFile@CGenericFile@@QAEKKPB_WPAKK@Z
ggzopen
??BCStr@@QAEPBDXZ
??0CStr@@QAE@PB_W@Z
ggzwrite
fsGetAvastProgramPath
fsGetAvastDataPath
fsGetAvastLogPath
cmnbInit
cmnbFree
??0CStr@@QAE@XZ
??1CStr@@QAE@XZ
?GetTempFile@CStr@@QAEKPAK@Z
??4CStr@@QAEAAV0@PB_W@Z
?AddFilePart@CStr@@QAEKPB_W0@Z
?GetTempPathW@CStr@@QAEKPB_W@Z
??0CStr@@QAE@ABV0@@Z
??YCStr@@QAEAAV0@PB_W@Z
fsGetAvastLicenseFile
strGetDisplayFileName
fsGetAvastOemString
fsSetAvastLicenseFile
?DeleteFileW@CGenericFile@@QAEK_N0@Z
ggzclose
sha256GenerateFromHandle

msvcr90

_beginthreadex
_localtime64
srand
rand
sprintf
strstr
strcspn
strchr
_snprintf
_gmtime64
_wcsdup
??2@YAPAXI@Z
isdigit
wcstoul
_CxxThrowException
wcsftime
_wcstoui64
_itow
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcsncmp
_time32
wprintf_s
wcscpy_s
?terminate@@YAXXZ
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
__clean_type_info_names_internal
_strnicmp
memset
memcpy
swprintf_s
swscanf
towupper
_wtoi
free
malloc
wcstok
_swprintf
_mktime64
wcsncat
_wcsnicmp
_wsetlocale
wcschr
wcsstr
wcsncpy
wcsrchr
_wcsicmp
_snwprintf
_time64
memmove
??_V@YAXPAX@Z
??3@YAXPAX@Z

Exports

Exports

��p�NQɞWKԯ�J��^��E<7��D�hn� ��=H0Շ��K�f�0�eQ��H9�Tc�:!��C9��ҫ��PCЄpDA=��粟��K=1��&�jc�3�hA��dL��Z�`�4p��v��6�� %��N�m��QO��u��2*��pĉ��U0��w��2#h�K[��hύo@��d~#�[��+g��82m��)��^��]s=]��5H�,:�Ė kʀ� �I��S$gn�L|"~I�d\#G5S�t�l|e�\��Y�5�~��>�i�t�<}�ۙ�J�fUo��Ǟ,��_��<��ꎕ��N@\��ǅ�%�O캬��bR��7>�~�~�PQ&С��'��.�i�J��t��5�:iX; �(Z�m��.f�%)�H�� n� Y��zU ��s�-P��s��Y�'��ub!(�66�£�س�.��=��õbC��֓�/�+�_8��&~7��p9HN��:�a$��֘m\�v EȨK ��ԑ�h�{�-�P��{��\��[��SBx�|Y��f�-� �~��$%4��lSVt*�̣j�O��y��V{Ć@�<�ZF�v�A~��Fg�(��צ�LziwpX��,$'N��#��~)�kR��~'�&�#3�V��s�q8��f�X�-� �@��Je��s��O��Lxy��MP��ǭ�ѹ�W�fU�� |�<�?��'� ��Ww��5�H��U��PR��".��B��L�g�j�,��;��H��.5{�-��vI��ō�S[~�B�$pG֘a�,VZ_u�1(�'��l��:��y�]�/� %?ٞܕ�T ��Q-�kb��?��Rw�l f�� n��)bG�'�w��\��W ԥg�R�nA��t �엊��4�(Ҟ�vG��N��8'��F��3O Z�X��E�p5=g��C�a�E�G��s>�x��+A�h��p�l$��q��}��d ��\��Ȋ[��k��o��p�LCmj�E�x�o�7bP[�XgiA��>�e�Pm5T��|��I52M��xtm=��:rx��b�G��M�Jf��Uc��'j�4}��9��f[G2��Mg'��aS R��v)d,N/�︀HmÑ�c�(C��Ȕ�1�sAJuT�HW&��e�ʃ�zD%��-��a�Nފ��&e�QgЯe�E$@��#$ü��P+$�lf%K��r}��߅� P��{d@�"m��B�۲��r"Q# CaC��<!�~^�qj.X-.�b��bQ��~��S��j�w��%g��ۍ�X�I�)�u|\��q��@҉�W��酽��ub�>7�2�^kE�h�~ `<w8�:�9Bܗ��&k�7l��x��*%��y��0Ml{��[ t�m�2��>�x;�O��+T��֧%ם�U%� IԤ��[�RGC�t�K'��T�0V:�gQ�Ё��1�˒��N�Q� &by�5K� ��I��q>��"V�U�6#ٌ,�=:��f� P@�!�ZdRc̅�T�%�m � KU[��<��F��p�b~'�Ά�#�Y�:�Me�7n�� %��*��_t��p��J�LQ�y�/0��_��E8$�>5�uծ��6yG�T㺎D5П��|��,�η!RZ�� u]��z]3�5��t= ��,� �IU8d�~A�·��@�l��D.��ˇ��!��E8G0/`��;�� qi5�2�� JDP��5��^�%��^W05��Z?�>H��IGcH�N��ei� G!'Rjh��/p��ɝ�~ݝ|v��Q��Y�"��֛��קM��$Y�*jE��$��8Φ��֒��X�̛�A��+J�+�ǣ�� O$B��!q,v_�i݊��,�5�N��h��k�+��\I�[� /��R��e��hH?�*,�;m�� AĤ��qz�H5%��pwu�Gp��>Sh��D��K�R��%˶[g�~�OZɇǶ�G� �]s#C��|&�5r�@��Hݗ��d&P�6>��Rɋ�J��ŔC��ޑ��f<�3.��?�2` /�� 0��7b贝��fk�'G~�o7��>/�6��K�}�9�<w��E�{'��9�[C}kޓ�,kf ��+YtH�B��?:��ч0�H2Lc_OBID�� u�(��v�*��cT0-{�Ny��F��u�z/�c�L!��Ng��i6X��"�oH�R��*�K�ڎ�V^�ֿ� �׽aQT"��Kf�u Ř�֝�}�@��[�`n��[�U��0��u�0M��;��^tKC%�] f�]z�x�kc5��e�W'2Y^��Lޖ�&��"�}�@��h��HPM��ٿ�1a-��#�LH=l�#l|�9��7�`lǽ��I�L%�q�۾��I=rR&(��\�W9�]��Wf��PK��oU��c�z; �R�R��԰�pd��MͤpqstLN�(/y��DM3�.:�sIaEI3��j��q��4%��yIk`��}�c9�TvC�@�f!#3Iዺc��]��q�Y#�w��o�t�QC��f� C�X�v?��=�,1��E�@��k��`��s3�Y`��+�m�gU� �2��" ��lp7*J�O�(��յ��>�x��$�Y-�,�ݕZ��X�S��u�۵��z�!T!<H��Q��Ϛ.q�/'4Y��sH�'� en��Ӑ��4��&��XMNuj��Yyr! �3S=x^��_��M�qo2tA+��C2�XڌkÍ��&�䏮\�A*��W 4iRp+�E��@�Om]c<�
??0CMyArray@@QAE@ABV0@@Z
??0CMyArray@@QAE@K@Z
??0CMyDWORDArray@@QAE@ABV0@@Z
??0CMyDWORDArray@@QAE@XZ
??0CMyPtrArray@@QAE@ABV0@@Z
??0CMyPtrArray@@QAE@XZ
??1CMyArray@@UAE@XZ
??1CMyDWORDArray@@UAE@XZ
??1CMyPtrArray@@UAE@XZ
??4CMyArray@@QAEAAV0@ABV0@@Z
??4CMyDWORDArray@@QAEAAV0@ABV0@@Z
??4CMyPtrArray@@QAEAAV0@ABV0@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??_7CMyArray@@6B@
??_7CMyDWORDArray@@6B@
??_7CMyPtrArray@@6B@
?Add@CMyDWORDArray@@QAEKK@Z
?Add@CMyPtrArray@@QAEKPAX@Z
?AddReal@CMyArray@@IAEPAEPAK@Z
?Copy@CMyArray@@QAEKPAV1@@Z
?GetArray@CMyArray@@QAEPAXXZ
?GetAt@CMyArray@@QAEPAEK@Z
?GetAt@CMyDWORDArray@@QAEKK@Z
?GetAt@CMyPtrArray@@QAEPAXK@Z
?GetGrow@CMyArray@@QAEKXZ
?GetSize@CMyArray@@QAEKXZ
?InsertAt@CMyArray@@QAEPAEKPAK@Z
?InsertAt@CMyDWORDArray@@QAEKKK@Z
?InsertAt@CMyPtrArray@@QAEKKPAX@Z
?RemoveAll@CMyArray@@QAEXXZ
?RemoveAt@CMyArray@@QAEXK@Z
?SetAt@CMyDWORDArray@@QAEXKK@Z
?SetAt@CMyPtrArray@@QAEXKPAX@Z
?SetAtGrow@CMyDWORDArray@@QAEKKK@Z
?SetAtGrow@CMyPtrArray@@QAEKKPAX@Z
?SetGrow@CMyArray@@QAEXK@Z
?SetSize@CMyArray@@QAEKK@Z
_CallOnSecureDesktop@12
_basA2U@12
_basAddSchedulerEvent@28
_basAddress2String@12
_basAdjustBuffer@12
_basAutoComplete@8
_basBindProp@16
_basChangeSubStr@16
_basCheck@0
_basCheckFileVersion@12
_basCheckOleServerVersion@12
_basCodeStringPassword@4
_basCreateFriendFileName@16
_basCreateLanguagePath@12
_basCreateOSString@12
_basCreatePath@16
_basCreateStatement@0
_basCreateTempFile@8
_basCreateURL@12
_basCreateVirusDescription@20
_basCreateWhsConnectorFwRules@0
_basDeleteValue@8
_basDoFitFileName@12
_basDoesCurrCodePageSupportExtendedConsoleChars@0
_basDoesPROKeyExistAndIsValid@0
_basDomainDetect@0
_basEmptyAvastTempFolder@8
_basEnableWriteAccessToEveryone@4
_basExecuteAndWait@8
_basExpandUserAreas@12
_basFixNetworkStack@4
_basFontSupportsCharset@8
_basFormatNumber@16
_basFreeLanguage@4
_basFreeLibrary@0
_basFreeLibraryExt@4
_basFreeMemArray@4
_basFreeMoveFolder@4
_basFreeScheduler@0
_basFreeStatement@4
_basFreeStorage@4
_basFriendlyTaskName@8
_basFullscreenAppRunning@0
_basGenerateExceptionReport@4
_basGenerateHash128@12
_basGetBaseLang@0
_basGetBinaryValue@16
_basGetCharacterSet@0
_basGetComputerName@0
_basGetConsoleCP@0
_basGetCurrentProductLicenseInfo@28
_basGetCustomerInfo@8
_basGetDWORDValue@12
_basGetDomainName@0
_basGetErrorString@12
_basGetErrorStringEx@20
_basGetErrorType@4
_basGetFileVersion@12
_basGetHomePage@8
_basGetIeVersion@8
_basGetIniPath@0
_basGetLanguage@0
_basGetLanguagePath@0
_basGetLicenseFile@8
_basGetLockData@12
_basGetMoveFolder@0
_basGetNetDomain@0
_basGetNetUser@0
_basGetOSVersion@4
_basGetOleServerFileNameFromClassId@12
_basGetOleServerVersion@12
_basGetPhysMemoryStatus@8
_basGetProcAddress@8
_basGetProductLicenseInfo@32
_basGetProfileInt@12
_basGetProfileString@20
_basGetProp@16
_basGetPropCount@4
_basGetRegistrationInfo@20
_basGetString@12
_basGetStringValue@16
_basGetTempFile@8
_basGetTypeDescription@12
_basHRESULT2DWORD@4
_basHex2DWORD@4
_basInitLibrary@4
_basInitLibraryExt@4
_basInitScheduler@0
_basInitThreadLocale@0
_basInitThreadLocaleExt@4
_basIsComponentInstalled@4
_basIsCurrCodePageRTL@0
_basIsEnoughColors@0
_basIsEventToLog@12
_basIsOS@4
_basIsOtherAVInstalled@4
_basIsScheduledBts@0
_basLoadLanguage@4
_basLoadStorage@0
_basLogEvent2@24
_basLogEvent@24
_basLogEventA@24
_basNetAlert@16
_basOSVersion2String@12
_basObtainLastServerAddress@4
_basObtainServerAddress@4
_basPlaySound@4
_basProductInfo@0
_basProductInfoFilesOnly@0
_basQuickSort@16
_basQuickSortParam@20
_basRegisterComDll@4
_basReinitLanguage@4
_basRemSchedulerEvent@4
_basRequestDemoLicenseFile@8
_basRequestUpgradeLicenseFile@8
_basResPwdCheck@4
_basResPwdClose@0
_basResPwdDeletePassword@0
_basResPwdFlagsGet@0
_basResPwdFlagsSet@4
_basResPwdIsEmpty@0
_basResPwdOpen@0
_basResPwdSet@4
_basScheduleBts@4
_basSendMAPIMail@24
_basSetLicenseFile@8
_basSetLogCategory@4
_basSetRegistrationInfo@28
_basSimpleCipher@12
_basStatus2String@16
_basStopThread@4
_basStoreBinaryValue@16
_basStoreDWORDValue@12
_basStoreLogEventDirect@16
_basStoreStringValue@12
_basString2Address@8
_basString2OSVersion@8
_basString2Time@8
_basString2Version@12
_basStringToSubmitPropertyArray@16
_basSubmitFile@32
_basSubmitPropertyArrayToString@16
_basTime2String@20
_basU2A@12
_basUnregisterComDll@4
_basUnscheduleBts@0
_basVPS2Label@28
_basVPSString2Version@12
_basValidatePath@8
_basVersion2String@16
_basWriteProfileString@12
_basWriteString@8
_base64_decode@12
_base64_encode@12
_base64_getlen@4
_licGetKeyExpiration@0
_licGetKeyExpirationSpecifyKey@4
_licLegalKey@4
_licUpgradeLicenseKeyToAvast5@0
_licValidateKey@12
_licValidateKeyOld@12
_licWriteToReg@4
_licWriteToRegEx@8
_notAddEvent@12
_notEvent@4
_notFree@0
_notInit@0
_notRemEvent@4
_smtpSendMail@4
_strDecode@12
_strEncode@12
_tcpAccept@12
_tcpClose@4
_tcpConnect@12
_tcpRecv@20
_tcpSend@16
_tskLaunchMirror@8
_tskSetMirrorParamsForMirror@20
_tskSetMirrorParamsForUpdater@12

Sections

.text
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec860245bf6e4f7e1d98c8a14353bdd9

Headers

File Characteristics

Imports

wsock32

version

aswengldr

shlwapi

kernel32

user32

gdi32

advapi32

shell32

msvcp90

aswcmnis

aswcmnos

aswcmnbs

msvcr90

Exports

Exports

Sections

.text Size: - Virtual size: 92KB

.rdata Size: - Virtual size: 35KB

.data Size: - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 1KB

.vmp0 Size: - Virtual size: 10KB

.vmp1 Size: - Virtual size: 14KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 159KB - Virtual size: 158KB

.reloc Size: 512B - Virtual size: 372B

.text
Size: - Virtual size: 92KB

.rdata
Size: - Virtual size: 35KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: - Virtual size: 10KB

.vmp1
Size: - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 159KB - Virtual size: 158KB

.reloc
Size: 512B - Virtual size: 372B