17ddec463af47fdaa93747ea8d678730_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17ddec463af47fdaa93747ea8d678730_JaffaCakes118
Size

141KB
MD5

17ddec463af47fdaa93747ea8d678730
SHA1

247b61c246fb163055966c2f7ac1b47f4085fd46
SHA256

24107c18d9e7e95c99cb4c1848d6ab9a791bc7b34fbc4cbbd9767911e0631e38
SHA512

6b64e2af891623d22fd6d26d7b0be1b1fb5b644c3fcacea92aa325e461facd301b6f3108f2226e29b8a859d7003ac8687d77a08feed162e3d75ec52422029682
SSDEEP

3072:YoFr+xRFikAE4rEUlj9X3o65YZODIFBPRXejIZr/fT:YUr+xRYkAECEUltY6uZODSBPRXVZr/fT

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msnpwd_setup_en.exe
unpack002/$_14326_/$_14326_/uninst.exe
unpack002/$_14326_/MSNRecord.exe
unpack002/$_14326_/msnhook.dll
unpack002/$_14326_/msnhook.exe
unpack002/$_14332_/InstallOptions.dll
unpack002/$_14332_/LangDLL.dll
unpack002/$_14332_/StartMenu.dll

Files

17ddec463af47fdaa93747ea8d678730_JaffaCakes118
.rar
msnpwd_setup_en.exe
.exe windows:4 windows x86 arch:x86

1ac3e2ca29bc84ed42cb8b3ed3ca59f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
FindNextFileA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetPrivateProfileStringA
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetWindowsDirectoryA

user32

SetWindowTextA
SetTimer
DestroyWindow
CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
CharPrevA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
ExitWindowsEx

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_14326_/$_14326_/uninst.exe
.exe windows:4 windows x86 arch:x86

1ac3e2ca29bc84ed42cb8b3ed3ca59f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
FindNextFileA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetPrivateProfileStringA
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetWindowsDirectoryA

user32

SetWindowTextA
SetTimer
DestroyWindow
CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
CharPrevA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
ExitWindowsEx

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_14326_/MSNRecord.exe
.exe windows:4 windows x86 arch:x86

82e5b18cf8be848538bb05ab4b806f75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord1089
ord3922
ord3346
ord5302
ord2725
ord4079
ord4698
ord5300
ord5307
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord5289
ord3830
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord609
ord800
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord3831
ord2512
ord5731
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord825
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord860
ord540
ord567
ord2370
ord2302
ord6334
ord2642
ord537
ord4160
ord2863
ord2379
ord755
ord470
ord6375
ord4274
ord4673
ord2554
ord4486
ord2385
ord4407
ord5241
ord2124
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_initterm
_controlfp
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__getmainargs
strrchr
__CxxFrameHandler
_mbscmp
_setmbcp

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
GetSystemMetrics
IsIconic
SendMessageA
EnableWindow
LoadIconA

advapi32

RegDeleteValueA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_14326_/msnhook.dll
.dll windows:4 windows x86 arch:x86

1d0be7071424d48afd7f45356abc830a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
GlobalFindAtomA
GlobalAddAtomA
GetFileSize
FreeLibrary
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GlobalGetAtomNameA
GetOEMCP
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
SetHandleCount
GetStdHandle
RtlUnwind
GetStartupInfoA
GetCommandLineA
SetLastError
InitializeCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
GetFileAttributesA
GetModuleHandleA
WritePrivateProfileStringA
GlobalFlags
SetErrorMode
GetVersion
lstrcatA
TlsSetValue
TlsGetValue
LocalReAlloc
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
GlobalUnlock
TlsFree
GlobalHandle
TlsAlloc
GlobalFree
DeleteCriticalSection
FreeEnvironmentStringsA
LocalAlloc
CreateToolhelp32Snapshot
Process32First
FreeEnvironmentStringsW
CloseHandle
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
lstrlenA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
Process32Next

user32

ShowWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
SetWindowLongA
SetWindowPos
SetFocus
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
GetSystemMetrics
CharUpperA
wsprintfA
PostMessageA
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExA
GetDlgItem
CallNextHookEx
GetForegroundWindow
SendMessageA
GetAsyncKeyState
GetKeyNameTextA
GetGUIThreadInfo
CheckMenuItem
EnableMenuItem
GetMenuState

gdi32

CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
DeleteObject
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

comctl32

ord17

Exports

Exports

?GetQQ@@YAKPAK@Z
?UnHook@@YAHXZ
?b_Focus@@YAHXZ
KeyboardProc
installhook

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_14326_/msnhook.exe
.exe windows:4 windows x86 arch:x86

7e81f1eb1e61113e96040d3a5f91a1d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4465
ord3136
ord3262
ord2985
ord3081
ord3259
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord825
ord2302
ord4234
ord656
ord755
ord470
ord2982
ord3147
ord3619
ord6055
ord1776
ord3571
ord4424
ord3721
ord795
ord1146
ord1168
ord567
ord3663
ord3626
ord2414
ord4275
ord3573
ord3693
ord640
ord800
ord4133
ord4297
ord3874
ord540
ord5787
ord5788
ord4710
ord5290
ord1640
ord323
ord5789
ord2860
ord5875
ord6172
ord2864
ord2446
ord5277
ord3402
ord3610
ord4224
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord5265
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord537
ord6215
ord823
ord1200
ord2621
ord1134
ord2086
ord668
ord2770
ord356
ord4160
ord2863
ord860
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord2124
ord5065
ord5261
ord1727
ord3797
ord3749
ord2379
ord1641
ord6021
ord2725
ord1576

msvcrt

_setmbcp
_except_handler3
__set_app_type
__p__fmode
_controlfp
_exit
strrchr
_ftol
strncpy
__dllonexit
_onexit
__p__commode
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__CxxFrameHandler

kernel32

GetProcAddress
GetPrivateProfileStringA
CreateFileA
WritePrivateProfileStringA
GetModuleHandleA
GetStartupInfoA
LoadLibraryA
GetModuleFileNameA

user32

RedrawWindow
SetPropA
GetSystemMenu
AppendMenuA
SetTimer
LoadIconA
GetPropA
EnumWindows
DrawIcon
PtInRect
ReleaseCapture
SetCapture
SetCursor
SetWindowLongA
GetParent
SendMessageA
GetClientRect
InflateRect
LoadCursorA
EnableWindow
GetSystemMetrics
IsIconic

gdi32

Rectangle
BitBlt
CreatePen
CreateSolidBrush
SelectObject
GetTextMetricsA
GetObjectA
StretchBlt
GetMapMode
CreateCompatibleDC

advapi32

RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_14332_/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

ebfc0bc7d226ec6fb5ab7d8c8c18d0d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
lstrcatA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileIntA
WritePrivateProfileStringA
MultiByteToWideChar
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
MulDiv
lstrcpynA

user32

GetDlgCtrlID
GetKeyState
SetCursor
SetWindowLongA
DrawFocusRect
GetDC
ScreenToClient
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
GetWindowLongA
LoadCursorA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
SetWindowPos
CallWindowProcA
PostMessageA
wsprintfA
MessageBoxA
SetFocus
SendMessageA
GetWindowTextA
SetWindowTextA
DestroyIcon
FillRect
DestroyWindow
LoadIconA
LoadImageA
CreateWindowExA

gdi32

SetTextColor
SetBkColor
SetBkMode
DeleteDC
GetTextExtentPoint32A
GetTextMetricsA
SelectObject
CreateCompatibleDC
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

shell32

SHGetMalloc
ShellExecuteA
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_14332_/LangDLL.dll
.dll windows:4 windows x86 arch:x86

1e399d86888d10912a9ca197fc02abd8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
lstrlenA
lstrcpynA
GetModuleHandleA
lstrcmpA
GlobalAlloc
GlobalFree
lstrcpyA

user32

DialogBoxParamA
SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
LoadIconA
GetDC
ShowWindow
EndDialog
SendMessageA

gdi32

CreateFontIndirectA
DeleteObject
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_14332_/StartMenu.dll
.dll windows:4 windows x86 arch:x86

fc81e27ab736925b73283f00b2e36d03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetModuleHandleA
lstrcatA
lstrcpynA
FindNextFileA
FindFirstFileA
GlobalFree
lstrcmpiA
FindClose
lstrcpyA

user32

IsDialogMessageA
SetWindowLongA
CreateDialogParamA
GetDlgItem
PostMessageA
GetMessageA
SetFocus
ShowWindow
CheckDlgButton
GetClientRect
LoadIconA
GetWindowLongA
SetWindowPos
ScreenToClient
GetWindowRect
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
TranslateMessage
DispatchMessageA
DestroyWindow
CallWindowProcA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

Select

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_14332_/ioSpecial.ini
$_14332_/modern-header.bmp
$_14332_/modern-wizard.bmp
readme.txt

Sharing

General

Malware Config

Signatures

Files

1ac3e2ca29bc84ed42cb8b3ed3ca59f7

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 119KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 7KB - Virtual size: 8KB

1ac3e2ca29bc84ed42cb8b3ed3ca59f7

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 119KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 7KB - Virtual size: 8KB

82e5b18cf8be848538bb05ab4b806f75

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 720B

.rsrc Size: 28KB - Virtual size: 24KB

1d0be7071424d48afd7f45356abc830a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 27KB

.SHARDAT Size: 4KB - Virtual size: 4B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 12KB - Virtual size: 10KB

7e81f1eb1e61113e96040d3a5f91a1d7

Headers

File Characteristics

Imports

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 119KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 119KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 720B

.rsrc
Size: 28KB - Virtual size: 24KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 27KB

.SHARDAT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 262B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 440B