26b2410f81add21f9325da7bfe12cf07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26b2410f81add21f9325da7bfe12cf07_JaffaCakes118
Size

266KB
MD5

26b2410f81add21f9325da7bfe12cf07
SHA1

93d9d8f9260505b1a5ac56e9104a6100123df46e
SHA256

c50a1b0779f3b59a0f041c3ec1a1b845bff37222a1e5d3961c7c3d7fc3e3d0c6
SHA512

f0090355eb19fbc9c72f79165c21451b4020115503201e28cd86993bf848dd117b344e8f6d5aede0af0943c3d679c566efaa50fb2bd5a63d21a00e1965d20b83
SSDEEP

6144:kH7K/qHUrLGayuPq8qvNVw4ypwtQIPF6fOMHT9wqiV6abOR:6OSayiwUwtQINUOMe3OR

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack001/bpk.exe
unpack001/bpkhk.dll
unpack001/bpkun.exe
unpack001/bpkvw.exe

Files

26b2410f81add21f9325da7bfe12cf07_JaffaCakes118
.rar
Setup.exe
.exe windows:4 windows x86 arch:x86

2c23711ab12498bf5797d5eabb08f871

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
lstrlenA
CreateDirectoryA
LoadLibraryA
FreeLibrary
lstrcpyA
lstrcatA
CopyFileA
GetLastError
FormatMessageA
LocalFree
FindResourceA
LoadResource
LockResource
FreeResource
MultiByteToWideChar
CreateFileA
GetSystemTime
SystemTimeToFileTime
SetFileTime
CloseHandle
GetCurrentProcessId
lstrcmpiA
lstrcmpA
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
GetVersionExA
GetStartupInfoA

user32

DrawTextA
MapWindowPoints
CharLowerA
ScreenToClient
GetDesktopWindow
PtInRect
MoveWindow
SetTimer
PostMessageA
KillTimer
IsWindow
GetActiveWindow
MessageBoxA
LoadIconA
FindWindowA
GetWindowThreadProcessId
GetClientRect
SetWindowLongA
UpdateWindow
GetWindowDC
GetSysColor
InflateRect
ReleaseDC
GetDlgItem
CreateWindowExA
SetWindowPos
GetClassNameA
GetWindowLongA
RegisterClassExA
GetSystemMetrics
GetMessageA
TranslateMessage
WindowFromPoint
DispatchMessageA
DefWindowProcA
BeginPaint
GetWindowRect
GetSystemMenu
SendMessageA
ShowWindow
AppendMenuA
DestroyWindow
CheckDlgButton
LoadCursorA
SetClassLongA
EnableWindow
GetWindowTextA
CheckRadioButton
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
PostQuitMessage
EndDialog
wsprintfA
SetDlgItemTextA
IsDlgButtonChecked
GetCursorPos
InvalidateRect
GetParent
EndPaint

gdi32

CreateCompatibleBitmap
CreateFontIndirectA
GetObjectA
GetStockObject
TextOutA
CreateCompatibleDC
LineTo
MoveToEx
CreatePen
SetBkMode
GetTextExtentPoint32A
SelectObject
BitBlt
GetPixel
SetPixel
SetTextColor
DeleteDC
DeleteObject

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoCreateInstance
CoInitialize

comctl32

PropertySheetA

msvcrt

_except_handler3
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
atoi
_ftol
fopen
fwrite
fclose
__p___argv
memset
_controlfp
__set_app_type

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bpk.exe
.exe windows:4 windows x86 arch:x86

4dc9b0b4e019be52f23cc9a3c195910d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpPutFileA
InternetConnectA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle

mfc42

ord4133
ord4297
ord5788
ord5875
ord6880
ord4123
ord4376
ord4853
ord5280
ord3597
ord641
ord324
ord2370
ord2301
ord4234
ord3092
ord5953
ord1783
ord3098
ord2642
ord2363
ord6334
ord2587
ord4406
ord3394
ord3729
ord804
ord6215
ord6197
ord2086
ord6785
ord940
ord941
ord5856
ord4202
ord4204
ord1862
ord3619
ord4220
ord2584
ord3654
ord2438
ord816
ord5789
ord562
ord2450
ord2971
ord4083
ord2863
ord5787
ord283
ord2763
ord5710
ord539
ord923
ord861
ord6877
ord6199
ord3811
ord926
ord1200
ord2818
ord1929
ord3402
ord3721
ord556
ord3797
ord2379
ord3812
ord3874
ord6358
ord1088
ord2122
ord6453
ord2431
ord1168
ord3573
ord3398
ord3733
ord772
ord810
ord6142
ord500
ord5278
ord3495
ord3813
ord5860
ord1233
ord4299
ord2645
ord3089
ord4476
ord5450
ord6394
ord2841
ord2107
ord755
ord6172
ord470
ord1816
ord326
ord4271
ord3693
ord3301
ord3742
ord818
ord1232
ord3180
ord1979
ord922
ord3337
ord6385
ord3790
ord5442
ord2393
ord3318
ord541
ord801
ord2820
ord1105
ord2243
ord1199
ord6270
ord1644
ord3095
ord3097
ord5951
ord4224
ord4287
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord489
ord4258
ord925
ord536
ord1908
ord4715
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord4259
ord4976
ord3876
ord686
ord384
ord2646
ord2862
ord2096
ord6905
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord5943
ord1247
ord610
ord6139
ord287
ord5857
ord5602
ord798
ord1997
ord6392
ord5194
ord533
ord2060
ord4774
ord1176
ord551
ord6673
ord3920
ord6407
ord5465
ord548
ord6779
ord6907
ord6646
ord6111
ord3873
ord323
ord1640
ord640
ord6241
ord4275
ord609
ord4396
ord1795
ord538
ord2764
ord4129
ord858
ord6663
ord4278
ord5683
ord4277
ord1175
ord4055
ord3302
ord5981
ord4710
ord3996
ord3998
ord1779
ord2302
ord809
ord795
ord693
ord567
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord3640
ord4424
ord3370
ord5290
ord4402
ord1776
ord6055
ord2582
ord1832
ord909
ord2614
ord5628
ord537
ord924
ord939
ord4185
ord696
ord394
ord532
ord5440
ord273
ord1969
ord603
ord354
ord350
ord540
ord860
ord5186
ord958
ord665
ord3616
ord3127
ord5651
ord6383
ord1264
ord2864
ord2859
ord2860
ord5791
ord5785
ord3571
ord1146
ord2414
ord3626
ord3692
ord1641
ord6571
ord1871
ord823
ord268
ord1567
ord825
ord535
ord800
ord3663
ord2297
ord1576

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
getenv
strrchr
atoi
_ftol
time
difftime
fabs
floor
strcat
srand
__p__fmode
_stricmp
fopen
fwrite
fclose
strchr
memmove
strncpy
setlocale
isspace
_splitpath
_makepath
strcpy
_strlwr
strstr
wcscmp
strcmp
strncmp
malloc
free
sscanf
strlen
sprintf
_purecall
_CxxThrowException
memcpy
memset
__CxxFrameHandler
__set_app_type
rand
_itoa
wcslen
_setmbcp
_controlfp

kernel32

CloseHandle
FlushViewOfFile
ReleaseMutex
WaitForSingleObject
CreateFileMappingA
MapViewOfFile
CreateMutexA
CreateFileA
DeviceIoControl
GetFileSize
MulDiv
lstrlenA
lstrcmpA
lstrcpynA
GlobalReAlloc
GlobalHandle
UnmapViewOfFile
LoadResource
LockResource
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
FindFirstFileA
GetComputerNameA
GetDateFormatA
GetTimeFormatA
GetVersionExA
OpenProcess
GetCurrentThreadId
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
SetCurrentDirectoryA
SetFileTime
GetSystemTime
GetStartupInfoA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcpyA
ReadFile
WriteFile
lstrcmpiA
DeleteFileA
GetTimeZoneInformation
SetLastError
Sleep
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
CreateProcessA
lstrcatA
EnumResourceNamesA
CopyFileA
GetTempFileNameA
GetTempPathA
LocalFree
FormatMessageA
GetLastError
SizeofResource
RemoveDirectoryA
MoveFileA
CreateDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExpandEnvironmentStringsA
GetCurrentProcessId
FindClose
FindResourceA
FindNextFileA

user32

GetDlgItemInt
GetDlgItemTextA
MessageBoxA
SetForegroundWindow
FindWindowA
GetWindowTextA
SetClipboardViewer
PostQuitMessage
ChangeClipboardChain
SetMenuDefaultItem
EnableMenuItem
wsprintfA
RegisterHotKey
UnregisterHotKey
LoadImageA
FillRect
DrawTextA
PtInRect
CharLowerA
GetWindowThreadProcessId
AttachThreadInput
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
IsWindowUnicode
LoadStringA
CharUpperBuffA
RedrawWindow
SetWindowLongA
InvalidateRect
MessageBeep
GetDlgCtrlID
DdeFreeStringHandle
IsWindowVisible
GetClassNameA
SendMessageTimeoutA
IsWindow
RegisterWindowMessageA
FindWindowExA
DestroyIcon
AppendMenuA
GetMenuItemCount
GetMenuItemInfoA
GetSubMenu
DrawFrameControl
OffsetRect
DrawIconEx
DrawEdge
GetSystemMetrics
SystemParametersInfoA
GetKeyboardLayout
MapVirtualKeyExA
MapVirtualKeyA
GetKeyNameTextA
EnumChildWindows
GetWindowLongA
IsDlgButtonChecked
GetForegroundWindow
PostMessageA
DdeClientTransaction
DdeGetData
GetSysColor
GetCursorPos
WindowFromPoint
GetCapture
GetWindowRect
GetFocus
InflateRect
CopyRect
DrawFocusRect
SetTimer
GetParent
GetWindowTextLengthA
GetNextDlgTabItem
SetFocus
GetDlgItem
CreatePopupMenu
CheckMenuItem
DdeCreateStringHandleA
GetKeyboardLayoutList
DdeConnect
SendMessageA
EnableWindow
GetDesktopWindow
GetDC
ReleaseDC
DdeFreeDataHandle
DdeDisconnect
DdeInitializeA
DdeUninitialize
KillTimer
DefWindowProcA
IsChild
LoadIconA
SetCursor
LoadCursorA
GetKeyboardLayoutNameA
GetClientRect

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreatePen
CreateFontIndirectA
Rectangle
GetTextColor
CreateFontA
GetDIBits
CreateCompatibleBitmap
GetTextExtentPoint32A
CreateSolidBrush
SetTextColor
SetBkMode
DeleteDC
CreateDCA
GetStockObject
GetPaletteEntries
GetObjectA
CreateDIBitmap
CreatePalette
RealizePalette
PatBlt
DeleteObject
CreateBitmap

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
GetUserNameA
RegOpenKeyExA

shell32

Shell_NotifyIconA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
ShellExecuteA
ExtractIconExA

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_ReplaceIcon
InitCommonControlsEx

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoFreeUnusedLibraries

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString

urlmon

URLDownloadToFileA

wsock32

send
recv
closesocket
select
connect
WSACleanup
ntohl
WSAStartup
htons
ioctlsocket
gethostbyname
bind
WSASetLastError
socket
gethostname

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

Sections

.text
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bpkhk.dll
.dll windows:4 windows x86 arch:x86

def382fce05e627103853ec619735b26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
GetSystemInfo
GetProcAddress
WriteProcessMemory
GetCurrentProcess
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
WideCharToMultiByte
GetTickCount
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetDesktopWindow
CallNextHookEx
GetKeyboardLayout
GetWindowLongA
GetClassNameA
GetKeyState
GetWindowThreadProcessId
ToAsciiEx
GetFocus
PostMessageA
IsWindow
SendMessageA
GetKeyboardState

msvcrt

_onexit
_adjust_fdiv
malloc
_initterm
free
__dllonexit

Exports

Exports

DLL_GetProjectVersion
EnableAltInterception
EnableDiaryTracking
EnableNTInvisible
EnablePreHandle
EnableSpecialKeysLogging
SetHook

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 566B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bpkun.exe
.exe windows:4 windows x86 arch:x86

80ec214595c9b428954dc1a71cbc9329

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
GetTempPathA
CreateProcessA
lstrcmpA
DeleteFileA
RemoveDirectoryA
lstrlenA
lstrcatA
lstrcpyA
GetModuleFileNameA
SetCurrentDirectoryA
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
GetProcAddress
Sleep
GetVersionExA
GetStartupInfoA

user32

TranslateMessage
DispatchMessageA
IsWindowVisible
KillTimer
SetDlgItemTextA
GetDlgItem
SetWindowLongA
DestroyWindow
LoadIconA
SetClassLongA
SetTimer
PostQuitMessage
ShowWindow
LoadCursorA
RegisterClassExA
DefWindowProcA
PtInRect
GetCursorPos
MessageBoxA
InvalidateRect
BeginPaint
IsDialogMessageA
GetDesktopWindow
GetWindowDC
ReleaseDC
GetParent
ScreenToClient
MoveWindow
CharLowerA
GetWindowLongA
GetWindowRect
MapWindowPoints
DrawTextA
GetWindowTextA
FindWindowA
PostMessageA
CreateDialogParamA
SetForegroundWindow
EnableWindow
GetMessageA
EndPaint

gdi32

GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
DeleteObject
SetBkMode
SetTextColor

advapi32

RegOpenKeyA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA

shell32

SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
atoi
__p___argc
__p___argv
memset
strrchr

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bpkvw.exe
.exe .js windows:4 windows x86 arch:x86 polyglot

010cc88a96713cb70826cf90a500df6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord3663
ord641
ord940
ord860
ord1641
ord1146
ord567
ord324
ord2135
ord3626
ord2414
ord818
ord2302
ord4234
ord1783
ord3092
ord4710
ord2379
ord755
ord470
ord2817
ord926
ord6877
ord858
ord539
ord4202
ord2818
ord548
ord6199
ord939
ord6929
ord535
ord823
ord1200
ord5651
ord3127
ord3616
ord665
ord1979
ord6385
ord5186
ord350
ord4407
ord6779
ord2764
ord2688
ord4055
ord6673
ord923
ord551
ord536
ord5683
ord1779
ord798
ord2614
ord1997
ord5465
ord3318
ord5194
ord533
ord941
ord538
ord5981
ord5450
ord6394
ord5440
ord6383
ord4277
ord4278
ord6663
ord4129
ord1795
ord4396
ord609
ord4275
ord6241
ord640
ord1640
ord323
ord3873
ord2859
ord3693
ord4133
ord4297
ord5788
ord5875
ord6880
ord4123
ord1871
ord4204
ord5856
ord6172
ord3874
ord5789
ord2864
ord5785
ord816
ord562
ord5787
ord283
ord2860
ord1949
ord4034
ord1775
ord4078
ord6052
ord4998
ord4853
ord4376
ord5265
ord3619
ord3402
ord5290
ord1776
ord6055
ord1168
ord540
ord537
ord924
ord922
ord1205
ord1134
ord5943
ord2514
ord800
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord354
ord4274
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p___argv
__p___argc
memset
__CxxFrameHandler
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException
wcslen
strrchr
sscanf
strchr
memcpy
free
malloc
strlen
strcmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp

kernel32

lstrcpynA
FindNextFileA
lstrlenA
DeleteFileA
MoveFileA
lstrcpyA
lstrcatA
InterlockedDecrement
GetModuleFileNameA
CopyFileA
FindClose
CreateMutexA
GetLastError
lstrcmpiA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetDateFormatA
GetTimeFormatA
LockResource
LoadResource
SizeofResource
FindResourceA
lstrcmpA
MulDiv
GetFileSize
DeviceIoControl
CreateFileA
MapViewOfFile
CreateFileMappingA
WaitForSingleObject
ReleaseMutex
FlushViewOfFile
FindFirstFileA
UnmapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
LocalFree
CloseHandle

user32

keybd_event
EnableWindow
wsprintfA
IsWindow
GetWindowRect
MapWindowPoints
SetWindowPos
SetTimer
IsWindowEnabled
OffsetRect
InvalidateRect
GetParent
DrawIcon
GetSystemMetrics
LoadImageA
DrawFocusRect
CopyRect
InflateRect
CharUpperBuffA
GetDlgItem
GetClientRect
GetSysColor
GetCursorPos
WindowFromPoint
GetCapture
LoadCursorA
SetClassLongA
LoadIconA
FindWindowA
SendMessageA
LoadStringA
GetDesktopWindow
MessageBoxA
GetDC
GetFocus
IsIconic
ReleaseDC

gdi32

CreateCompatibleBitmap
CreateFontA
CreatePen
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
CreateDIBitmap
GetStockObject
GetObjectA
CreateFontIndirectA
PatBlt

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

InitCommonControlsEx

ole32

CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license.txt

Sharing

General

Malware Config

Signatures

Files

2c23711ab12498bf5797d5eabb08f871

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

msvcrt

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 26KB

4dc9b0b4e019be52f23cc9a3c195910d

Headers

File Characteristics

Imports

wininet

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

wsock32

msvcp60

rpcrt4

Sections

.text Size: 268KB - Virtual size: 265KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 84KB - Virtual size: 83KB

def382fce05e627103853ec619735b26

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 584B

.shared Size: 4KB - Virtual size: 84B

.reloc Size: 4KB - Virtual size: 566B

80ec214595c9b428954dc1a71cbc9329

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 24KB - Virtual size: 22KB

010cc88a96713cb70826cf90a500df6c

Headers

File Characteristics

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 268KB - Virtual size: 265KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 84KB - Virtual size: 83KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 584B

.shared
Size: 4KB - Virtual size: 84B

.reloc
Size: 4KB - Virtual size: 566B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 24KB - Virtual size: 22KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 44KB - Virtual size: 40KB