28f84cef2ca4ac51657b09e338cf3762_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28f84cef2ca4ac51657b09e338cf3762_JaffaCakes118
Size

856KB
MD5

28f84cef2ca4ac51657b09e338cf3762
SHA1

3d73e0e112dd800074699896f28241f999173ced
SHA256

1e21ee4447777441aaf76079ad853ee92ce532b502e55c7cc2e89e11ed70b5fc
SHA512

03a8413da1064f05282fa2bc3af09112174be8b250b3a15426756bfbf9182ab1669c535f4e7188503f44ebce7050b74cbdc66eac4151633722f9cf9641070847
SSDEEP

24576:/MY98cmD1lYCIsuAGnJLyC9033YNqlfkcb:0+yDT6lJLyCmKykQ

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
28f84cef2ca4ac51657b09e338cf3762_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/nsRandom.dll
unpack002/out.upx
unpack001/the.exe
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

28f84cef2ca4ac51657b09e338cf3762_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/SharedAccount/Config/Config.ini
$0/SharedAccount/Config/MxSpeedDial/SpeedDial.ini
$0/SharedAccount/Config/ui.xml
.xml
$0/SharedAccount/data/Dynamic.ini
$0/SharedAccount/data/a1dc23.ini
$0/SharedAccount/data/history2.dat
$0/SharedAccount/data/mbookmark.xml
$0/config/ss.dat
$0/template/page/unsafe/pg_unsafe.htm
.html
$APPDATA/SogouExplorer/CommCfg.xml
.xml
$APPDATA/SogouExplorer/Config.xml
.xml
$APPDATA/SogouExplorer/Favorite2.dat
$APPDATA/SogouExplorer/HistoryUrl.db
$APPDATA/SogouExplorer/Misc.db
$APPDATA/SogouExplorer/Openpage.xml
.xml
$APPDATA/SogouExplorer/UserId.enc
$APPDATA/SogouExplorer/configlocal.xml
.xml
$APPDATA/Tencent/TencentTraveler/100/TtConf.dat
$FAVORITES/favorder3.dat
$FAVORITES//favorder3.dat
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TheWorld.exe
.exe windows:4 windows x86 arch:x86

529e31f77e52cbf0a3f800a64416df7b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite
midiStreamClose
midiStreamOut

ws2_32

recv
WSARecv
WSAGetLastError
connect
closesocket
send

imm32

ImmNotifyIME
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetLongPathNameW
WriteProcessMemory
ReadProcessMemory
VirtualProtect
lstrcmpW
SearchPathW
LoadLibraryA
CreateThread
TlsGetValue
CreateProcessW
GetModuleHandleW
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
HeapDestroy
ReadFile
GetFileSize
TlsSetValue
DeviceIoControl
OpenProcess
GlobalFree
LockResource
SizeofResource
LoadResource
FindResourceW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetProcessHeap
LocalFree
TerminateThread
GetExitCodeThread
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
SetEndOfFile
SetFilePointer
GetFileTime
WriteFile
TlsFree
TlsAlloc
GetFileAttributesW
GetSystemDefaultLangID
GetUserDefaultLangID
EnumResourceLanguagesW
GetVersion
FreeResource
LocalAlloc
SetProcessWorkingSetSize
LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
CreateSemaphoreW
ReleaseSemaphore
FlushInstructionCache
FindFirstChangeNotificationW
CreateEventW
SetEvent
ResetEvent
lstrcmpiW
GetPrivateProfileIntW
SetFileAttributesW
LoadLibraryW
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
GetTempFileNameW
VirtualAlloc
VirtualFree
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
SetLastError
SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
InterlockedCompareExchange
SetFileTime
GetLastError
WaitForMultipleObjects
FindNextChangeNotification
GetDiskFreeSpaceExW
CreateDirectoryW
InterlockedDecrement
lstrlenW
FindClose
FindNextFileW
WritePrivateProfileStringW
GetShortPathNameW
GetPrivateProfileStringW
FindFirstFileW
GetModuleFileNameW
CloseHandle
DeleteFileW
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
lstrlenA
MultiByteToWideChar
FindCloseChangeNotification
GetTickCount
GetTempPathW
lstrcatW
GetLocaleInfoW
WaitForSingleObject
CopyFileW
RemoveDirectoryW
CreateMutexW
ReleaseMutex
GetSystemDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
MoveFileW
ExpandEnvironmentStringsW
CreateFileW
SystemTimeToFileTime
GetSystemTime
GetVersionExW
GetCommandLineW
VirtualQuery
SetUnhandledExceptionFilter
SetErrorMode
TerminateProcess

user32

GetMenuInfo
PostQuitMessage
IsMenu
GetMenuStringW
GetMenuItemID
keybd_event
MapVirtualKeyW
CheckMenuRadioItem
SubtractRect
EndMenu
IsChild
EnumChildWindows
IntersectRect
RemoveMenu
SetCursorPos
DialogBoxParamW
LoadImageW
SetWindowPos
GetWindowRect
ShowWindow
SetWindowLongW
GetDlgItem
LoadStringW
SendMessageW
SetWindowTextW
GetWindowTextW
PostMessageW
EndDialog
SetFocus
MessageBoxW
IsIconic
UnhookWindowsHookEx
IsWindowVisible
SetPropW
RemovePropW
ScreenToClient
GetPropW
CheckDlgButton
EnableWindow
CreateWindowExW
IsWindow
InflateRect
CopyRect
SetWindowsHookExW
CallNextHookEx
MenuItemFromPoint
SystemParametersInfoW
SetParent
SetActiveWindow
CopyIcon
DrawIconEx
MoveWindow
RegisterClassExW
CopyImage
GetForegroundWindow
DestroyIcon
CloseClipboard
GetClientRect
EndPaint
GetSysColor
IsDlgButtonChecked
DrawEdge
DrawTextW
FillRect
BeginPaint
DestroyWindow
SetForegroundWindow
GetParent
DefWindowProcW
ReleaseDC
GetDC
OffsetRect
CallWindowProcW
GetWindowLongW
GetComboBoxInfo
PtInRect
GetCursorPos
GetKeyState
InvalidateRect
GetWindowTextLengthW
GetSystemMetrics
RegisterClipboardFormatW
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
GetAsyncKeyState
SetCursor
LoadCursorW
CharNextW
DrawIcon
LoadIconW
MapWindowPoints
GetDesktopWindow
SetDlgItemTextW
IsZoomed
SetWindowRgn
SetClipboardData
EmptyClipboard
OpenClipboard
WindowFromPoint
InsertMenuW
IsWindowEnabled
GetKeyboardLayoutNameW
LoadKeyboardLayoutW
LoadAcceleratorsW
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
CopyAcceleratorTableW
GetKeyNameTextW
GetClipboardData
GetMonitorInfoW
MonitorFromWindow
SetRect
RegisterHotKey
UnregisterHotKey
GetWindow
SetRectEmpty
TrackPopupMenu
TrackPopupMenuEx
GetWindowDC
GetMenuState
EqualRect
GetGUIThreadInfo
GetSystemMenu
GetMenuItemInfoW
SetMenuInfo
GetMenuItemCount
CheckMenuItem
GetSysColorBrush
DestroyMenu
FindWindowW
GetWindowPlacement
SetWindowPlacement
TrackMouseEvent
UpdateWindow
RegisterWindowMessageW
GetWindowModuleFileNameW
SetWindowLongA
SetMenuItemInfoW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
GetMenu
SendMessageTimeoutW
EnumThreadWindows
GetClassNameW
GetMessagePos
SetCapture
ReleaseCapture
ShowCursor
KillTimer
ClientToScreen
SetTimer
RedrawWindow
GetFocus
DeleteMenu
GetAncestor
CreatePopupMenu
InsertMenuItemW
GetDlgItemTextW
LoadBitmapW
PeekMessageW
TranslateMessage
DispatchMessageW
CharUpperW
DdeGetData
DdeFreeDataHandle
DdeQueryStringW
DdeFreeStringHandle
DdeUninitialize
DdeInitializeW
DdeCreateStringHandleW
DdeNameService
GetMessageW
PostThreadMessageW
CharLowerW

gdi32

CreateRectRgnIndirect
FillRgn
GetDIBits
CreateDIBSection
MoveToEx
LineTo
CreateRoundRectRgn
CombineRgn
CreateRectRgn
SelectClipRgn
GetObjectW
GetTextMetricsW
SetBkColor
CreatePen
CreateCompatibleDC
CreateFontIndirectW
CreateCompatibleBitmap
BitBlt
DeleteDC
CreatePatternBrush
Rectangle
EnumFontsW
GetStockObject
SetTextColor
SetBkMode
SelectObject
CreateSolidBrush
DeleteObject

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyW
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
CopySid
SetSecurityDescriptorDacl

shell32

ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
DoEnvironmentSubstW
SHChangeNotify
SHFreeNameMappings
SHAppBarMessage
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragQueryFileW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

OleUninitialize
CoCreateGuid
CoGetInterfaceAndReleaseStream
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoGetMalloc
DoDragDrop
CoInitialize
CoCreateInstance
OleDraw
OleInitialize
RevokeDragDrop
OleDuplicateData
CreateStreamOnHGlobal
CLSIDFromProgID
OleSetContainedObject
CoMarshalInterThreadInterfaceInStream
OleRun
CoTaskMemAlloc
OleCreate

oleaut32

SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen

wininet

HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW
FtpOpenFileW
InternetWriteFile
InternetGetLastResponseInfoW
FtpCommandW
InternetQueryOptionW
InternetSetOptionW
InternetCanonicalizeUrlW
FtpGetFileSize
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetSetOptionA
DeleteUrlCacheEntryA
HttpAddRequestHeadersA
InternetConnectA
CommitUrlCacheEntryA
HttpOpenRequestA
DeleteUrlCacheEntryW
InternetCrackUrlW
GetUrlCacheEntryInfoW
CommitUrlCacheEntryW
CreateUrlCacheEntryW
HttpQueryInfoW
InternetGetConnectedState
FindFirstUrlCacheEntryW

dsound

ord1

shlwapi

StrStrIA
PathMatchSpecA
UrlCanonicalizeW
PathFileExistsW
PathRemoveFileSpecW
SHEnumKeyExW
StrCpyNW
StrCmpW
PathIsUNCW
UrlIsW
SHQueryInfoKeyW
StrRetToBufW
SHDeleteValueW
SHDeleteKeyW
SHSetValueW
UrlGetPartW
SHAutoComplete
PathIsRootW
PathFindFileNameW
UrlCombineW
PathMatchSpecW
UrlIsOpaqueW
StrStrIW
PathCombineW
PathFindExtensionW
PathGetDriveNumberW
PathIsDirectoryW
PathIsURLW
SHGetValueW
SHEnumValueW
PathFindFileNameA

msvcrt

swscanf
fseek
ftell
fread
_wtol
_ltow
malloc
free
_wfopen
fwprintf
fclose
iswdigit
swprintf
vswprintf
wcsncmp
_ftol
_wtoi
_except_handler3
wcscat
_snprintf
_itow
wcschr
time
_wcsnicmp
_beginthreadex
memmove
wcscmp
_wcsicmp
wcsstr
??2@YAPAXI@Z
wcsrchr
wcsncpy
wcscpy
_snwprintf
wcslen
wcspbrk
__CxxFrameHandler
gmtime
wcsftime
localtime
_ui64tow
_wtoi64
_i64tow
wcsncat
fopen
fwrite
_purecall
mktime
fputs
strrchr
strncpy
strchr
iswspace
wcstod
realloc
strpbrk
strstr
sscanf
iswlower
atoi
sprintf
_strlwr
strncat
_CIpow
strncmp
_atoi64
fputws
wcstok
exit
scanf
printf
isalnum
toupper
towlower
towupper
_ismbslead
fprintf
_strnicmp
fgets
rewind
memset
memcpy
_CxxThrowException
__dllonexit
_onexit
_stricmp
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
_wstrtime

urlmon

ObtainUserAgentString
CoInternetGetSession
CoInternetCombineUrl
CoGetClassObjectFromURL
RegisterBindStatusCallback
RevokeBindStatusCallback

netapi32

Netbios

gdiplus

GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipSetInterpolationMode
GdipCreateFromHDC
GdipFree
GdipDisposeImage
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdiplusStartup
GdipAlloc
GdipLoadImageFromStream
GdipGetImageHeight
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipGetImageWidth

wintrust

WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext

comctl32

ImageList_DragEnter
ImageList_BeginDrag
ImageList_GetIconSize
ord16
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Duplicate
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Create
ImageList_Remove
ImageList_Destroy
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_Add
ImageList_SetBkColor
ImageList_Draw

Sections

.text
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TheWorld.ini
the.exe
.exe windows:4 windows x86 arch:x86

fdd7a230ce5d1e478b7ec6259ea79f2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
SetStdHandle
GetFileType
RaiseException
GetACP
HeapSize
HeapReAlloc
LocalReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStartupInfoA
LCMapStringA
LCMapStringW
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GetVersion
GetCurrentThreadId
lstrcmpA
GetFileTime
GetFileSize
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
SetErrorMode
lstrcmpiA
lstrcpynA
GetVolumeInformationA
InterlockedExchange
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
LocalFree
FindNextFileA
lstrcpyA
FindFirstFileA
GetLastError
SetLastError
FindClose
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetSystemDirectoryA
CreateDirectoryA
MoveFileA
DeleteFileA
Sleep
GetModuleFileNameA
GetShortPathNameA
GetTempPathA
GetTempFileNameA
GetVersionExA
WaitForSingleObject
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
GetFullPathNameA
DuplicateHandle
CreateFileA
GetCurrentProcessId
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
LoadLibraryA
GetProcAddress
GetEnvironmentVariableA
FreeLibrary

user32

PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
SetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MapWindowPoints
GetSysColor
MessageBoxA
EnableWindow
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
LoadStringA
GetSystemMetrics
CharUpperA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
OffsetViewportOrgEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

AddAccessAllowedAce
GetUserNameA
RegEnumKeyExA
RegDeleteKeyA
InitializeAcl
LookupAccountNameA
OpenProcessToken
SetNamedSecurityInfoA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
PrivilegeCheck

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ord17

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 15KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 19KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 28KB - Virtual size: 28KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 73B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

529e31f77e52cbf0a3f800a64416df7b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

winmm

ws2_32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 28KB - Virtual size: 28KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

.text
Size: 876KB - Virtual size: 875KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 80KB - Virtual size: 2.3MB

.rsrc
Size: 364KB - Virtual size: 361KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 16KB - Virtual size: 13KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB