299b0577b2598abb54fea172181738ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

299b0577b2598abb54fea172181738ef_JaffaCakes118
Size

1.6MB
MD5

299b0577b2598abb54fea172181738ef
SHA1

2cbd4932e654d88e7da6c7d118cac715940dd1ed
SHA256

4f5ae7f149dd4cda0a6769fdf3acfb312c28f7d7f7a144b1822484f0182fad06
SHA512

a52a724db22eb8f9a9b1b52276c6724e6cfb30f1969f63a0ae89d66c853a3116e68cf513405c8bf451141b1cdcaabc6a0425382c32b2c480f04be67e542b2fcc
SSDEEP

24576:0AZfoTNmtnCCdSviVKs3tXzkbALmuxzeMrQY7R1ZFy4U0T6wGfjp5xYS1rG:zBiwcvKKqXgsRRrp7bq4UNwYj2krG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/LaLogin.exe	vmprotect
static1/unpack001/Laml.exe	vmprotect

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LaLogin.exe
unpack001/Laml.exe
unpack001/laml.dll
unpack001/wren315.dll

Files

299b0577b2598abb54fea172181738ef_JaffaCakes118
.zip
LaLogin.exe
.exe windows:4 windows x86 arch:x86

f46857e42400530a36b82d55872bf614

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageA
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetImageCount
InitCommonControls
InitCommonControlsEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

AngleArc
Arc
ArcTo
BitBlt
Chord
CreateBrushIndirect
CreateFontA
CreatePen
CreateSolidBrush
DeleteObject
Ellipse
ExtFloodFill
GetDeviceCaps
GetPixel
GetTextExtentPoint32A
LineTo
MoveToEx
Pie
PolyBezier
PolyBezierTo
Polygon
Polyline
PolylineTo
Rectangle
RoundRect
SelectObject
SetBkColor
SetBkMode
SetPixel
SetROP2
SetTextColor
StretchBlt
TextOutA

kernel32

AddAtomA
Beep
CloseHandle
CreateEventA
CreateFileA
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FreeLibrary
FreeResource
GetAtomNameA
GetCommandLineA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentThreadId
GetLargestConsoleWindowSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemWow64DirectoryA
GetTempPathA
GetTickCount
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalReAlloc
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
IsBadReadPtr
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LockFile
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSemaphore
ResetEvent
ScrollConsoleScreenBufferA
SetConsoleCursorPosition
SetConsoleMode
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEvent
SetFileAttributesA
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
WritePrivateProfileStringA
lstrlenA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

_stricmp
_strnicmp
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_chdir
_controlfp
_errno
_filelengthi64
_fmode
_fpreset
_get_osfhandle
_iob
_isctype
_itoa
_onexit
_pctype
_setmode
_stricmp
_ultoa
abort
abs
atexit
atof
atoi
atol
calloc
exit
fclose
fflush
fgetpos
fgets
fopen
fprintf
fread
free
freopen
fsetpos
ftell
fwrite
malloc
mbstowcs
memcpy
memset
printf
rand
realloc
setvbuf
signal
sprintf
srand
strcat
strcmp
strcpy
strlen
strncat
strncpy
strstr
strtoul
tolower
toupper
vfprintf
wcslen
wcsncmp

ole32

CLSIDFromProgID
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

shell32

ShellExecuteA
Shell_NotifyIconA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DeleteMenu
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawFocusRect
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
FillRect
GetClassInfoA
GetClassNameA
GetClientRect
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyNameTextA
GetMenu
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessageA
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InsertMenuA
InsertMenuItemA
InvalidateRect
IsChild
IsDialogMessageA
IsMenu
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadMenuA
LoadMenuIndirectA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
ModifyMenuA
MoveWindow
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
RegisterClassExA
ReleaseDC
RemoveMenu
ScreenToClient
SendMessageA
SetFocus
SetMenu
SetMenuContextHelpId
SetMenuDefaultItem
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetPropA
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowScrollBar
ShowWindow
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UpdateWindow

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile

Exports

Exports

V)%��&� v��ݏ ��cC��Ŵ��_�� ْ�|��S�.{��L'c{��è�K�JE3J�G��\��%c~��F�~�y��_r�R�E��4H�� `(�Ӗ��<8��r��%TPH)�K�ۺ^��iज़b!�:ݎFx8�x��Ό�S��e೩�@�x�)�f�fT��)��'��f�Q��V�$ h Or�>+xȌ$&��8�l1�vɍ��j@@��:�w�tC��A�A�q-��c�Z�3�Ol�.C�9�P��a�1�SJ<�Cs.,�1�\~�s�YΑ�$�� e��Z��V��|�϶K:.1��h�H,J�b|��+V�+V4+/��Sgqs4�*��.��0�B,�� %�RZ�"y��x*��G^Fln�w�e�򎖔��E<��hq׫��Ӑe��h�f �G�+z.�tN��^m}"��A��?�&�� i/��N��"�+Y��rj h�� S]e��)�L��mN��sHTZ!e�V]�?8�S�@#Ů*f'��wq�N8/�y��\�`��ok�"6�b`��ߖ� Y�bo-�g��ekN��ZPb��O�07�0��DL��X1HI�`��d��XX��@��n�!K+�7�$(�Ψy�.��b�-�;nX�cd\P,��ꯜ��W��!'s��[�DG��`�)S%��B�l hS��q+�r�� /p�!W�;/6Fp�͡D��]VI&AuN=zJ�E�\��d;��e�{�~Р��GE{wM�G��O��q��TnaD�0�.��v?b�L��;ATF�Ӊ!�j`{F_�>��<̰.˨��h�WƳ��c2��zP�!��V��2~��X�ϳQ��!̱m�c�߿?>�Q�җ^|2�6�G�.?,��˻k��i��.0/�Y�a[ ��i5�KD>!8�ه�O�F��_��1��K�Έ��0��𑕚�h�Y��Y��V� �a�'$�Pn1?��G��ᩛ��Щ�r�TH\�C̹y�|J�r�P��;2�FAq��q��9}u(s��5�7�<��A0]�8p�OS�}o7ou2]��c��p�w��zk� e�F��y��K��w�.��M-U]!3ƝO��P:�i3��Pt~�b52>�-q?�X��Dh�Q�j ��壘��G ��"q�CgU�2}v��\��@�B��u��T{�6��V�VS:�/3��H��*�5OД^P6K�� W��Z��L�md+��s0%��L�>/�,hyG�2YHf��O[Uumg��Una��OO�t�$(�� UYBu��>E0��ؑ?��a�䜦"�,�H�7[��j�AF��l4��#=b��U$��7V�M{t�uMx�s,�yU��۔̰:w�c~+N�^��Rx0��GՅ��NS�w� 7��B��t`I,ݕ��*�"(��&1UT}% YF�n9�)I��p�k'�L#��Y)��|�W �b�T.��e�㈵��_�X3��4���G/��|��z��k��`>){iM;؃dL݅#dH��M��ʙMZ�]"��E��j��P�+��a�� 6��@I��Lo��"� ?rm)H��i�p��C3��2"Ԣ�O�N�C��\�׮�L��r0�+{�S4B�T��rc��}7��q�RT9��\��A��[&��s�l�6]�� ^�MPoI��hs+�^�ӄ��{�N��6i�}��E��)��r��+�z_3 �n#;�O�o�?�Zw(��NtW�pe1��R-��Ћ�Ɔ<��h��lw)��.ͥGꛆR�?M��$x��;�*_�6z-D��coA,IIo��(� L"k�e(��~�%ӄM��3�W-��*��C"]�#�H�j�a�g��Ŧ�> �i��g 6��3�I>�M�`f>U�!��{�>jH��o$�H\��M��+N�ײ,aw?TG�'��C�d@q"�D�e��ՄھR�8��*%k�D�>k�fF�풜��BI��g(Pg�/�rcg��N��)��mf\��=?N0�A*��GR�E��t��]\��"3%�YD)kZ1��T�H%3`��r��M- ��)�^4�s�&�ۉ(e7H9�^^\��-��.Sr��'��`r��wV}��A�~��j��x☚D�X�&��Y��M43��a��S��Yc�� d��IcP�< ��J��N��0��dz�xpK�(I a�Dag�{ �xէD��l�.pY��)�XZY��,�f��3Iu8W꛶��.�܌�o��)`Ok0��Q��t'KMi6�y �ɔ-��w�'�ϋ�� X��nܧ��a�4��UZ�Ԏ��2�z��[�zP��꼛�*H��R��XΕ(l�P��L��Chx�v�c&|�ͫ�F�@�%.�C��_eů��ͪ��"�eYʧ%�8Z�V�T�-z��JL��a�Ë�ۄDB�bt:G��=��yx�::2^�g��5�9X�iw>[�@�P�X#� F��C�G^u�:� �RHg��ž��w�S-=�e-�.��H�M��~b`��JLl��@��2�SW޲��*��)*�Z��O��;��?��R O�w��b�N��$��go.�}W\H�RF��^`�s��*=�Y��u7�P=�B�+u� c� ��LH,P��9YN�m&��1��e-��B��1��5 �E�&g��*��S��+��}��;̈́b�&�m��b:�a�^�ժ,�R�nե��3WJ�� Z�F��q��Cf��\Ƌ�dfȤ!e<I- [��S��Ô��9�*H��]%�!�D��,�lb��[�w|i(0g0

Sections

.text
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Laml.exe
.exe windows:4 windows x86 arch:x86

5ebd45b3b6bd628bd0570bfb0b14e975

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx

imm32

ImmGetCandidateListA
ImmGetCompositionStringA
ImmGetDescriptionA
ImmSetOpenStatus
ImmIsIME
ImmReleaseContext
ImmCreateContext
ImmAssociateContext
ImmGetConversionStatus

wsock32

__WSAFDIsSet
select
WSAStartup
send
closesocket
recv
socket
inet_ntoa
setsockopt
htons
ioctlsocket
gethostbyname
connect
WSAGetLastError
WSACleanup

kernel32

GetCurrentProcessId
GetVersionExA
LoadLibraryA
FreeLibrary
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
OpenMutexA
GetProcAddress
GetModuleHandleA
IsBadReadPtr
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
WriteFile
GlobalFree
GlobalHandle
MultiByteToWideChar
Sleep
ReleaseMutex
SystemTimeToFileTime
GetSystemTime
CreateMutexA
GetCurrentDirectoryA
GetPrivateProfileStringA
GetModuleFileNameA
ExitThread
OutputDebugStringA
CreateThread
CreateEventA
CopyFileA
DeleteFileA
CreateProcessA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetFileAttributesA
SetEndOfFile
SetStdHandle
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FlushFileBuffers
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStdHandle
SetHandleCount
SetFilePointer
GetVersion
GetCommandLineA
GetStartupInfoA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcess
TerminateProcess
ExitProcess
CreateDirectoryA
HeapFree
HeapAlloc
GetLocalTime
GetTimeZoneInformation
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetTickCount
GetCPInfo
GetACP
GetOEMCP
RaiseException
CompareStringA
CompareStringW
RtlUnwind
MulDiv
GetCurrentThread
GetSystemDefaultLangID
FormatMessageA
WaitForSingleObject
GetLastError
WaitForMultipleObjects
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DialogBoxParamA
InvalidateRect
MoveWindow
GetParent
EndPaint
BeginPaint
EndDialog
ClientToScreen
ScreenToClient
GetCursorPos
SendMessageA
GetKeyState
SetFocus
GetClassInfoExA
SetParent
UnhookWindowsHookEx
SetWindowsHookExA
LoadBitmapA
SetCapture
ReleaseCapture
PtInRect
RegisterClassExA
EnumWindows
GetWindowTextA
MessageBoxA
wsprintfA
ReleaseDC
GetDC
OffsetRect
CallNextHookEx
SetWindowPos
GetWindowLongA
DestroyWindow
PostQuitMessage
SetCursor
DefWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
AdjustWindowRectEx
ShowWindow
CreateWindowExA
SetWindowLongA
UpdateWindow
SetSysColors
GetSysColor
LoadIconA
LoadCursorA
RegisterClassA
SetWindowTextA
GetKeyboardState
GetKeyboardLayout
GetWindowRect
PostMessageA
ShowCursor
GetAsyncKeyState
SetRect
GetClientRect

gdi32

BitBlt
SelectObject
GetDIBits
CreateCompatibleDC
CreateFontA
TextOutA
DeleteObject
CreateCompatibleBitmap
GetStockObject
StretchBlt
GetTextExtentPointA
DeleteDC
GetObjectA
CreateFontIndirectA
CreateSolidBrush
SetBkMode
SetTextColor
GetDeviceCaps

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance

dsound

ord1

winmm

mmioRead
mmioOpenA
mmioClose
mmioDescend
mmioAscend
mciSendCommandA

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

comctl32

_TrackMouseEvent

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 668KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
laml.dll
.dll windows:4 windows x86 arch:x86

87067ed74966e6f72233b9c5b96d8197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExA

comctl32

ImageList_LoadImageA

comdlg32

GetSaveFileNameA

gdi32

PolyBezierTo

kernel32

GetVersionExA
WriteConsoleOutputA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

free

ole32

StringFromGUID2

psapi

GetMappedFileNameA

user32

SetMenuItemBitmaps

wininet

HttpSendRequestA

winmm

timeGetTime

ws2_32

WSCGetProviderPath

Exports

Exports

DemoExport
Ș�$b��.�!찲C�t(�t?tp��((s��j_G��Oka �@��2�d�mj��J;��]��C�S��h��kw^/({��d9H�wε��C~�θ��[o��zQ�x�s]q-�o��(V�{v�K�ⵠ��8Tn�Ѳ#��[��6ѫ��?��*]��T�sZ� _KMl�؊��ȥ?O(2�Ŏ%UdƐ��d�es�m16vz�vE��e��mϽ��؏��~��@ڏ��B��To˽\��1��v|;�� WZC]f\�FNUS�u�q� kX�*8�K %��Zrҭx<��K��In�Y��C��.�0lŕ�c� ��[�b,��>M��e��qԷ��0� ��̻��Zl��r��D�1H5ݦA�ث�� -��"�Φ�5E ��tv��.� �_Q�B�X?nQv\��*��?�t��OX|��*��W�>��>'v? �� x��׶'A�w��}��z��i��jp�9��#œU��M_��D��Mس�{��6l�i��)\��p��7��5�kK��|�մ܅_.��~��n�J�k��C��_m��`�l��|�k��z� [��i�U��p��g��n-��W�ك}A^sW��؈(j��yVV��?;�p执E��g�YQ;��=�8��JЃ|ZNJ�i[cE��yTd6��ߩ��;1��G��$ݷOd��O�F�ED�=�2Ϛ��d�k[��vc�pϡq pT�b��J�[��0U��SBF��2v�_(WgJ�\*r�B��<�E��?�y\W�� @��HLs��ev:�?��Vĺ��>LƉ)~!�$��ᇳ�r�rZ&juR�� 1��I�0B��I�qt6y}�%E[��-p�^-�}��]�W��P2W&��N��_)�®Ho֢��Y�l�C`�2��j!�t��0ܺ�b��Z&�^��'`��&��d�G�z3�-�%O��LQcnT�~n��gy�]�w�y7UYA��Z�d�G��nC��K�47硸��?�.�Tr'�D�@�o�5Rh��~�ݼ��,x��e5�f��N� �� kv��>ro�#�cE�ɔ�5�^i-v�l�(��#D�f��؈&�xT�MM��``�(yx��:��HѺ�=x��s"1��k��Dw�)��T$) ��D��u�V��Q9.ZK��ӊ��Dʹ��Jf�e�y�\'�* �� %>kh��_��Q�X�g%��m^~H��|��ޅu�O=HV�A��u��"$#��DW�zIZ��MC ��`�D��/�M��y�D;�A��2KA;� �ʥC�t�=��D��R.%��j�Q�w8��K��Ld?��%�:��*�I�9�̤Ls��y��7� �Oݿ^�ol��6ϙ�-��.m3��R9��<�f�GA~LZ��!C�)7pTMT=h��O��{۶YA�97$��{��`�+P�(�&W�5�֟��p��l�Wx�'c��k��,�Y�fZ�C��=�S�g�#Jwf�-�`��i�w�i�*��ԫ�K�:O�X��:=��F 3��.ѣ%�Ӫw��7~�IY��SƋ�5�'��n ��p\�{q�e±ԣʎ�{��ٍޔk d�� 尃N��7I��6��C��-��y��{:�i=n�D﹭��H�_��Z��a��r�i��0Ad^��I�\��p�� b�aG��+��ؑ�� B�1��>8��M�#��^��u��w�<ȊRvxs��*΅,i~@�|�N.��ը=��z&�skg% ��$=g�k[��+�7��>R�z��qW�e�0�;3�pd΅��tM�W�~�j��%^�CR!��1O�Z89$9�JaY;t��D>��n_��2_��P\�Ca�A��~j��Ch�{�K$&�|��:�:�X} ܆W��-��V��]��dz��;71T��L�MSWkyZ��H�� H�H�UG��d,��h�@��<LL%�$�j��S�|��N-��z��|J(2vƲ>��tV<ʧ��A��g�RY�@��)�4�eaPY�3��h��v�gr�џ=�Y�6g�ކ�� r'+D m-#��_�A!�ױ+�{a��1��M��=l�,�4 ا�2�~Y�� Wqn��ͻ��RE>1�9��e�hc�K��<=Fw��[F��k�PF��7IX$xe�f(��}#�v�4�zn�p(Ɍ��v�o��f�D7��DV��s��@�X7��j�~}�rC�K4B�vNS�<K�e�, ��Y��UN�__d�ZLƚ��kq��*�S�M��^!�" ��]vj壝��*�f��)��@��A��aߑ��І;�a̶�r��o�O�h��ED�1�}��aCh�'m�ی�J��o:�W�q�:Qγ��]`&3��{"!�](��{��J��3%��o�}��1��l1�Z�r{'j�΅��@gL'��؋�K�C�1(}/�G#t�S}�Az��+�gy�H�ۃZCڪ��n�E"x�� 6�/�)�b,Z��h�u�}�e��ZK5�\�/X��MF��B��/^G$�iqE�s�M�p�M��Z�B��ߠ1��3�Q7��U��n��,�� ߽Z3��1;?�[Q`/�_��B0�a�Ӈ�7�k�Q�N&տ��j�g�d��z9�ߐA�!�5�`�W��cF�Y� ᗤ�[C_��8��n��G�z��"Z�ɇsOɝ�9�׸�Ц�� W˜�B^�0��_�P9x�Pk��d��<\i��K��!��d2jt

Sections

.text
Size: - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wren315.dll
.dll windows:4 windows x86 arch:x86

cb5c436a6a95cb697d99bdc0f22c6304

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext

kernel32

GetLastError
FlushInstructionCache
VirtualProtect
SetLastError
Thread32Next
SuspendThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
SetEvent
GetACP
GetSystemInfo
VirtualQuery
Module32Next
Module32First
SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleFileNameA
VirtualQueryEx
GetExitCodeThread
CreateRemoteThread
VirtualFreeEx
VirtualProtectEx
VirtualAllocEx
SizeofResource
LockResource
LoadResource
FindResourceA
ResetEvent
IsDBCSLeadByteEx
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
IsBadWritePtr
IsBadReadPtr
GetSystemDefaultLCID
FreeLibrary
LocalFree
FormatMessageA
ReadProcessMemory
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
HeapSize
HeapAlloc
HeapReAlloc
TerminateProcess
ExitProcess
HeapFree
GetVersion
WriteProcessMemory
InterlockedIncrement
WaitForSingleObjectEx
ReleaseMutex
CreateMutexA
CreateEventA
GetCurrentProcess
DuplicateHandle
ResumeThread
WaitForSingleObject
CloseHandle
GetThreadContext
CreateProcessW
CreateProcessA
Sleep
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
LoadLibraryExA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedDecrement
RaiseException
GetCommandLineA

user32

SystemParametersInfoW
SystemParametersInfoA
InsertMenuW
AppendMenuW
IsWindow
GetDlgItem
SendDlgItemMessageW
MsgWaitForMultipleObjectsEx
GetFocus
GetKeyboardLayout
GetWindowLongA
GetWindowLongW
TranslateMessage
DispatchMessageA
GetDesktopWindow
GetWindowDC
EnumThreadWindows
EnumChildWindows
RealGetWindowClassW
GetWindowTextLengthW
PostThreadMessageW
PostQuitMessage
SendMessageA
PostMessageW
PostMessageA
PeekMessageA
PeekMessageW
GetMessageA
GetMessageW
MessageBoxA
PostThreadMessageA
DrawTextExW
GetWindowTextA
SetWindowTextW
GetWindowTextW
SendMessageW
ReleaseDC

gdi32

CreateFontIndirectW
GetGlyphOutlineA
TextOutW
ExtTextOutW
GetGlyphOutlineW
GetTextFaceW
DeleteObject
CreateCompatibleDC
SelectObject
GetTextMetricsW
DeleteDC
GetGlyphIndicesA
GetStockObject
TranslateCharsetInfo
EnumFontFamiliesExW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetGlyphIndicesW

imagehlp

ImageDirectoryEntryToDataEx

Exports

Exports

??0CInjectHelper@@QAE@XZ
??1CInjectHelper@@QAE@XZ
??4CInjectHelper@@QAEAAV0@ABV0@@Z
?GetFirstLoader@@YGKXZ
?UnhookRemoteDynamic@@YGHU_PROCESS_INFORMATION@@@Z
?getInjectorProcessId@CInjectHelper@@SGKXZ
CDAudioClose
CDAudioGetDriveLetter
CDAudioInitialize
CDAudioIsPlaying
CDAudioNextPlayTrack
CDAudioOpen
CDAudioPlayTrack
CDAudioStop
CDAudioTerminate
GetLoadTimes
InjectRemote
InjectRemoteDynamic
PostHookApisMsg
SetHookedProcess
SetHookedProcessFontA
SetHookedProcessFontW
StealAllIATEntry
TestCallPatchHooked
TestPatchHook
TestRemovePatchHooked

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

InjctUtl
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sharedda
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
官網首頁.URL

Sharing

General

Malware Config

Signatures

Files

f46857e42400530a36b82d55872bf614

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msvcrt

ole32

oleaut32

shell32

user32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 166KB

.data Size: - Virtual size: 94KB

.rdata Size: - Virtual size: 2KB

.bss Size: - Virtual size: 48KB

.idata Size: - Virtual size: 10KB

.vmp0 Size: - Virtual size: 10KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 358KB - Virtual size: 357KB

.rsrc Size: 3KB - Virtual size: 317KB

5ebd45b3b6bd628bd0570bfb0b14e975

Headers

File Characteristics

Imports

ddraw

imm32

wsock32

kernel32

user32

gdi32

shell32

ole32

dsound

winmm

snmpapi

comctl32

wininet

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 18KB

.data Size: - Virtual size: 10.0MB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 668KB - Virtual size: 666KB

.rsrc Size: 4KB - Virtual size: 2KB

87067ed74966e6f72233b9c5b96d8197

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msvcrt

ole32

psapi

user32

wininet

winmm

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 170KB

.data Size: - Virtual size: 9KB

.rdata Size: - Virtual size: 2KB

.bss Size: - Virtual size: 56KB

.edata Size: - Virtual size: 70B

.text
Size: - Virtual size: 166KB

.data
Size: - Virtual size: 94KB

.rdata
Size: - Virtual size: 2KB

.bss
Size: - Virtual size: 48KB

.idata
Size: - Virtual size: 10KB

.vmp0
Size: - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 358KB - Virtual size: 357KB

.rsrc
Size: 3KB - Virtual size: 317KB

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 18KB

.data
Size: - Virtual size: 10.0MB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 668KB - Virtual size: 666KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: - Virtual size: 170KB

.data
Size: - Virtual size: 9KB

.rdata
Size: - Virtual size: 2KB

.bss
Size: - Virtual size: 56KB

.edata
Size: - Virtual size: 70B

.idata
Size: - Virtual size: 10KB

.text0
Size: - Virtual size: 259KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 480KB - Virtual size: 480KB

.reloc
Size: 512B - Virtual size: 384B

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 106KB

InjctUtl
Size: 4KB - Virtual size: 2KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 16KB - Virtual size: 19KB

sharedda
Size: 4KB - Virtual size: 196B

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 16KB - Virtual size: 12KB