376bb5600406a6cebcd96f40844199a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

376bb5600406a6cebcd96f40844199a7_JaffaCakes118
Size

286KB
MD5

376bb5600406a6cebcd96f40844199a7
SHA1

a6d8e449b41fa2c0da32cf6f1bdb3edc92ee9148
SHA256

69a83791b5f35458b318ae4edb3d4b9bc0297c2af63daa2531185fcb811680c7
SHA512

b98048ca92d0ae4a98e2a03b82dcfe5d5b46847c66182248fc68d1cd5a326b48b34b43ae478f1d822948eafc18724cdda4f384ea9d2ca6f1e7190cce996f3a4c
SSDEEP

6144:cxDEMYOxEVqQ/YaWY4H1hnSKtadWwBzdORdwI6OXwh6GMYOxEVqQ/YaWp:0YAEk4Yco1FadzBziGIZXPYAEk4Yd

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
376bb5600406a6cebcd96f40844199a7_JaffaCakes118
unpack001/$PLUGINSDIR/cnclb.dll
unpack001/$PROGRAMFILES/Mozilla Firefox/components/adproFfx.dll
unpack001/$SYSDIR/$R0.dll
unpack001/uninstall.exe
unpack002/$PLUGINSDIR/cnclb.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

376bb5600406a6cebcd96f40844199a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/cnclb.dll
.dll windows:4 windows x86 arch:x86

7cce36b29e8100018a97842db8bfa1b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
CloseHandle
CreateFileA
ReadFile
WriteFile
GetFileSize
GetTickCount
lstrcpyA
CreateThread
GetVolumeInformationA
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetStartupInfoA
GetFileType
GetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
RaiseException
GetCurrentProcessId
SetHandleCount
GetCurrentThreadId
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
IsBadWritePtr
VirtualFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
ExitProcess
HeapCreate
GetModuleFileNameA

user32

PostMessageA
FindWindowExA
GetDesktopWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

OleRun
CoCreateInstance

shlwapi

StrTrimA
PathRenameExtensionA

Exports

Exports

CloseAllBrwsrs
GuardKeyName
GuardRegRoot
HdnBrwsr
InitBrwsrAddOn
dcdFile
dcdFile2
encdFile
encdFile2

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Mozilla Firefox/components/adproFfx.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4499dc84cae9ba45a143e71b468d62dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\advlp\bin\Release\adproFfx.pdb

Imports

xpcom

NS_GetComponentManager
NS_Free
NS_Alloc

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetVersionExA
GetModuleHandleA
LockResource
FindResourceExA
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetStdHandle
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CloseHandle
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LoadLibraryExA
TlsAlloc
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
WriteFile
UnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind

user32

CharNextA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
OleRun
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
StringFromGUID2
CLSIDFromString
CoInitialize

oleaut32

VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantInit

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

shlwapi

PathFindExtensionA
StrCmpNA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Mozilla Firefox/components/nsAdproFFx.xpt
$SYSDIR/$R0.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c6edabd6a3fd740b13ab4358814ca0b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

kernel32

LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcpynA
IsDBCSLeadByte
OutputDebugStringA
Sleep
GetTickCount
lstrcatA
HeapFree
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetCurrentThreadId
CompareStringA
CompareStringW
GetEnvironmentVariableA
CloseHandle
ResumeThread
WaitForSingleObject
CreateThread
SetEnvironmentVariableA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
CreateDirectoryA
ReleaseMutex
SetEvent
ResetEvent
CreateMutexA
CreateEventA
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
WriteFile
lstrcpyA
CreateProcessA
GetVolumeInformationA
lstrlenW
GetEnvironmentStrings
GetModuleFileNameA
SetStdHandle
SetFilePointer
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
lstrcmpiA
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetDateFormatA
GetTimeFormatA
IsBadReadPtr
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
lstrlenA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FlushFileBuffers
GetModuleHandleA
GetFileTime

user32

GetSysColor
ShowWindow
UnregisterClassA
CharNextA
ShowWindowAsync
PostThreadMessageA
KillTimer
SetTimer
GetWindowLongA
MoveWindow
GetWindowRect
IsWindow
OffsetRect
SendInput
GetCursorPos
SetWindowPos
DefWindowProcA
CreateAcceleratorTableA
GetParent
GetClassNameA
SetWindowLongA
CallWindowProcA
DestroyWindow
GetClassInfoExA
RedrawWindow
GetDlgItem
SetFocus
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetWindowTextLengthA
GetWindowTextA
SendMessageA
SetWindowTextA
MsgWaitForMultipleObjects
RegisterWindowMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetDesktopWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
wsprintfA

gdi32

SelectObject
StretchBlt
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
DeleteObject
GetDIBColorTable

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA
ord165

ole32

CoGetClassObject
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
StringFromGUID2
CoCreateInstance
CLSIDFromString
OleRun
CLSIDFromProgID
CoCreateGuid
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

oleaut32

LoadTypeLi
RegisterTypeLi
DispCallFunc
LoadRegTypeLi
UnRegisterTypeLi
SysStringLen
VariantCopy
GetErrorInfo
VarUI4FromStr
VariantClear
VarCmp
VariantInit
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
SysAllocStringLen
OleCreateFontIndirect
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetDim

shlwapi

SHCopyKeyA
StrCmpNA
StrToIntA
PathFindExtensionA

urlmon

CoInternetCreateSecurityManager

gdiplus

GdiplusShutdown

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/cnclb.dll
.dll windows:4 windows x86 arch:x86

7cce36b29e8100018a97842db8bfa1b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
CloseHandle
CreateFileA
ReadFile
WriteFile
GetFileSize
GetTickCount
lstrcpyA
CreateThread
GetVolumeInformationA
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetStartupInfoA
GetFileType
GetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
RaiseException
GetCurrentProcessId
SetHandleCount
GetCurrentThreadId
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
IsBadWritePtr
VirtualFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
ExitProcess
HeapCreate
GetModuleFileNameA

user32

PostMessageA
FindWindowExA
GetDesktopWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

OleRun
CoCreateInstance

shlwapi

StrTrimA
PathRenameExtensionA

Exports

Exports

CloseAllBrwsrs
GuardKeyName
GuardRegRoot
HdnBrwsr
InitBrwsrAddOn
dcdFile
dcdFile2
encdFile
encdFile2

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 2KB

7cce36b29e8100018a97842db8bfa1b7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

4499dc84cae9ba45a143e71b468d62dc

Headers

File Characteristics

PDB Paths

Imports

xpcom

kernel32

user32

advapi32

ole32

oleaut32

nspr4

shlwapi

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

c6edabd6a3fd740b13ab4358814ca0b3

Headers

File Characteristics

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

gdiplus

msimg32

Exports

Exports

Sections

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 17KB - Virtual size: 27KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB