377f34affd3f7834477cc5e69fbfd9a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

377f34affd3f7834477cc5e69fbfd9a0_JaffaCakes118
Size

1.6MB
MD5

377f34affd3f7834477cc5e69fbfd9a0
SHA1

3896c9ee3baa5abe95fcaa2b87c30e319ac00670
SHA256

7e60364a44cf847dc20679feedc830a09d7fd52921dbd0db52c46eb188e0f8d4
SHA512

14d0eadc457440eb5e27b41d4a13135e1a76e302afce31f7cc922fd7895b7fd877e4e96ba81fc94155b633a3a4b0b2c89b1317a374745338e65ab74dfe26633d
SSDEEP

24576:+nlbObHkv0OFw1ZWhyI099YsDFz5nN3hyH9mWabNZFwkwAACcC+IxcHBP1wbAbzF:VE2Z6oFDFEH6+kNAK+IiJ1wbazNsrtA

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dzgs/BANTAM.DLL
unpack001/dzgs/IDAPI32.DLL
unpack001/dzgs/IDDBAS32.DLL
unpack001/dzgs/IDR20009.DLL

Files

377f34affd3f7834477cc5e69fbfd9a0_JaffaCakes118
.rar
dzgs/BANTAM.DLL
.dll windows:1 windows x86 arch:x86

302e92a8b022643b516e70240a11b811

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateFileA
GetCurrentThreadId
EnterCriticalSection
ExitProcess
CloseHandle
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
CreateMutexA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetVersion
FileTimeToDosDateTime
GetVolumeInformationA
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByte
LeaveCriticalSection
MultiByteToWideChar
RaiseException
ReadFile
ReleaseMutex
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
GetVersionExA

user32

MessageBoxA
EnumThreadWindows

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
BT_BufferCollate
BT_BufferMatch
BT_ByteCount
BT_CharacterCount
BT_ClientToNative
BT_CloseLocale
BT_Ctype
BT_Exit
BT_FuzzyBufferComp
BT_FuzzyStrComp
BT_GetFoxSortKey
BT_GetIndexKey
BT_GetLastError
BT_GetLocaleInfo
BT_GetLocaleList
BT_GetMinMaxCollChar
BT_GetOwner
BT_Init
BT_IsLeadByte
BT_IsTrailByte
BT_NativeToClient
BT_OpenLocale
BT_SetLocaleToClient
BT_SetLocaleToNative
BT_SetLocaleToUnicode
BT_StrCollate
BT_StrLower
BT_StrMatch
BT_StrTransform
BT_StrUpper
BT_ToLower
BT_ToSoundex
BT_ToUpper
_OSLD_GetLdInfoFromBTID
_OSLD_GetLdInfoFromCodeSet
_OSLD_GetLdInfoFromID
_OSLD_GetLdInfoFromINDEX
_OSLD_GetLdInfoFromLCID
_OSLD_GetLdInfoFromName
_OSLD_IsLdAvailable
__DebuggerHookData

Sections

CODE
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 37KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dzgs/Backdrop.jpg
.jpg
dzgs/CHARSET.CVB
dzgs/FAREAST.BTL
dzgs/IDAPI32.DLL
.dll regsvr32 windows:1 windows x86 arch:x86

ac24d2585411ea8a1d33653136dd11ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

UnmapViewOfFile
TlsFree
VirtualQuery
VirtualAlloc
UnlockFile
TlsGetValue
WriteFile
WaitForSingleObject
lstrcatA
VirtualFree
FindClose
WritePrivateProfileStringA
GetTimeZoneInformation
TlsSetValue
lstrcpyA
WriteProfileStringA
WideCharToMultiByte
CloseHandle
CreateFileA
CreateFileMappingA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
FatalAppExitA
FileTimeToDosDateTime
UnhandledExceptionFilter
lstrlenA
GetSystemDirectoryA
GetStartupInfoA
FindNextFileA
FindResourceA
FlushFileBuffers
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProfileStringA
FileTimeToLocalFileTime
FindFirstFileA
GetShortPathNameA
GetTickCount
GetTempPathA
FileTimeToSystemTime
GetStdHandle
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
LoadResource
LockFile
LockResource
MapViewOfFileEx
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEndOfFile
SetErrorMode
SetFilePointer
SetHandleCount
Sleep
TlsAlloc

advapi32

RegOpenKeyExA
InitializeSecurityDescriptor
RegOpenKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA

ole32

StringFromGUID2
CoCreateInstance
OleInitialize

user32

OemToCharA
MessageBoxA
LoadStringA
CharUpperA
CharToOemBuffA
CharToOemA
OemToCharBuffA
EnumThreadWindows

mpr

WNetCloseEnum
WNetOpenEnumA
WNetGetUserA
WNetGetConnectionA
WNetEnumResourceA

oleaut32

SysFreeString
SysAllocStringLen
SysAllocStringByteLen

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
ADDELT
CfgComposeRec
CfgGetField
CfgGetOLEDBParseDN
CliGetDriver
CloseCallBack
CreateDbObj
CreateDrvObj
CreateUniqFldNames
CreateVtObj
CreateXltRecCurs
DLLEXITFUNCTION2
DLLINITFUNCTION
DbiAcqPersistTableLock
DbiAcqTableLock
DbiActivateFilter
DbiAddAlias
DbiAddDriver
DbiAddFamilyMember
DbiAddFilter
DbiAddIndex
DbiAddPassword
DbiAddRepository
DbiAnsiToNative
DbiAppendRecord
DbiApplyDelayedUpdates
DbiBatchMove
DbiBatchMoveQuery
DbiBcdFromFloat
DbiBcdToFloat
DbiBeginBatch
DbiBeginConstraintLayer
DbiBeginDelayedUpdates
DbiBeginLinkMode
DbiBeginLrNavMode
DbiBeginTran
DbiBeginXlateMode
DbiCfgAddRecord
DbiCfgBuildPath
DbiCfgDropRecord
DbiCfgGetHelp
DbiCfgGetNextNode
DbiCfgGetRecord
DbiCfgImportToRegistry
DbiCfgInstallMerge
DbiCfgMerge
DbiCfgModifyRecord
DbiCfgPosition
DbiCfgSave
DbiCfgTranslate
DbiChangeDefXltFn
DbiCheckRefresh
DbiCheckSQLExpression
DbiClearStats
DbiCloneCursor
DbiCloseConfigFile
DbiCloseCursor
DbiCloseDatabase
DbiCloseFieldXlt
DbiCloseFileHandle
DbiCloseIndex
DbiCloseSession
DbiCompareBookMarks
DbiCompareKeys
DbiComposeCursor
DbiCopyTable
DbiCreateInMemTable
DbiCreateTable
DbiCreateTempTable
DbiDRAdd
DbiDRAddAttr
DbiDRClose
DbiDRCreate
DbiDRCreateEnumAttrDomain
DbiDRCreateObjectType
DbiDRCreateRelationType
DbiDRDelete
DbiDRDeleteEnumAttrDomain
DbiDRDeleteObjectType
DbiDRDeleteRelationType
DbiDRDrop
DbiDRDropAttr
DbiDRExportToFile
DbiDRGetAttrDescs
DbiDRGetDesc
DbiDRGetEnumAttrDomain
DbiDRGetObjID
DbiDRGetObjTypeInfo
DbiDRGetRelTypeInfo
DbiDRGetRelatedObject
DbiDRImportFromFile
DbiDRLoadDBObject
DbiDRModifyEnumAttrDomain
DbiDROpen
DbiDROpenAttrTypeList
DbiDROpenObjSet
DbiDROpenObjectTypeList
DbiDROpenRelSet
DbiDROpenRelTypeList
DbiDRSetToObjID
DbiDRSetToObjName
DbiDatabaseFlush
DbiDateDecode
DbiDateEncode
DbiDeComposeCursor
DbiDeactivateFilter
DbiDebugLayerOptions
DbiDeleteAlias
DbiDeleteDriver
DbiDeleteIndex
DbiDeleteRecord
DbiDeleteRepository
DbiDeleteTable
DbiDeregisterCursor
DbiDoRestructure
DbiDoSoftRestr
DbiDropFamilyMember
DbiDropFilter
DbiDropPassword
DbiDrvXlateFld
DbiEmptyTable
DbiEndBatch
DbiEndConstraintLayer
DbiEndDelayedUpdates
DbiEndLinkMode
DbiEndLrNavMode
DbiEndTran
DbiEndXlateMode
DbiEnlistMtsTransaction
DbiEnterRefresh
DbiExit
DbiExitRefresh
DbiExtractKey
DbiFlushFileHandleCache
DbiForceRecordReread
DbiForceReread
DbiFormFullName
DbiFreeBlob
DbiFreeSQLRequest
DbiGenSQLStatement
DbiGetBestRowIdentifier
DbiGetBlob
DbiGetBlobHeading
DbiGetBlobSize
DbiGetBookMark
DbiGetCallBack
DbiGetClientInfo
DbiGetCurrSession
DbiGetCurrXltFn
DbiGetCursorForTable
DbiGetCursorProps
DbiGetDatabaseDesc
DbiGetDatabaseParams
DbiGetDateFormat
DbiGetDefaultRepository
DbiGetDirectory
DbiGetDriverDesc
DbiGetDriverParams
DbiGetErrorContext
DbiGetErrorEntry
DbiGetErrorInfo
DbiGetErrorString
DbiGetExactRecordCount
DbiGetExtFldDesc
DbiGetField
DbiGetFieldDescs
DbiGetFieldTypeDesc
DbiGetFilterInfo
DbiGetIndexDesc
DbiGetIndexDescs
DbiGetIndexForField
DbiGetIndexSeqNo
DbiGetIndexTypeDesc
DbiGetLdName
DbiGetLdNameFromDb
DbiGetLdObj
DbiGetLinkStatus
DbiGetNetUserName
DbiGetNextRecord
DbiGetNumberFormat
DbiGetObjFromName
DbiGetObjFromObj
DbiGetObjectHandles
DbiGetPriorRecord
DbiGetProp
DbiGetRecord
DbiGetRecordCount
DbiGetRecordForKey
DbiGetRefreshDistance
DbiGetRelativeRecord
DbiGetRelativeRecordCnt
DbiGetRepositoryInfo
DbiGetRintDesc
DbiGetSQLRequest
DbiGetSeqNo
DbiGetSesInfo
DbiGetSysConfig
DbiGetSysInfo
DbiGetSysStats
DbiGetSysVersion
DbiGetTableClass
DbiGetTableOpenCount
DbiGetTableTypeDesc
DbiGetTimeFormat
DbiGetTranInfo
DbiGetVchkDesc
DbiHardInsertRecord
DbiImportODBC
DbiInitFn
DbiInitRecord
DbiInsertRecord
DbiIsLDID19As13
DbiIsLDID19As19
DbiIsLDIDUSAsLocal
DbiIsRecordLocked
DbiIsTableLocked
DbiIsTableShared
DbiJoinTables
DbiLinkDetail
DbiLinkDetailToExp
DbiLoadDriver
DbiMakePermanent
DbiMapRecStruct
DbiModifyRecord
DbiNativeToAnsi
DbiOpenBlob
DbiOpenCfgInfoList
DbiOpenConfigFile
DbiOpenDatabase
DbiOpenDatabaseList
DbiOpenDriverList
DbiOpenFamilyList
DbiOpenFieldList
DbiOpenFieldTypesList
DbiOpenFieldXlt
DbiOpenFileList
DbiOpenFunctionArgList
DbiOpenFunctionList
DbiOpenIndex
DbiOpenIndexList
DbiOpenIndexTypesList
DbiOpenLdList
DbiOpenLockList
DbiOpenNestedTable
DbiOpenRef
DbiOpenRepositoryList
DbiOpenRintList
DbiOpenSPList
DbiOpenSPParamList
DbiOpenSecurityList
DbiOpenSessionRepository
DbiOpenTable
DbiOpenTableList
DbiOpenTableTypesList
DbiOpenUserList
DbiOpenVchkList
DbiPackTable
DbiPrepareDelayedUpdates
DbiProcessSql
DbiPutBlob
DbiPutField
DbiQAlloc
DbiQExec
DbiQExecDirect
DbiQExecProcDirect
DbiQFree
DbiQGetBaseDescs
DbiQInstantiateAnswer
DbiQLowBuild
DbiQLowFieldExp
DbiQLowFieldName
DbiQLowGetName
DbiQLowGetPAL
DbiQLowGetPALLen
DbiQLowGetProps
DbiQLowIsExample
DbiQLowParse
DbiQLowPrepare
DbiQLowQA
DbiQLowSetName
DbiQLowSetProps
DbiQLowStart
DbiQLowTableInfo
DbiQLowTablesCount
DbiQPrepare
DbiQPrepareExt
DbiQPrepareProc
DbiQSetParams
DbiQSetProcParams
DbiQryExec
DbiQryExecDirect
DbiQryFormatAnswer
DbiQryFree
DbiQryGetAnsFormat
DbiQryGetCursorProps
DbiQryGetFieldDescs
DbiQryGetLogType
DbiQryInstantiateAnswer
DbiQryOpen
DbiQryPrepareCmd
DbiQryRegisterCallBack
DbiQrySqlGetStrLen
DbiQrySqlGetString
DbiReadBlock
DbiRecordFlushRef
DbiRegenIndex
DbiRegenIndexes
DbiRegister
DbiRegisterCallBack
DbiRegisterCursor
DbiRelPersistTableLock
DbiRelRecordLock
DbiRelTableLock
DbiReleaseMem
DbiRenameTable
DbiResetDetailLinks
DbiResetRange
DbiSQLTextToCanEx
DbiSaveChanges
DbiSchemaCacheFlush
DbiSetCurrSession
DbiSetDateFormat
DbiSetDefaultRepository
DbiSetDirectory
DbiSetFieldMap
DbiSetFieldMap2
DbiSetFilterProps
DbiSetLDID19As13
DbiSetLDID19As19
DbiSetLDIDUSAsLocal
DbiSetLockRetry
DbiSetNumberFormat
DbiSetPrivateDir
DbiSetProp
DbiSetRange
DbiSetRefreshRange
DbiSetStats
DbiSetTimeFormat
DbiSetToBegin
DbiSetToBookMark
DbiSetToCursor
DbiSetToEnd
DbiSetToKey
DbiSetToRecordNo
DbiSetToSeqNo
DbiSetupExprObj
DbiSortTable
DbiSortTable2
DbiStartSession
DbiSwitchToIndex
DbiTimeDecode
DbiTimeEncode
DbiTimeStampDecode
DbiTimeStampEncode
DbiTranslateField
DbiTranslateRecordStructure
DbiTruncateBlob
DbiUCloseSecurityFile
DbiUCreateSecurityFile
DbiUDeleteSecurityUser
DbiUGetLoginSecurity
DbiUGetSecurityUserInfo
DbiUGetTablePrivileges
DbiUJoinIndexes
DbiUOpenSecurityFile
DbiUReadTableHdr
DbiURegenBlobFile
DbiUSetLoginSecurity
DbiUSetSecurityUserInfo
DbiUSetTablePrivileges
DbiUValidateSecurityUser
DbiUWriteTableHdr
DbiUndeleteRecord
DbiUnlinkDetail
DbiUseIdleTime
DbiValidateName
DbiValidateProp
DbiValidateRecordStructure
DbiVerifyField
DbiWriteBlock
DllEntryPoint
DllRegisterServer
DllUnregisterServer
DsProviderGetDataPacket
DsResolver
ExecCallBack
ExpGeneratePostFix
ExprGenPostFix
FAMILY
FreeVtObj
GetCallBack
GetExtFromTblType
GetLocalCp
GetSpc1
GetSpc2
GetTblTypeFromExt
GetTblTypeFromTblName
GetWorldFlags
GetszLDdb
GetszLDpx
ImltCreateTable
ImltCreateTable2
ImltExitSubSys
ImltInitSubSys
JapanStrCmp
JapanStrnCmp
JapanStrnCmpi
LBlobOpen
LISTLENGTH
LrNavCompSetup
LsDateDecode
LsDateEncode
LsGetDate
LsGetTime
LsGetTimeStampEncode
LsTimeDecode
LsTimeEncode
LsTimeStampDecode
LsTimeStampEncode
LsValidDate
MEMB
NCONC
NCONS
NULLP
OCCloseObjs
OCFindObj
OCRegisterObj
OCUnRegisterObj
OpenCallBack
OsAssert
OsChSize
OsClearError
OsClose
OsCloseForInstance
OsControlError
OsCopy
OsCopyShare
OsCreate
OsCreate2
OsCreateRWObj
OsCtxBegin
OsCtxClrStk
OsCtxCount
OsCtxEnd
OsCtxExit
OsCtxGetCur
OsCtxGetElem
OsCtxGetError
OsCtxGetSymStr
OsCtxInit
OsCtxPop
OsCtxPush
OsCtxSetFatal
OsCurrFile
OsDBGSaveError
OsDeleteRWObj
OsDirExists
OsDirFirst
OsDirNext
OsFileExists
OsFileExistsSearch
OsFileLength
OsFlushFileSize
OsFlushLocalBuf
OsFreeDll
OsFreeSharedSz
OsFreeSz
OsGetCodePage
OsGetCurDirEx
OsGetCurDrive
OsGetDate
OsGetDllFileName
OsGetFileTime
OsGetM
OsGetNetInMemFlag
OsGetOSType
OsGetPrivateProfileString
OsGetProcAddressByName
OsGetProcAddressByNum
OsGetProcessId
OsGetProfileString
OsGetSharedPtr
OsGetSystemTicks
OsGetTempDir
OsGetTempName
OsGetTime
OsIs386
OsIs386Enh
OsIsAlpha
OsIsDigit
OsIsFileLocal
OsIsFileOnCdRom
OsIsFileReadOnly
OsIsLocalDrive
OsIsLocalDrive_0
OsJLdCBtoM
OsJLdCMtoB
OsJLdCStrLen

Sections

CODE
Size: 429KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLSCBA
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dzgs/IDDBAS32.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@IntlAsianSort1$qqspvt1t1i
@IntlAsianSort2$qqspvt1t1i
@IntlAsianSort3$qqspvt1t1i
@IntlAsianSort4$qqspvt1t1i
@IntlAsianSort5$qqspvt1t1i
@IntlGetTrueStrLen$qqspci
@OdapiIndexObjectExprEqualCB$qqsp6ExpObjpc
@OdapiIndexObjectGetExactCB$qqsp6ExpObjulps
@OdapiIndexObjectKeyEndCB$qqsp6ExpObj
@OdapiIndexObjectKeyGenCB$qqsp6ExpObjpucult2
@OdapiIndexObjectKeyInfoCB$qqsp6ExpObjpust2pit4
@OdapiIndexObjectRecFilterCB$qqsp6ExpObjpuculpi
@OdapiIndexObjectSetExactCB$qqsp6ExpObjuls
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
BLM_BufferCollate
BLM_StrDbaseCompare
BLM_StrTranslation
BLM_ToSoundex
BLN_GetSysLocale
BLN_IsClass
BLN_QStrMatchi
BLN_QStrnMatchi
BLN_StrCollate
BLN_StrDbaseCompare
BLN_StrLower
BLN_StrTranslation
BLN_StrUpper
BLN_StrnLower
BLN_StrnUpper
BLN_ToLower
BLN_ToSoundex
BLN_ToUpper
BLW_GetSysLocale
BLW_StrTranslation
BL_BufferConvert
BL_CloseConversion
BL_CloseLocale
BL_CollationInfo
BL_Exit
BL_GetHlocaleCharacterSetName
BL_GetHlocaleInfo
BL_GetLDDescFromLDID
BL_GetLDIDFromHlocale
BL_GetTranslationCount
BL_GetTranslationInfo
BL_IsFirstByte
BL_OpenConversion
BL_OpenLocale
BL_OpenLocaleWithLDID
BL_OpenLocaleWithLDName
FiltFloatCompare
FloatCompare
OsLdMBRisCJKBlank
OsLdMBRisCJKKana
OsLdMBRisKana
OsLdMBRisLead
OsLdMBRisTrail
WEP
XBFINDOBJ
XBREGISTEROBJ
XBUNREGISTEROBJ
XDrvInit
_BL_InitClient
__DebuggerHookData
dbe_IsExprEqual
dbe_callback

Sections

CODE
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 27KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dzgs/IDR20009.DLL
.dll windows:1 windows x86 arch:x86

ca7840dd8b852014c2f3a1872f9911d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
EnterCriticalSection
CloseHandle
FreeEnvironmentStringsA
GetCommandLineA
GetCurrentThreadId
GetEnvironmentStrings
CreateFileA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetFileAttributesA
ExitProcess
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WriteFile
GetVersion

user32

MessageBoxA
EnumThreadWindows

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
WEP
__DebuggerHookData

Sections

CODE
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dzgs/MANGER.DBF
dzgs/Sound1.mid
dzgs/Sound12.mid
dzgs/Start.jpg
.jpg
dzgs/Thumbs.db
dzgs/USA.BTL
dzgs/WBX.DBF
dzgs/WBX.MDX
dzgs/WWE-TEST.TXT
dzgs/WWT-TEST.TXT
dzgs/Wbcz.DBF
dzgs/Wbcz.MDX
dzgs/card1.dbf
dzgs/card2.dbf
dzgs/cool.avi
dzgs/cool1.gif
.gif
dzgs/cool10.gif
.gif
dzgs/cool11.gif
.gif
dzgs/cool12.gif
.gif
dzgs/cool13.gif
.gif
dzgs/cool14.gif
.gif
dzgs/cool15.gif
.gif
dzgs/cool16.gif
.gif
dzgs/cool17.gif
.gif
dzgs/cool18.gif
.gif
dzgs/cool19.gif
.gif
dzgs/cool2.gif
.gif
dzgs/cool20.gif
.gif
dzgs/cool3.gif
.gif
dzgs/cool4.gif
.gif
dzgs/cool5.gif
.gif
dzgs/cool6.gif
.gif
dzgs/cool7.gif
.gif
dzgs/cool8.gif
.gif
dzgs/cool9.gif
.gif
dzgs/module.ini
dzgs/netview/wwtgrade.MDX
dzgs/netview/wwtgrade.dbf
dzgs/netview/wwtuser.dbf
dzgs/netview/wwtview.MDX
dzgs/netview/wwtview.dbf
dzgs/sound10.mid
dzgs/sound11.mid
dzgs/sound2.mid
dzgs/sound3.mid
dzgs/sound4.mid
dzgs/sound5.mid
dzgs/sound6.mid
dzgs/sound7.mid
dzgs/sound8.mid
dzgs/sound9.mid
dzgs/wsmanger.dbf

Sharing

General

Malware Config

Signatures

Files

302e92a8b022643b516e70240a11b811

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 54KB - Virtual size: 56KB

DATA Size: 37KB - Virtual size: 52KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 1KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

ac24d2585411ea8a1d33653136dd11ed

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

mpr

oleaut32

Exports

Exports

Sections

CODE Size: 429KB - Virtual size: 432KB

DATA Size: 72KB - Virtual size: 76KB

DATA Size: 512B - Virtual size: 4KB

TLSCBA Size: 512B - Virtual size: 24KB

.idata Size: 4KB - Virtual size: 4KB

.edata Size: 51KB - Virtual size: 52KB

.reloc Size: 15KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 392KB - Virtual size: 392KB

DATA Size: 27KB - Virtual size: 44KB

.INIT Size: 3KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 2KB - Virtual size: 4KB

.reloc Size: 13KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 4KB

ca7840dd8b852014c2f3a1872f9911d7

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 23KB - Virtual size: 24KB

DATA Size: 5KB - Virtual size: 20KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.rsrc Size: 81KB - Virtual size: 84KB

CODE
Size: 54KB - Virtual size: 56KB

DATA
Size: 37KB - Virtual size: 52KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 1KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 429KB - Virtual size: 432KB

DATA
Size: 72KB - Virtual size: 76KB

DATA
Size: 512B - Virtual size: 4KB

TLSCBA
Size: 512B - Virtual size: 24KB

.idata
Size: 4KB - Virtual size: 4KB

.edata
Size: 51KB - Virtual size: 52KB

.reloc
Size: 15KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 392KB - Virtual size: 392KB

DATA
Size: 27KB - Virtual size: 44KB

.INIT
Size: 3KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 4KB

.reloc
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 23KB - Virtual size: 24KB

DATA
Size: 5KB - Virtual size: 20KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 81KB - Virtual size: 84KB