3abb4d3cd66e32e69edc6d3c6d71ff0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3abb4d3cd66e32e69edc6d3c6d71ff0c_JaffaCakes118
Size

973KB
MD5

3abb4d3cd66e32e69edc6d3c6d71ff0c
SHA1

91d10f073e86bef03077168782993b73b27ff285
SHA256

366904a985f8973682e3a7ec8cef387fa39aac84a521d401dcf1d256f833ee8b
SHA512

8764130083082d371472a3fed4a5949660c6db5f5345bfca924a54330b09a1355f3c82d40430aa7b3c5d48f4e970509b5c4bce517c087fc240a49904dee7824a
SSDEEP

24576:28dUomoi8yxxZgIq9Fe2PcRSjB1u5pEql98f:1Nnidxx0Fe2MSjCjL9u

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SSF.exe
unpack001/SSFV_Encoder.dll
unpack001/SSFV_Reader.aui
unpack001/SSFa.exe
unpack001/VC2012/SSF.exe
unpack001/VC2012/SSFV_Encoder.dll
unpack001/VC2012/SSFV_Reader.aui
unpack001/VC2012/ZIP_Decoder.dll
unpack001/ZIP_Decoder.dll

Files

3abb4d3cd66e32e69edc6d3c6d71ff0c_JaffaCakes118
.7z
Readme.txt
SSF.exe
.exe windows:5 windows x86 arch:x86

bc8cea175c0f3577b21587f0cab2af1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
ord17

comdlg32

GetOpenFileNameA

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

gdi32

GetStockObject

imm32

ImmGetDefaultIMEWnd

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

user32

DestroyWindow
PostMessageA
MessageBoxA
CreateIcon
LoadMenuA
SetMenu
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
UnhookWindowsHookEx
GetDlgItemTextA
MapWindowPoints
MoveWindow
CreateDialogParamA
SetMenuItemInfoA
SetCursor
ShowCursor
ClipCursor
ClientToScreen
SetWindowPos
SetForegroundWindow
GetWindowRect
SetActiveWindow
DialogBoxParamA
SendMessageA
ShowWindow
GetDlgItem
SendDlgItemMessageA
EnableWindow
EndDialog
GetAsyncKeyState
SetWindowTextA
LoadStringA
SetDlgItemTextA
GetClientRect
SetRect
LoadCursorA
RegisterClassExA
AdjustWindowRectEx
CreateWindowExA
PostQuitMessage
DefWindowProcA

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

kernel32

GetProcessHeap
CreateFileW
SetEndOfFile
GetStringTypeW
WriteConsoleW
FlushFileBuffers
SetStdHandle
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
MultiByteToWideChar
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SuspendThread
Sleep
CreateThread
CloseHandle
TerminateThread
ResumeThread
FindClose
GetLastError
FindNextFileA
FindFirstFileA
CreateDirectoryA
SetPriorityClass
GetCurrentProcess
QueryPerformanceCounter
GetFileAttributesA
VirtualFree
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateFileA
ReadFile
SetFilePointer
QueryPerformanceFrequency
GetPriorityClass
GetExitCodeThread
SetThreadPriority
GetLocalTime
VirtualAlloc
CreateSemaphoreA
CreateEventA
GetCurrentThread
GetModuleFileNameA
GetEnvironmentVariableA
GetProcAddress
LoadLibraryA
FreeLibrary
DeviceIoControl
GetDriveTypeA
GetLogicalDriveStringsA
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
DeleteFileA
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 695KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352KB - Virtual size: 129.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSFV_Encoder.dll
.dll windows:5 windows x86 arch:x86

e2e2e31677a850271788b89a1e55f9e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetStartupInfoW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CreateDirectoryA
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
EncodePointer
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent

Exports

Exports

GetAvarageBitrate
GetFramePerSecond
Initialize
Release
WriteFrame

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSFV_Reader.aui
.dll windows:5 windows x86 arch:x86

3df6114dc46253cc623740c15eaeaf91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

InitializeCriticalSectionAndSpinCount
GetFileSize
CreateFileA
GetLastError
CreateDirectoryA
GetFullPathNameA
ReadFile
SetFilePointer
WriteFile
CloseHandle
HeapAlloc
RtlUnwind
RaiseException
GetCurrentThreadId
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
HeapFree
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Exports

Exports

GetInputPluginTable

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSFa.exe
.exe windows:5 windows x86 arch:x86

bc8cea175c0f3577b21587f0cab2af1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
ord17

comdlg32

GetOpenFileNameA

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

gdi32

GetStockObject

imm32

ImmGetDefaultIMEWnd

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

user32

DestroyWindow
PostMessageA
MessageBoxA
CreateIcon
LoadMenuA
SetMenu
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
UnhookWindowsHookEx
GetDlgItemTextA
MapWindowPoints
MoveWindow
CreateDialogParamA
SetMenuItemInfoA
SetCursor
ShowCursor
ClipCursor
ClientToScreen
SetWindowPos
SetForegroundWindow
GetWindowRect
SetActiveWindow
DialogBoxParamA
SendMessageA
ShowWindow
GetDlgItem
SendDlgItemMessageA
EnableWindow
EndDialog
GetAsyncKeyState
SetWindowTextA
LoadStringA
SetDlgItemTextA
GetClientRect
SetRect
LoadCursorA
RegisterClassExA
AdjustWindowRectEx
CreateWindowExA
PostQuitMessage
DefWindowProcA

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

kernel32

GetProcessHeap
CreateFileW
SetEndOfFile
GetStringTypeW
WriteConsoleW
FlushFileBuffers
SetStdHandle
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
MultiByteToWideChar
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SuspendThread
Sleep
CreateThread
CloseHandle
TerminateThread
ResumeThread
FindClose
GetLastError
FindNextFileA
FindFirstFileA
CreateDirectoryA
SetPriorityClass
GetCurrentProcess
QueryPerformanceCounter
GetFileAttributesA
VirtualFree
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateFileA
ReadFile
SetFilePointer
QueryPerformanceFrequency
GetPriorityClass
GetExitCodeThread
SetThreadPriority
GetLocalTime
VirtualAlloc
CreateSemaphoreA
CreateEventA
GetCurrentThread
GetModuleFileNameA
GetEnvironmentVariableA
GetProcAddress
LoadLibraryA
FreeLibrary
DeviceIoControl
GetDriveTypeA
GetLogicalDriveStringsA
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
DeleteFileA
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 695KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 353KB - Virtual size: 129.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VC2012/SSF.exe
.exe windows:6 windows x86 arch:x86

c288c6138cc36b7f3e978b4d404b374c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
ord17

comdlg32

GetOpenFileNameA

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

gdi32

GetStockObject

imm32

ImmGetDefaultIMEWnd

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

user32

PostMessageA
DefWindowProcA
PostQuitMessage
DestroyIcon
CreateIcon
UnhookWindowsHookEx
MapWindowPoints
ClientToScreen
ClipCursor
SetCursor
ShowCursor
GetWindowRect
SetForegroundWindow
SetActiveWindow
UpdateWindow
SetMenuItemInfoA
SetMenu
LoadMenuA
EnableWindow
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
CreateDialogParamA
SetWindowPos
MoveWindow
ShowWindow
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowTextA
GetAsyncKeyState
SetDlgItemTextA
LoadStringA
SetRect
GetClientRect
LoadCursorA
MessageBoxA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassExA

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

kernel32

CreateFileW
SetEndOfFile
LCMapStringW
GetStringTypeW
WriteConsoleW
FlushFileBuffers
SetStdHandle
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapSize
DeleteFileW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetConsoleCP
WideCharToMultiByte
GetStartupInfoW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleFileNameW
WriteFile
GetStdHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
Sleep
CreateThread
TerminateThread
SuspendThread
ResumeThread
FindClose
FindFirstFileA
FindNextFileA
GetLastError
GetEnvironmentVariableA
CreateDirectoryA
CreateFileA
GetFileAttributesA
ReadFile
SetFilePointer
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetExitCodeThread
SetPriorityClass
GetPriorityClass
GetLocalTime
VirtualAlloc
VirtualFree
GetModuleFileNameA
WaitForMultipleObjects
CreateSemaphoreA
FreeLibrary
GetProcAddress
LoadLibraryA
GetDriveTypeA
DeviceIoControl
GetLogicalDriveStringsA
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetCommandLineA
GetProcessHeap
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 724KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 354KB - Virtual size: 128.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VC2012/SSFV_Encoder.dll
.dll windows:6 windows x86 arch:x86

aedb0655d388232c36c8026c5a144a24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetCurrentProcess
CreateFileW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CreateDirectoryA
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
RaiseException
SetLastError
InterlockedIncrement
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
RtlUnwind
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

GetAvarageBitrate
GetFramePerSecond
Initialize
Release
WriteFrame

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VC2012/SSFV_Reader.aui
.dll windows:6 windows x86 arch:x86

86a8c9443655d0b6cf01fae7d5ea3df4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

UnhandledExceptionFilter
CreateFileW
CreateDirectoryA
CreateFileA
GetFileSize
GetFullPathNameA
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
HeapAlloc
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
HeapFree
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetProcessHeap
SetLastError
InterlockedIncrement
IsProcessorFeaturePresent
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

GetInputPluginTable

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VC2012/ZIP_Decoder.dll
.dll windows:6 windows x86 arch:x86

54d5cb269d2f59ac3ab828746404139f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetCurrentProcessId
SetEndOfFile
RtlUnwind
RaiseException
ReadFile
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
SetLastError
InterlockedIncrement
InterlockedDecrement
IsProcessorFeaturePresent
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
WideCharToMultiByte
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
DeleteFileW
GetProcessHeap
GetModuleFileNameW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers
WriteConsoleW
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
HeapReAlloc
GetStringTypeW
CreateFileW
HeapSize
LCMapStringW

Exports

Exports

DecodeFile
DecodeFile2
DecodeMemory
DecodeMemory2
GetFileNumber
GetRealFileSize
GetRealFilename
Initialize
Release

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZIP_Decoder.dll
.dll windows:5 windows x86 arch:x86

4010335a71452c6bdd4ede6037e29d1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetConsoleMode
RtlUnwind
RaiseException
GetLastError
DeleteFileA
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WriteFile
WideCharToMultiByte
GetConsoleCP
MultiByteToWideChar
ReadFile
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameW
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
LoadLibraryW
HeapReAlloc
LCMapStringW
GetStringTypeW
SetEndOfFile
GetProcessHeap
CreateFileW

Exports

Exports

DecodeFile
DecodeFile2
DecodeMemory
DecodeMemory2
GetFileNumber
GetRealFileSize
GetRealFilename
Initialize
Release

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc8cea175c0f3577b21587f0cab2af1f

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

comdlg32

d3d9

dinput8

gdi32

imm32

ole32

user32

winmm

kernel32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 695KB - Virtual size: 695KB

.data Size: 352KB - Virtual size: 129.6MB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 541KB - Virtual size: 540KB

e2e2e31677a850271788b89a1e55f9e0

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 8.4MB

.reloc Size: 25KB - Virtual size: 25KB

3df6114dc46253cc623740c15eaeaf91

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 1.1MB

.reloc Size: 7KB - Virtual size: 7KB

bc8cea175c0f3577b21587f0cab2af1f

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

comdlg32

d3d9

dinput8

gdi32

imm32

ole32

user32

winmm

kernel32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 695KB - Virtual size: 695KB

.data Size: 353KB - Virtual size: 129.6MB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 541KB - Virtual size: 540KB

c288c6138cc36b7f3e978b4d404b374c

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 695KB - Virtual size: 695KB

.data
Size: 352KB - Virtual size: 129.6MB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 541KB - Virtual size: 540KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 8.4MB

.reloc
Size: 25KB - Virtual size: 25KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 1.1MB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 695KB - Virtual size: 695KB

.data
Size: 353KB - Virtual size: 129.6MB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 541KB - Virtual size: 540KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 724KB - Virtual size: 724KB

.data
Size: 354KB - Virtual size: 128.1MB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 545KB - Virtual size: 545KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 8.4MB

.reloc
Size: 33KB - Virtual size: 33KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 1.1MB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 15KB - Virtual size: 15KB