3f437b8cc69dcb9906efdd567656033a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f437b8cc69dcb9906efdd567656033a_JaffaCakes118
Size

566KB
MD5

3f437b8cc69dcb9906efdd567656033a
SHA1

7d16bccdf2c516d7a3f9958f6fc43fb83d487db1
SHA256

a1e9be25bda3594d5f2ab0a8648b2b16b8439fae437f5edd18947f359cecddad
SHA512

cdf9de88610c16e0441e4a10ae324fc05a26f3ddfc875e2fe1262317b0b6db591108feafc5fd65678076ba90cdcc33f387674c604cecae00b76a2907e3cca2f8
SSDEEP

12288:V7vM8/vMHem1wPFBR9mJl7ALCagJfmbu8rNdM:V7U8/0D1w9T9sALCJJfWuGM

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
3f437b8cc69dcb9906efdd567656033a_JaffaCakes118
unpack001/$PLUGINSDIR/Blowfish.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Locate.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/XML.dll
unpack001/uninst.exe
unpack001/ǡʱ.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

3f437b8cc69dcb9906efdd567656033a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Blowfish.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Decrypt
Encrypt

Sections

CODE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Locate.dll
.dll windows:4 windows x86 arch:x86

7f8181c74f882a780c7cd485241e8b51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
MultiByteToWideChar
lstrlenW
lstrlenA
GetWindowsDirectoryW
WideCharToMultiByte
CompareFileTime
FindNextFileA
FindNextFileW
FileTimeToSystemTime
RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
FindFirstFileW
FindClose
SystemTimeToFileTime
FileTimeToLocalFileTime

user32

SetWindowTextA
SetWindowTextW
GetDlgItem
FindWindowExA
MessageBoxW

Exports

Exports

_Close
_Find
_GetSize
_Open
_RMDirEmpty
_Unload

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/XML.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
Groups/order.txt
Groups/ϵͳļ.cgp
Groups/Żվ.cgp
Groups/վ.cgp
Language/ChineseGB.ini
Resource/CollectorScript.txt.default
.js
Resource/DownManager.ini.default
.vbs
Resource/Filter.ini.default
Resource/KillFly.htm
.html .js polyglot
Resource/PopFilter.WAV
Resource/Proxy.ini.default
Resource/QiabiBrowser.ini.default
Resource/QiabiHelp.htm
Resource/RESOURCE.HTM
.html
Resource/SearchEngine.ini.default
Resource/baidu.ico
Resource/google.ico
Skin/Default/BackGround.bmp
Skin/Default/FavBar.bmp
Skin/Default/Go.bmp
Skin/Default/MainAnimIcon.bmp
Skin/Default/MainMenu.bmp
Skin/Default/MainTool16.bmp
Skin/Default/MainTool24.bmp
Skin/Default/MainToolGray16.bmp
Skin/Default/MainToolGray24.bmp
Skin/Default/SearchBar.bmp
Skin/Default/StatusTool.bmp
Skin/Default/SystemBar.bmp
Skin/Default/TaskBar.bmp
User/CollectorScript.txt
.js
User/DownManager.ini
.vbs
User/Filter.ini
User/LastVisit.ini
User/Proxy.ini
User/QiabiBrowser.ini
User/SearchEngine.ini
User/wish.txt
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
ǡʱ.exe
.exe windows:4 windows x86 arch:x86

ea517b117559bd76a74bb9ae9fde8d5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup
gethostbyname
gethostname

winmm

sndPlaySoundA

wininet

FindNextUrlCacheEntryA
InternetSetOptionA
FindCloseUrlCache
InternetQueryOptionA
GetUrlCacheEntryInfoA
FindFirstUrlCacheEntryA
GetUrlCacheEntryInfoExA
DeleteUrlCacheEntry

mfc42

ord2864
ord4189
ord858
ord4129
ord3216
ord6705
ord3582
ord2575
ord4396
ord3574
ord609
ord616
ord2302
ord2642
ord4406
ord3729
ord3619
ord1168
ord3663
ord3626
ord2414
ord1175
ord804
ord4267
ord4284
ord2754
ord3797
ord755
ord3089
ord5789
ord2860
ord470
ord4364
ord620
ord6887
ord298
ord4230
ord4220
ord2584
ord3654
ord535
ord2614
ord5572
ord2919
ord6270
ord2438
ord2863
ord4277
ord6662
ord4160
ord2920
ord823
ord2921
ord3289
ord1644
ord3495
ord1133
ord1803
ord2867
ord1137
ord1716
ord2681
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4303
ord3351
ord5012
ord976
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord401
ord674
ord4216
ord5254
ord1233
ord4413
ord5981
ord4772
ord5054
ord5031
ord4794
ord6334
ord3610
ord656
ord6453
ord665
ord1979
ord6385
ord5186
ord924
ord3874
ord354
ord6379
ord3876
ord941
ord922
ord2818
ord940
ord939
ord5683
ord6358
ord5871
ord4287
ord5883
ord6625
ord3499
ord2515
ord355
ord4278
ord6283
ord6282
ord2582
ord4402
ord3370
ord3640
ord693
ord2298
ord6905
ord3521
ord5710
ord2763
ord6007
ord3998
ord3996
ord6402
ord3286
ord6449
ord2727
ord6467
ord2730
ord2729
ord2915
ord5875
ord2859
ord1641
ord5440
ord6383
ord5450
ord6394
ord6888
ord6907
ord6675
ord3301
ord926
ord6874
ord5601
ord6008
ord2652
ord1669
ord801
ord4000
ord5861
ord6569
ord1085
ord6883
ord541
ord3398
ord3733
ord802
ord810
ord542
ord4271
ord2777
ord3287
ord3290
ord4125
ord3914
ord1146
ord3303
ord913
ord2149
ord3754
ord3753
ord6605
ord4506
ord4202
ord3742
ord818
ord4275
ord6146
ord5885
ord6380
ord2123
ord4299
ord5037
ord4456
ord1841
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord3748
ord1725
ord4432
ord1238
ord365
ord784
ord4241
ord2688
ord861
ord465
ord466
ord2241
ord1601
ord1574
ord3470
ord455
ord2764
ord539
ord3005
ord2135
ord5281
ord5260
ord4881
ord2847
ord6143
ord4204
ord5442
ord3318
ord2784
ord6663
ord6877
ord1200
ord1199
ord4123
ord551
ord3337
ord3811
ord547
ord5510
ord2457
ord1647
ord429
ord3092
ord6876
ord3317
ord397
ord699
ord1859
ord4246
ord3869
ord2127
ord2391
ord6199
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord4437
ord4428
ord700
ord398
ord402
ord796
ord2119
ord6067
ord6069
ord3482
ord6068
ord6000
ord2455
ord3522
ord4457
ord1205
ord6903
ord6784
ord536
ord2765
ord1105
ord6403
ord2513
ord293
ord2086
ord6209
ord2494
ord2627
ord2626
ord5484
ord5032
ord4773
ord6458
ord5284
ord5609
ord6649
ord4774
ord4538
ord4724
ord4776
ord5622
ord1109
ord5255
ord4337
ord798
ord1997
ord5465
ord6407
ord532
ord3175
ord3439
ord912
ord5593
ord6567
ord4590
ord923
ord5194
ord533
ord5066
ord2012
ord5608
ord4188
ord6648
ord690
ord1988
ord5207
ord389
ord1938
ord4454
ord4759
ord4813
ord2841
ord2107
ord3721
ord795
ord3910
ord2148
ord6646
ord6111
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5289
ord5714
ord1576
ord815
ord561
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord2558
ord1134
ord824
ord617
ord2621
ord5214
ord296
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord426
ord726
ord826
ord2725
ord1570
ord1197
ord3030
ord1223
ord1206
ord271
ord1099
ord3719
ord793
ord2294
ord2362
ord2358
ord2363
ord2289
ord3631
ord683
ord3226
ord3302
ord6785
ord6615
ord4114
ord6880
ord772
ord6142
ord500
ord5278
ord3813
ord5860
ord2645
ord1816
ord326
ord640
ord2405
ord1640
ord323
ord2567
ord2380
ord2243
ord2587
ord3394
ord1779
ord2299
ord5594
ord5583
ord668
ord1980
ord3181
ord3178
ord2781
ord2770
ord356
ord2297
ord4224
ord6357
ord2080
ord4083
ord1864
ord3701
ord1709
ord5153
ord3571
ord816
ord4023
ord2569
ord2714
ord5785

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
strtok
_itoa
_stat
_mkdir
_ultoa
_wcsicmp
_setmbcp
__CxxFrameHandler
_stricmp
_purecall
_ftol
strstr
wcsstr
memmove
malloc
strncpy
strchr
free
sprintf
strncmp
wcscmp
_strupr
atol
atoi
strrchr
isalnum
wcslen
realloc
remove
rename
rand
srand
time
_strdup
_splitpath
_exit

kernel32

QueryPerformanceCounter
lstrlenW
GetModuleFileNameA
FileTimeToDosDateTime
MoveFileA
DeleteFileA
GetPrivateProfileStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
FindFirstFileA
lstrcmpA
lstrcmpiA
WaitForSingleObject
FindClose
GetFullPathNameA
lstrlenA
lstrcpyA
CreateMutexA
LoadLibraryA
GetProcAddress
WritePrivateProfileStringA
CreateFileA
GetFileSize
CloseHandle
OpenFile
CopyFileA
GetLastError
GetLocalTime
GlobalLock
GlobalUnlock
lstrcatA
Sleep
GetVersion
MulDiv
GetFileAttributesA
RemoveDirectoryA
SetFileAttributesA
GetVersionExA
InterlockedExchange
RaiseException
GetStartupInfoA
GetPrivateProfileIntA
GlobalAlloc
GlobalSize
GlobalFree
WideCharToMultiByte
WritePrivateProfileSectionA
QueryPerformanceFrequency
ExpandEnvironmentStringsA
OpenProcess
GetCurrentThreadId
GetCurrentProcessId
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
LocalFree
LocalAlloc
GetTempPathA
GetPrivateProfileSectionA
GlobalMemoryStatus
CreateProcessA
GetEnvironmentStrings
FreeLibrary
ReleaseMutex
CreateSemaphoreA
HeapDestroy
DeleteCriticalSection
GetCommandLineA
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
FindNextFileA
GetModuleHandleA
GetShortPathNameA

user32

GetNextDlgGroupItem
SetMenuItemInfoA
GetFocus
RegisterWindowMessageA
GetSystemMetrics
RegisterHotKey
SetPropA
IsChild
WindowFromPoint
SetMenuDefaultItem
IsIconic
GetWindowThreadProcessId
EnumWindows
UnregisterHotKey
UpdateWindow
IsZoomed
FindWindowExA
DeleteMenu
ReleaseDC
GetDC
SetForegroundWindow
BringWindowToTop
TrackPopupMenuEx
GetWindowTextA
GetClassNameA
InsertMenuA
keybd_event
MapVirtualKeyA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetMenu
GetLastActivePopup
GetPropA
CharNextA
EnumChildWindows
InflateRect
SetFocus
OffsetRect
wsprintfA
GetSysColorBrush
EndDeferWindowPos
BeginDeferWindowPos
FillRect
GetClassLongA
GetClipboardData
GetDCEx
SetParent
GetSystemMenu
TabbedTextOutA
DrawTextA
GrayStringA
DrawIconEx
DrawEdge
SetRect
DestroyMenu
SystemParametersInfoA
LoadImageA
SetWindowLongA
LoadBitmapA
KillTimer
SetTimer
GetWindow
LoadIconA
GetMenuItemCount
GetMenuItemInfoA
GetMenuState
GetMenuItemID
CheckMenuItem
EnableMenuItem
GetParent
UnionRect
IsRectEmpty
SetRectEmpty
GetWindowLongA
ShowWindow
CreatePopupMenu
GetWindowRect
ClientToScreen
IsMenu
AppendMenuA
GetSubMenu
GetMenuStringA
CopyRect
GetClientRect
DestroyIcon
ReleaseCapture
SetCapture
InvalidateRect
PostMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PtInRect
GetDesktopWindow
LoadMenuA
ModifyMenuA
GetCursorPos
ScreenToClient
LockWindowUpdate
RedrawWindow
TrackPopupMenu
GetCursor
SetCursor
LoadCursorA
GetSysColor
RegisterClipboardFormatA
GetKeyState
SendMessageA
IsWindow
IsWindowVisible
EnableWindow
FindWindowA

gdi32

Ellipse
CreatePen
CreateDIBSection
SelectObject
CreateSolidBrush
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
PatBlt
CreateCompatibleBitmap
BitBlt
GetTextColor
GetDeviceCaps
CreateCompatibleDC
EnumFontFamiliesA
GetTextExtentPoint32A
CreateFontIndirectA
DeleteObject
GetBkMode

advapi32

RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
IsTextUnicode
RegDeleteValueA

shell32

Shell_NotifyIconA
DragFinish
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
ShellExecuteA
SHGetMalloc
SHGetDesktopFolder
DragQueryFileA
SHGetSpecialFolderPathA

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock

ole32

CoRegisterClassObject
CoCreateInstance
CoGetClassObject
CoRevokeClassObject
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

LoadTypeLi
VariantClear
SysAllocString
RegisterTypeLi
SysFreeString

urlmon

CoInternetGetSession

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 13KB - Virtual size: 13KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 906B

.edata Size: 512B - Virtual size: 89B

.reloc Size: 1024B - Virtual size: 880B

.rsrc Size: 512B - Virtual size: 512B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

7f8181c74f882a780c7cd485241e8b51

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 848B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 12KB - Virtual size: 12KB

CODE
Size: 13KB - Virtual size: 13KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 906B

.edata
Size: 512B - Virtual size: 89B

.reloc
Size: 1024B - Virtual size: 880B

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 848B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 12KB - Virtual size: 12KB