3f17c5161c07395d1d4241a666f4e83e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3f17c5161c07395d1d4241a666f4e83e_JaffaCakes118
Size

4.5MB
MD5

3f17c5161c07395d1d4241a666f4e83e
SHA1

a9509ceca32df124b50a1ca971fc48c52aa36809
SHA256

cfac663ce6d6b69fa74c1e5dda175f82b4d3e83d4a52da8b0777fa707689211f
SHA512

adda297381f7ae61fe10f2740ddcf2b520b590a64b2ceeb1e0aa0b3d9d49bc260084b0371f9e1eb158bf8a73763a01f6281d8c0b31df56201a1e968e86c4937d
SSDEEP

98304:1ZqFcd/B9nIVGUZmFyA5sQcAgnVdinjY96j8S61x8nLs9+WPsMZrNf:1HdZRIvZMyKUnVGjroS61an4EWPxZrNf

Score

7^/10

vmprotect upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/v/Skin.dll	acprotect
static1/unpack001/v/pe.dll	acprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/v/9PbHH.dll	vmprotect
static1/unpack001/v/VEzOD.dll	vmprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/v/Skin.dll	upx
static1/unpack002/out.upx	upx
static1/unpack001/v/War3Shout.exe	upx
static1/unpack001/v/pe.dll	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v/9PbHH.dll
unpack001/v/Skin.dll
unpack002/out.upx
unpack001/v/VEzOD.dll
unpack001/v/War3Shout.exe
unpack003/out.upx
unpack001/v/pe.dll
unpack004/out.upx
unpack001/v/v.exe
unpack001/启动VK.exe

Files

3f17c5161c07395d1d4241a666f4e83e_JaffaCakes118
.rar
v/9PbHH.dll
.dll windows:4 windows x86 arch:x86

8ec9fb808831eef452eca3876766d2be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowsHookExA
MessageBoxA

shlwapi

StrStrIW

wininet

InternetOpenUrlA

Exports

Exports

WWWWW

Sections

.text
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v/Skin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v/VEzOD.dll
.dll windows:4 windows x86 arch:x86

332244912e7295b37871eef2b7ce7275

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
VirtualProtectEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualProtect
LoadLibraryA
OpenEventA
SetUnhandledExceptionFilter
GetTickCount
ReadProcessMemory
lstrcatA
TerminateProcess
GetLocalTime
GetSystemTime
GetModuleFileNameW
CreateFileW
GetCurrentProcessId
lstrcpyA
MapViewOfFile
OpenFileMappingA
GetProcAddress
GetModuleHandleA
Sleep
CreateThread
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
GetTempPathA
WriteProcessMemory
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetEndOfFile
GetOEMCP
InterlockedExchange
DeleteCriticalSection
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
RaiseException
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CloseHandle
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetTickCount
TerminateProcess
GetCurrentProcess
CreateEventW
GetModuleHandleW
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
DeleteCriticalSection
LoadLibraryW
CompareStringW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
SetLastError
GetModuleHandleA
FreeLibrary
GetCommandLineA
HeapAlloc
RaiseException
GetLastError
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualQuery
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
GetKeyState
MessageBoxW
wsprintfW
MessageBoxA

wininet

InternetCloseHandle
InternetSetOptionA
InternetOpenA
InternetOpenUrlA
InternetReadFile

shlwapi

PathFileExistsA

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 684KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v/VKCFG.ini
v/War3Shout.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
v/hdl.wav
v/pe.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v/v.exe
.exe windows:5 windows x86 arch:x86

b5a7554b65d1e20974f3bae8e576393b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
ord693
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord695
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
ord696
__vbaVarIdiv
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
ord512
__vbaRaiseEvent
ord621
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaI2Abs
__vbaCopyBytes
ord629
__vbaStrCat
__vbaError
ord553
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
ord662
ord557
__vbaLenVar
__vbaVargVarCopy
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaLateMemSt
__vbaExitProc
__vbaVarForInit
ord593
ord594
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaStrFixstr
__vbaBoolVar
ord520
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
__vbaVargVarMove
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaAryConstruct2
ord560
__vbaR4Str
ord561
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaLsetFixstrFree
ord536
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord570
__vbaVarLateMemCallLdRf
__vbaR8Str
ord571
__vbaVarInt
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
ord689
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaVarCopy
ord616
__vbaVarLateMemCallLd
__vbaFpI4
__vbaR8IntI2
__vbaLateMemCallLd
ord617
__vbaRecDestructAnsi
_CIatan
ord618
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaStrVarCopy
ord619
__vbaR8IntI4
__vbaVarNeg
ord542
ord543
_allmul
__vbaLenVarB
ord544
__vbaLateIdSt
ord545
_CItan
ord546
__vbaUI1Var
ord547
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr
ord581

msvcrt

__dllonexit

psapi

GetMappedFileNameW

kernel32

DeleteFileW

user32

wsprintfW

advapi32

RegQueryValueExA

Sections

.text
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.viou
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.viou
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
v/vkbg.jpg
.jpg
v/vkskin.she
v/wsset.ini
启动VK.exe
.exe windows:4 windows x86 arch:x86

ebe580121cca4b5dda0428b5b865541b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord593
ord594
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord645
ord576
ord100
ord581

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ec9fb808831eef452eca3876766d2be

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 90KB

.rdata Size: - Virtual size: 14KB

.data Size: - Virtual size: 28KB

.vmp0 Size: - Virtual size: 11KB

.vmp1 Size: - Virtual size: 2.0MB

.vmp2 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 4KB - Virtual size: 204B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 148KB

UPX1 Size: 86KB - Virtual size: 88KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.UPX0 Size: 12KB - Virtual size: 10KB

.UPX1 Size: 8KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 8KB

332244912e7295b37871eef2b7ce7275

Headers

File Characteristics

Imports

kernel32

user32

wininet

shlwapi

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 24KB - Virtual size: 42KB

.vmp0 Size: 16KB - Virtual size: 13KB

.vmp1 Size: 684KB - Virtual size: 681KB

.vmp2 Size: 32KB - Virtual size: 28KB

.reloc Size: 12KB - Virtual size: 9KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 68KB

UPX1 Size: 23KB - Virtual size: 24KB

.rsrc Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 60KB - Virtual size: 56KB

.data Size: - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 9KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 13KB - Virtual size: 16KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 2KB

.text
Size: - Virtual size: 90KB

.rdata
Size: - Virtual size: 14KB

.data
Size: - Virtual size: 28KB

.vmp0
Size: - Virtual size: 11KB

.vmp1
Size: - Virtual size: 2.0MB

.vmp2
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 4KB - Virtual size: 204B

UPX0
Size: - Virtual size: 148KB

UPX1
Size: 86KB - Virtual size: 88KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.UPX0
Size: 12KB - Virtual size: 10KB

.UPX1
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 42KB

.vmp0
Size: 16KB - Virtual size: 13KB

.vmp1
Size: 684KB - Virtual size: 681KB

.vmp2
Size: 32KB - Virtual size: 28KB

.reloc
Size: 12KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 68KB

UPX1
Size: 23KB - Virtual size: 24KB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 60KB - Virtual size: 56KB

.data
Size: - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 13KB - Virtual size: 16KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 636KB - Virtual size: 636KB

.viou
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 16KB

.viou
Size: 4KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 304B

.data
Size: - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 13KB