55aba95d8a95228ba585a753cd25d772_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

55aba95d8a95228ba585a753cd25d772_JaffaCakes118
Size

1.6MB
MD5

55aba95d8a95228ba585a753cd25d772
SHA1

875db22f0783b1fa3ca0b4bde35062d4ef0de5f8
SHA256

36859550a2792ba6b07ea39456f02dacafcb657ab2c3503760cf6da6096157f9
SHA512

5ab5be8f7ffc5e9ba9d44e929c315c658db49029087be48bb36693fb274ff4d17c05248feb5a546fc90b6e8cdbfee7a8533a7456abd40daf9a084fd32ea76fc7
SSDEEP

49152:z3cxQj5AEYkdFOi89sfsjLX+zEZTDi3+e+Ej8s:IxgAEYQOi89rjzvng+x

Score

8^/10

pdf link macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
static1/unpack001/examples/excel/example.xls	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/examples/excel/example.xls

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/user_manual.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/mbpoll.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

55aba95d8a95228ba585a753cd25d772_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:37:60:30:23:3e:3a:25:69:20:d3:c6:c9:b9:9f:4e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/03/2013, 00:00

Not After

14/03/2014, 23:59

Subject

CN=Witte Software,O=Witte Software,POSTALCODE=7800,STREET=Marianevej 87,L=Skive,ST=Vinde,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

84:10:0b:d9:6d:34:c3:12:e0:0b:7c:ca:2f:f3:a1:16:65:a8:ae:fe
Signer

Actual PE Digest

84:10:0b:d9:6d:34:c3:12:e0:0b:7c:ca:2f:f3:a1:16:65:a8:ae:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
ReadMe.txt
examples/VB6/vbexample.frm
.vbs
examples/VB6/vbexample.vbp
examples/VB6/vbexample.vbw
examples/VBNET/VBExample.resX
.vbs .xml polyglot
examples/VBNET/VBExample.vb
.vbs
examples/VBNET/vbexample.sln
examples/VBNET/vbexample.vbproj
examples/VBNET/vbexample.vbproj.user
examples/excel/example.xls
.xls windows office2003

ThisWorkbook

Sheet1

Sheet2

Sheet3

Module1

Module2

Class1
images/connection.png
.png
images/definition.png
.png
images/entervalue.png
.png
images/mbpoll.png
.png
images/readwritemenu.png
.png
license.txt
mbpoll.chm
.chm
mbpoll.exe
.exe windows:5 windows x64 arch:x64

d9557f75db0c659c7c8845835cdcd45c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

socket
WSAStartup
send
WSAGetLastError
recv
recvfrom
closesocket
WSACleanup
ioctlsocket
sendto
select
inet_addr
connect
htons

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiClassGuidsFromNameW
SetupDiOpenDevRegKey

kernel32

RtlUnwindEx
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitThread
CreateThread
RaiseException
RtlPcToFileHeader
HeapReAlloc
SetStdHandle
GetFileType
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapQueryInformation
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
RtlLookupFunctionEntry
GetCommandLineW
SetHandleCount
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetStartupInfoW
GetCurrentDirectoryW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
TlsAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetProfileIntW
GetDiskFreeSpaceW
GetTempFileNameW
ResumeThread
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
lstrcmpiW
GetThreadLocale
GetStringTypeExW
DeleteFileW
MoveFileW
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
lstrcmpA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetModuleHandleA
GetCurrentProcessId
GlobalGetAtomNameW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
WideCharToMultiByte
CopyFileW
FormatMessageW
LocalFree
lstrlenW
FreeResource
GetWindowsDirectoryW
FreeLibrary
GlobalSize
GlobalReAlloc
GetVersionExW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
CreateSemaphoreW
SetThreadPriority
Sleep
WaitForSingleObject
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
lstrcpyW
MulDiv
ReleaseSemaphore
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateFileW
SetupComm
GetCommState
SetCommState
GetTickCount
ReadFile
WriteFile
ClearCommError
SetCommTimeouts
PurgeComm
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetEnvironmentStringsW

user32

PostQuitMessage
ValidateRect
ShowOwnedPopups
RegisterClipboardFormatW
GetMenuItemInfoW
DestroyCursor
GetSysColorBrush
UnregisterClassW
GetDCEx
LockWindowUpdate
DestroyIcon
PostThreadMessageW
DrawIcon
CopyAcceleratorTableW
CreateMenu
GetTabbedTextExtentA
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
CharUpperW
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
LoadAcceleratorsW
GetScrollPos
SetScrollPos
GetWindow
SetFocus
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
RemoveMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
EqualRect
SetWindowLongW
CopyIcon
SetRectEmpty
LoadImageW
DrawIconEx
GetIconInfo
IsChild
ChildWindowFromPointEx
GetDesktopWindow
SetWindowRgn
DrawFrameControl
OffsetRect
GetDoubleClickTime
WindowFromPoint
IsWindowVisible
ClientToScreen
IsRectEmpty
CopyRect
ReleaseCapture
ClipCursor
GetCursorPos
GetMessagePos
GrayStringW
DrawTextExW
TabbedTextOutW
GetSystemMetrics
IsClipboardFormatAvailable
GetClassInfoW
DefWindowProcW
GetParent
GetFocus
SetCapture
GetCapture
ScreenToClient
InvertRect
IntersectRect
GetKeyState
DrawTextW
SetCursor
LoadCursorW
DrawEdge
FrameRect
FillRect
InflateRect
SetRect
SystemParametersInfoW
PostMessageW
InvalidateRect
LoadMenuW
GetSubMenu
IsWindow
PtInRect
GetSysColor
DrawFocusRect
WaitMessage
GetMessageW
TranslateMessage
SetParent
GetSystemMenu
DeleteMenu
SetTimer
KillTimer
EndPaint
BeginPaint
GetWindowDC
UnpackDDElParam
ReuseDDElParam
DestroyMenu
SetScrollInfo
GetWindowThreadProcessId
UpdateWindow
GetWindowRect
IsZoomed
IsIconic
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
ReleaseDC
GetDC
MapWindowPoints
GetClientRect
wsprintfW
SendMessageW
EnableWindow
InsertMenuItemW
CreatePopupMenu
RedrawWindow
TranslateAcceleratorW
TranslateMDISysAccel
GetWindowTextW
BringWindowToTop
GetWindowTextLengthW

gdi32

PatBlt
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetBkMode
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
Escape
TextOutW
CreatePatternBrush
CreateSolidBrush
GetCharWidthW
StretchDIBits
DPtoLP
SetAbortProc
GetViewportOrgEx
Rectangle
CreateRectRgnIndirect
SetRectRgn
CreateEllipticRgn
LPtoDP
Ellipse
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
ExtTextOutW
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
RectVisible
PtVisible
EndDoc
AbortDoc
EndPage
StartPage
StartDocW
BitBlt
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
GetCurrentObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
DeleteDC
CreateFontW
GetClipBox
CreateDCW
CopyMetaFileW
GetStockObject
GetTextColor
DeleteObject
FrameRgn
FillRgn
OffsetRgn
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
GetTextMetricsW
SetPolyFillMode

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

RegDeleteValueW
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegDeleteKeyW
RegCloseKey
RegSetValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
DragFinish
DragQueryFileW
SHGetFileInfoW
ExtractIconW
DragAcceptFiles

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
StrToIntW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleDestroyMenuDescriptor
CreateStreamOnHGlobal
OleCreateMenuDescriptor
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize
OleDuplicateData
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
CoDisconnectObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleGetClipboard
CLSIDFromString
CLSIDFromProgID
OleRun

oleaut32

SysAllocStringLen
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElemsize
SysAllocString
VariantCopy
VariantInit
VariantChangeType
SysStringByteLen
SysStringLen
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VariantClear
LoadTypeLi

Sections

.text
Size: 715KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mbpoll.tlb
quick.html
.html
uninstall.exe.nsis
user_manual.pdf
.pdf
- http://www.modbus.org
- http://www.modbus.org/
- http://www.modbustools.com
- http://www.modbustools.com/

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

82:37:60:30:23:3e:3a:25:69:20:d3:c6:c9:b9:9f:4eCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

84:10:0b:d9:6d:34:c3:12:e0:0b:7c:ca:2f:f3:a1:16:65:a8:ae:feSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 20KB - Virtual size: 19KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

ThisWorkbook

Sheet1

Sheet2

Sheet3

Module1

Module2

Class1

d9557f75db0c659c7c8845835cdcd45c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

82:37:60:30:23:3e:3a:25:69:20:d3:c6:c9:b9:9f:4e
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

84:10:0b:d9:6d:34:c3:12:e0:0b:7c:ca:2f:f3:a1:16:65:a8:ae:fe
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 715KB - Virtual size: 715KB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 17KB - Virtual size: 727KB

.pdata
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 60KB - Virtual size: 60KB