ardamax | f6c0e59d2bf4e3a26bffbc4f534c8398_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f6c0e59d2bf4e3a26bffbc4f534c8398_JaffaCakes118
Size

263KB
MD5

f6c0e59d2bf4e3a26bffbc4f534c8398
SHA1

357acce7d203efc55ac3208c2750226fca39d034
SHA256

0aad85d84f05a4a15d601dde72683f809fed0373f57c99c4e4029d9f8e1d5ef3
SHA512

ed0f0fcfaf42cd3ad019591a11e1c926b75fa191a0683b59aab80124e8e32975fb1f9e2895762bf8189b2a8b1ced42984f448e89d7819709ea3474fce1dba503
SSDEEP

6144:uMre14YG/6rQ+u5efO+0mX16ahX/K0KwjOKPbenLBKln:u/S3/saoO+0mX16jeOaKLByn

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
static1/unpack001/"MT.exe"	family_ardamax

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
f6c0e59d2bf4e3a26bffbc4f534c8398_JaffaCakes118
unpack001/"MT.003"
unpack001/"MT.004"
unpack001/"MT.006"
unpack001/"MT.007"
unpack001/"MT.exe"
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/AKV.exe
unpack001/Uninstall.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1

Files

f6c0e59d2bf4e3a26bffbc4f534c8398_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
"MT.003"
.dll windows:4 windows x86 arch:x86

dee30c4939ddbca36dbaf5ffaf7ab6e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
WriteFile
CreateFileA
lstrcatA
lstrlenA
lstrcpyA
ReadFile
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA

user32

FindWindowA
SendMessageA

shell32

ShellExecuteA

Exports

Exports

sfx_main

Sections

.text
Size: 1024B - Virtual size: 742B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
"MT.004"
.exe windows:4 windows x86 arch:x86

62b28a28cdb8b00a787e93828984256b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_XcptFilter
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit
__dllonexit
calloc
exit
memcpy
_itoa
??2@YAPAXI@Z
_strdup
??3@YAXPAX@Z
free
__p__commode

kernel32

GetTempPathA
GetModuleHandleA
GetModuleFileNameA
CreateFileA
SetFilePointer
CloseHandle
GetTempFileNameA
FreeLibrary
DeleteFileA
WriteFile
ReadFile
LoadLibraryA
GetProcAddress
GetStartupInfoA

user32

MessageBoxA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
"MT.006"
.dll windows:4 windows x86 arch:x86

18814eea765c85589c58b214e6f862ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Akl\kh\Release\kh.pdb

Imports

kernel32

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

user32

UnhookWindowsHookEx
RegisterWindowMessageA
MapVirtualKeyA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
PostMessageA
CallNextHookEx
SetWindowsHookExA

Exports

Exports

ClearHook
SetHook

Sections

.text
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
"MT.007"
.dll windows:4 windows x86 arch:x86

18446acd4e90a854d080d435f0bcae9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageDirectoryEntryToData

kernel32

CreateToolhelp32Snapshot
GetProcAddress
VirtualQuery
WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
CloseHandle
Module32Next
Module32First
HeapFree
GetCurrentProcessId
GetModuleHandleA
GetSystemInfo
SetThreadPriority
GetCurrentThread
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

Exports

Exports

Hook
Unhook

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
"MT.chm"
.chm
"MT.exe"
.exe windows:4 windows x86 arch:x86

d560aaa8879914b8e9d16003dde8a017

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
FtpPutFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpDeleteFileA
FtpSetCurrentDirectoryA
InternetConnectA

kernel32

RaiseException
HeapFree
lstrcmpiA
lstrcpyW
FlushInstructionCache
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GetVersionExA
CompareStringA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
EnumResourceNamesA
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
SetFilePointer
LocalFree
CreateToolhelp32Snapshot
Module32First
Module32Next
Process32First
Process32Next
OpenProcess
GetWindowsDirectoryA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageA
WritePrivateProfileStringA
GetPrivateProfileStringA
CompareStringW
GetTimeZoneInformation
LockResource
GetTimeFormatA
GetTickCount
GetComputerNameA
CopyFileA
GetTempFileNameA
GetTempPathA
GetSystemTimeAsFileTime
OpenFile
FindResourceExA
HeapCreate
RtlUnwind
TerminateProcess
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetLastError
CreateMutexA
OutputDebugStringA
DebugBreak
ExitProcess
Sleep
MoveFileExA
SetProcessPriorityBoost
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetShortPathNameA
GetModuleFileNameA
GetCurrentProcessId
CompareFileTime
SystemTimeToFileTime
GetLocalTime
CreateThread
SetFileAttributesA
GetFileAttributesA
lstrcatA
GetCurrentProcess
SetProcessWorkingSetSize
lstrlenW
GetThreadLocale
GetLocaleInfoA
VirtualFree
LCMapStringA
LCMapStringW
GetACP
InterlockedExchange
DeleteFileA
WriteFile
CloseHandle
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetVersion
LoadLibraryA
lstrcpynA
GetProcAddress
GetModuleHandleA
lstrcmpA
CreateFileA
lstrlenA
lstrcpyA
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetDateFormatA
SetEnvironmentVariableA

user32

InflateRect
FrameRect
GetWindowThreadProcessId
GetMessagePos
WindowFromPoint
SetDlgItemInt
GetWindowLongA
CreateWindowExA
SetWindowLongA
DrawFrameControl
SystemParametersInfoA
GetSysColorBrush
LoadCursorA
SetCursor
GetClassLongA
DrawTextA
LoadStringA
GetParent
GetClassNameA
UpdateWindow
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
DestroyMenu
IsMenu
GetForegroundWindow
wsprintfA
GetClassInfoExA
RegisterClassExA
AdjustWindowRectEx
GetMenu
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
UnregisterClassA
CallWindowProcA
LoadIconA
LoadMenuA
GetSubMenu
DeleteMenu
SetRectEmpty
SendMessageA
DrawFocusRect
DefWindowProcA
GetMessageA
TranslateMessage
IsWindowEnabled
GetFocus
PtInRect
SetCapture
GetCapture
ReleaseCapture
DispatchMessageA
wvsprintfA
UnregisterHotKey
RegisterHotKey
GetKeyNameTextA
MapVirtualKeyA
FindWindowA
GetDlgCtrlID
ScreenToClient
GetWindowDC
ReleaseDC
SetWindowsHookExA
IsWindow
CallNextHookEx
UnhookWindowsHookEx
FillRect
MapWindowPoints
MonitorFromPoint
GetMonitorInfoA
TrackPopupMenuEx
ModifyMenuA
PeekMessageA
IsWindowVisible
CharLowerA
DrawEdge
DestroyWindow
OffsetRect
SetForegroundWindow
GetCursorPos
PostQuitMessage
RegisterWindowMessageA
EndDialog
DestroyIcon
MessageBeep
GetKeyState
CharNextA
GetNextDlgTabItem
GetCaretPos
InvalidateRect
EndPaint
BeginPaint
GetWindowRect
MoveWindow
ScrollWindow
GetClientRect
LoadImageA
PostMessageA
SetFocus
KillTimer
SetTimer
GetDC
GetActiveWindow
GetWindow
EnableWindow
SetDlgItemTextA
GetDlgItemInt
GetDlgItemTextA
ShowWindow
GetDlgItem
SetWindowTextA
MessageBoxA
TrackPopupMenu
GetSysColor
GetSystemMetrics
CopyRect
SetWindowPos

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
CreateDIBSection
CreateBitmap
SetBkColor
BitBlt
DeleteDC
CreatePatternBrush
SetBrushOrgEx
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
SetTextColor
GetStockObject
CreateSolidBrush
CreateFontA
TextOutA
Polygon
SetPolyFillMode
SetBkMode
SelectObject
CreatePen
GetTextExtentPoint32A

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
GetUserNameA
RegDeleteKeyA

shell32

SHChangeNotify
ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
Shell_NotifyIconA
ShellExecuteA
ExtractIconA
DoEnvironmentSubstA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadTypeLi
SysFreeString
LoadRegTypeLi
VariantInit
DispCallFunc
VarUI4FromStr
VariantClear
SysStringLen

shlwapi

StrFormatByteSizeA
StrPBrkA
StrChrA
PathFileExistsA
PathRemoveFileSpecA
PathRemoveExtensionA
PathFindFileNameA
StrDupA
PathFindExtensionA
PathStripPathA

comctl32

InitCommonControlsEx
ImageList_GetImageCount
ImageList_Destroy
ImageList_LoadImageA
DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw
_TrackMouseEvent

wsock32

getservbyname
WSACleanup
ioctlsocket
WSAStartup
gethostbyname
socket
connect
shutdown
closesocket
select
recv
send
htons

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

1f4c4faa2a5228733f7ee5edf40f6693

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
WritePrivateProfileStringA
lstrcpynA
lstrcatA
lstrcpyA
GetPrivateProfileIntA
MultiByteToWideChar
GetModuleHandleA
lstrcmpiA
GlobalFree
GetPrivateProfileStringA
GlobalAlloc

user32

GetWindowLongA
DrawTextA
SetCursor
LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
GetClientRect
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
LoadIconA

gdi32

SetTextColor
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
AKV.exe
.exe windows:4 windows x86 arch:x86

4a8faaa485c74b3afb17655c8d614df3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDBCSLeadByte
MulDiv
GetCurrentProcessId
lstrcmpA
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
lstrcpynW
DebugBreak
OutputDebugStringA
GetProcAddress
LoadLibraryA
LockResource
FindResourceExA
CloseHandle
CreateFileA
ReadFile
WriteFile
GetFileSize
FindNextFileA
FindClose
SetLastError
FindFirstFileA
CompareFileTime
FileTimeToLocalFileTime
CreateThread
WaitForSingleObject
lstrcpynA
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCPInfo
GetOEMCP
GetStringTypeW
GetStringTypeA
TerminateProcess
VirtualFree
HeapCreate
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
GetFullPathNameA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLastError
GetModuleFileNameA
MultiByteToWideChar
GetModuleHandleA
lstrlenW
lstrcpyA
SystemTimeToFileTime
InterlockedIncrement
GetCurrentThreadId
WritePrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStructA
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedDecrement
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

LoadStringW
RemoveMenu
GetWindowPlacement
wvsprintfA
SetMenuDefaultItem
EndDialog
DialogBoxParamA
MessageBoxA
GetDlgItemTextA
SetMenu
GetMenu
GetDC
CreateDialogParamA
CharUpperA
GetKeyNameTextA
MapVirtualKeyA
GetKeyState
CharLowerA
UnhookWindowsHookEx
RegisterWindowMessageA
FrameRect
GetMenuItemInfoA
SetMenuItemInfoA
WindowFromPoint
GetFocus
MessageBeep
GetMenuItemCount
PostQuitMessage
IsWindowVisible
ReleaseDC
GetWindowDC
SystemParametersInfoA
GetMessagePos
CharNextA
MoveWindow
DestroyMenu
DrawEdge
SetRect
FillRect
EnableWindow
GetWindow
SendMessageA
ScreenToClient
SetCursor
CreatePopupMenu
AppendMenuA
EnableMenuItem
TrackPopupMenu
BeginDeferWindowPos
GetWindowRect
DeferWindowPos
MapWindowPoints
GetSubMenu
GetClassNameA
MonitorFromPoint
SetWindowsHookExA
SetWindowLongA
GetWindowLongA
DestroyWindow
SetWindowTextA
SetWindowPlacement
ShowWindow
IsWindow
GetMonitorInfoA
TrackPopupMenuEx
ModifyMenuA
IsMenu
CallNextHookEx
GetWindowThreadProcessId
EndDeferWindowPos
GetSystemMetrics
DrawFrameControl
OffsetRect
DrawTextA
CopyRect
InflateRect
DrawFocusRect
EndPaint
BeginPaint
IsWindowEnabled
GetClientRect
PtInRect
GetDlgCtrlID
GetParent
ReleaseCapture
GetCapture
SetFocus
SetCapture
InvalidateRect
UpdateWindow
LoadMenuA
LoadAcceleratorsA
GetSysColor
GetSysColorBrush
DestroyCaret
CallWindowProcA
SetWindowPos
GetClassInfoExA
LoadImageA
RegisterClassExA
GetWindowTextA
GetDlgItem
PostMessageA
CreateWindowExA
SetRectEmpty
LoadCursorA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
wsprintfA
DefWindowProcA
LoadStringA
GetActiveWindow

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SetBrushOrgEx
CreateDIBSection
CreateFontA
CreateFontIndirectA
DeleteDC
CreateBitmap
CreatePatternBrush
PatBlt
MoveToEx
LineTo
CreatePen
GetStockObject
GetObjectA
SelectObject
GetTextExtentPoint32A
SetBkMode
SetTextColor
BitBlt
DeleteObject
SetBkColor

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathFindExtensionA
PathRemoveFileSpecA

comctl32

ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ord6
ImageList_Destroy
ImageList_LoadImageA

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
license.txt
menu.gif
.gif .ps1 polyglot
qs.html
.html
tray.gif
.gif

Sharing

General

Malware Config

Signatures

Files

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 8KB

dee30c4939ddbca36dbaf5ffaf7ab6e1

Headers

File Characteristics

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 742B

.rdata Size: 1024B - Virtual size: 595B

.data Size: 512B - Virtual size: 548B

.reloc Size: 512B - Virtual size: 168B

62b28a28cdb8b00a787e93828984256b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

18814eea765c85589c58b214e6f862ca

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 866B

.rdata Size: 1024B - Virtual size: 674B

.data Size: 512B - Virtual size: 48B

.JOE Size: 512B - Virtual size: 4B

.reloc Size: 512B - Virtual size: 172B

18446acd4e90a854d080d435f0bcae9d

Headers

File Characteristics

Imports

imagehlp

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 180B

SHAREDAT Size: 512B - Virtual size: 8B

.reloc Size: 512B - Virtual size: 344B

d560aaa8879914b8e9d16003dde8a017

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 1024B - Virtual size: 742B

.rdata
Size: 1024B - Virtual size: 595B

.data
Size: 512B - Virtual size: 548B

.reloc
Size: 512B - Virtual size: 168B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 866B

.rdata
Size: 1024B - Virtual size: 674B

.data
Size: 512B - Virtual size: 48B

.JOE
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 180B

SHAREDAT
Size: 512B - Virtual size: 8B

.reloc
Size: 512B - Virtual size: 344B

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 35KB - Virtual size: 34KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 894B

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 23KB - Virtual size: 22KB