JaffaCakes118_e3471dc1dda5a8259a85c90f5a66c60fb1f3b4e5b45cb3f3f49a43d97888fef9

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_e3471dc1dda5a8259a85c90f5a66c60fb1f3b4e5b45cb3f3f49a43d97888fef9
Size

319KB
MD5

5b14f7e5a7da701c270eb40e66c98b11
SHA1

13fbafc04f35ede1deda6daec4c9f32bbf2d11da
SHA256

e3471dc1dda5a8259a85c90f5a66c60fb1f3b4e5b45cb3f3f49a43d97888fef9
SHA512

61b3f03a4d1268e7d4263ba6b8a281a4e7056b281ce4be878b477e65a0f410bbc3d7836ef37fb749135c91816b882b8fb328ae6994e59a9dbfb7a99897db0e1e
SSDEEP

6144:LDJW3ndf/h5SjwVSSzobWFElqauUOXaMBykPVisTHtpL01JP0TRaE3dsJa:BW3n5hrgoBcktikbLCJP4sJa

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Pepsico LLC RFQ Information.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/Sollar/liboscar.dll

Files

JaffaCakes118_e3471dc1dda5a8259a85c90f5a66c60fb1f3b4e5b45cb3f3f49a43d97888fef9
.zip

Password: malware
Pepsico LLC RFQ Information.img
.iso
Pepsico LLC RFQ Information.exe
.exe windows:4 windows x86 arch:x86

b34f154ec913d2d2c435cbd644e91687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
GetShortPathNameW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Festucine/Blamer33/Othellokages/AutoConnectHelper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0c:98:38:f6:73:f9:b1:cc:e3:95:cf:ab:2b:66:84:e4
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/10/2020, 00:00

Not After

12/10/2023, 12:00

Subject

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:4f:73:1d:0d:95:11:bd:de:1d:00:9c:b3:eb:f7:28:f7:8d:49:2b:03:49:ac:4a:d3:8a:2d:87:76:2a:75:bc
Signer

Actual PE Digest

cf:4f:73:1d:0d:95:11:bd:de:1d:00:9c:b3:eb:f7:28:f7:8d:49:2b:03:49:ac:4a:d3:8a:2d:87:76:2a:75:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\SourceCode\GC3.MobileControl\production_V4.2\Service\AutoConnectHelper\obj\Release\AutoConnectHelper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Festucine/Blamer33/Othellokages/Isatate.bmp
Sollar/System.Runtime.Extensions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/02/2021, 20:09

Not After

10/02/2022, 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:74:02:e1:61:a7:4d:a4:20:0b:13:26:f1:6c:ae:7f:90:d9:23:20:6e:fb:ad:c6:5e:8f:78:c8:2a:ac:da:0c
Signer

Actual PE Digest

e0:74:02:e1:61:a7:4d:a4:20:0b:13:26:f1:6c:ae:7f:90:d9:23:20:6e:fb:ad:c6:5e:8f:78:c8:2a:ac:da:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\obj\System.Runtime.Extensions\net6.0-Release\System.Runtime.Extensions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sollar/liboscar.dll
.dll windows:4 windows x86 arch:x86

cff97981d7387bd56d0af71a6439cea5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libglib-2.0-0

g_ascii_strcasecmp
g_ascii_strncasecmp
g_convert
g_convert_with_fallback
g_datalist_clear
g_datalist_id_get_data
g_direct_equal
g_direct_hash
g_error_free
g_fopen
g_free
g_get_charset
g_hash_table_destroy
g_hash_table_get_keys
g_hash_table_insert
g_hash_table_lookup
g_hash_table_lookup_extended
g_hash_table_new
g_hash_table_new_full
g_hash_table_remove
g_hash_table_replace
g_list_append
g_list_copy
g_list_free
g_list_nth_data
g_list_prepend
g_list_reverse
g_list_sort
g_malloc
g_malloc0
g_markup_escape_text
g_memdup
g_path_get_basename
g_quark_try_string
g_queue_free
g_queue_is_empty
g_queue_new
g_queue_peek_head
g_queue_pop_head
g_queue_push_tail
g_random_int
g_realloc
g_return_if_fail_warning
g_slist_append
g_slist_delete_link
g_slist_find_custom
g_slist_free
g_slist_prepend
g_slist_remove
g_slist_reverse
g_snprintf
g_str_equal
g_str_has_prefix
g_str_hash
g_strdelimit
g_strdup
g_strdup_printf
g_strescape
g_strfreev
g_string_append
g_string_append_len
g_string_append_printf
g_string_free
g_string_insert_c
g_string_new
g_string_new_len
g_string_overwrite_len
g_string_sized_new
g_string_truncate
g_strjoinv
g_strlcpy
g_strndup
g_strsplit
g_utf8_find_prev_char
g_utf8_normalize
g_utf8_strdown
g_utf8_validate
g_warn_message

intl

libintl_dgettext
libintl_dngettext

libpurple

_purple_network_set_common_socket_flags
purple_account_add_buddies
purple_account_get_active_status
purple_account_get_bool
purple_account_get_check_mail
purple_account_get_connection
purple_account_get_int
purple_account_get_presence
purple_account_get_protocol_id
purple_account_get_remember_password
purple_account_get_string
purple_account_get_user_info
purple_account_get_username
purple_account_is_connected
purple_account_is_status_active
purple_account_notify_added
purple_account_option_bool_new
purple_account_option_int_new
purple_account_option_list_new
purple_account_option_string_new
purple_account_remove_buddies
purple_account_request_authorization
purple_account_request_change_password
purple_account_request_change_user_info
purple_account_set_bool
purple_account_set_int
purple_account_set_password
purple_account_set_string
purple_accounts_find
purple_accounts_get_all
purple_base16_encode
purple_base64_decode
purple_base64_encode
purple_blist_add_buddy
purple_blist_add_group
purple_blist_alias_buddy
purple_blist_node_get_string
purple_blist_node_get_type
purple_blist_node_set_string
purple_blist_remove_buddy
purple_blist_request_add_buddy
purple_buddy_get_account
purple_buddy_get_alias_only
purple_buddy_get_group
purple_buddy_get_local_buddy_alias
purple_buddy_get_name
purple_buddy_get_presence
purple_buddy_icons_find_account_icon
purple_buddy_icons_get_account_icon_timestamp
purple_buddy_icons_get_checksum_for_user
purple_buddy_icons_set_for_user
purple_buddy_new
purple_cipher_context_append
purple_cipher_context_destroy
purple_cipher_context_digest
purple_cipher_context_new
purple_cipher_context_new_by_name
purple_cipher_context_set_key
purple_cipher_context_set_option
purple_ciphers_find_cipher
purple_circ_buffer_append
purple_circ_buffer_destroy
purple_circ_buffer_get_max_read
purple_circ_buffer_mark_read
purple_circ_buffer_new
purple_connection_error_reason
purple_connection_get_account
purple_connection_get_display_name
purple_connection_get_password
purple_connection_get_protocol_data
purple_connection_set_display_name
purple_connection_set_protocol_data
purple_connection_set_state
purple_connection_update_progress
purple_conv_chat_add_user
purple_conv_chat_get_id
purple_conv_chat_remove_user
purple_conv_present_error
purple_conv_send_confirm
purple_conversation_get_chat_data
purple_conversation_get_name
purple_conversation_new
purple_conversation_present
purple_conversation_write
purple_core_get_ui_info
purple_date_format_full
purple_date_format_short
purple_debug_error
purple_debug_info
purple_debug_is_verbose
purple_debug_misc
purple_debug_warning
purple_email_is_valid
purple_find_buddies
purple_find_buddy
purple_find_buddy_in_group
purple_find_chat
purple_find_conversation_with_account
purple_find_group
purple_get_core
purple_group_get_name
purple_group_new
purple_imgstore_add_with_id
purple_imgstore_find_by_id
purple_imgstore_get_data
purple_imgstore_get_filename
purple_imgstore_get_size
purple_imgstore_unref
purple_imgstore_unref_by_id
purple_input_add
purple_input_remove
purple_markup_escape_text
purple_markup_find_tag
purple_markup_linkify
purple_markup_strip_html
purple_menu_action_new
purple_network_get_my_ip
purple_network_get_port_from_fd
purple_network_ip_atoi
purple_network_listen_cancel
purple_network_listen_range
purple_normalize
purple_notify_emails
purple_notify_formatted
purple_notify_message
purple_notify_searchresults
purple_notify_searchresults_button_add
purple_notify_searchresults_column_add
purple_notify_searchresults_column_new
purple_notify_searchresults_new
purple_notify_searchresults_row_add
purple_notify_uri
purple_notify_user_info_add_pair
purple_notify_user_info_add_section_break
purple_notify_user_info_add_section_header
purple_notify_user_info_destroy
purple_notify_user_info_new
purple_notify_userinfo
purple_plugin_action_new
purple_plugin_get_id
purple_prefs_add_bool
purple_prefs_add_none
purple_prefs_connect_callback
purple_prefs_disconnect_by_handle
purple_prefs_get_string
purple_prefs_remove
purple_presence_get_active_status
purple_presence_get_idle_time
purple_presence_get_status
purple_presence_is_idle
purple_presence_is_online
purple_presence_is_status_primitive_active
purple_privacy_deny_add
purple_privacy_deny_remove
purple_privacy_permit_add
purple_privacy_permit_remove
purple_proxy_connect
purple_proxy_connect_cancel
purple_prpl_got_user_idle
purple_prpl_got_user_login_time
purple_prpl_got_user_status
purple_prpl_got_user_status_deactive
purple_request_action
purple_request_close_with_handle
purple_request_field_bool_get_value
purple_request_field_bool_new
purple_request_field_group_add_field
purple_request_field_group_new
purple_request_fields
purple_request_fields_add_group
purple_request_fields_get_field
purple_request_fields_new
purple_request_input
purple_signal_connect
purple_ssl_close
purple_ssl_connect
purple_ssl_connect_with_ssl_cn
purple_ssl_input_add
purple_ssl_is_supported
purple_ssl_read
purple_ssl_strerror
purple_ssl_write
purple_status_get_attr_string
purple_status_get_id
purple_status_get_name
purple_status_get_presence
purple_status_get_type
purple_status_is_active
purple_status_is_available
purple_status_is_independent
purple_status_type_get_primitive
purple_status_type_new_full
purple_status_type_new_with_attrs
purple_str_seconds_to_string
purple_str_size_to_units
purple_str_strip_char
purple_strcasestr
purple_strdup_withhtml
purple_strequal
purple_strreplace
purple_time_format
purple_timeout_add
purple_timeout_add_seconds
purple_timeout_remove
purple_unescape_text
purple_url_encode
purple_utf8_salvage
purple_utf8_strftime
purple_utf8_try_convert
purple_util_fetch_url_cancel
purple_util_fetch_url_request_data_len_with_account
purple_util_fetch_url_request_len_with_account
purple_value_new
purple_xfer_cancel_local
purple_xfer_cancel_remote
purple_xfer_get_bytes_remaining
purple_xfer_get_bytes_sent
purple_xfer_get_local_filename
purple_xfer_get_size
purple_xfer_get_status
purple_xfer_get_type
purple_xfer_is_completed
purple_xfer_new
purple_xfer_ref
purple_xfer_request
purple_xfer_request_accepted
purple_xfer_set_ack_fnc
purple_xfer_set_bytes_sent
purple_xfer_set_cancel_recv_fnc
purple_xfer_set_cancel_send_fnc
purple_xfer_set_completed
purple_xfer_set_end_fnc
purple_xfer_set_filename
purple_xfer_set_init_fnc
purple_xfer_set_message
purple_xfer_set_request_denied_fnc
purple_xfer_set_size
purple_xfer_start
purple_xfer_unref
serv_got_alias
serv_got_chat_in
serv_got_chat_invite
serv_got_chat_left
serv_got_im
serv_got_joined_chat
serv_got_typing
serv_got_typing_stopped
serv_join_chat
serv_set_info
wpurple_close
wpurple_gettimeofday
wpurple_read
wpurple_recv
wpurple_send
wpurple_strerror
xmlnode_free
xmlnode_from_str
xmlnode_get_child
xmlnode_get_data
xmlnode_get_data_unescaped

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__mb_cur_max
_errno
_iob
_isctype
_pctype
_snprintf
abort
atoi
atol
calloc
fclose
fflush
fread
free
fwrite
gmtime
localtime
malloc
memcmp
memcpy
mktime
rand
strchr
strncpy
strrchr
strstr
strtol
strtoul
time
toupper
vfprintf

ws2_32

accept

libssp-0

__stack_chk_fail
__stack_chk_guard

Exports

Exports

_nm____stack_chk_guard
admin_modfirst
aim__findmodule
aim__findmodulebygroup
aim__registermodule
aim__shutdownmodules
aim_admin_changepasswd
aim_admin_getinfo
aim_admin_reqconfirm
aim_admin_setemail
aim_admin_setnick
aim_auth_securid_send
aim_bart_request
aim_bart_upload
aim_bos_reqrights
aim_buddylist_reqrights
aim_cachecookie
aim_cachesnac
aim_callhandler
aim_chat_join
aim_chat_readroominfo
aim_chat_send_im
aim_chatnav_createroom
aim_chatnav_reqrights
aim_checkcookie
aim_cleansnacs
aim_cookie_free
aim_email_activate
aim_email_sendcookies
aim_genericreq_l
aim_genericreq_n
aim_genericreq_n_snacid
aim_icbm_makecookie
aim_icq_changepasswd
aim_icq_getalias
aim_icq_getallinfo
aim_icq_sendsms
aim_icq_setsecurity
aim_im_denytransfer
aim_im_reqofflinemsgs
aim_im_reqparams
aim_im_send_icq_confirmation
aim_im_sendch1_ext
aim_im_sendch2_cancel
aim_im_sendch2_chatinvite
aim_im_sendch2_connected
aim_im_sendch2_icon
aim_im_sendch2_odc_requestdirect
aim_im_sendch2_odc_requestproxy
aim_im_sendch2_sendfile_requestdirect
aim_im_sendch2_sendfile_requestproxy
aim_im_sendmtn
aim_im_setparams
aim_info_extract
aim_info_free
aim_initsnachash
aim_locate_finduserinfo
aim_locate_getcaps
aim_locate_getcaps_short
aim_locate_getinfoshort
aim_locate_reqrights
aim_locate_setcaps
aim_locate_setprofile
aim_mkcookie
aim_newsnac
aim_putsnac
aim_remsnac
aim_request_login
aim_search_address
aim_send_login
aim_sendmemblock
aim_srv_clientready
aim_srv_rates_addparam
aim_srv_reqpersonalinfo
aim_srv_reqrates
aim_srv_requestnew
aim_srv_set_dc_info
aim_srv_setextrainfo
aim_srv_setidle
aim_srv_setversions
aim_ssi_add_to_private_list
aim_ssi_addbuddy
aim_ssi_aliasbuddy
aim_ssi_cleanlist
aim_ssi_del_from_private_list
aim_ssi_delbuddy
aim_ssi_delgroup
aim_ssi_delicon
aim_ssi_editcomment
aim_ssi_enable
aim_ssi_getalias
aim_ssi_getcomment
aim_ssi_getdenyentrytype
aim_ssi_getpermdeny
aim_ssi_getpresence
aim_ssi_itemlist_exists
aim_ssi_itemlist_find
aim_ssi_itemlist_finditem
aim_ssi_itemlist_findparentname
aim_ssi_modbegin
aim_ssi_modend
aim_ssi_movebuddy
aim_ssi_rename_group
aim_ssi_reqdata
aim_ssi_reqrights
aim_ssi_sendauthreply
aim_ssi_sendauthrequest
aim_ssi_seticon
aim_ssi_setpermdeny
aim_ssi_setpresence
aim_ssi_waitingforauth
aim_tlv_get16
aim_tlv_get32
aim_tlv_get8
aim_tlv_getlength
aim_tlv_getstr
aim_tlv_gettlv
aim_tlv_getvalue_as_string
aim_tlvlist_add_16
aim_tlvlist_add_32
aim_tlvlist_add_8
aim_tlvlist_add_caps
aim_tlvlist_add_chatroom
aim_tlvlist_add_frozentlvlist
aim_tlvlist_add_noval
aim_tlvlist_add_raw
aim_tlvlist_add_str
aim_tlvlist_cmp
aim_tlvlist_copy
aim_tlvlist_count
aim_tlvlist_free
aim_tlvlist_read
aim_tlvlist_readlen
aim_tlvlist_readnum
aim_tlvlist_remove
aim_tlvlist_replace_32
aim_tlvlist_replace_8
aim_tlvlist_replace_noval
aim_tlvlist_replace_raw
aim_tlvlist_replace_str
aim_tlvlist_size
aim_tlvlist_write
aim_uncachecookie
aimutil_iconsum
auth_modfirst
bart_modfirst
bos_modfirst
buddylist_modfirst
byte_stream_advance
byte_stream_bytes_left
byte_stream_curpos
byte_stream_destroy
byte_stream_get16
byte_stream_get32
byte_stream_get8
byte_stream_getle16
byte_stream_getle32
byte_stream_getle8
byte_stream_getraw
byte_stream_getrawbuf
byte_stream_getstr
byte_stream_init
byte_stream_new
byte_stream_put16
byte_stream_put32
byte_stream_put8
byte_stream_put_bart_asset
byte_stream_put_bart_asset_str
byte_stream_putbs
byte_stream_putcaps
byte_stream_putle16
byte_stream_putle32
byte_stream_putle8
byte_stream_putraw
byte_stream_putstr
byte_stream_putuid
byte_stream_rewind
byte_stream_setpos
chat_modfirst
chatnav_modfirst
create_visibility_menu_item
email_modfirst
flap_connection_close
flap_connection_destroy
flap_connection_destroy_chat
flap_connection_findbygroup
flap_connection_getbytype
flap_connection_getbytype_all
flap_connection_new
flap_connection_recv_cb
flap_connection_recv_cb_ssl
flap_connection_schedule_destroy
flap_connection_send
flap_connection_send_keepalive
flap_connection_send_snac
flap_connection_send_snac_with_priority
flap_connection_send_version
flap_connection_send_version_with_cookie
flap_connection_send_version_with_cookie_and_clientinfo
flap_frame_new
icq_get_custom_icon_data
icq_get_custom_icon_description
icq_get_purple_moods
icq_im_xstatus_request
icq_modfirst
icq_relay_xstatus
locate_modfirst
misc_modfirst
msg_modfirst
oscar_actions
oscar_add_buddy
oscar_add_deny
oscar_add_permit
oscar_alias_buddy
oscar_auth_recvrequest
oscar_auth_sendrequest
oscar_auth_sendrequest_menu
oscar_blist_node_menu
oscar_can_receive_file
oscar_change_passwd
oscar_chat_destroy
oscar_chat_info
oscar_chat_info_defaults
oscar_chat_invite
oscar_chat_leave
oscar_close
oscar_connect_to_bos
oscar_convo_closed
oscar_data_addhandler
oscar_data_destroy
oscar_data_new
oscar_decode_im
oscar_encode_im
oscar_encoding_to_utf8
oscar_format_buddies
oscar_free_name_data
oscar_get_chat_name
oscar_get_clientstring
oscar_get_info
oscar_get_locale_charset
oscar_get_msgerr_reason
oscar_get_purple_moods
oscar_get_ui_info_int
oscar_get_ui_info_string
oscar_init
oscar_join_chat
oscar_keepalive
oscar_list_emblem
oscar_list_icon_aim
oscar_list_icon_icq
oscar_login
oscar_move_buddy
oscar_new_xfer
oscar_normalize
oscar_offline_message
oscar_rem_deny
oscar_rem_permit
oscar_remove_buddy
oscar_remove_group
oscar_rename_group
oscar_send_chat
oscar_send_file
oscar_send_im
oscar_send_typing
oscar_set_aim_permdeny
oscar_set_icon
oscar_set_idle
oscar_set_info
oscar_set_status
oscar_show_invisible_list
oscar_show_visible_list
oscar_status_text
oscar_status_types
oscar_tooltip_text
oscar_user_info_append_extra_info
oscar_user_info_append_status
oscar_user_info_display_aim
oscar_user_info_display_error
oscar_user_info_display_icq
oscar_utf8_try_convert
oscar_util_format_string
oscar_util_name_compare
oscar_util_valid_name
oscar_util_valid_name_icq
oscar_util_valid_name_sms
peer_connection_destroy
peer_connection_finalize_connection
peer_connection_find_by_cookie
peer_connection_find_by_type
peer_connection_got_proposition
peer_connection_listen_cb
peer_connection_new
peer_connection_propose
peer_connection_recv_cb
peer_connection_schedule_destroy
peer_connection_send
peer_connection_trynext
peer_odc_close
peer_odc_recv_frame
peer_odc_send_cookie
peer_odc_send_im
peer_odc_send_typing
peer_oft_cb_generic_cancel
peer_oft_checksum_destroy
peer_oft_close
peer_oft_recv_frame
peer_oft_recvcb_ack_recv
peer_oft_recvcb_end
peer_oft_recvcb_init
peer_oft_send_prompt
peer_oft_sendcb_ack
peer_oft_sendcb_init
peer_proxy_connection_established_cb
popups_modfirst
search_modfirst
send_client_login
send_kerberos_login
service_modfirst
ssi_modfirst
stats_modfirst

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: malware

b34f154ec913d2d2c435cbd644e91687

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 128KB

.rsrc Size: 224KB - Virtual size: 224KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 638B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0c:98:38:f6:73:f9:b1:cc:e3:95:cf:ab:2b:66:84:e4Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

cf:4f:73:1d:0d:95:11:bd:de:1d:00:9c:b3:eb:f7:28:f7:8d:49:2b:03:49:ac:4a:d3:8a:2d:87:76:2a:75:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 27KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

e0:74:02:e1:61:a7:4d:a4:20:0b:13:26:f1:6c:ae:7f:90:d9:23:20:6e:fb:ad:c6:5e:8f:78:c8:2a:ac:da:0cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 128KB

.rsrc
Size: 224KB - Virtual size: 224KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 638B

0c:98:38:f6:73:f9:b1:cc:e3:95:cf:ab:2b:66:84:e4
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

cf:4f:73:1d:0d:95:11:bd:de:1d:00:9c:b3:eb:f7:28:f7:8d:49:2b:03:49:ac:4a:d3:8a:2d:87:76:2a:75:bc
Signer

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e0:74:02:e1:61:a7:4d:a4:20:0b:13:26:f1:6c:ae:7f:90:d9:23:20:6e:fb:ad:c6:5e:8f:78:c8:2a:ac:da:0c
Signer

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 180KB - Virtual size: 179KB

.data
Size: 1024B - Virtual size: 836B

.rdata
Size: 46KB - Virtual size: 46KB

/4
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 10KB - Virtual size: 9KB

.idata
Size: 14KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 8KB - Virtual size: 8KB