Script
Overview
overview
10Static
static
3IoC/00496083.xls
windows7-x64
3IoC/00496083.xls
windows10-2004-x64
1IoC/680589798891.xls
windows7-x64
3IoC/680589798891.xls
windows10-2004-x64
1Consignmen...df.exe
windows7-x64
10Consignmen...df.exe
windows10-2004-x64
10DHL SHIPME...PD.exe
windows7-x64
10DHL SHIPME...PD.exe
windows10-2004-x64
10EZ0496.exe
windows7-x64
10EZ0496.exe
windows10-2004-x64
10IoC/I05517...55.xls
windows7-x64
3IoC/I05517...55.xls
windows10-2004-x64
1IoC/I79540...11.xls
windows7-x64
3IoC/I79540...11.xls
windows10-2004-x64
1New Order ...22.exe
windows7-x64
10New Order ...22.exe
windows10-2004-x64
10$PLUGINSDIR/Math.dll
windows7-x64
3$PLUGINSDIR/Math.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Windows.Sy...ns.dll
windows10-2004-x64
3systeminfo.exe
windows10-2004-x64
3wecutil.exe
windows10-2004-x64
3New order ...22.exe
windows7-x64
10New order ...22.exe
windows10-2004-x64
10PO_#YBIC38...py.exe
windows7-x64
3PO_#YBIC38...py.exe
windows10-2004-x64
3Payment Ad...2).exe
windows7-x64
10Payment Ad...2).exe
windows10-2004-x64
10IoC/XSG8996380.xls
windows7-x64
3IoC/XSG8996380.xls
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
IoC/00496083.xls
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
IoC/00496083.xls
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
IoC/680589798891.xls
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
IoC/680589798891.xls
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Consignment Document.pdf.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Consignment Document.pdf.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
DHL SHIPMENT NOTIFICATION 284748395PD.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
DHL SHIPMENT NOTIFICATION 284748395PD.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
EZ0496.exe
Resource
win7-20241023-en
Behavioral task
behavioral10
Sample
EZ0496.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
IoC/I055170_06975755.xls
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
IoC/I055170_06975755.xls
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
IoC/I795405_33242211.xls
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
IoC/I795405_33242211.xls
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
New Order 00027748585 02222022.exe
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
New Order 00027748585 02222022.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Math.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Math.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
systeminfo.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
wecutil.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
New order 003848848575 02162022.exe
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
New order 003848848575 02162022.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
PO_#YBIC3892900183902328_Evaluated Copy.exe
Resource
win7-20241023-en
Behavioral task
behavioral27
Sample
PO_#YBIC3892900183902328_Evaluated Copy.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
Payment Advice for Outstanding Invoices (2).exe
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
Payment Advice for Outstanding Invoices (2).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
IoC/XSG8996380.xls
Resource
win7-20240903-en
Behavioral task
behavioral31
Sample
IoC/XSG8996380.xls
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_7ca0acdc3e8b24c2034b2205dbfdf744c903cae7c88b1d09b529991168c05dca
-
Size
3.5MB
-
MD5
f004e11d796513cb3c3a9580c1070c16
-
SHA1
3a9aaac8ca2ec8765ce3f2d5e270faf87e7d3c24
-
SHA256
7ca0acdc3e8b24c2034b2205dbfdf744c903cae7c88b1d09b529991168c05dca
-
SHA512
617e6af68e84c9f8bb0f7965c722b54bcf21e9e2b59008eacb394f6e323ebcf4d69f24f4562eb86b261256fc312a8b2565ac279303cb2ba69cc30cbbb3c44023
-
SSDEEP
98304:3nCTQW6ZDA0eBPcohegkQhXUQWxo66Z0WpwGIzUaGP+o:3rZy0+ejaXwanZ0WpLIzUaw5
Malware Config
Signatures
-
Unsigned PE 12 IoCs
Checks for missing Authenticode signature.
resource unpack002/Consignment Document.pdf.exe unpack003/DHL SHIPMENT NOTIFICATION 284748395PD.exe unpack004/EZ0496.exe unpack005/New Order 00027748585 02222022.exe unpack006/$PLUGINSDIR/Math.dll unpack006/$PLUGINSDIR/System.dll unpack006/Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.dll unpack006/systeminfo.exe unpack006/wecutil.exe unpack007/New order 003848848575 02162022.exe unpack008/PO_#YBIC3892900183902328_Evaluated Copy.exe unpack009/Payment Advice for Outstanding Invoices (2).exe
Files
-
JaffaCakes118_7ca0acdc3e8b24c2034b2205dbfdf744c903cae7c88b1d09b529991168c05dca.zip
-
IoC/00496083.xls.xls windows office2003
-
IoC/680589798891.xls.xls windows office2003
-
IoC/Consignment Document.pdf.ace.ace
-
Consignment Document.pdf.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 809KB - Virtual size: 808KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
IoC/DHL SHIPMENT NOTIFICATION 284748395PD.gz.rar
-
DHL SHIPMENT NOTIFICATION 284748395PD.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 921KB - Virtual size: 920KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
IoC/EZ0496.zip.zip
-
EZ0496.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 777KB - Virtual size: 776KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
IoC/I055170_06975755.xls.xls windows office2003
-
IoC/I795405_33242211.xls.xls windows office2003
-
IoC/New Order 00027748585 02222022.gz.gz
-
New Order 00027748585 02222022.exe.exe windows:4 windows x86 arch:x86
56a78d55f3f7af51443e58e0ce2fb5f6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 88KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 110KB - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/Math.dll.dll windows:4 windows x86 arch:x86
82274a6f12e4098899c6a675f5ce59d0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
HeapFree
lstrcmpW
lstrlenW
GlobalFree
lstrcatW
GlobalAlloc
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
lstrcpyW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetLastError
SetFilePointer
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
GetStringTypeW
GetOEMCP
LoadLibraryA
GetStringTypeA
FlushFileBuffers
CloseHandle
LCMapStringW
SetStdHandle
RtlUnwind
Exports
Exports
Sections
.text Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 662B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Color MS Outlook.png.png
-
Usherdom.dat
-
WLive48x48.png.png
-
Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.dll.dll windows:10 windows x86 arch:x86
b69e5094ce4126c67880bcf6cd3b43a8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_realloc
_o_wcscpy_s
_except_handler4_common
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
_CxxThrowException
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-1-0
CreateSemaphoreExW
AcquireSRWLockShared
InitializeSRWLock
ReleaseMutex
ReleaseSRWLockShared
WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
rpcrt4
RpcExceptionFilter
RpcBindingFree
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrStubCall2
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrClientCall4
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
api-ms-win-core-winrt-string-l1-1-0
HSTRING_UserFree
HSTRING_UserUnmarshal
WindowsGetStringRawBuffer
HSTRING_UserSize
WindowsStringHasEmbeddedNull
HSTRING_UserMarshal
WindowsIsStringEmpty
WindowsCreateString
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient11
ObjectStublessClient15
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient14
ObjectStublessClient12
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient17
ObjectStublessClient10
CStdStubBuffer2_QueryInterface
ObjectStublessClient16
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
RoTransformError
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
msvcp_win
?_Xlength_error@std@@YAXPBD@Z
api-ms-win-core-com-l1-1-0
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoGetApartmentType
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
Sections
.text Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
systeminfo.exe.exe windows:10 windows x86 arch:x86
601a2206ac4aa1cc36827cb12020d401
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
sysinfo.pdb
Imports
advapi32
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
kernel32
SetLastError
GetTimeFormatW
SetConsoleCursorPosition
WriteConsoleW
GetNumberFormatW
GetLocaleInfoW
GetStdHandle
LocalAlloc
FormatMessageW
TerminateProcess
GetModuleFileNameW
GetComputerNameExW
FileTimeToSystemTime
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
GetConsoleScreenBufferInfo
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetUserDefaultLCID
GetConsoleMode
GetFileType
WideCharToMultiByte
SetThreadUILanguage
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalFree
GetLastError
GetDateFormatW
ReadConsoleW
QueryPerformanceCounter
GetModuleHandleW
msvcrt
memcpy
_ftol2
_CxxThrowException
wcstok
_except_handler4_common
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
free
_wcsicmp
_ui64tow_s
_wtoi64
__CxxFrameHandler3
__iob_func
_memicmp
_vsnwprintf
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
fprintf
fflush
memset
ntdll
RtlVerifyVersionInfo
VerSetConditionMask
user32
LoadStringW
wsprintfW
CharUpperW
mpr
WNetCancelConnection2W
WNetGetLastErrorW
oleaut32
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantClear
VariantInit
SysStringLen
SafeArrayGetElement
SysAllocStringByteLen
VariantChangeType
SysAllocString
framedynos
?Empty@CHString@@QAEXXZ
?Compare@CHString@@QBEHPBG@Z
??H@YG?AVCHString@@PBGABV0@@Z
??YCHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@PBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Format@CHString@@QAAXPBGZZ
?Left@CHString@@QBE?AV1@H@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
??4CHString@@QAEABV0@ABV0@@Z
??1CHString@@QAE@XZ
??0CHString@@QAE@XZ
?GetBufferSetLength@CHString@@QAEPAGH@Z
?FindOneOf@CHString@@QBEHPBG@Z
?GetBuffer@CHString@@QAEPAGH@Z
?Mid@CHString@@QBE?AV1@HH@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?Right@CHString@@QBE?AV1@H@Z
??0CHString@@QAE@PBG@Z
ws2_32
FreeAddrInfoW
WSAGetLastError
WSACleanup
GetNameInfoW
WSAStartup
GetAddrInfoW
shlwapi
StrStrIW
StrChrIW
StrChrW
StrStrW
ord487
version
GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
sspicli
GetUserNameExW
Sections
.text Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
wecutil.exe.exe windows:10 windows x86 arch:x86
36a8613f9674f9017579506661662d09
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
wecutil.pdb
Imports
msvcrt
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_XcptFilter
__p__commode
_cexit
__p__fmode
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
memcpy
memmove
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_onexit
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
wprintf
fgetwc
_vsnwprintf
_wcsicmp
wcstok
wcstoul
_errno
iswspace
swscanf
setlocale
sprintf_s
__iob_func
free
swprintf_s
__dllonexit
fwprintf
_unlock
_purecall
__CxxFrameHandler3
_lock
??3@YAXPAX@Z
_initterm
__setusermatherr
memset
api-ms-win-core-string-l1-1-0
CompareStringW
WideCharToMultiByte
api-ms-win-core-processenvironment-l1-1-0
GetStdHandle
ExpandEnvironmentStringsW
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-heap-l1-1-0
HeapSetInformation
api-ms-win-core-console-l1-1-0
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
api-ms-win-core-localization-l1-2-0
SetThreadUILanguage
FormatMessageW
api-ms-win-core-file-l1-1-0
LocalFileTimeToFileTime
GetFullPathNameW
WriteFile
GetFileType
CreateFileW
api-ms-win-core-errorhandling-l1-1-0
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
LoadLibraryExW
FreeLibrary
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
api-ms-win-core-com-l1-1-0
CoUninitialize
CoCreateInstance
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
ntdll
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
wecapi
EcGetSubscriptionProperty
EcQuickConfig
EcSaveSubscription
EcRemoveObjectArrayElement
EcInsertObjectArrayElement
EcSetObjectArrayProperty
EcSetSubscriptionProperty
EcRetrySubscription
EcDeleteSubscription
EcGetObjectArraySize
EcOpenSubscription
EcEnumNextSubscription
EcClose
EcOpenSubscriptionEnum
EcGetObjectArrayProperty
EcGetSubscriptionRunTimeStatus
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Sections
.text Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
IoC/New order 003848848575 02162022.gz.gz
-
New order 003848848575 02162022.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Eng Moha\Documents\Visual Studio 2015\Projects\ConsoleApplication15\ConsoleApplication15\obj\Debug\ConsoleApplication15.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
IoC/PO_#YBIC3892900183902328_Evaluated Copy.r00.rar
-
PO_#YBIC3892900183902328_Evaluated Copy.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 381KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 240KB - Virtual size: 240KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
IoC/Payment Advice for Outstanding Invoices (2).gz.rar
-
Payment Advice for Outstanding Invoices (2).exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 616KB - Virtual size: 616KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
IoC/XSG8996380.xls.xls windows office2003