JaffaCakes118_acf9d298548298c750994ff5c6799fc3c6650dd1826c426bba6dcb8d71bfc4fe

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_acf9d298548298c750994ff5c6799fc3c6650dd1826c426bba6dcb8d71bfc4fe
Size

783KB
MD5

760fd2355ddb07141feb06017ff011f1
SHA1

c640b2a9acb7186011adc001019e9ff81c44a8c1
SHA256

f765257cc7efcfebc26c83910e8e21ce3207c832ed150a3c595bf8597236fcba
SHA512

404273e598513109c6d9864482a6be948c0f090639e89f7a988e08b1eb483617243701dc83c504c501feb58645f4b1b9f2410c064da55efdc12e0eb775de0faf
SSDEEP

24576:j60qb31Y3qQNENOJSIgGQUwyFppf2ggOkz:jZqb31PQNj1b5wEgggOkz

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup/DirectX2D.dll
unpack001/Setup/Serilog.dll
unpack001/Setup/SevenZip.dll
unpack001/Setup/d2game.dll

Files

JaffaCakes118_acf9d298548298c750994ff5c6799fc3c6650dd1826c426bba6dcb8d71bfc4fe
.rar
Setup/DATA/Settings/Environment.ini
Setup/DATA/Settings/OBSettings.json
Setup/DATA/Settings/RLSettings.json
Setup/DirectX2D.dll
.dll windows:4 windows x86 arch:x86

01b62986414563f843fca13d7f8ffe1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindFirstFileA
Sleep
TlsGetValue
GetModuleFileNameA
GetStartupInfoA
GetLocaleInfoW
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetProcAddress
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetLastError
CloseHandle
ReadFile
SetFilePointer
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
OutputDebugStringA
SetHandleCount
GetStdHandle
GetFileType
GetLocaleInfoA
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
LCMapStringW
InterlockedIncrement
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringA
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile

user32

ShowCursor
DestroyWindow
LoadImageA
SetFocus
UpdateWindow
ShowWindow
DefWindowProcA
RegisterClassA
GetSystemMetrics
CreateWindowExA

gdi32

DeleteObject
GetObjectA

ddraw

DirectDrawCreate
DirectDrawEnumerateA

Exports

Exports

?_reDisplaySetFillMode@@YIKW4reFILLMODE@@@Z
@_reBitmapBlitToBitmap@36
@_reBitmapBlitToLFB@36
@_reBitmapClear@24
@_reBitmapCreate@20
@_reBitmapDestroy@4
@_reBitmapGetColourKey@12
@_reBitmapGetReadPtr@12
@_reBitmapGetWritePtr@12
@_reBitmapLoad@16
@_reBitmapLoadRaw@24
@_reBitmapLoadToLFB@8
@_reBitmapReleaseReadPtr@8
@_reBitmapReleaseWritePtr@8
@_reBitmapRemap@8
@_reBitmapSetColourKey@12
@_reDisplayAddState@8
@_reDisplayClearBuffer@20
@_reDisplayCloseVideo@0
@_reDisplayCopyLFBtoLFB@12
@_reDisplayCreate@4
@_reDisplayDestroy@4
@_reDisplayDrawIndexedTri@8
@_reDisplayDrawNativeTri@4
@_reDisplayDrawTri@4
@_reDisplayEndFrame@0
@_reDisplayFlipToGDI@0
@_reDisplayGetDeviceName@12
@_reDisplayGetLFBDC@8
@_reDisplayGetLFBReadPtr@12
@_reDisplayGetLFBWritePtr@12
@_reDisplayGetNaughtyData@8
@_reDisplayGetNumDevices@4
@_reDisplayGetPalette@8
@_reDisplayHWAcc3D@0
@_reDisplayHWAccBlit@0
@_reDisplayInitFrame@4
@_reDisplayOpenVideo@20
@_reDisplayQueryVideoMode@12
@_reDisplayReleaseLFBDC@8
@_reDisplayReleaseLFBReadPtr@8
@_reDisplayReleaseLFBWritePtr@8
@_reDisplayRemoveState@8
@_reDisplayRenderFrame@4
@_reDisplaySetDevice@4
@_reDisplaySetPalette@8
@_reDisplaySetViewport@24
@_reDisplayStartFrame@0
@_reDisplaySwapBuffers@0
@_reDisplayWaitTOF@0
@_rePaletteCreate332Pal@4
@_rePaletteCreate@8
@_rePaletteDestroy@4
@_rePaletteGetPalEntries@16
@_rePaletteLoadPalFile@8
@_rePaletteLoadPalRes@8
@_rePaletteSetPalEntries@16
@_reStateActivate@4
@_reStateAddIndexedTri@24
@_reStateAddTri@12
@_reStateCreate@4
@_reStateDestroy@4
@_reStateInit@4
@_reStateSetAlpha@8
@_reStateSetCalcScreenCoords@8
@_reStateSetClipRect@20
@_reStateSetColour@16
@_reStateSetCullMode@8
@_reStateSetDepthBufferMode@8
@_reStateSetFOV@12
@_reStateSetGlobalPointList@8
@_reStateSetRenderMode@8
@_reStateSetSoftwareClip@8
@_reStateSetTexture@12
ghOwnerInstance
ghOwnerWindow
pgLastError

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/Environment.ini
Setup/Hack.pdb
Setup/Other/Settings/Environment.ini
Setup/Other/Settings/OBSettings.json
Setup/Other/Settings/RLSettings.json
Setup/Serilog.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/Serilog/obj/Release/netstandard2.1/Serilog.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/Setup.exe
.exe windows:6 windows x86 arch:x86

7e9dac1620e7ffb8082a9dca03cc96f9

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

09-10-2024 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:07:80:2a:1c:0d:2c:46:19:15:72:06:3a:a3:97:72:5d:32:7e:3d:cd:30:e5:46:84:49:0f:21:13:a6:2a:ca
Signer

Actual PE Digest

fe:07:80:2a:1c:0d:2c:46:19:15:72:06:3a:a3:97:72:5d:32:7e:3d:cd:30:e5:46:84:49:0f:21:13:a6:2a:ca

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsFree
GetCurrentProcessId
TlsAlloc
GetStartupInfoW
TlsGetValue
TerminateProcess
GetCurrentProcess
ExitProcess
TlsSetValue

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
LCMapStringEx
GetOEMCP
GetACP
LCMapStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
CompareStringW
WideCharToMultiByte

user32

GetForegroundWindow
SendMessageA
GetSysColorBrush
FindWindowA
GetCursorPos
PostMessageA
ShowWindow

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetStdHandle
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW

api-ms-win-core-file-l1-1-0

FindFirstFileExW
FindClose
SetEndOfFile
FindNextFileW
GetFileSizeEx
ReadFile
CreateFileW
SetFilePointerEx
WriteFile
GetFileType
FlushFileBuffers

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/SevenZip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\LZMA-SDK\src\SevenZip-NetStandard\obj\Release\netstandard2.0\SevenZip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/d2game.dll
.dll windows:4 windows x86 arch:x86

760e19b379614e8d7247a171d264ee1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d2cmp

ord10079

d2common

ord10385
ord10596
ord10085
ord10295
ord10424
ord10313
ord10315
ord10316
ord10314
ord10296
ord10057
ord10034
ord10045
ord10336
ord10037
ord11205
ord10513
ord10426
ord10666
ord10298
ord10519
ord10077
ord10062
ord10066
ord10342
ord10521
ord10425
ord10099
ord10035
ord10329
ord10326
ord10487
ord10920
ord10039
ord11073
ord10074
ord10075
ord10931
ord10924
ord10076
ord10071
ord10081
ord10073
ord10056
ord10078
ord10582
ord10626
ord10600
ord10068
ord10067
ord10079
ord10080
ord10229
ord10137
ord11229
ord11230
ord10038
ord10001
ord10391
ord10189
ord10187
ord10178
ord10177
ord11029
ord10963
ord10968
ord10947
ord10948
ord10397
ord10368
ord10304
ord10755
ord10305
ord10277
ord10754
ord10810
ord10881
ord10708
ord10709
ord10442
ord10331
ord10328
ord10720
ord10853
ord10719
ord10175
ord10176
ord10707
ord10826
ord11114
ord10564
ord10427
ord10311
ord10312
ord10280
ord10710
ord10711
ord10281
ord10690
ord10357
ord11012
ord11011
ord10518
ord10949
ord10731
ord10618
ord10701
ord10751
ord10954
ord10514
ord10523
ord10535
ord10462
ord10524
ord10258
ord10871
ord10695
ord11107
ord10283
ord10261
ord10386
ord10352
ord10348
ord10262
ord10517
ord10439
ord10750
ord10781
ord10782
ord10257
ord10756
ord10839
ord10736
ord10520
ord10759
ord10765
ord10840
ord10242
ord10270
ord10770
ord10768
ord10299
ord10785
ord10767
ord10265
ord10376
ord10872
ord10855
ord10820
ord10616
ord10811
ord10795
ord10833
ord10263
ord10264
ord10783
ord10246
ord10409
ord10250
ord10243
ord10854
ord10284
ord10384
ord10351
ord10350
ord10332
ord10249
ord10282
ord10307
ord10964
ord10566
ord10565
ord10289
ord10689
ord10369
ord10290
ord10322
ord10957
ord10321
ord10253
ord10455
ord10444
ord10443
ord10447
ord10448
ord10254
ord10835
ord10255
ord10267
ord10271
ord10638
ord10367
ord10276
ord10446
ord10445
ord10449
ord10450
ord10722
ord10601
ord11108
ord11109
ord10771
ord10266
ord10749
ord10525
ord10822
ord10619
ord10816
ord10821
ord10746
ord10567
ord10735
ord10516
ord10918
ord10693
ord10717
ord10828
ord10260
ord10697
ord10699
ord10655
ord10300
ord10240
ord10475
ord10470
ord10526
ord10138
ord10042
ord10599
ord10602
ord10732
ord10623
ord10604
ord10866
ord10870
ord11231
ord10608
ord10875
ord10607
ord10868
ord10873
ord10913
ord10694
ord10733
ord10874
ord10914
ord10691
ord10793
ord10772
ord10792
ord10773
ord10791
ord10696
ord10812
ord10706
ord10704
ord10702
ord10700
ord10698
ord10715
ord10713
ord10863
ord10865
ord10817
ord10815
ord10864
ord10869
ord10753
ord10728
ord10789
ord10862
ord10799
ord10797
ord10882
ord10726
ord10724
ord10718
ord10876
ord10631
ord10802
ord10082
ord10527
ord10241
ord10725
ord10723
ord10883
ord10659
ord11115
ord11116
ord11126
ord10992
ord11034
ord11128
ord10415
ord11119
ord11218
ord11217
ord10398
ord10148
ord10150
ord11129
ord10142
ord10184
ord10182
ord10170
ord10179
ord10146
ord11136
ord11123
ord11121
ord10466
ord10480
ord10589
ord11127
ord11120
ord11124
ord10562
ord11095
ord10118
ord11098
ord11096
ord11094
ord11117
ord11135
ord10990
ord10437
ord10997
ord10996
ord10991
ord11140
ord11141
ord10402
ord10403
ord10401
ord11143
ord11005
ord11004
ord10594
ord11220
ord10465
ord10998
ord10127
ord10147
ord10234
ord10128
ord11142
ord11125
ord10994
ord10995
ord10201
ord10486
ord10528
ord10463
ord10477
ord10478
ord10476
ord10102
ord11036
ord10188
ord10185
ord11122
ord11003
ord11002
ord10473
ord11006
ord10976
ord10407
ord10119
ord10198
ord11137
ord10124
ord11130
ord11062
ord10945
ord11075
ord10960
ord10893
ord10344
ord11056
ord11068
ord10583
ord11082
ord11086
ord11084
ord10629
ord10902
ord10909
ord10901
ord10468
ord10481
ord10471
ord10472
ord10559
ord10917
ord10912
ord11050
ord10324
ord10134
ord10106
ord10161
ord10143
ord10557
ord10493
ord11060
ord10469
ord10363
ord10378
ord10373
ord11057
ord10154
ord10323
ord10984
ord10985
ord10190
ord10186
ord10180
ord10217
ord10222
ord10895
ord10530
ord10490
ord11067
ord10206
ord10191
ord10158
ord10163
ord10162
ord10095
ord10046
ord10025
ord10113
ord10096
ord10592
ord11063
ord11074
ord10059
ord10097
ord10090
ord11072
ord11025
ord11064
ord10122
ord10210
ord10030
ord10974
ord10515
ord10590
ord11017
ord10121
ord10560
ord10136
ord10668
ord10396
ord10624
ord10458
ord10394
ord10120
ord10625
ord10919
ord10047
ord11182
ord11181
ord11183
ord11186
ord11185
ord11189
ord10627
ord10087
ord10060
ord10459
ord10933
ord10428
ord10393
ord10395
ord10337
ord10285
ord11088
ord11065
ord10563
ord10291
ord10434
ord10581
ord10966
ord11023
ord10432
ord10431
ord10892
ord10400
ord10399
ord11147
ord11152
ord11177
ord11151
ord10086
ord11146
ord10429
ord10485
ord10474
ord10660
ord10420

d2net

ord10011
ord10019
ord10021
ord10020
ord10016
ord10006
ord10014
ord10012
ord10010
ord10015
ord10024

fog

ord10046
ord10023
ord10050
ord10029
ord10030
ord10045
ord10137
ord10086
ord10025
ord10024
ord10055
ord10142
ord10143
ord10147
ord10042
ord10127
ord10128
ord10126
gdwBitMasks
ord10118
ord10119
ord10120
ord10115
ord10018

storm

ord501
ord403
ord405
ord502
ord506
ord491
ord423
ord509
ord401

kernel32

RtlUnwind
InterlockedIncrement
GetProcAddress
GetStringTypeW
GetModuleHandleA
LoadLibraryA
GetStringTypeA
GetACP
CreateFileA
GetTickCount
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
IsBadCodePtr
EnterCriticalSection
Sleep
QueryPerformanceCounter
OutputDebugStringA
QueryPerformanceFrequency
GetLocalTime
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
HeapDestroy
GetOEMCP
InterlockedDecrement
VirtualFree
CloseHandle
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualAlloc
GetCPInfo
MultiByteToWideChar
SetStdHandle
LCMapStringW
LCMapStringA
FlushFileBuffers

user32

PtInRect
wsprintfA
CopyRect

winmm

timeGetTime

Sections

.text
Size: 804KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01b62986414563f843fca13d7f8ffe1c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ddraw

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 14KB - Virtual size: 96KB

.reloc Size: 4KB - Virtual size: 4KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 122KB - Virtual size: 122KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

7e9dac1620e7ffb8082a9dca03cc96f9

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

fe:07:80:2a:1c:0d:2c:46:19:15:72:06:3a:a3:97:72:5d:32:7e:3d:cd:30:e5:46:84:49:0f:21:13:a6:2a:caSigner

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-console-l3-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l1-1-0

user32

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

Sections

.text Size: 121KB - Virtual size: 121KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 110KB - Virtual size: 113KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 14KB - Virtual size: 96KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

fe:07:80:2a:1c:0d:2c:46:19:15:72:06:3a:a3:97:72:5d:32:7e:3d:cd:30:e5:46:84:49:0f:21:13:a6:2a:ca
Signer

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 110KB - Virtual size: 113KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 47KB - Virtual size: 46KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 804KB - Virtual size: 801KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 112KB - Virtual size: 157KB

.reloc
Size: 32KB - Virtual size: 28KB