ardamax | JaffaCakes118_2718628ad3f3b7131b166e8d380d0c6e

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_2718628ad3f3b7131b166e8d380d0c6e
Size

949KB
MD5

2718628ad3f3b7131b166e8d380d0c6e
SHA1

e298bb18b27abc181d71662afdca1d0239ddf89e
SHA256

6e55caedc91f3465d0594681a1abe6fd3aaffabde64a26eaed1d0e228de59db6
SHA512

5e410af2edb4ffd104e73d4536eae5e3b7a69551cff600aff4b6ce2ec3d0e8a157e496e11fe189c75842362ea3870e2d42f98100e2bdb64ff3085e3e9982e13c
SSDEEP

24576:CscbdH9FSdgp7PGh1I4j+R+NHGuhVWIfsTQ:CHdFHp7PGh1YpuSIkTQ

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
static1/unpack002/POL.exe	family_ardamax

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Img.exe
unpack001/setup_akl.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/AKV.exe
unpack002/POL.003
unpack002/POL.004
unpack002/POL.006
unpack002/POL.007
unpack002/POL.exe
unpack002/Uninstall.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/setup_akl.exe	nsis_installer_1
static1/unpack001/setup_akl.exe	nsis_installer_2
static1/unpack002/Uninstall.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_2

Files

JaffaCakes118_2718628ad3f3b7131b166e8d380d0c6e
.zip
Img.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup_akl.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
AKV.exe
.exe windows:5 windows x86 arch:x86

26edc58f75bd2e645df523e040711d9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
PathFindExtensionW
PathRemoveFileSpecW

comctl32

ImageList_Replace
ImageList_SetImageCount
ImageList_Destroy
InitCommonControlsEx
CreateStatusWindowW
ImageList_Draw
ImageList_AddMasked
ImageList_LoadImageW
ImageList_GetImageCount
ImageList_Create
ImageList_Add

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

kernel32

SetLastError
lstrcpynA
lstrlenA
MulDiv
GetCurrentProcessId
GetFileSize
FileTimeToLocalFileTime
CompareFileTime
WideCharToMultiByte
FindClose
WaitForSingleObject
GetFullPathNameW
FindFirstFileW
FindNextFileW
SetFilePointer
HeapFree
HeapAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
GetUserDefaultLangID
HeapReAlloc
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
InterlockedCompareExchange
IsProcessorFeaturePresent
SetEndOfFile
GetModuleHandleA
CreateFileW
CloseHandle
ReadFile
WriteFile
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
lstrcpynW
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
GetVersionExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SystemTimeToFileTime
lstrcmpW
lstrlenW
RaiseException
VirtualAlloc
VirtualQuery

user32

DestroyMenu
ModifyMenuW
SetMenu
CreateWindowExW
GetActiveWindow
GetWindowPlacement
IsWindow
DestroyWindow
CharNextW
SetWindowPlacement
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
LoadBitmapW
LoadStringW
IsMenu
GetMenuItemCount
GetDC
ReleaseDC
RegisterClassExW
GetClassInfoExW
DialogBoxParamW
EndDialog
LoadImageW
wvsprintfW
LoadStringA
PostQuitMessage
SetFocus
SetRectEmpty
IsWindowVisible
SetScrollInfo
DestroyCursor
LoadMenuW
LoadAcceleratorsW
SetRect
GetDlgCtrlID
DrawFocusRect
DrawTextW
OffsetRect
DrawFrameControl
GetMessagePos
WindowFromPoint
ScrollWindowEx
GetScrollInfo
SetScrollPos
MessageBeep
TrackPopupMenuEx
MonitorFromPoint
DrawEdge
GetWindowDC
SystemParametersInfoW
RemoveMenu
CreateDialogParamW
GetFocus
FrameRect
UnhookWindowsHookEx
CallNextHookEx
GetClassNameW
SetWindowsHookExW
CharLowerW
GetKeyState
RegisterWindowMessageW
GetSubMenu
GetWindowThreadProcessId
MoveWindow
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
GetMenu
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
ShowWindow
BeginPaint
EndPaint
GetCapture
CopyRect
LoadCursorW
CreatePopupMenu
IsWindowEnabled
ScreenToClient
PtInRect
EnableMenuItem
AppendMenuW
TrackPopupMenu
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
InflateRect
GetSystemMetrics
InvalidateRect
UpdateWindow
ReleaseCapture
GetCursorPos
SetCapture
SetCursor
FillRect
CallWindowProcW
DefWindowProcW
EnableWindow
SendMessageW
PostMessageW
GetDlgItem
MessageBoxW
GetDlgItemTextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowTextW
SetDlgItemTextW
DestroyCaret
GetSysColor
SetWindowPos
SetWindowLongW
GetWindowLongW
GetSysColorBrush
GetWindowTextW

gdi32

PatBlt
CreatePen
CreateFontIndirectW
SetBkMode
CreateCompatibleBitmap
BitBlt
CreateDIBitmap
CreateBitmap
GetTextExtentPoint32W
CreatePatternBrush
SetViewportOrgEx
SelectObject
CreateCompatibleDC
LineTo
CreateDIBSection
MoveToEx
DeleteDC
DeleteObject
SetBrushOrgEx
SetBkColor
CreateFontW
GetStockObject
GetObjectW
SetTextColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
POL.003
.dll windows:5 windows x86 arch:x86

d2f618686a9e315d2bafa7fb95ff518f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
WriteFile
CreateFileW
lstrcatW
lstrlenW
lstrcpyW
ReadFile
CreateDirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW

user32

MessageBoxW
FindWindowW
SendMessageW

shell32

ShellExecuteW

Exports

Exports

sfx_main

Sections

.text
Size: 1024B - Virtual size: 783B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 915B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
POL.004
.exe windows:5 windows x86 arch:x86

86632da30434ccfc050190a47fb559c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_acmdln
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
exit
memcpy
memset
_itow
??2@YAPAXI@Z
_wcsdup
??3@YAXPAX@Z
free
__p__commode

kernel32

GetModuleHandleA
GetTempPathW
GetModuleHandleW
GetModuleFileNameW
CreateFileW
SetFilePointer
CloseHandle
GetTempFileNameW
FreeLibrary
DeleteFileW
WriteFile
ReadFile
LoadLibraryW
GetProcAddress
GetStartupInfoA

user32

MessageBoxW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
POL.006
.dll windows:5 windows x86 arch:x86

6deb346154b8be824db03b6e2f4234fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\Projects\AKL\kh\Release\kh.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalFree
LocalAlloc
RaiseException

user32

IsWindow
GetKeyboardLayout
CallNextHookEx
SendMessageW
RegisterWindowMessageW
GetKeyboardState
ToUnicodeEx
PostMessageW
keybd_event
MapVirtualKeyW
UnhookWindowsHookEx
SetWindowsHookExW
GetFocus

Exports

Exports

AddMonitoredWnd
ClearKeyHook
ClearMsgHook
ClearWndCallHook
RemoveMonitoredWnd
SetKeyHook
SetMsgHook
SetWndCallHook

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
POL.007
.dll windows:5 windows x86 arch:x86

a2ed420e4430c2ef22cb11008c100339

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
WriteProcessMemory
EnterCriticalSection
lstrcmpW
lstrcpynW
lstrcpyW
ReadProcessMemory
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
HeapAlloc
GetProcessHeap

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

Exports

Exports

Hook
Unhook

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
POL.chm
.chm
POL.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 177KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 29KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
menu.gif
.gif
qs.html
.html
tray.gif
.gif
sfx.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 6KB - Virtual size: 6KB

DATA Size: 512B - Virtual size: 124B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 716B

.tls Size: - Virtual size: 4B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 1024B - Virtual size: 588B

.rsrc Size: 8KB - Virtual size: 8KB

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 5KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

26edc58f75bd2e645df523e040711d9d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

comctl32

shell32

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 311KB - Virtual size: 311KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 71KB - Virtual size: 70KB

d2f618686a9e315d2bafa7fb95ff518f

Headers

File Characteristics

Imports

kernel32

user32

shell32

Exports

CODE
Size: 6KB - Virtual size: 6KB

DATA
Size: 512B - Virtual size: 124B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 716B

.tls
Size: - Virtual size: 4B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1024B - Virtual size: 588B

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 311KB - Virtual size: 311KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 71KB - Virtual size: 70KB

.text
Size: 1024B - Virtual size: 783B

.rdata
Size: 1024B - Virtual size: 915B

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 180B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 928B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 108B

.JOE
Size: 512B - Virtual size: 408B

.reloc
Size: 512B - Virtual size: 436B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 704B

.data
Size: 512B - Virtual size: 112B

SHAREDAT
Size: 1024B - Virtual size: 528B

.reloc
Size: 512B - Virtual size: 306B

.rsrc
Size: 139KB - Virtual size: 140KB

.data
Size: 300KB - Virtual size: 300KB

.adata
Size: - Virtual size: 4KB