ardamax | JaffaCakes118_6e9fdbd85c3f5e072b9cbe6a5fe316ef

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6e9fdbd85c3f5e072b9cbe6a5fe316ef
Size

255KB
MD5

6e9fdbd85c3f5e072b9cbe6a5fe316ef
SHA1

231d7f60c403a39483731c76e1ad4f3e75dfde38
SHA256

73f84fd9e2c75fa1296a1b2b1c2bbc70892acb2cfb33a3c372cf047d6e650d63
SHA512

ad7164b14e12b822e9e784e1aaa7a0ea97e9076f321b735565f9a56cd882c6fc004c61b1297c20bd89b472718ca6ffc83577a2e79d3ce4467f4f26c2a22ff4e7
SSDEEP

6144:DMrpk9YeqVCVyMRi8D6/MynywM29rAXIHDZOS0qPyKMo/S:D0EFYQyWtSfBZrLHVoQyKz/S

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
static1/unpack001/"AKL.exe"	family_ardamax

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6e9fdbd85c3f5e072b9cbe6a5fe316ef
unpack001/"AKL.003"
unpack001/"AKL.004"
unpack001/"AKL.006"
unpack001/"AKL.007"
unpack001/"AKL.exe"
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/AKV.exe
unpack001/Uninstall.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1

Files

JaffaCakes118_6e9fdbd85c3f5e072b9cbe6a5fe316ef
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
"AKL.003"
.dll windows:4 windows x86 arch:x86

f489579d9b9724ad9821274abd4522b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
CreateProcessA
CloseHandle
WriteFile
CreateFileA
lstrcatA
lstrlenA
lstrcpyA
ReadFile
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA

user32

FindWindowA
SendMessageA

Exports

Exports

sfx_main

Sections

.text
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 563B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
"AKL.004"
.exe windows:4 windows x86 arch:x86

62b28a28cdb8b00a787e93828984256b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_XcptFilter
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit
__dllonexit
calloc
exit
memcpy
_itoa
??2@YAPAXI@Z
_strdup
??3@YAXPAX@Z
free
__p__commode

kernel32

GetTempPathA
GetModuleHandleA
GetModuleFileNameA
CreateFileA
SetFilePointer
CloseHandle
GetTempFileNameA
FreeLibrary
DeleteFileA
WriteFile
ReadFile
LoadLibraryA
GetProcAddress
GetStartupInfoA

user32

MessageBoxA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
"AKL.006"
.dll windows:4 windows x86 arch:x86

18814eea765c85589c58b214e6f862ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Akl\kh\Release\kh.pdb

Imports

kernel32

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

user32

UnhookWindowsHookEx
RegisterWindowMessageA
MapVirtualKeyA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
PostMessageA
CallNextHookEx
SetWindowsHookExA

Exports

Exports

ClearHook
SetHook

Sections

.text
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
"AKL.007"
.dll windows:4 windows x86 arch:x86

18446acd4e90a854d080d435f0bcae9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageDirectoryEntryToData

kernel32

CreateToolhelp32Snapshot
GetProcAddress
VirtualQuery
WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
CloseHandle
Module32Next
Module32First
HeapFree
GetCurrentProcessId
GetModuleHandleA
GetSystemInfo
SetThreadPriority
GetCurrentThread
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

Exports

Exports

Hook
Unhook

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
"AKL.chm"
.chm
"AKL.exe"
.exe windows:4 windows x86 arch:x86

69131269bb957389913bd154c457447f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
FtpPutFileA
InternetCloseHandle
FtpCreateDirectoryA
FtpSetCurrentDirectoryA
InternetConnectA

kernel32

HeapAlloc
CompareStringA
GetCurrentThreadId
GetVersionExA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
MultiByteToWideChar
GetModuleHandleA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
Process32First
Process32Next
OpenProcess
GetWindowsDirectoryA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
WritePrivateProfileStringA
GetPrivateProfileStringA
CompareStringW
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetTickCount
ReadFile
GetComputerNameA
GetProcessHeap
WriteFile
CopyFileA
GetTempFileNameA
GetTempPathA
GetSystemTimeAsFileTime
OpenFile
FindResourceExA
IsBadWritePtr
VirtualFree
HeapCreate
RtlUnwind
TerminateProcess
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
GetStringTypeW
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushInstructionCache
lstrcmpiA
HeapFree
RaiseException
LockResource
OutputDebugStringA
DebugBreak
ExitProcess
Sleep
MoveFileExA
SetProcessPriorityBoost
GetCurrentThread
SetHandleCount
GetFileType
QueryPerformanceCounter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetThreadPriority
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetCurrentProcessId
FreeLibrary
CompareFileTime
SystemTimeToFileTime
GetLocalTime
CreateThread
GetStringTypeA
SetFileAttributesA
GetFileAttributesA
lstrcatA
lstrcpynA
GetCurrentProcess
SetProcessWorkingSetSize
GetProcAddress
LoadLibraryA
WideCharToMultiByte
lstrlenW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteFileA
lstrcmpA
lstrlenA
lstrcpyA
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA

user32

GetForegroundWindow
GetWindowThreadProcessId
GetKeyState
GetMessagePos
WindowFromPoint
ScreenToClient
DrawFocusRect
InvalidateRect
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
SetDlgItemInt
GetDlgItemInt
GetWindowLongA
SetWindowLongA
CreateWindowExA
DrawFrameControl
SystemParametersInfoA
GetSysColorBrush
LoadCursorA
SetCursor
CharNextA
LoadStringA
SetFocus
MessageBeep
GetParent
SetWindowPos
GetClassNameA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
DestroyMenu
IsMenu
DestroyWindow
wsprintfA
GetClassInfoExA
RegisterClassExA
AdjustWindowRectEx
GetMenu
GetWindowDC
ReleaseDC
GetSystemMetrics
DrawTextA
SetWindowsHookExA
IsWindow
CallNextHookEx
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
UnregisterClassA
CallWindowProcA
LoadIconA
LoadMenuA
UnhookWindowsHookEx
FillRect
MapWindowPoints
TrackPopupMenuEx
ModifyMenuA
GetFocus
PtInRect
PeekMessageA
IsWindowVisible
CharLowerA
IsWindowEnabled
DrawEdge
OffsetRect
InflateRect
FrameRect
GetSysColor
GetSubMenu
DeleteMenu
CreateCursor
GetDC
SetRectEmpty
SendMessageA
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
wvsprintfA
EnableWindow
KillTimer
SetTimer
UnregisterHotKey
RegisterHotKey
GetKeyNameTextA
MapVirtualKeyA
FindWindowA
SetForegroundWindow
GetCursorPos
PostQuitMessage
RegisterWindowMessageA
EndDialog
DestroyCursor
EndPaint
BeginPaint
GetWindowRect
MoveWindow
ScrollWindow
GetClientRect
LoadImageA
PostMessageA
GetActiveWindow
GetWindow
SetDlgItemTextA
GetDlgItemTextA
ShowWindow
GetDlgItem
SetWindowTextA
MessageBoxA
UpdateWindow

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
CreateDIBSection
CreateBitmap
SetBkColor
BitBlt
CreatePatternBrush
SetBrushOrgEx
SelectObject
CreateSolidBrush
SetTextColor
GetStockObject
CreateFontA
TextOutA
GetTextExtentPoint32A
SetBkMode

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
GetUserNameA
RegEnumKeyExA

shell32

ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
Shell_NotifyIconA
SHChangeNotify
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadTypeLi
SysFreeString
LoadRegTypeLi
VariantInit
DispCallFunc
VarUI4FromStr
VariantClear
SysStringLen

shlwapi

PathFileExistsA
PathRemoveExtensionA
PathFindFileNameA
PathStripPathA
PathRemoveFileSpecA
StrFormatByteSizeA

comctl32

ImageList_GetImageCount
ImageList_Destroy
ImageList_LoadImageA
DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_Create
_TrackMouseEvent
ImageList_Draw
InitCommonControlsEx

wsock32

socket
gethostbyname
ioctlsocket
connect
getservbyname
WSACleanup
WSAStartup
shutdown
closesocket
select
recv
send
htons

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

1f4c4faa2a5228733f7ee5edf40f6693

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
WritePrivateProfileStringA
lstrcpynA
lstrcatA
lstrcpyA
GetPrivateProfileIntA
MultiByteToWideChar
GetModuleHandleA
lstrcmpiA
GlobalFree
GetPrivateProfileStringA
GlobalAlloc

user32

GetWindowLongA
DrawTextA
SetCursor
LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
GetClientRect
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
LoadIconA

gdi32

SetTextColor
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
AKV.exe
.exe windows:4 windows x86 arch:x86

99cf0c5c7f2d9b1c4a7d396aecedefa1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDBCSLeadByte
MulDiv
GetCurrentProcessId
lstrcmpA
GetProcAddress
LoadLibraryA
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
lstrcpynW
DebugBreak
OutputDebugStringA
LockResource
FindResourceExA
CloseHandle
CreateFileA
ReadFile
WriteFile
GetFileSize
FindNextFileA
FindClose
SetLastError
FindFirstFileA
CompareFileTime
FileTimeToLocalFileTime
CreateThread
WaitForSingleObject
lstrcpynA
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCPInfo
GetOEMCP
GetStringTypeW
GetStringTypeA
TerminateProcess
VirtualFree
HeapCreate
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
GetFullPathNameA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLastError
GetModuleFileNameA
MultiByteToWideChar
GetModuleHandleA
lstrlenW
lstrcpyA
SystemTimeToFileTime
InterlockedIncrement
GetCurrentThreadId
WritePrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStructA
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedDecrement
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

wvsprintfA
SetMenuDefaultItem
EndDialog
DialogBoxParamA
MessageBoxA
GetDlgItemTextA
SetMenu
GetMenu
GetDC
CreateDialogParamA
CharUpperA
GetKeyNameTextA
MapVirtualKeyA
GetKeyState
CharLowerA
UnhookWindowsHookEx
RegisterWindowMessageA
FrameRect
GetMenuItemInfoA
SetMenuItemInfoA
WindowFromPoint
GetMenuItemCount
GetFocus
MessageBeep
GetActiveWindow
GetWindowPlacement
ReleaseDC
GetWindowDC
SystemParametersInfoA
GetMessagePos
CharNextA
MoveWindow
DestroyMenu
DrawEdge
SetRect
FillRect
EnableWindow
GetWindow
SendMessageA
ScreenToClient
SetCursor
CreatePopupMenu
AppendMenuA
EnableMenuItem
TrackPopupMenu
BeginDeferWindowPos
GetWindowRect
DeferWindowPos
LoadStringW
PostQuitMessage
MapWindowPoints
GetSubMenu
GetClassNameA
SetWindowLongA
IsWindowVisible
GetWindowLongA
DestroyWindow
SetWindowTextA
SetWindowPlacement
ShowWindow
TrackPopupMenuEx
ModifyMenuA
IsMenu
CallNextHookEx
GetWindowThreadProcessId
SetWindowsHookExA
EndDeferWindowPos
GetSystemMetrics
DrawFrameControl
OffsetRect
DrawTextA
CopyRect
InflateRect
DrawFocusRect
EndPaint
BeginPaint
IsWindowEnabled
GetClientRect
PtInRect
GetDlgCtrlID
GetParent
ReleaseCapture
GetCapture
SetFocus
SetCapture
InvalidateRect
UpdateWindow
LoadMenuA
LoadAcceleratorsA
SetWindowPos
GetWindowTextA
GetDlgItem
PostMessageA
GetSysColor
GetSysColorBrush
DestroyCaret
CallWindowProcA
GetClassInfoExA
LoadImageA
RegisterClassExA
CreateWindowExA
SetRectEmpty
LoadCursorA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
wsprintfA
DefWindowProcA
LoadStringA
IsWindow

gdi32

BitBlt
CreateCompatibleDC
SetBrushOrgEx
CreateDIBSection
CreateFontA
CreateFontIndirectA
DeleteDC
CreateBitmap
CreatePatternBrush
PatBlt
MoveToEx
LineTo
CreatePen
GetStockObject
GetObjectA
SelectObject
GetTextExtentPoint32A
SetBkMode
SetTextColor
CreateCompatibleBitmap
DeleteObject
SetBkColor

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetMalloc
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecA
PathFindExtensionA

comctl32

ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ord6
ImageList_Destroy
ImageList_LoadImageA

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
license.txt
menu.gif
.gif .ps1 polyglot
qs.html
.html
tray.gif
.gif

Sharing

General

Malware Config

Signatures

Files

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 8KB

f489579d9b9724ad9821274abd4522b5

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 824B

.rdata Size: 1024B - Virtual size: 563B

.data Size: 512B - Virtual size: 548B

.reloc Size: 512B - Virtual size: 164B

62b28a28cdb8b00a787e93828984256b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

18814eea765c85589c58b214e6f862ca

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 866B

.rdata Size: 1024B - Virtual size: 674B

.data Size: 512B - Virtual size: 48B

.JOE Size: 512B - Virtual size: 4B

.reloc Size: 512B - Virtual size: 172B

18446acd4e90a854d080d435f0bcae9d

Headers

File Characteristics

Imports

imagehlp

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 180B

SHAREDAT Size: 512B - Virtual size: 8B

.reloc Size: 512B - Virtual size: 344B

69131269bb957389913bd154c457447f

Headers

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 1024B - Virtual size: 824B

.rdata
Size: 1024B - Virtual size: 563B

.data
Size: 512B - Virtual size: 548B

.reloc
Size: 512B - Virtual size: 164B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 866B

.rdata
Size: 1024B - Virtual size: 674B

.data
Size: 512B - Virtual size: 48B

.JOE
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 180B

SHAREDAT
Size: 512B - Virtual size: 8B

.reloc
Size: 512B - Virtual size: 344B

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 33KB - Virtual size: 33KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 894B

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 23KB - Virtual size: 22KB