gh0strat | JaffaCakes118_98e2a79530ee07c68cbe432e2cb64e94

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_98e2a79530ee07c68cbe432e2cb64e94
Size

6.4MB
MD5

98e2a79530ee07c68cbe432e2cb64e94
SHA1

6951f4157bc92c8bcc5786dc173ad0fc829663b1
SHA256

2fc4ee66a3a833d7f32d5d16d5ef1e21ff5545462a3293b815c564b126606799
SHA512

02b6ca564be8865a606841d78db8dfc8830fdab0ec9205827053807ffa3f1295951499e675954a95236f022dd5406b5aee41e6567a614bdabbc1d0169fe1eb32
SSDEEP

196608:rqNHNXjeqHrj2a0cdhG1iYMOYRtfcx3wLi3tOMX6ckN9S:rqz9LSXcbG4OmY0i39XqNg

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack002/LYdlq.exe	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/西游网络.exe
unpack002/LYdlq.exe
unpack002/lsass.exe
unpack002/.exe

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_2
static1/unpack001/西游网络.exe	nsis_installer_1
static1/unpack001/西游网络.exe	nsis_installer_2

Files

JaffaCakes118_98e2a79530ee07c68cbe432e2cb64e94
.rar
西游网络.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LYdlq.exe
.exe windows:4 windows x86 arch:x86

2fa4cfb6c0f1ce9241bc71af4edd7d68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
SetThreadPriority
GetSystemDirectoryA
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
ReleaseMutex
OpenEventA
SetErrorMode
ExitProcess
CreateMutexA
CopyFileA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
OutputDebugStringA
WinExec
MultiByteToWideChar
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
FreeLibrary
GetWindowsDirectoryA
CreateEventA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
LoadLibraryA
GetProcAddress
Sleep
CancelIo
InterlockedExchange
lstrcpyA
ResetEvent
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
GetTickCount
ExitThread
OpenProcess
GetCurrentProcess
MoveFileA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
GetCurrentThread

user32

DispatchMessageA
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
TranslateMessage
SetCapture
MapVirtualKeyA
keybd_event
SendMessageA
SystemParametersInfoA
BlockInput
DestroyCursor
LoadCursorA
wsprintfA
ExitWindowsEx
CharNextA
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
GetMessageA

gdi32

DeleteObject
BitBlt
CreateDIBSection
SelectObject
CreateCompatibleBitmap
GetDIBits
CreateCompatibleDC
DeleteDC

advapi32

RegCreateKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
LookupAccountSidA
GetTokenInformation
RegOpenKeyExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

msvcrt

_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
calloc
_beginthreadex
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
ceil
_ftol
strstr
strchr
malloc
free
_except_handler3
strrchr
strncpy
atoi
rand
srand
time
printf
strncmp
_errno
wcscpy
exit
strncat
_strcmpi

winmm

waveInReset
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInClose
waveOutReset
waveOutClose
waveInOpen
waveInStop
waveOutUnprepareHeader

ws2_32

htons
connect
gethostbyname
WSAIoctl
WSACleanup
WSAStartup
socket
ntohs
recv
closesocket
select
send
sendto
htonl
inet_addr
WSASocketA
inet_ntoa
gethostname
getsockname
bind
getpeername
accept
listen
recvfrom
__WSAFDIsSet
WSAGetLastError
setsockopt

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

mfc42

ord6877
ord2764
ord4129
ord6648
ord537
ord926
ord924
ord922
ord535
ord858
ord6663
ord800
ord2818
ord540
ord939
ord4278
ord860

netapi32

NetUserAdd
NetLocalGroupAddMembers

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrame
ICSeqCompressFrameStart

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lsass.exe
.exe windows:4 windows x86 arch:x86

670f5d1f934a30b5ec6622d107af4054

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
Sleep
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

Hai

Sections

.data
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe
.exe windows:4 windows x86 arch:x86

67f15cb736ca75d7aed1307d49f77ecf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SysAllocString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
SetNamedSecurityInfoA
SetEntriesInAclA

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumDisplaySettingsA
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseWindow
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
ChangeDisplaySettingsA
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenW
lstrcpyW
lstrcpyA
lstrcmpA
lstrcatW
WriteProcessMemory
WritePrivateProfileStringA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateProcess
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadProcessMemory
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetStdHandle
GetProcessHeap
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateFileMappingA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Sleep
SetThreadContext
GetThreadContext
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtInRegion
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
CoCreateGuid
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

imagehlp

MakeSureDirectoryPathExists

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

wininet

InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA

comdlg32

GetOpenFileNameW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
getservbyname
gethostbyname
socket
setsockopt
send
select
recv
ntohs
listen
ioctlsocket
inet_addr
htons
getsockopt
connect
closesocket
bind
accept

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipDrawImageRect
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

iphlpapi

GetAdaptersInfo

Sections

.text
Size: - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrcal0
Size: - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrcal1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 3KB - Virtual size: 2KB

2fa4cfb6c0f1ce9241bc71af4edd7d68

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

winmm

ws2_32

msvcp60

mfc42

netapi32

wininet

avicap32

msvfw32

psapi

wtsapi32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 10KB - Virtual size: 14KB

.rsrc Size: 13KB - Virtual size: 12KB

670f5d1f934a30b5ec6622d107af4054

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.data Size: 120KB - Virtual size: 120KB

.rsrc Size: 3KB - Virtual size: 3KB

67f15cb736ca75d7aed1307d49f77ecf

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

imagehlp

comctl32

wininet

shell32

comdlg32

wsock32

gdiplus

iphlpapi

Sections

.text Size: - Virtual size: 890KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 10KB - Virtual size: 14KB

.rsrc
Size: 13KB - Virtual size: 12KB

.data
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: - Virtual size: 890KB

.itext
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 35KB

.bss
Size: - Virtual size: 28KB

.idata
Size: - Virtual size: 15KB

.tls
Size: - Virtual size: 60B

.rdata
Size: - Virtual size: 24B

.rsrcal0
Size: - Virtual size: 431KB

.rsrcal1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 6KB - Virtual size: 3.5MB