ardamax | JaffaCakes118_bca126cc681c07440b291fe71f5ab863

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_bca126cc681c07440b291fe71f5ab863
Size

209KB
MD5

bca126cc681c07440b291fe71f5ab863
SHA1

f3caf966a3290b4ca7952a8a6dc023ef417ff897
SHA256

9afadba0006723439d704c1bf3af6cb9e3b3e0d4796dd2fe89d8fbcc7d25c7af
SHA512

5192b23d110f68197747f420e3fe32c37fb853f177820ca6d40b33f2aaf989eb847ecff1a6ef5d799499807d286f3611cf653fad46c1062364351b44f0b04ca6
SSDEEP

6144:dQJQEgZAppJtRWH7YumzfX4k6/Bpfs/scDI8T:duppBDumzfX85Rs/sDo

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
static1/unpack001/AKL.exe	family_ardamax

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_bca126cc681c07440b291fe71f5ab863
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/AKL.exe
unpack001/AKV.exe
unpack001/Uninstall.exe
unpack001/il.dll
unpack001/kh.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1

Files

JaffaCakes118_bca126cc681c07440b291fe71f5ab863
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
AKL.chm
.chm
AKL.exe
.exe windows:4 windows x86 arch:x86

4495217cc00342360e6df9daeb85cfcc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
FtpPutFileA
InternetCloseHandle
FtpCreateDirectoryA
FtpSetCurrentDirectoryA
InternetConnectA

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteFileA
OpenFile
GetFileSize
CloseHandle
CreateFileA
SetFilePointer
WriteFile
GetSystemTimeAsFileTime
FindResourceExA
CreateToolhelp32Snapshot
Module32First
Module32Next
Process32First
Process32Next
OpenProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
CompareStringW
GetLocalTime
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetTickCount
ReadFile
OutputDebugStringA
GetComputerNameA
FormatMessageA
LocalFree
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
InitializeCriticalSection
SetLastError
TlsAlloc
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
RtlUnwind
ExitProcess
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
TlsFree
TlsSetValue
TlsGetValue
GetOEMCP
GetCPInfo
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
DeleteCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetLastError
GetModuleHandleA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
FindResourceA
LoadResource
SizeofResource
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
CompareStringA
HeapAlloc
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
lstrcmpiA
HeapFree
RaiseException
LockResource
GetModuleFileNameA
FreeLibrary
GetCurrentProcessId
CreateThread
SetFileAttributesA
GetFileAttributesA
lstrcatA
lstrcpynA
GetProcAddress
LoadLibraryA
lstrcmpA
lstrlenA
lstrcpyA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
ReadProcessMemory
SetEnvironmentVariableA

user32

CallNextHookEx
IsWindow
SetWindowsHookExA
DrawTextA
ReleaseDC
GetWindowDC
GetForegroundWindow
FrameRect
GetSystemMetrics
GetWindowThreadProcessId
GetKeyState
GetMessagePos
WindowFromPoint
ScreenToClient
DrawFocusRect
InvalidateRect
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
SetDlgItemInt
GetDlgItemInt
GetWindowLongA
UnhookWindowsHookEx
CreateWindowExA
DrawFrameControl
SystemParametersInfoA
GetSysColorBrush
LoadCursorA
SetCursor
GetSysColor
CharNextA
SetFocus
MessageBeep
GetParent
SetWindowPos
GetClassNameA
UpdateWindow
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
DestroyMenu
IsMenu
DestroyWindow
FillRect
MapWindowPoints
InflateRect
TrackPopupMenuEx
ModifyMenuA
GetClassInfoExA
RegisterClassExA
AdjustWindowRectEx
GetMenu
EndDialog
DialogBoxParamA
UnregisterClassA
GetFocus
PtInRect
PeekMessageA
IsWindowVisible
CharLowerA
IsWindowEnabled
DrawEdge
OffsetRect
SetWindowLongA
GetWindowTextLengthA
GetWindowTextA
CallWindowProcA
LoadIconA
LoadMenuA
GetSubMenu
CreateCursor
GetDC
SetRectEmpty
SendMessageA
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
EnableWindow
wsprintfA
KillTimer
SetTimer
UnregisterHotKey
RegisterHotKey
GetKeyNameTextA
MapVirtualKeyA
FindWindowA
SetForegroundWindow
GetCursorPos
PostQuitMessage
RegisterWindowMessageA
DestroyCursor
EndPaint
BeginPaint
GetWindowRect
MoveWindow
ScrollWindow
GetClientRect
LoadImageA
PostMessageA
GetActiveWindow
GetWindow
SetDlgItemTextA
GetDlgItemTextA
ShowWindow
GetDlgItem
SetWindowTextA
MessageBoxA
LoadStringA

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
CreateDIBSection
CreateBitmap
SetBkColor
BitBlt
CreatePatternBrush
SetBrushOrgEx
SelectObject
CreateSolidBrush
SetTextColor
GetStockObject
CreateFontA
TextOutA
GetTextExtentPoint32A
SetBkMode

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA

shell32

SHGetPathFromIDListA
Shell_NotifyIconA
SHGetSpecialFolderLocation
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameA
PathRemoveFileSpecA
PathStripPathA
PathRemoveExtensionA
StrFormatByteSizeA

comctl32

ImageList_GetImageCount
ImageList_Destroy
ImageList_LoadImageA
DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_Create
_TrackMouseEvent
ImageList_Draw
InitCommonControlsEx

wsock32

socket
gethostbyname
ioctlsocket
connect
getservbyname
WSACleanup
WSAStartup
shutdown
closesocket
select
recv
send
htons

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AKV.exe
.exe windows:4 windows x86 arch:x86

3a265d0c2e2d32e93853af19b74eb073

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
lstrcmpA
GetProcAddress
LoadLibraryA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
lstrcpynW
DebugBreak
OutputDebugStringA
GetStringTypeExA
LockResource
CloseHandle
CreateFileA
ReadFile
WriteFile
GetFileSize
CompareFileTime
CreateThread
FileTimeToLocalFileTime
IsDBCSLeadByte
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
lstrcatA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
HeapReAlloc
HeapSize
ExitProcess
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLastError
GetModuleFileNameA
MultiByteToWideChar
GetModuleHandleA
lstrlenW
MulDiv
lstrcpyA
SystemTimeToFileTime
lstrcpynA
WaitForSingleObject
InterlockedIncrement
GetCurrentThreadId
WritePrivateProfileStringA
WritePrivateProfileStructA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileStructA
InterlockedDecrement
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualQuery

user32

SetCursor
ScreenToClient
FillRect
DrawEdge
DestroyMenu
MoveWindow
GetMessagePos
SystemParametersInfoA
GetWindowDC
ReleaseDC
CharNextA
IsWindowVisible
GetWindowThreadProcessId
GetActiveWindow
MessageBeep
GetFocus
GetMenuItemCount
WindowFromPoint
SetMenuItemInfoA
GetMenuItemInfoA
FrameRect
RegisterWindowMessageA
UnhookWindowsHookEx
CharLowerA
GetKeyState
SetWindowsHookExA
CallNextHookEx
IsMenu
ModifyMenuA
TrackPopupMenuEx
GetClassNameA
GetSubMenu
MapWindowPoints
GetWindowPlacement
SetMenuDefaultItem
PostQuitMessage
LoadStringW
wvsprintfA
DialogBoxParamA
EndDialog
MessageBoxA
GetDlgItemTextA
SetWindowPlacement
SetMenu
GetMenu
GetDC
LoadBitmapA
CreatePopupMenu
CharUpperA
GetKeyNameTextA
MapVirtualKeyA
EndDeferWindowPos
GetSystemMetrics
DrawFrameControl
OffsetRect
DrawTextA
CopyRect
InflateRect
DrawFocusRect
EndPaint
BeginPaint
IsWindowEnabled
PtInRect
GetDlgCtrlID
GetParent
ReleaseCapture
GetCapture
SetFocus
SetCapture
UpdateWindow
LoadMenuA
LoadAcceleratorsA
GetWindowTextA
GetDlgItem
EnableWindow
GetWindow
SendMessageA
PostMessageA
GetSysColor
GetSysColorBrush
DestroyCaret
CallWindowProcA
GetClassInfoExA
LoadImageA
RegisterClassExA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DestroyWindow
SetWindowTextA
SetWindowPos
GetClientRect
InvalidateRect
AppendMenuA
DeferWindowPos
TrackPopupMenu
BeginDeferWindowPos
CreateDialogParamA
GetWindowRect
SetRectEmpty
LoadCursorA
SetRect
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
wsprintfA
DefWindowProcA
LoadStringA
IsWindow
ShowWindow
EnableMenuItem

gdi32

CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetBrushOrgEx
CreateFontIndirectA
DeleteDC
CreateBitmap
CreatePatternBrush
PatBlt
MoveToEx
LineTo
CreatePen
GetStockObject
GetObjectA
SelectObject
GetTextExtentPoint32A
SetBkMode
SetTextColor
CreateFontA
DeleteObject
SetBkColor

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecA
PathFindExtensionA

comctl32

ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ord6
ImageList_LoadImageA
ImageList_AddMasked
ord8
ImageList_Create

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
il.dll
.dll windows:4 windows x86 arch:x86

18446acd4e90a854d080d435f0bcae9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageDirectoryEntryToData

kernel32

CreateToolhelp32Snapshot
GetProcAddress
VirtualQuery
WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
CloseHandle
Module32Next
Module32First
HeapFree
GetCurrentProcessId
GetModuleHandleA
GetSystemInfo
SetThreadPriority
GetCurrentThread
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

Exports

Exports

Hook
Unhook

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kh.dll
.dll windows:4 windows x86 arch:x86

2ba72db4f534466e43b9b14263d95fac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Akl\Release\kh.pdb

Imports

kernel32

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

user32

UnhookWindowsHookEx
RegisterWindowMessageA
PostMessageA
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
CallNextHookEx
SetWindowsHookExA

Exports

Exports

ClearHook
SetHook

Sections

.text
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 655B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license.txt
menu.gif
.gif
qs.html
.html
tray.gif
.gif

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 8KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

4495217cc00342360e6df9daeb85cfcc

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wsock32

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 36KB - Virtual size: 33KB

3a265d0c2e2d32e93853af19b74eb073

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 6KB

9632e80596371cfa7f563f680f3c4498

Headers

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 36KB - Virtual size: 33KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 180B

SHAREDAT
Size: 512B - Virtual size: 8B

.reloc
Size: 512B - Virtual size: 344B

.text
Size: 1024B - Virtual size: 782B

.rdata
Size: 1024B - Virtual size: 655B

.data
Size: 512B - Virtual size: 36B

.JOE
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 150B