d5c81391a2392b9360f4f502bf798be7

Sharing

Copy URL Twitter E-mail

General

Target

d5c81391a2392b9360f4f502bf798be7
Size

2.9MB
MD5

d5c81391a2392b9360f4f502bf798be7
SHA1

7a9f2da9fb054bd9ee0e3006a8eff349318aa176
SHA256

dedc0f09c4c4311cbcf0669daccac97949e5c5a7369b89da6cfe23502abebae3
SHA512

3db50770c44189a888adde829f2d84f8a21503aa3876ff09789edeb1ce804135d2e17faf058f973b4a6567808179840265f63640b626ee1a8789b9634b327f7f
SSDEEP

49152:ebTaw8t6uVWLQPyChA2DYMjSKr0zQzUp+56nPH5WFXVtijdgF+pTgN+n2dnE05KP:ATl8IRAyUl6i0Lw5uOltiOUFnsnE0Yfv

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IMSpy_1.8.8/IMSpy.exe
unpack001/IMSpy_1.8.8/JMail.dll
unpack001/IMSpy_1.8.8/MxEng.dll
unpack001/IMSpy_1.8.8/itssh.sk
unpack001/IMSpy_1.8.8/svchost.exe

Files

d5c81391a2392b9360f4f502bf798be7
.rar
IMSpy_1.8.8/IMSpy.exe
.exe windows:5 windows x86 arch:x86

8a27fd3562c071a6811310606228ec82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\svn\imspy\SRC\Hook\Release\IMSpy.pdb

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
GetFileType
GetDriveTypeA
CreateThread
HeapReAlloc
RaiseException
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetTickCount
SetErrorMode
GetFileTime
GetFileSizeEx
GetProfileIntW
DeviceIoControl
ExpandEnvironmentStringsA
LocalSize
LoadLibraryExW
LoadLibraryExA
lstrcpynW
GetTempPathW
GetTempFileNameW
GetPrivateProfileSectionNamesW
GetExitCodeThread
TerminateThread
ResetEvent
EnumResourceTypesW
EnumResourceNamesW
SetStdHandle
GetFileAttributesW
GetCurrentDirectoryW
GlobalFlags
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
CreateEventW
WaitForSingleObject
ResumeThread
SetThreadPriority
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetThreadLocale
FileTimeToLocalFileTime
lstrlenA
lstrcmpA
VirtualProtect
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeLibrary
GetCurrentProcessId
GetModuleHandleA
GlobalFree
InterlockedDecrement
MulDiv
GetVersionExW
GetCurrentProcess
TerminateProcess
OpenProcess
GetFileSize
SetFileAttributesW
SetFilePointerEx
DeleteFileW
InterlockedIncrement
SetEvent
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateProcessW
Sleep
GetModuleHandleW
SetLastError
ExitProcess
GetModuleFileNameW
FileTimeToSystemTime
GetTimeZoneInformation
FindNextFileW
FindClose
FindFirstFileW
RemoveDirectoryW
CreateDirectoryW
MultiByteToWideChar
LocalFree
WriteFile
CloseHandle
SetFilePointer
ReadFile
GetLastError
CreateFileW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA

user32

MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
ModifyMenuW
GetMenuCheckMarkDimensions
GetKeyNameTextW
MapVirtualKeyW
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
PeekMessageW
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetPropW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetAsyncKeyState
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
SetPropW
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
SetFocus
ShowWindow
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageW
SetActiveWindow
GetForegroundWindow
DeferWindowPos
RemovePropW
MapDialogRect
GetActiveWindow
IsWindow
SendMessageW
GetSubMenu
CreatePopupMenu
LoadBitmapW
AppendMenuW
GetParent
GetWindowRect
EnableWindow
SetTimer
SetDlgItemTextA
GetDlgCtrlID
EnumChildWindows
IsChild
WinHelpW
SendDlgItemMessageA
CheckMenuItem
DefWindowProcW
EnableMenuItem
ShowCaret
HideCaret
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetKeyState
MessageBeep
LoadIconW
CopyRect
GetSysColor
DrawFocusRect
GetClientRect
InvalidateRect
FillRect
GetFocus
GetSystemMenu
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetDesktopWindow
CharNextW
PostQuitMessage
SetWindowContextHelpId
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
SetCursor
ShowOwnedPopups
CharUpperW
GetSysColorBrush
LoadCursorW
SetRectEmpty
UnregisterClassW
GetDialogBaseUnits
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
SetCapture
ReleaseCapture
DeleteMenu
GetNextDlgGroupItem
DestroyIcon
TranslateAcceleratorW
BringWindowToTop
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
WindowFromPoint
RegisterClipboardFormatW
SetParent
UnionRect
PostThreadMessageW
GetDCEx
LockWindowUpdate
GetWindowPlacement
UpdateWindow
PostMessageW
IsIconic
GetSystemMetrics
DrawIcon
ClientToScreen
ScreenToClient
SetMenuItemBitmaps
KillTimer
LoadMenuW
RegisterWindowMessageW
GetMenuItemCount
InsertMenuW
GetMenuItemID
GetMenuStringW
GetMenuState
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
TabbedTextOutW
DrawTextW
DrawTextExW
TranslateMDISysAccel
SendMessageTimeoutW
DrawMenuBar
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcA
CallWindowProcA
EnableScrollBar
EnumWindows
IsWindowUnicode
GetWindowLongA
SetWindowLongA
SetClassLongW
SetCursorPos
GetMenuDefaultItem
GetTabbedTextExtentA
GetDoubleClickTime
MoveWindow
SetWindowLongW
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemInt
GetDlgItem
GetWindow
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadImageW
DrawEdge
DrawStateW
DrawFrameControl
IsClipboardFormatAvailable
InvertRect
WaitMessage
wsprintfW
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
IsCharLowerW
MapVirtualKeyExW
GetKeyboardLayout
SetMenuDefaultItem
RedrawWindow
GetTabbedTextExtentW
CopyIcon
DrawIconEx
GetWindowRgn
IsMenu
GetIconInfo
CreateIconIndirect
SetWindowRgn
LoadStringW
GetCursor

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
GetObjectType
SelectObject
CreatePen
CreateSolidBrush
CreateRectRgnIndirect
PatBlt
GetBkColor
GetTextColor
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsW
TextOutW
GetRgnBox
Escape
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetStretchBltMode
SetBrushOrgEx
SetPixel
GetWindowOrgEx
Polygon
StretchBlt
GetCurrentObject
CreateDIBSection
PtInRegion
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextAlign
GetTextExtentPoint32A
Ellipse
Polyline
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
OffsetRgn
GetTextCharsetInfo
GetViewportOrgEx
CreatePolygonRgn
RoundRect
CreatePalette
CreateDIBitmap
SetBkMode
GetObjectW
CreateFontIndirectW
SetTextColor
GetCurrentPositionEx
SetBkColor
GetDeviceCaps
CreateCompatibleDC
BitBlt
ExtTextOutW
GetTextExtentPoint32W
SaveDC
EnumFontFamiliesExW
RestoreDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteKeyW
RegQueryValueW
RegSetValueExW
RegCloseKey
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
QueryServiceStatusEx
DeleteService
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHGetPathFromIDListW
SHGetMalloc
Shell_NotifyIconW
SHBrowseForFolderW
DragQueryFileW
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Destroy
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_DrawIndirect

shlwapi

PathStripToRootW
PathRemoveFileSpecW
PathFindFileNameW
UrlUnescapeW
PathFindExtensionW
PathFileExistsW
PathIsDirectoryW
PathIsUNCW

oledlg

OleUIBusyW
OleUIAddVerbMenuW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoInitializeEx
CoDisconnectObject
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop

oleaut32

OleLoadPicturePath
VarBstrFromDate
VarDateFromStr
SafeArrayDestroy
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
OleCreateFontIndirect
VariantInit
VariantChangeType
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
GetErrorInfo
VarUdateFromDate
VariantChangeTypeEx

wininet

InternetQueryOptionW
InternetCrackUrlW
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
InternetCanonicalizeUrlW

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundW
waveOutGetNumDevs

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMSpy_1.8.8/JMail.dll
.dll regsvr32 windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMSpy_1.8.8/MxEng.dll
.dll windows:5 windows x86 arch:x86

ee0ee2bc44abe2148711c0b57f9e89a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X:\svn\imspy\src\Hook\Release\MxEng.pdb

Imports

shlwapi

PathRemoveFileSpecW
StrCmpIW
PathIsDirectoryW
PathFindFileNameW
StrStrIW
StrRChrW
PathFileExistsW
PathAppendW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

user32

GetWindowLongW
DestroyWindow
BroadcastSystemMessageW
wsprintfW
GetClassNameW
GetWindowTextW
PostMessageW

dbghelp

ImageDirectoryEntryToDataEx

advapi32

RegOpenKeyExW
RegCloseKey
RegSetValueExW

ole32

CoInitialize
CoUninitialize
CLSIDFromProgID
OleRun
CoCreateInstance

oleaut32

VariantClear
GetErrorInfo
SysFreeString
SysAllocString

ws2_32

WSASend
sendto
recvfrom
WSARecv
recv
WSASetLastError
send
closesocket

kernel32

SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
ExitProcess
GetCommandLineA
GetSystemTimeAsFileTime
WideCharToMultiByte
CreateFileW
GetLastError
ReadFile
SetFilePointer
CloseHandle
WriteFile
FindFirstFileW
FindClose
FindNextFileW
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateThread
SetEvent
FreeLibrary
LoadLibraryW
GetProcAddress
CreateEventW
GetModuleFileNameW
GetCurrentProcessId
DisableThreadLibraryCalls
WaitForSingleObject
TerminateThread
GetCurrentThreadId
Sleep
InterlockedExchange
GetTickCount
GetLocalTime
DeleteFileW
OutputDebugStringA
MultiByteToWideChar
GetModuleHandleW
LoadLibraryA
ResetEvent
GetVersionExW
GetCurrentProcess
GetModuleFileNameA
DuplicateHandle
VirtualQuery
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
lstrcmpiA
WriteProcessMemory
VirtualProtect
LoadLibraryExA
LoadLibraryExW
InterlockedDecrement
FormatMessageW
lstrlenW
LocalAlloc
GetFileSize
OutputDebugStringW
DeleteCriticalSection
lstrlenA
SetFilePointerEx
CreateDirectoryW
SetFileAttributesW
DeviceIoControl
HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
InterlockedIncrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
ResumeThread

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

{0146D9E
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMSpy_1.8.8/help.chm
.chm
IMSpy_1.8.8/itssh.sk
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMSpy_1.8.8/svchost.exe
.exe windows:5 windows x86 arch:x86

1affb687990516e4fd16e34435d23e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\svn\imspy\src\Hook\Release\svchost.pdb

Imports

kernel32

HeapAlloc
RtlUnwind
ExitProcess
HeapReAlloc
RaiseException
ExitThread
CreateThread
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
GetConsoleCP
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
GetSystemTimeAsFileTime
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
SetErrorMode
FlushFileBuffers
lstrlenA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetModuleHandleA
InterlockedDecrement
WritePrivateProfileStringW
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
SuspendThread
ResumeThread
SetThreadPriority
SetLastError
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
MultiByteToWideChar
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetModuleHandleW
GetVersionExW
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
SetEvent
OutputDebugStringW
Sleep
GetProcAddress
LoadLibraryW
UnmapViewOfFile
WaitForSingleObject
DeviceIoControl
CreateEventW
MapViewOfFile
CreateFileMappingW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetCommandLineW
WriteFile
CloseHandle
SetFilePointer
ReadFile
GetLastError
CreateFileW
GetConsoleMode
WideCharToMultiByte

user32

GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindowTextW
SetWindowPos
ShowWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
GetClassLongW
GetWindow
DestroyWindow
IsWindow
GetDlgItem
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetMenuItemBitmaps
EnableWindow
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
GetCapture
WinHelpW
LoadIconW
RegisterWindowMessageW
UnregisterClassW
DestroyMenu
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteDC
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
DuplicateTokenEx
OpenProcessToken
StartServiceW
DeleteService
QueryServiceStatusEx
ControlService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

shell32

CommandLineToArgvW

shlwapi

PathFindFileNameW
StrCmpIW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMSpy_1.8.8/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

8a27fd3562c071a6811310606228ec82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

imagehlp

winmm

iphlpapi

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 465KB - Virtual size: 464KB

.data Size: 40KB - Virtual size: 64KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 230KB - Virtual size: 230KB

DATA Size: 3KB - Virtual size: 2KB

BSS Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 162B

.reloc Size: 16KB - Virtual size: 15KB

.rsrc Size: 59KB - Virtual size: 59KB

ee0ee2bc44abe2148711c0b57f9e89a6

Headers

File Characteristics

PDB Paths

Imports

shlwapi

version

user32

dbghelp

advapi32

ole32

oleaut32

ws2_32

kernel32

iphlpapi

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 100KB - Virtual size: 135KB

{0146D9E Size: 512B - Virtual size: 28B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 17KB

Headers

File Characteristics

Sections

.rsrc Size: 564KB - Virtual size: 564KB

.reloc Size: 512B - Virtual size: 12B

1affb687990516e4fd16e34435d23e0a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 465KB - Virtual size: 464KB

.data
Size: 40KB - Virtual size: 64KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

CODE
Size: 230KB - Virtual size: 230KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 162B

.reloc
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 59KB - Virtual size: 59KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 100KB - Virtual size: 135KB

{0146D9E
Size: 512B - Virtual size: 28B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 564KB - Virtual size: 564KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 13KB - Virtual size: 32KB

.rsrc
Size: 57KB - Virtual size: 56KB