f2133c1e79421f91fa7452246179ef31_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f2133c1e79421f91fa7452246179ef31_JaffaCakes118
Size

9.7MB
MD5

f2133c1e79421f91fa7452246179ef31
SHA1

dc68b4e53791981ad38cee3ab70a4e33cb2a4385
SHA256

b2189fd13b1bddd4763e78ad2733e62e2cfd250f039de9606043b51461715a91
SHA512

0cf8cb971eeeb873c47ed33ce4522f935dc1db5310e733fcf38d0d6b936e9e90ab185be9700fc2ea6a4aaf4350ed6c9aa6e39baf4854e90ff906c48cd17b226e
SSDEEP

196608:yJTtyiTE7XovOnCi7FOS6AU2oXOVziaA3IUlfcwM4AwAFUiyzhTMR0VYS:yJs4vOnCmFf6QACA4UWwKVa5tTMRbS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Flash在线图片浏览器FPV v3.51/相关程序/AspJpeg v1.5.0.0/aspjpeg.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Flash在线图片浏览器FPV v3.51/相关程序/BababianToFlashPicViewer/BababianToFlashPicViewer.exe
unpack001/Flash在线图片浏览器FPV v3.51/相关程序/Yupoo读取工具 for FPV v3.exe
unpack001/Flash在线图片浏览器FPV v3.51/相关程序/数据库升级程序/updata.exe
unpack001/Flash在线图片浏览器FPV v3.51/相关程序/网易相册读取工具.exe

Files

f2133c1e79421f91fa7452246179ef31_JaffaCakes118
.rar
Flash在线图片浏览器FPV v3.51/CopyRight.txt
Flash在线图片浏览器FPV v3.51/FPV v3.swf
Flash在线图片浏览器FPV v3.51/admin.html
Flash在线图片浏览器FPV v3.51/fpv_admin.swf
Flash在线图片浏览器FPV v3.51/fpv_admin/1_read.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/1_save.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/2_read.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/2_save.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/3_read.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/3_readxmlfile.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/3_save.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/MyConfig.asp
Flash在线图片浏览器FPV v3.51/fpv_admin/MyFunction.asp
.asp .vbs polyglot
Flash在线图片浏览器FPV v3.51/fpv_admin/_delfile.asp
Flash在线图片浏览器FPV v3.51/fpv_admin/_fcount.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_mades.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_md.asp
Flash在线图片浏览器FPV v3.51/fpv_admin/_picount.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_pldel.asp
Flash在线图片浏览器FPV v3.51/fpv_admin/_plread.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_plsave.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_readdir.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_readdir2.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_readimg.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_readimgindir.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_readnotdir.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_readpicinfo.asp
Flash在线图片浏览器FPV v3.51/fpv_admin/_readpl.asp
Flash在线图片浏览器FPV v3.51/fpv_admin/_rename.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_savepicinfo.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/_savexmlfile.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/admin.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/config_templet.xml
.xml
Flash在线图片浏览器FPV v3.51/fpv_admin/fpv.mdb
Flash在线图片浏览器FPV v3.51/fpv_admin/login.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_admin/updateXML.asp
.vbs
Flash在线图片浏览器FPV v3.51/fpv_config/config.xml
Flash在线图片浏览器FPV v3.51/fpv_config/language.xml
Flash在线图片浏览器FPV v3.51/fpv_skin.fla
Flash在线图片浏览器FPV v3.51/fpv_skin.swf
Flash在线图片浏览器FPV v3.51/fpv_xmls/163.xml
.xml
Flash在线图片浏览器FPV v3.51/fpv_xmls/swatch.xml
Flash在线图片浏览器FPV v3.51/index.htm
Flash在线图片浏览器FPV v3.51/list.htm
.html
Flash在线图片浏览器FPV v3.51/mp3list.xml
.xml
Flash在线图片浏览器FPV v3.51/mp3player.swf
Flash在线图片浏览器FPV v3.51/mydog/IMG_0003.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0004.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0005.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0006.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0007.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0010.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0011.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0012.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0013.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0014.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0015.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0016.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0017.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0018.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0019.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0020.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0021.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0023.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/IMG_0024.JPG
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0003.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0004.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0005.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0006.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0007.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0010.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0011.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0012.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0013.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0014.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0015.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0016.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0017.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0018.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0019.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0020.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0021.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0023.jpg
.jpg
Flash在线图片浏览器FPV v3.51/mydog/s/IMG_0024.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/SFK252G_ps400.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/SFK253_ps400.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/SFK254_ToutAuTrait_front.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/SFK267_ChineseGarden_front.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/SFK269_ps400.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/SUYK115_ps400.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/s/SFK252G_ps400.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/s/SFK253_ps400.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/s/SFK254_ToutAuTrait_front.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/s/SFK267_ChineseGarden_front.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/s/SFK269_ps400.jpg
.jpg
Flash在线图片浏览器FPV v3.51/products/swatch/s/SUYK115_ps400.jpg
.jpg
Flash在线图片浏览器FPV v3.51/readMe.txt
Flash在线图片浏览器FPV v3.51/下载说明.htm
.html .js polyglot
Flash在线图片浏览器FPV v3.51/相关程序/AspJpeg v1.5.0.0/SN.txt
Flash在线图片浏览器FPV v3.51/相关程序/AspJpeg v1.5.0.0/aspjpeg.exe
.exe windows:1 windows x86 arch:x86

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:88:cf
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

20/08/2004, 21:03

Not After

21/08/2005, 09:05

Subject

CN=Persits Software\, Inc.,OU=Secure Application Development,O=Persits Software\, Inc.,L=Arlington,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Flash在线图片浏览器FPV v3.51/相关程序/BababianToFlashPicViewer/BababianToFlashPicViewer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 694KB - Virtual size: 694KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flash在线图片浏览器FPV v3.51/相关程序/BababianToFlashPicViewer/readme.txt
Flash在线图片浏览器FPV v3.51/相关程序/Yupoo读取工具 for FPV v3.exe
.exe windows:4 windows x86 arch:x86

9e604fa03f90625680ac2f8bef162aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

setsockopt
gethostbyname
htonl
ioctlsocket
htons
WSAStartup
ntohl
WSACleanup

wininet

HttpQueryInfoA

crypt32

CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertCloseStore

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

waveInStop
waveInAddBuffer
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveInClose
waveOutGetDevCapsA
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveOutUnprepareHeader
waveInReset
waveInUnprepareHeader
waveInPrepareHeader
waveInOpen
waveInGetDevCapsA
timeGetTime
waveOutClose
waveOutOpen
timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

kernel32

GetSystemInfo
GetUserDefaultLangID
ExitThread
GlobalFree
GetFileAttributesA
GetFileAttributesW
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
CreateThread
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
DeleteFileA
DeleteFileW
MoveFileA
VirtualQuery
RemoveDirectoryA
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
ReadFile
WriteFile
GetTempFileNameA
GetTempPathA
GetTempFileNameW
GetTempPathW
SetFilePointer
GetFileSize
GetFileAttributesExA
GetFileAttributesExW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetSystemDirectoryA
GetModuleFileNameA
MoveFileExA
CreateMutexA
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WaitForSingleObject
WideCharToMultiByte
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
lstrlenA
SetEndOfFile
CopyFileA
CopyFileW
GetModuleFileNameW
GetCommandLineW
ExitProcess
GetModuleHandleA
GetCommandLineA
GetProcessTimes
GetCurrentProcess
CreateEventA
SetEvent
TlsAlloc
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
GetThreadPriority
GetCurrentThread
GetSystemDefaultLangID
FreeLibrary
GetLastError
GetStartupInfoA
CreateProcessA
CloseHandle
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
GetLocaleInfoA
SetErrorMode
LoadLibraryA
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
GetVersionExA
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
GetProcessHeap
MoveFileW
HeapFree

user32

GetSubMenu
LoadMenuA
SetTimer
KillTimer
GetClientRect
ScreenToClient
GetCursorPos
SetCursor
LoadCursorA
EndPaint
BeginPaint
GetMenu
DestroyWindow
GetFocus
WindowFromPoint
GetCapture
ReleaseCapture
SetCapture
TrackPopupMenu
ClientToScreen
DeleteMenu
GetMenuItemID
IsWindow
DefWindowProcA
GetWindowLongA
CreateWindowExA
RegisterClipboardFormatA
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
SetClipboardData
EmptyClipboard
InsertMenuA
InsertMenuW
RemoveMenu
GetWindow
UnregisterClassA
LoadStringW
MoveWindow
SetMenu
UpdateWindow
ShowWindow
SetDlgItemTextA
SetDlgItemTextW
EnableWindow
GetDlgItemTextA
GetWindowTextLengthA
DestroyMenu
GetWindowTextLengthW
PostQuitMessage
GetMenuStringA
GetMenuStringW
RegisterClassA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
SystemParametersInfoA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
EndDialog
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconA
GetDlgItem
SendMessageA
SetWindowTextA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
GetSystemMetrics
InsertMenuItemA
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
GetDC
ReleaseDC
GetDoubleClickTime
LoadStringA
EnableMenuItem
CheckMenuItem
InvalidateRect
WaitForInputIdle
MapVirtualKeyA
FillRect
GetKeyState
DialogBoxParamW
DialogBoxParamA
GetDlgItemTextW
MessageBoxA

gdi32

GetTextMetricsA
GetClipRgn
SetTextColor
ExtTextOutW
ExtTextOutA
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
EnumFontFamiliesA
SetTextCharacterExtra
BeginPath
EndPage
DPtoLP
FillPath
ExtCreatePen
StrokePath
EndDoc
StartDocA
LPtoDP
CreateSolidBrush
GetClipBox
GetSystemPaletteEntries
CreatePalette
GetTextExtentPoint32A
CreatePen
GetBkColor
SetBkColor
GetCurrentObject
GetTextExtentPoint32W
EndPath
SetPolyFillMode
MoveToEx
LineTo
PolyBezierTo
SelectClipPath
SaveDC
RestoreDC
GdiFlush
DeleteObject
SelectObject
StretchDIBits
SetDIBitsToDevice
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
DeleteDC
CreateDIBSection
GetDeviceCaps
BitBlt
RealizePalette
SelectPalette
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
StartPage

comdlg32

GetOpenFileNameA
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
GetSaveFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyA
RegSetValueA

shell32

DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
DragQueryFileW

ole32

CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flash在线图片浏览器FPV v3.51/相关程序/数据库升级程序/updata.exe
.exe windows:4 windows x86 arch:x86

1dbcf2c6cdfb8812f5650277b7998cf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetDC

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
LoadLibraryA

advapi32

FreeSid

comctl32

ImageList_Add

comdlg32

PrintDlgA

gdi32

SaveDC

ole32

OleRun

oleaut32

VarNot

shell32

DragFinish

urlmon

HlinkNavigateString

version

VerQueryValueA

wininet

InternetOpenA

winmm

joyGetPos

winspool.drv

OpenPrinterA

wsock32

send

Sections

.text
Size: 39KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Flash在线图片浏览器FPV v3.51/相关程序/数据库升级程序/说明.txt
Flash在线图片浏览器FPV v3.51/相关程序/网易相册读取工具.exe
.exe windows:4 windows x86 arch:x86

9e604fa03f90625680ac2f8bef162aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

setsockopt
gethostbyname
htonl
ioctlsocket
htons
WSAStartup
ntohl
WSACleanup

wininet

HttpQueryInfoA

crypt32

CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertCloseStore

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

waveInStop
waveInAddBuffer
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveInClose
waveOutGetDevCapsA
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveOutUnprepareHeader
waveInReset
waveInUnprepareHeader
waveInPrepareHeader
waveInOpen
waveInGetDevCapsA
timeGetTime
waveOutClose
waveOutOpen
timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

kernel32

GetSystemInfo
GetUserDefaultLangID
ExitThread
GlobalFree
GetFileAttributesA
GetFileAttributesW
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
CreateThread
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
DeleteFileA
DeleteFileW
MoveFileA
VirtualQuery
RemoveDirectoryA
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
ReadFile
WriteFile
GetTempFileNameA
GetTempPathA
GetTempFileNameW
GetTempPathW
SetFilePointer
GetFileSize
GetFileAttributesExA
GetFileAttributesExW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetSystemDirectoryA
GetModuleFileNameA
MoveFileExA
CreateMutexA
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WaitForSingleObject
WideCharToMultiByte
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
lstrlenA
SetEndOfFile
CopyFileA
CopyFileW
GetModuleFileNameW
GetCommandLineW
ExitProcess
GetModuleHandleA
GetCommandLineA
GetProcessTimes
GetCurrentProcess
CreateEventA
SetEvent
TlsAlloc
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
GetThreadPriority
GetCurrentThread
GetSystemDefaultLangID
FreeLibrary
GetLastError
GetStartupInfoA
CreateProcessA
CloseHandle
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
GetLocaleInfoA
SetErrorMode
LoadLibraryA
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
GetVersionExA
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
GetProcessHeap
MoveFileW
HeapFree

user32

GetSubMenu
LoadMenuA
SetTimer
KillTimer
GetClientRect
ScreenToClient
GetCursorPos
SetCursor
LoadCursorA
EndPaint
BeginPaint
GetMenu
DestroyWindow
GetFocus
WindowFromPoint
GetCapture
ReleaseCapture
SetCapture
TrackPopupMenu
ClientToScreen
DeleteMenu
GetMenuItemID
IsWindow
DefWindowProcA
GetWindowLongA
CreateWindowExA
RegisterClipboardFormatA
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
SetClipboardData
EmptyClipboard
InsertMenuA
InsertMenuW
RemoveMenu
GetWindow
UnregisterClassA
LoadStringW
MoveWindow
SetMenu
UpdateWindow
ShowWindow
SetDlgItemTextA
SetDlgItemTextW
EnableWindow
GetDlgItemTextA
GetWindowTextLengthA
DestroyMenu
GetWindowTextLengthW
PostQuitMessage
GetMenuStringA
GetMenuStringW
RegisterClassA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
SystemParametersInfoA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
EndDialog
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconA
GetDlgItem
SendMessageA
SetWindowTextA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
GetSystemMetrics
InsertMenuItemA
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
GetDC
ReleaseDC
GetDoubleClickTime
LoadStringA
EnableMenuItem
CheckMenuItem
InvalidateRect
WaitForInputIdle
MapVirtualKeyA
FillRect
GetKeyState
DialogBoxParamW
DialogBoxParamA
GetDlgItemTextW
MessageBoxA

gdi32

GetTextMetricsA
GetClipRgn
SetTextColor
ExtTextOutW
ExtTextOutA
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
EnumFontFamiliesA
SetTextCharacterExtra
BeginPath
EndPage
DPtoLP
FillPath
ExtCreatePen
StrokePath
EndDoc
StartDocA
LPtoDP
CreateSolidBrush
GetClipBox
GetSystemPaletteEntries
CreatePalette
GetTextExtentPoint32A
CreatePen
GetBkColor
SetBkColor
GetCurrentObject
GetTextExtentPoint32W
EndPath
SetPolyFillMode
MoveToEx
LineTo
PolyBezierTo
SelectClipPath
SaveDC
RestoreDC
GdiFlush
DeleteObject
SelectObject
StretchDIBits
SetDIBitsToDevice
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
DeleteDC
CreateDIBSection
GetDeviceCaps
BitBlt
RealizePalette
SelectPalette
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
StartPage

comdlg32

GetOpenFileNameA
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
GetSaveFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyA
RegSetValueA

shell32

DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
DragQueryFileW

ole32

CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flash在线图片浏览器FPV v3.51/非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3e:88:cfCertificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 216KB

UPX1 Size: 113KB - Virtual size: 116KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 542KB - Virtual size: 541KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 37KB - Virtual size: 36KB

.rsrc Size: 694KB - Virtual size: 694KB

9e604fa03f90625680ac2f8bef162aff

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

wininet

crypt32

version

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 56KB - Virtual size: 842KB

.rsrc Size: 124KB - Virtual size: 122KB

1dbcf2c6cdfb8812f5650277b7998cf3

Headers

File Characteristics

Imports

user32

kernel32

advapi32

comctl32

comdlg32

gdi32

ole32

oleaut32

shell32

urlmon

version

wininet

winmm

winspool.drv

wsock32

Sections

.text Size: 39KB - Virtual size: 3.8MB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3e:88:cf
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

UPX0
Size: - Virtual size: 216KB

UPX1
Size: 113KB - Virtual size: 116KB

.rsrc
Size: 7KB - Virtual size: 8KB

CODE
Size: 542KB - Virtual size: 541KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 694KB - Virtual size: 694KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 56KB - Virtual size: 842KB

.rsrc
Size: 124KB - Virtual size: 122KB

.text
Size: 39KB - Virtual size: 3.8MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 56KB - Virtual size: 842KB

.rsrc
Size: 124KB - Virtual size: 122KB