f8afb4c2d0ecb400a25a884fb56d921a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8afb4c2d0ecb400a25a884fb56d921a_JaffaCakes118
Size

1.4MB
MD5

f8afb4c2d0ecb400a25a884fb56d921a
SHA1

af1659be36d9e052d099d3b089212cbb390c423f
SHA256

dd39cdc5c6df49414b52e2388f2431cd58a1f75a18aee6ef9d392d19c51047ec
SHA512

1bad254229a39915806c40d306c12eefa290f7183552663739724a1868b0436c3552ac2415aa54d5c5157c7bdf1232e5e6b45879a251ee629e3a46bb4892dbe1
SSDEEP

24576:OuCJo/0BshKUrQQsv963bGDuq6sFHpXtGyZ84RIdfmoQgJK3OFVVK3OFVa8K3OF5:ONqSMdQZv2cuDsbXtVDRZZgJKeFVVKeR

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/autohack/AR.dll
unpack001/autohack/Backup/amp11lib.dll
unpack001/autohack/Backup/bugtrap.bak
unpack001/autohack/Backup/bugtrap.dll
unpack001/autohack/Backup/vorbis.dll
unpack001/autohack/bugtrap.bak
unpack001/autohack/bugtrap.dll

Files

f8afb4c2d0ecb400a25a884fb56d921a_JaffaCakes118
.rar
autohack/AR.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

MainProc

Sections

Size: 25KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tls
Size: 775KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
autohack/Auto Rank D-S Read Me.rtf
.rtf
autohack/Backup/amp11lib.dll
.dll windows:4 windows x86 arch:x86

a962b533962f1a8d5743233fb526db6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep

msvcrt

??3@YAXPAX@Z
__CxxFrameHandler
sscanf
sprintf
strchr
strncmp
memmove
??2@YAPAXI@Z
realloc
atoi
ceil
_ftol
floor
free
_initterm
_kbhit
_adjust_fdiv
__dllonexit
_onexit
malloc
_getch
_read
_write
_lseek
_close
_chsize
_open

winmm

waveOutUnprepareHeader
waveOutReset
waveOutGetDevCapsA
waveOutPrepareHeader
waveOutWrite
waveOutClose
waveOutOpen
timeKillEvent
timeSetEvent

wsock32

gethostbyname
accept
WSAGetLastError
recv
send
shutdown
getsockopt
ntohl
getsockname
ntohs
getpeername
socket
listen
bind
setsockopt
htonl
htons
connect
closesocket
inet_ntoa
WSACleanup
WSAStartup

Exports

Exports

_alClose@4
_alDecGetLen@4
_alDecGetPos@4
_alDecSeekAbs@8
_alDecSeekRel@8
_alDecSetVolume@8
_alDescribePlayerDevice@12
_alDisableRedirection@0
_alEnableRedirection@4
_alEndLibrary@0
_alGetMPXHeader@24
_alGetRedirection@4
_alInitLibrary@0
_alOpenDecoder@4
_alOpenHttpFile@8
_alOpenInputFile@4
_alOpenOutputFile@4
_alOpenPlayer@16
_alOpenSubFile@12
_alRead@12
_alSetRedirection@8
_alWrite@12

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autohack/Backup/bugtrap.bak
.dll windows:4 windows x86 arch:x86

e9791fd4137506e625250e7b55e0b948

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Max\My Documents\Visual Studio 2005\Projects\BugTrap\Win32\Bin\BugTrap.pdb

Imports

ws2_32

WSACleanup
WSAGetLastError
closesocket
setsockopt
WSAStartup
inet_addr
gethostbyname
htons
WSASocketA
WSAEventSelect
connect
WSAEnumNetworkEvents
WSASend
WSAGetOverlappedResult
shutdown

comctl32

InitCommonControlsEx
ImageList_LoadImageA
ImageList_Destroy

shlwapi

PathIsURLA
PathIsRootA
PathFindNextComponentA
UrlIsA
PathRemoveBackslashA
PathRemoveExtensionA
PathAddExtensionA
PathCreateFromUrlA
PathIsRelativeA
PathRemoveFileSpecA
PathAppendA
StrTrimA
PathSkipRootA
PathFindFileNameA
PathCombineA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetAttemptConnect
InternetCrackUrlA
InternetOpenA
InternetSetStatusCallback
InternetConnectA
InternetGetLastResponseInfoA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetCloseHandle
HttpOpenRequestA

kernel32

GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
ExitProcess
HeapSize
CopyFileA
CloseHandle
FindClose
FindFirstFileA
CreateFileA
RaiseException
FindNextFileA
SetEvent
WideCharToMultiByte
ReadFile
SetFilePointer
GetStringTypeA
GetFileSize
MulDiv
FreeLibrary
GetProcAddress
LoadLibraryA
GetProfileIntA
GetLastError
OpenProcess
GetModuleFileNameA
GetCurrentProcessId
GetModuleHandleA
GetVersionExA
InitializeCriticalSection
GetStdHandle
WriteConsoleA
MultiByteToWideChar
GetConsoleOutputCP
HeapAlloc
ReadProcessMemory
GetCurrentProcess
LocalFree
WriteFile
FormatMessageA
GetSystemInfo
GlobalMemoryStatus
GetThreadContext
GetCurrentThread
FreeEnvironmentStringsA
GetEnvironmentStrings
GetTimeFormatA
GetDateFormatA
SystemTimeToFileTime
GetFileAttributesA
DeleteFileA
GetCurrentThreadId
ResumeThread
SuspendThread
GetCurrentDirectoryA
GetCommandLineA
GetComputerNameA
GetLocalTime
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
IsDBCSLeadByte
WaitForSingleObject
GetUserDefaultLangID
SetUnhandledExceptionFilter
TerminateProcess
CreateEventA
DisableThreadLibraryCalls
WaitForMultipleObjects
LocalReAlloc
GetTempPathA
ResetEvent
RemoveDirectoryA
CreateDirectoryA
GetTickCount
GetWindowsDirectoryA
SetEndOfFile
HeapFree
SetLastError
LCMapStringA
ExitThread
CreateThread
GetProcessHeap
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TlsFree
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
LCMapStringW
Sleep
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
GetConsoleMode
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleW
FlushFileBuffers
DeleteCriticalSection

user32

DeferWindowPos
MapWindowPoints
BeginDeferWindowPos
DrawEdge
GetTabbedTextExtentA
TabbedTextOutA
AppendMenuA
GetSystemMenu
GetWindowThreadProcessId
GetForegroundWindow
GetActiveWindow
GetWindow
DrawTextA
DrawIconEx
GetClassLongA
GetSysColorBrush
CopyIcon
LoadCursorA
DestroyIcon
GetScrollInfo
SetScrollInfo
ScrollWindowEx
GetDC
ReleaseDC
CreateDialogParamA
GetWindowRect
ScreenToClient
EndDeferWindowPos
LoadIconA
GetWindowTextLengthA
SetForegroundWindow
MessageBoxA
GetWindowLongA
SetWindowLongA
CheckRadioButton
LoadImageA
ShowWindow
DestroyWindow
CreateWindowExA
EnableWindow
IsWindowEnabled
DialogBoxParamA
UpdateWindow
InvalidateRect
GetClientRect
GetSystemMetrics
LoadStringA
SetCursor
GetSysColor
SendMessageA
SetWindowTextA
GetParent
GetDlgItem
IsWindowVisible
IsZoomed
RedrawWindow
SetScrollPos
SetFocus
GetWindowTextA
GetDialogBaseUnits
GetMessagePos
IsChild
EndDialog
GetCapture
ReleaseCapture
SetCapture
GetFocus
DrawFocusRect
PtInRect
PostMessageA
SystemParametersInfoA
BeginPaint
EndPaint
GetKeyState
DefWindowProcA
IsRectEmpty
FillRect
SetWindowPos
GetScrollPos
GetDlgCtrlID

gdi32

GetObjectA
GetDIBits
StretchBlt
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
PatBlt
CreateFontIndirectA
SetViewportOrgEx
SetTextColor
TextOutA
MoveToEx
LineTo
BitBlt
DeleteDC
SelectObject
GetTextMetricsA
SetBkColor
DeleteObject

comdlg32

GetSaveFileNameA

advapi32

RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
ShellExecuteA

ole32

StringFromGUID2

oleaut32

GetErrorInfo
SysFreeString

Exports

Exports

BT_AddLogFile
BT_AddRegFile
BT_AppLogEntry
BT_AppLogEntryF
BT_AppLogEntryV
BT_CallCppFilter
BT_CallNetFilter
BT_CallSehFilter
BT_ClearLog
BT_ClearLogFiles
BT_CloseLogFile
BT_CppFilter
BT_DeleteLogFile
BT_ExportRegistryKey
BT_FlushLogFile
BT_GetActivityType
BT_GetAppName
BT_GetAppVersion
BT_GetDialogMessage
BT_GetDumpType
BT_GetFlags
BT_GetLogEchoMode
BT_GetLogFileEntry
BT_GetLogFileName
BT_GetLogFilesCount
BT_GetLogFlags
BT_GetLogLevel
BT_GetLogSizeInBytes
BT_GetLogSizeInEntries
BT_GetMailProfile
BT_GetNotificationEMail
BT_GetPostErrHandler
BT_GetPreErrHandler
BT_GetReportFilePath
BT_GetReportFormat
BT_GetSupportEMail
BT_GetSupportHost
BT_GetSupportPort
BT_GetSupportURL
BT_GetUserMessage
BT_InsLogEntry
BT_InsLogEntryF
BT_InsLogEntryV
BT_InstallSehFilter
BT_MakeSnapshot
BT_NetFilter
BT_OpenLogFile
BT_ReadVersionInfo
BT_SehFilter
BT_SetActivityType
BT_SetAppName
BT_SetAppVersion
BT_SetDialogMessage
BT_SetDumpType
BT_SetFlags
BT_SetLogEchoMode
BT_SetLogFlags
BT_SetLogLevel
BT_SetLogSizeInBytes
BT_SetLogSizeInEntries
BT_SetMailProfile
BT_SetNotificationEMail
BT_SetPostErrHandler
BT_SetPreErrHandler
BT_SetReportFilePath
BT_SetReportFormat
BT_SetSupportEMail
BT_SetSupportHost
BT_SetSupportPort
BT_SetSupportServer
BT_SetSupportURL
BT_SetUserMessage
BT_SetUserMessageFromCode
BT_UninstallSehFilter

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autohack/Backup/bugtrap.dll
.dll windows:4 windows x86 arch:x86

e9791fd4137506e625250e7b55e0b948

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Max\My Documents\Visual Studio 2005\Projects\BugTrap\Win32\Bin\BugTrap.pdb

Imports

ws2_32

WSACleanup
WSAGetLastError
closesocket
setsockopt
WSAStartup
inet_addr
gethostbyname
htons
WSASocketA
WSAEventSelect
connect
WSAEnumNetworkEvents
WSASend
WSAGetOverlappedResult
shutdown

comctl32

InitCommonControlsEx
ImageList_LoadImageA
ImageList_Destroy

shlwapi

PathIsURLA
PathIsRootA
PathFindNextComponentA
UrlIsA
PathRemoveBackslashA
PathRemoveExtensionA
PathAddExtensionA
PathCreateFromUrlA
PathIsRelativeA
PathRemoveFileSpecA
PathAppendA
StrTrimA
PathSkipRootA
PathFindFileNameA
PathCombineA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetAttemptConnect
InternetCrackUrlA
InternetOpenA
InternetSetStatusCallback
InternetConnectA
InternetGetLastResponseInfoA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetCloseHandle
HttpOpenRequestA

kernel32

GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
ExitProcess
HeapSize
CopyFileA
CloseHandle
FindClose
FindFirstFileA
CreateFileA
RaiseException
FindNextFileA
SetEvent
WideCharToMultiByte
ReadFile
SetFilePointer
GetStringTypeA
GetFileSize
MulDiv
FreeLibrary
GetProcAddress
LoadLibraryA
GetProfileIntA
GetLastError
OpenProcess
GetModuleFileNameA
GetCurrentProcessId
GetModuleHandleA
GetVersionExA
InitializeCriticalSection
GetStdHandle
WriteConsoleA
MultiByteToWideChar
GetConsoleOutputCP
HeapAlloc
ReadProcessMemory
GetCurrentProcess
LocalFree
WriteFile
FormatMessageA
GetSystemInfo
GlobalMemoryStatus
GetThreadContext
GetCurrentThread
FreeEnvironmentStringsA
GetEnvironmentStrings
GetTimeFormatA
GetDateFormatA
SystemTimeToFileTime
GetFileAttributesA
DeleteFileA
GetCurrentThreadId
ResumeThread
SuspendThread
GetCurrentDirectoryA
GetCommandLineA
GetComputerNameA
GetLocalTime
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
IsDBCSLeadByte
WaitForSingleObject
GetUserDefaultLangID
SetUnhandledExceptionFilter
TerminateProcess
CreateEventA
DisableThreadLibraryCalls
WaitForMultipleObjects
LocalReAlloc
GetTempPathA
ResetEvent
RemoveDirectoryA
CreateDirectoryA
GetTickCount
GetWindowsDirectoryA
SetEndOfFile
HeapFree
SetLastError
LCMapStringA
ExitThread
CreateThread
GetProcessHeap
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TlsFree
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
LCMapStringW
Sleep
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
GetConsoleMode
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleW
FlushFileBuffers
DeleteCriticalSection

user32

DeferWindowPos
MapWindowPoints
BeginDeferWindowPos
DrawEdge
GetTabbedTextExtentA
TabbedTextOutA
AppendMenuA
GetSystemMenu
GetWindowThreadProcessId
GetForegroundWindow
GetActiveWindow
GetWindow
DrawTextA
DrawIconEx
GetClassLongA
GetSysColorBrush
CopyIcon
LoadCursorA
DestroyIcon
GetScrollInfo
SetScrollInfo
ScrollWindowEx
GetDC
ReleaseDC
CreateDialogParamA
GetWindowRect
ScreenToClient
EndDeferWindowPos
LoadIconA
GetWindowTextLengthA
SetForegroundWindow
MessageBoxA
GetWindowLongA
SetWindowLongA
CheckRadioButton
LoadImageA
ShowWindow
DestroyWindow
CreateWindowExA
EnableWindow
IsWindowEnabled
DialogBoxParamA
UpdateWindow
InvalidateRect
GetClientRect
GetSystemMetrics
LoadStringA
SetCursor
GetSysColor
SendMessageA
SetWindowTextA
GetParent
GetDlgItem
IsWindowVisible
IsZoomed
RedrawWindow
SetScrollPos
SetFocus
GetWindowTextA
GetDialogBaseUnits
GetMessagePos
IsChild
EndDialog
GetCapture
ReleaseCapture
SetCapture
GetFocus
DrawFocusRect
PtInRect
PostMessageA
SystemParametersInfoA
BeginPaint
EndPaint
GetKeyState
DefWindowProcA
IsRectEmpty
FillRect
SetWindowPos
GetScrollPos
GetDlgCtrlID

gdi32

GetObjectA
GetDIBits
StretchBlt
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
PatBlt
CreateFontIndirectA
SetViewportOrgEx
SetTextColor
TextOutA
MoveToEx
LineTo
BitBlt
DeleteDC
SelectObject
GetTextMetricsA
SetBkColor
DeleteObject

comdlg32

GetSaveFileNameA

advapi32

RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
ShellExecuteA

ole32

StringFromGUID2

oleaut32

GetErrorInfo
SysFreeString

Exports

Exports

BT_AddLogFile
BT_AddRegFile
BT_AppLogEntry
BT_AppLogEntryF
BT_AppLogEntryV
BT_CallCppFilter
BT_CallNetFilter
BT_CallSehFilter
BT_ClearLog
BT_ClearLogFiles
BT_CloseLogFile
BT_CppFilter
BT_DeleteLogFile
BT_ExportRegistryKey
BT_FlushLogFile
BT_GetActivityType
BT_GetAppName
BT_GetAppVersion
BT_GetDialogMessage
BT_GetDumpType
BT_GetFlags
BT_GetLogEchoMode
BT_GetLogFileEntry
BT_GetLogFileName
BT_GetLogFilesCount
BT_GetLogFlags
BT_GetLogLevel
BT_GetLogSizeInBytes
BT_GetLogSizeInEntries
BT_GetMailProfile
BT_GetNotificationEMail
BT_GetPostErrHandler
BT_GetPreErrHandler
BT_GetReportFilePath
BT_GetReportFormat
BT_GetSupportEMail
BT_GetSupportHost
BT_GetSupportPort
BT_GetSupportURL
BT_GetUserMessage
BT_InsLogEntry
BT_InsLogEntryF
BT_InsLogEntryV
BT_InstallSehFilter
BT_MakeSnapshot
BT_NetFilter
BT_OpenLogFile
BT_ReadVersionInfo
BT_SehFilter
BT_SetActivityType
BT_SetAppName
BT_SetAppVersion
BT_SetDialogMessage
BT_SetDumpType
BT_SetFlags
BT_SetLogEchoMode
BT_SetLogFlags
BT_SetLogLevel
BT_SetLogSizeInBytes
BT_SetLogSizeInEntries
BT_SetMailProfile
BT_SetNotificationEMail
BT_SetPostErrHandler
BT_SetPreErrHandler
BT_SetReportFilePath
BT_SetReportFormat
BT_SetSupportEMail
BT_SetSupportHost
BT_SetSupportPort
BT_SetSupportServer
BT_SetSupportURL
BT_SetUserMessage
BT_SetUserMessageFromCode
BT_UninstallSehFilter

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autohack/Backup/vorbis.dll
.dll windows:4 windows x86 arch:x86

4eae6ba6de5c55a6e4e18a6d09371471

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ogg

oggpack_adv
oggpack_readinit
oggpack_look
oggpack_writeclear
oggpack_read1
oggpack_read
oggpack_bytes
oggpack_writeinit
oggpack_write
oggpack_get_buffer
oggpack_reset

msvcrt

malloc
free
realloc
_adjust_fdiv
_initterm
_CIpow
_CIacos
calloc
ldexp
_strdup
memmove
floor
_ftol
qsort
toupper

kernel32

DisableThreadLibraryCalls

Exports

Exports

_floor_P
_mapping_P
_residue_P
_time_P
_vi_psy_copy
vorbis_analysis
vorbis_analysis_blockout
vorbis_analysis_buffer
vorbis_analysis_headerout
vorbis_analysis_init
vorbis_analysis_wrote
vorbis_block_clear
vorbis_block_init
vorbis_comment_add
vorbis_comment_add_tag
vorbis_comment_clear
vorbis_comment_init
vorbis_comment_query
vorbis_comment_query_count
vorbis_dsp_clear
vorbis_info_clear
vorbis_info_init
vorbis_packet_blocksize
vorbis_synthesis
vorbis_synthesis_blockin
vorbis_synthesis_headerin
vorbis_synthesis_init
vorbis_synthesis_pcmout
vorbis_synthesis_read

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autohack/HướngDẫn.docx
.docx office2007
autohack/Read Me.rtf
.rtf
autohack/Stages.cfg
autohack/Version.cfg
autohack/bugtrap.bak
.dll windows:4 windows x86 arch:x86

e9791fd4137506e625250e7b55e0b948

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Max\My Documents\Visual Studio 2005\Projects\BugTrap\Win32\Bin\BugTrap.pdb

Imports

ws2_32

WSACleanup
WSAGetLastError
closesocket
setsockopt
WSAStartup
inet_addr
gethostbyname
htons
WSASocketA
WSAEventSelect
connect
WSAEnumNetworkEvents
WSASend
WSAGetOverlappedResult
shutdown

comctl32

InitCommonControlsEx
ImageList_LoadImageA
ImageList_Destroy

shlwapi

PathIsURLA
PathIsRootA
PathFindNextComponentA
UrlIsA
PathRemoveBackslashA
PathRemoveExtensionA
PathAddExtensionA
PathCreateFromUrlA
PathIsRelativeA
PathRemoveFileSpecA
PathAppendA
StrTrimA
PathSkipRootA
PathFindFileNameA
PathCombineA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetAttemptConnect
InternetCrackUrlA
InternetOpenA
InternetSetStatusCallback
InternetConnectA
InternetGetLastResponseInfoA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetCloseHandle
HttpOpenRequestA

kernel32

GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
ExitProcess
HeapSize
CopyFileA
CloseHandle
FindClose
FindFirstFileA
CreateFileA
RaiseException
FindNextFileA
SetEvent
WideCharToMultiByte
ReadFile
SetFilePointer
GetStringTypeA
GetFileSize
MulDiv
FreeLibrary
GetProcAddress
LoadLibraryA
GetProfileIntA
GetLastError
OpenProcess
GetModuleFileNameA
GetCurrentProcessId
GetModuleHandleA
GetVersionExA
InitializeCriticalSection
GetStdHandle
WriteConsoleA
MultiByteToWideChar
GetConsoleOutputCP
HeapAlloc
ReadProcessMemory
GetCurrentProcess
LocalFree
WriteFile
FormatMessageA
GetSystemInfo
GlobalMemoryStatus
GetThreadContext
GetCurrentThread
FreeEnvironmentStringsA
GetEnvironmentStrings
GetTimeFormatA
GetDateFormatA
SystemTimeToFileTime
GetFileAttributesA
DeleteFileA
GetCurrentThreadId
ResumeThread
SuspendThread
GetCurrentDirectoryA
GetCommandLineA
GetComputerNameA
GetLocalTime
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
IsDBCSLeadByte
WaitForSingleObject
GetUserDefaultLangID
SetUnhandledExceptionFilter
TerminateProcess
CreateEventA
DisableThreadLibraryCalls
WaitForMultipleObjects
LocalReAlloc
GetTempPathA
ResetEvent
RemoveDirectoryA
CreateDirectoryA
GetTickCount
GetWindowsDirectoryA
SetEndOfFile
HeapFree
SetLastError
LCMapStringA
ExitThread
CreateThread
GetProcessHeap
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TlsFree
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
LCMapStringW
Sleep
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
GetConsoleMode
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleW
FlushFileBuffers
DeleteCriticalSection

user32

DeferWindowPos
MapWindowPoints
BeginDeferWindowPos
DrawEdge
GetTabbedTextExtentA
TabbedTextOutA
AppendMenuA
GetSystemMenu
GetWindowThreadProcessId
GetForegroundWindow
GetActiveWindow
GetWindow
DrawTextA
DrawIconEx
GetClassLongA
GetSysColorBrush
CopyIcon
LoadCursorA
DestroyIcon
GetScrollInfo
SetScrollInfo
ScrollWindowEx
GetDC
ReleaseDC
CreateDialogParamA
GetWindowRect
ScreenToClient
EndDeferWindowPos
LoadIconA
GetWindowTextLengthA
SetForegroundWindow
MessageBoxA
GetWindowLongA
SetWindowLongA
CheckRadioButton
LoadImageA
ShowWindow
DestroyWindow
CreateWindowExA
EnableWindow
IsWindowEnabled
DialogBoxParamA
UpdateWindow
InvalidateRect
GetClientRect
GetSystemMetrics
LoadStringA
SetCursor
GetSysColor
SendMessageA
SetWindowTextA
GetParent
GetDlgItem
IsWindowVisible
IsZoomed
RedrawWindow
SetScrollPos
SetFocus
GetWindowTextA
GetDialogBaseUnits
GetMessagePos
IsChild
EndDialog
GetCapture
ReleaseCapture
SetCapture
GetFocus
DrawFocusRect
PtInRect
PostMessageA
SystemParametersInfoA
BeginPaint
EndPaint
GetKeyState
DefWindowProcA
IsRectEmpty
FillRect
SetWindowPos
GetScrollPos
GetDlgCtrlID

gdi32

GetObjectA
GetDIBits
StretchBlt
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
PatBlt
CreateFontIndirectA
SetViewportOrgEx
SetTextColor
TextOutA
MoveToEx
LineTo
BitBlt
DeleteDC
SelectObject
GetTextMetricsA
SetBkColor
DeleteObject

comdlg32

GetSaveFileNameA

advapi32

RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
ShellExecuteA

ole32

StringFromGUID2

oleaut32

GetErrorInfo
SysFreeString

Exports

Exports

BT_AddLogFile
BT_AddRegFile
BT_AppLogEntry
BT_AppLogEntryF
BT_AppLogEntryV
BT_CallCppFilter
BT_CallNetFilter
BT_CallSehFilter
BT_ClearLog
BT_ClearLogFiles
BT_CloseLogFile
BT_CppFilter
BT_DeleteLogFile
BT_ExportRegistryKey
BT_FlushLogFile
BT_GetActivityType
BT_GetAppName
BT_GetAppVersion
BT_GetDialogMessage
BT_GetDumpType
BT_GetFlags
BT_GetLogEchoMode
BT_GetLogFileEntry
BT_GetLogFileName
BT_GetLogFilesCount
BT_GetLogFlags
BT_GetLogLevel
BT_GetLogSizeInBytes
BT_GetLogSizeInEntries
BT_GetMailProfile
BT_GetNotificationEMail
BT_GetPostErrHandler
BT_GetPreErrHandler
BT_GetReportFilePath
BT_GetReportFormat
BT_GetSupportEMail
BT_GetSupportHost
BT_GetSupportPort
BT_GetSupportURL
BT_GetUserMessage
BT_InsLogEntry
BT_InsLogEntryF
BT_InsLogEntryV
BT_InstallSehFilter
BT_MakeSnapshot
BT_NetFilter
BT_OpenLogFile
BT_ReadVersionInfo
BT_SehFilter
BT_SetActivityType
BT_SetAppName
BT_SetAppVersion
BT_SetDialogMessage
BT_SetDumpType
BT_SetFlags
BT_SetLogEchoMode
BT_SetLogFlags
BT_SetLogLevel
BT_SetLogSizeInBytes
BT_SetLogSizeInEntries
BT_SetMailProfile
BT_SetNotificationEMail
BT_SetPostErrHandler
BT_SetPreErrHandler
BT_SetReportFilePath
BT_SetReportFormat
BT_SetSupportEMail
BT_SetSupportHost
BT_SetSupportPort
BT_SetSupportServer
BT_SetSupportURL
BT_SetUserMessage
BT_SetUserMessageFromCode
BT_UninstallSehFilter

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autohack/bugtrap.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Max\My Documents\Visual Studio 2005\Projects\BugTrap\Win32\Bin\BugTrap.pdb

Exports

Exports

BT_AddLogFile
BT_AddRegFile
BT_AppLogEntry
BT_AppLogEntryF
BT_AppLogEntryV
BT_CallCppFilter
BT_CallNetFilter
BT_CallSehFilter
BT_ClearLog
BT_ClearLogFiles
BT_CloseLogFile
BT_CppFilter
BT_DeleteLogFile
BT_ExportRegistryKey
BT_FlushLogFile
BT_GetActivityType
BT_GetAppName
BT_GetAppVersion
BT_GetDialogMessage
BT_GetDumpType
BT_GetFlags
BT_GetLogEchoMode
BT_GetLogFileEntry
BT_GetLogFileName
BT_GetLogFilesCount
BT_GetLogFlags
BT_GetLogLevel
BT_GetLogSizeInBytes
BT_GetLogSizeInEntries
BT_GetMailProfile
BT_GetNotificationEMail
BT_GetPostErrHandler
BT_GetPreErrHandler
BT_GetReportFilePath
BT_GetReportFormat
BT_GetSupportEMail
BT_GetSupportHost
BT_GetSupportPort
BT_GetSupportURL
BT_GetUserMessage
BT_InsLogEntry
BT_InsLogEntryF
BT_InsLogEntryV
BT_InstallSehFilter
BT_MakeSnapshot
BT_NetFilter
BT_OpenLogFile
BT_ReadVersionInfo
BT_SehFilter
BT_SetActivityType
BT_SetAppName
BT_SetAppVersion
BT_SetDialogMessage
BT_SetDumpType
BT_SetFlags
BT_SetLogEchoMode
BT_SetLogFlags
BT_SetLogLevel
BT_SetLogSizeInBytes
BT_SetLogSizeInEntries
BT_SetMailProfile
BT_SetNotificationEMail
BT_SetPostErrHandler
BT_SetPreErrHandler
BT_SetReportFilePath
BT_SetReportFormat
BT_SetSupportEMail
BT_SetSupportHost
BT_SetSupportPort
BT_SetSupportServer
BT_SetSupportURL
BT_SetUserMessage
BT_SetUserMessageFromCode
BT_UninstallSehFilter

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.NewIT
Size: 512B - Virtual size: 323B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 25KB - Virtual size: 140KB

.rsrc Size: - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

tls Size: 775KB - Virtual size: 1.7MB

a962b533962f1a8d5743233fb526db6e

Headers

File Characteristics

Imports

kernel32

msvcrt

winmm

wsock32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 62KB

.reloc Size: 4KB - Virtual size: 2KB

e9791fd4137506e625250e7b55e0b948

Headers

File Characteristics

PDB Paths

Imports

ws2_32

comctl32

shlwapi

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 17KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 12KB - Virtual size: 12KB

e9791fd4137506e625250e7b55e0b948

Headers

File Characteristics

PDB Paths

Imports

ws2_32

comctl32

shlwapi

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 17KB

.rsrc Size: 29KB - Virtual size: 29KB

.rsrc
Size: - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

tls
Size: 775KB - Virtual size: 1.7MB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 62KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 12KB - Virtual size: 12KB

.NewIT
Size: 512B - Virtual size: 323B