feaeaab94915413be8deaefa7530cb7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

feaeaab94915413be8deaefa7530cb7a_JaffaCakes118
Size

3.2MB
MD5

feaeaab94915413be8deaefa7530cb7a
SHA1

5a45086cc822614070311506787919e6f80c9839
SHA256

58ba387e6f3873e47fd410e90a4694599a8b6ac0d4a2d66247335d79d37282df
SHA512

c5b76057bfe6c9a83391146ff5741b065e5106d92ba621966ca915a4e809472f36693903a8b7335dd86597fe4f7c26d90286375709001a74a4902ab63e9bc011
SSDEEP

49152:XxWeQatbQjJv+lWKXWN1iw6EHnaJsY+kmpAHa5qUJ442SVmaXVWFBo6V/vlTk0nG:MUgAg36GS2mHafW4HLXIFZvap

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
feaeaab94915413be8deaefa7530cb7a_JaffaCakes118
unpack001/$PLUGINSDIR/xiaoxiaobrowser.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/Resource/XXStatistic.exe
unpack002/SafeBrowser.dll
unpack002/XiaoXiao.exe
unpack002/XiaoXiaoUpdate.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$PLUGINSDIR/xiaoxiaobrowser.exe	nsis_installer_1
static1/unpack001/$PLUGINSDIR/xiaoxiaobrowser.exe	nsis_installer_2

Files

feaeaab94915413be8deaefa7530cb7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd1742eadfc6df18ded3c26ae64ad610

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/xiaoxiaobrowser.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Language/ChineseGB.ini
Resource/SearchEngine.ini.default
Resource/XXStatistic.exe
.exe windows:4 windows x86 arch:x86

5208deff57d1b41fb08338dda50c84e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
MultiByteToWideChar
HeapFree
InterlockedCompareExchange
FreeLibrary
GetModuleFileNameW
DebugBreak
GetModuleHandleA
HeapReAlloc
GetStartupInfoW
ExitProcess
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MulDiv
lstrcmpW
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
HeapSize
EnterCriticalSection
GetProcessHeap
RaiseException

user32

FillRect
ReleaseCapture
GetClassNameW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
MoveWindow
GetSysColor
CreateDialogParamW
DialogBoxParamW
CallWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DefWindowProcW
PostQuitMessage
GetParent
GetWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetSystemMetrics
LoadImageW
CreateAcceleratorTableW
GetActiveWindow
IsWindow
GetFocus
EndDialog
SetFocus
IsDialogMessageW
SendMessageW
GetDlgItem
KillTimer
SetTimer
ScreenToClient
GetWindowRect
CreateWindowExW
GetWindowLongW
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowLongW
EndPaint
UnregisterClassA

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject

advapi32

RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW

ole32

CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysStringLen
VarUI4FromStr
SysFreeString
LoadTypeLi

comctl32

InitCommonControlsEx

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resource/XiaoXiao.ini.default
Resource/update.cfg
SafeBrowser.dll
.dll windows:4 windows x86 arch:x86

b0aa8b6ae07c8d3fe43f103af79d6e75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\my_GreenBrowserCode2\Bin\SafeBrowser.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
CreateIoCompletionPort
InterlockedExchange
InterlockedExchangeAdd
GetQueuedCompletionStatus
PostQueuedCompletionStatus
InterlockedCompareExchange
TlsAlloc
TlsFree
GetModuleFileNameA
GetLastError
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetFileTime
MoveFileA
DeleteFileA
RemoveDirectoryA
CreateFileA
GetFileAttributesA
LoadLibraryA
LCMapStringA
FreeLibrary
GetStringTypeExA
GetUserDefaultLCID
FormatMessageA
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep

msvcp80

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@JHH@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?allocate@?$allocator@D@std@@QAEPADI@Z
?id@?$ctype@D@std@@2V0locale@2@A
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0_Lockit@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?_Xsgetn_s@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADIH@Z
??1_Lockit@std@@QAE@XZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?uncaught_exception@std@@YA_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?toupper@?$ctype@D@std@@QBEDD@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??1locale@std@@QAE@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??0locale@std@@QAE@PBDH@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0locale@std@@QAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sync@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?classic@locale@std@@SAABV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1_Locimp@locale@std@@MAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??_7?$codecvt@DDH@std@@6B@
??_7codecvt_base@std@@6B@
??_7facet@locale@std@@6B@
?do_length@?$codecvt@DDH@std@@MBEHABHPBD1I@Z
?do_unshift@?$codecvt@DDH@std@@MBEHAAHPAD1AAPAD@Z
?do_out@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?do_in@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?do_encoding@codecvt_base@std@@MBEHXZ
?do_max_length@codecvt_base@std@@MBEHXZ
??0?$codecvt@DDH@std@@QAE@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Bid@locale@std@@QAEIXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?_Register@facet@locale@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

msvcr80

strerror
__CxxFrameHandler3
_CxxThrowException
memset
memcpy
memmove
?before@type_info@@QBEHABV1@@Z
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_purecall
_mkdir
isspace
ispunct
??1bad_cast@std@@UAE@XZ
strtol
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??8type_info@@QBE_NABV0@@Z
memmove_s
sprintf
??0exception@std@@QAE@ABV01@@Z

ws2_32

connect
setsockopt
WSASocketW
WSASend
WSARecv
getaddrinfo
WSAGetLastError
closesocket
WSASetLastError
WSAStartup
WSACleanup
freeaddrinfo

user32

LoadStringA

Exports

Exports

??0?$oserializer@Vtext_oarchive@archive@boost@@UHashData2@@@detail@archive@boost@@AAE@XZ
??0?$oserializer@Vtext_oarchive@archive@boost@@V?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@AAE@XZ
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@UHashData2@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@V?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@UHashData2@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@V?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
SafeBrowse_CheckUrl
SafeBrowse_LoadData
SafeBrowse_Update

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skin/Default/BackGround.bmp
Skin/Default/FavBar.bmp
Skin/Default/Go.bmp
Skin/Default/MainMenu.bmp
Skin/Default/MainTool16.bmp
Skin/Default/MainTool24.bmp
Skin/Default/MainToolGray16.bmp
Skin/Default/MainToolGray24.bmp
Skin/Default/SearchBar.bmp
Skin/Default/StatusTool.bmp
Skin/Default/SystemBar.bmp
Skin/Default/TabActive.bmp
Skin/Default/TabClose.bmp
Skin/Default/TabNormal.bmp
Skin/Default/TaskBar.bmp
Skin/Default/skin.ini
XiaoXiao.exe
.exe windows:4 windows x86 arch:x86

2d7d906c46496458412afc1a6c575d0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup
gethostname
gethostbyname

winmm

sndPlaySoundW

kernel32

lstrcmpA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalFlags
SetErrorMode
GetFileAttributesW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
CreateThread
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalGetAtomNameW
GetModuleHandleA
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetProfileIntW
GetTickCount
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
FormatMessageW
GlobalFree
FreeResource
LoadLibraryA
InterlockedExchange
TerminateThread
MulDiv
GetVersion
lstrlenA
UnmapViewOfFile
LocalAlloc
LocalFree
GetCurrentProcessId
GlobalMemoryStatus
GetPrivateProfileSectionW
GetTempPathW
GetWindowsDirectoryW
GetEnvironmentStringsW
ExpandEnvironmentStringsW
lstrcpynW
OpenProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileSectionW
Sleep
QueryPerformanceFrequency
CreateSemaphoreW
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
GetCurrentThreadId
GetCommandLineW
LoadLibraryExW
WriteProfileStringW
CreateProcessW
InterlockedDecrement
InterlockedIncrement
GetVersionExW
GetCurrentProcess
SetProcessWorkingSetSize
RaiseException
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalSize
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalAlloc
GetModuleFileNameW
QueryPerformanceCounter
FileTimeToDosDateTime
OutputDebugStringW
DeleteFileW
MoveFileW
GetPrivateProfileStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
FindFirstFileW
lstrcmpW
lstrcmpiW
FindNextFileW
FindClose
GetFullPathNameW
lstrlenW
lstrcpyW
CreateFileW
GetFileSize
CloseHandle
CopyFileW
GetLocalTime
FreeLibrary
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
GlobalLock
GlobalUnlock
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemInfo

user32

InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CharUpperW
CopyAcceleratorTableW
InvalidateRgn
DrawIcon
SetWindowRgn
MapDialogRect
SetWindowContextHelpId
MessageBeep
PostQuitMessage
ShowOwnedPopups
UnregisterClassW
GetCapture
RemovePropW
GetForegroundWindow
DispatchMessageW
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
ShowScrollBar
GetMenu
MessageBoxW
UnregisterClassA
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
DrawIconEx
DrawEdge
SetRect
GetMessageW
PostThreadMessageW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetSysColorBrush
TranslateAcceleratorW
BeginDeferWindowPos
EndDeferWindowPos
SetParent
RedrawWindow
GetDCEx
GetSystemMenu
FillRect
OffsetRect
InflateRect
SetFocus
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageW
GetClassNameW
GetWindowTextW
FindWindowW
BringWindowToTop
IsChild
ReleaseDC
GetDC
RemoveMenu
InsertMenuW
SetMenuDefaultItem
GetSystemMetrics
EnumWindows
GetWindowThreadProcessId
MapVirtualKeyW
keybd_event
WindowFromPoint
GetFocus
IsZoomed
FindWindowExW
EnumChildWindows
UnregisterHotKey
RegisterHotKey
GetPropW
GetLastActivePopup
IsIconic
SetForegroundWindow
SetMenu
UpdateWindow
CharNextW
SetMenuItemInfoW
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetNextDlgGroupItem
GetCursorPos
GetDesktopWindow
ScreenToClient
LoadMenuW
ModifyMenuW
DeleteMenu
PtInRect
LockWindowUpdate
TrackPopupMenu
TrackPopupMenuEx
DestroyMenu
SystemParametersInfoW
LoadImageW
LoadBitmapW
SetWindowLongW
LoadIconW
GetWindow
KillTimer
SetTimer
GetParent
EndPaint
BeginPaint
GetWindowDC
TranslateMessage
ValidateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
ClientToScreen
GetWindowRect
GetSubMenu
UnionRect
SetRectEmpty
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SendDlgItemMessageW
SendDlgItemMessageA
GetClassLongW
WinHelpW
IsRectEmpty
CreatePopupMenu
GetMenuItemCount
GetMenuItemInfoW
GetMenuStringW
GetMenuState
IsMenu
AppendMenuW
GetMenuItemID
CheckMenuItem
EnableMenuItem
GetWindowLongW
ShowWindow
GetClientRect
DestroyIcon
LoadCursorW
GetSysColor
GetCursor
SetCursor
ReleaseCapture
SetCapture
InvalidateRect
PostMessageW
CopyRect
RegisterClipboardFormatW
GetKeyState
IsWindow
IsWindowVisible
SendMessageW
EnableWindow
SetPropW
CreateWindowExW

gdi32

GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
GetWindowExtEx
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetRgnBox
CreateEllipticRgn
LPtoDP
GetTextMetricsW
SetBkMode
RestoreDC
SaveDC
GetViewportExtEx
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetTextExtentPoint32W
CreateFontIndirectW
StretchBlt
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
DeleteObject
CreateRectRgnIndirect
GetBkColor
StretchDIBits
CreateFontW
GetCharWidthW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CopyMetaFileW
CreateDIBSection
SelectObject
DeleteDC
Ellipse
GetBkMode
CreateSolidBrush
CreatePen
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateRectRgn
BitBlt
PatBlt
GetTextColor
GetDeviceCaps
EnumFontFamiliesW
SetMapMode

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegOpenKeyW
RegQueryValueW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
RegCreateKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyW
RegDeleteKeyW

shell32

SHGetFileInfoW
SHCreateDirectoryExW
SHGetDesktopFolder
SHGetMalloc
ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
DragFinish
DragQueryFileW
Shell_NotifyIconW
SHGetSpecialFolderLocation
DragAcceptFiles

comctl32

ImageList_Draw
ord17
ImageList_AddMasked
ImageList_GetIconSize

shlwapi

StrRetToBufW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFileExistsW
UrlUnescapeW

oledlg

OleUIBusyW

ole32

OleUninitialize
ReleaseStgMedium
CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoGetClassObject
CLSIDFromProgID
OleDuplicateData
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysAllocString
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString

urlmon

CoInternetGetSession

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
GetUrlCacheEntryInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetQueryOptionW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoExW
InternetSetOptionW
FindCloseUrlCache
FindNextUrlCacheEntryW

Sections

.text
Size: 946KB - Virtual size: 946KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XiaoXiaoUpdate.exe
.exe windows:4 windows x86 arch:x86

9f65071ca119913286044f615b393b5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\my_GreenBrowserCode2\Bin\XiaoXiaoUpdate.pdb

Imports

kernel32

lstrlenA
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
ExitProcess
RaiseException
ExitThread
CreateThread
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
InterlockedIncrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetModuleHandleA
InterlockedDecrement
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
DeleteFileW
GetCurrentProcessId
GlobalAddAtomW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
SetLastError
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
lstrlenW
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetModuleHandleW
GetProcAddress
GetTickCount
GetFileSize
FileTimeToSystemTime
WaitForSingleObject
CreateProcessW
WritePrivateProfileStringW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetLastError
CreateSemaphoreW
GetPrivateProfileStringW
SetFileTime
WriteFile
CreateDirectoryW
GetFileAttributesW
WideCharToMultiByte
LocalFileTimeToFileTime
MultiByteToWideChar
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
CloseHandle
SetFilePointer
HeapDestroy
CreateFileW

user32

PostThreadMessageW
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
LoadCursorW
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
CharUpperW
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
RegisterClipboardFormatW
UnregisterClassW
DestroyMenu
GetKeyState
PeekMessageW
MessageBeep
SetFocus
GetNextDlgGroupItem
GetCursorPos
ValidateRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
EnableWindow
DrawIcon
GetClientRect
GetSystemMetrics
SendMessageW
IsIconic
LoadIconW
GetDesktopWindow
MessageBoxW
wsprintfW
UpdateWindow
UnregisterClassA

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
RectVisible
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
PtVisible
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
CreateRectRgnIndirect
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
TextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteKeyW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathFindFileNameW
PathStripToRootW
PathFindExtensionW
UrlUnescapeW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringLen
SysFreeString

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gsb/black.dat
gsb/malware.dat

Sharing

General

Malware Config

Signatures

Files

dd1742eadfc6df18ded3c26ae64ad610

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 27KB - Virtual size: 27KB

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 252KB

.ndata Size: - Virtual size: 280KB

.rsrc Size: 27KB - Virtual size: 27KB

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

5208deff57d1b41fb08338dda50c84e5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 6KB

b0aa8b6ae07c8d3fe43f103af79d6e75

Headers

File Characteristics

PDB Paths

Imports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 252KB

.ndata
Size: - Virtual size: 280KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 428B

.reloc
Size: 24KB - Virtual size: 20KB

.text
Size: 946KB - Virtual size: 946KB

.rdata
Size: 234KB - Virtual size: 233KB

.data
Size: 28KB - Virtual size: 62KB

.rsrc
Size: 184KB - Virtual size: 183KB

.text
Size: 244KB - Virtual size: 242KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 40KB - Virtual size: 36KB