0545a602eedc69ff8c1bdd52f24567d8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0545a602eedc69ff8c1bdd52f24567d8_JaffaCakes118
Size

1.6MB
MD5

0545a602eedc69ff8c1bdd52f24567d8
SHA1

af442d220c6eb4e0c4ac73f1fb68059f9cd6a98c
SHA256

6487164cbecdd26f7f76c0e7fc600ad52455f713a24ea92a315c77db30e2df1d
SHA512

8c65853c2c8338fe3e7c89ce05c12dbe80e98e5c7b73b6f273451c35149a68f17388f24eec2d6ef60aceb40abd4ba1360f2f1ca88d509cb2495ff83888de05f3
SSDEEP

49152:1/perB58vUoVIu2hCKI4mXVyKkSvvrB58vI:1RaXoCNyGKkaTh

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 9 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Shadow/DLL/MPopups.dll	acprotect
static1/unpack001/Shadow/DLL/UltraDock.dll	acprotect
static1/unpack001/Shadow/DLL/cnick.dll	acprotect
static1/unpack001/Shadow/DLL/mDock61.dll	acprotect
static1/unpack001/Shadow/DLL/nickLUST3.dll	acprotect
static1/unpack001/Shadow/Varie/DLL/MPopups.dll	acprotect
static1/unpack001/Shadow/Varie/DLL/UltraDock.dll	acprotect
static1/unpack001/Shadow/Varie/DLL/mDock61.dll	acprotect
static1/unpack001/Shadow/Varie/DLL/nickLUST3.dll	acprotect

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Shadow/DLL/MPopups.dll	upx
static1/unpack001/Shadow/DLL/UltraDock.dll	upx
static1/unpack001/Shadow/DLL/cnick.dll	upx
static1/unpack001/Shadow/DLL/mDock61.dll	upx
static1/unpack001/Shadow/DLL/nickLUST3.dll	upx
static1/unpack001/Shadow/Varie/DLL/MPopups.dll	upx
static1/unpack001/Shadow/Varie/DLL/UltraDock.dll	upx
static1/unpack001/Shadow/Varie/DLL/mDock61.dll	upx
static1/unpack001/Shadow/Varie/DLL/nickLUST3.dll	upx

Unsigned PE 36 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Shadow/Cursori/CURSOR.DLL
unpack001/Shadow/DLL/BARS.MDX
unpack001/Shadow/DLL/CTL_GEN.MDX
unpack001/Shadow/DLL/MDX.DLL
unpack001/Shadow/DLL/MPopups.dll
unpack002/out.upx
unpack001/Shadow/DLL/SysTray.dll
unpack001/Shadow/DLL/UltraDock.dll
unpack003/out.upx
unpack001/Shadow/DLL/VIEWS.MDX
unpack001/Shadow/DLL/XPopup.dll
unpack001/Shadow/DLL/cnick.dll
unpack004/out.upx
unpack001/Shadow/DLL/dialog.mdx
unpack001/Shadow/DLL/mDock61.dll
unpack005/out.upx
unpack001/Shadow/DLL/nickLUST3.dll
unpack006/out.upx
unpack001/Shadow/DLL/sendkey.dll
unpack001/Shadow/Shadow.exe
unpack001/Shadow/Varie/AcroManager/MDX/MDX.DLL
unpack001/Shadow/Varie/AcroManager/MDX/VIEWS.MDX
unpack001/Shadow/Varie/DLL/BARS.MDX
unpack001/Shadow/Varie/DLL/CTL_GEN.MDX
unpack001/Shadow/Varie/DLL/MDX.DLL
unpack001/Shadow/Varie/DLL/MPopups.dll
unpack007/out.upx
unpack001/Shadow/Varie/DLL/SysTray.dll
unpack001/Shadow/Varie/DLL/UltraDock.dll
unpack008/out.upx
unpack001/Shadow/Varie/DLL/VIEWS.MDX
unpack001/Shadow/Varie/DLL/dialog.mdx
unpack001/Shadow/Varie/DLL/mDock61.dll
unpack009/out.upx
unpack001/Shadow/Varie/DLL/nickLUST3.dll
unpack001/Shadow/Varie/lag/tbwin.dll

Files

0545a602eedc69ff8c1bdd52f24567d8_JaffaCakes118
.rar
Shadow/Cursori/CURSOR.DLL
.dll windows:4 windows x86 arch:x86

a6db2bcb0d672c0fa8aba87f42c7ea20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
LoadLibraryA
GetModuleFileNameA
FreeLibrary

user32

ShowCursor
GetCursorPos
LoadCursorA
DestroyCursor
GetWindowLongA
LoadImageA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetClassLongA
SetCursor
CreateWindowExA
ClipCursor
DestroyWindow
SetCursorPos
GetClipCursor

msvcrt

_stricmp
_adjust_fdiv
malloc
free
??3@YAXPAX@Z
_initterm
??2@YAPAXI@Z
strtok
_itoa
atoi

Exports

Exports

Click
ConfineCursor
CursorVisibility
DLLInfo
MoveCursor
RestoreCursor
SetMouseCursor
SetMouseCursor2
SetStdMouseCursor
SetStdMouseCursor2

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Cursori/Cursore.mrc
.vbs
Shadow/Cursori/Thumbs.db
Shadow/Cursori/cursore.JPG
.jpg
Shadow/Cursori/cursore.cur
Shadow/Cursori/cursore2.JPG
.jpg
Shadow/Cursori/cursore2.cur
Shadow/Cursori/cursore3.JPG
.jpg
Shadow/Cursori/cursore3.cur
Shadow/Cursori/cursore4.JPG
.jpg
Shadow/Cursori/cursore4.cur
Shadow/Cursori/cursore5.JPG
.jpg
Shadow/Cursori/cursore5.cur
Shadow/Cursori/cursore6.JPG
.jpg
Shadow/Cursori/cursore6.cur
Shadow/DLL/BARS.MDX
.dll windows:4 windows x86 arch:x86

99eee5c933b3e274b3f9aa164c57762c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

InvalidateRect
PostMessageA
SendMessageA
SetWindowLongA
DestroyIcon
CallWindowProcA
GetWindowLongA
DefWindowProcA
CreateWindowExA
DestroyWindow
GetKeyState
LoadIconA
GetClientRect
FillRect
LoadImageA
GetParent
EnableWindow

gdi32

GetObjectA
CreateBrushIndirect
DeleteDC
Rectangle
CreatePen
SelectObject
StretchBlt
BitBlt
CreateCompatibleDC
DeleteObject

shell32

ExtractIconExA

comctl32

ImageList_ReplaceIcon
ImageList_Add
ImageList_Replace
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

msvcrt

??2@YAPAXI@Z
malloc
_adjust_fdiv
_initterm
free
_itoa
_stricmp
strncpy
__CxxFrameHandler
atoi
??3@YAXPAX@Z

kernel32

DisableThreadLibraryCalls

Exports

Exports

getMDXHeader

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/CTL_GEN.MDX
.dll windows:4 windows x86 arch:x86

36f31ad565ef7d1c14a9e5b079ac75ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
DisableThreadLibraryCalls
ReadFile
LoadLibraryA
CloseHandle
FreeLibrary

user32

PostMessageA
CallWindowProcA
GetScrollPos
LoadImageA
SetWindowPos
EnableWindow
GetScrollInfo
MoveWindow
DestroyWindow
SetCursor
UnregisterClassA
RegisterClassA
SendMessageA
GetCursorPos
ScreenToClient
DefWindowProcA
GetWindowLongA
SetWindowLongA
MessageBoxA
ClientToScreen
GetWindowRect
CreateWindowExA
GetParent
GetClientRect
GetSysColorBrush
FillRect
BeginPaint
GetSysColor
EndPaint
GetCursor
SetScrollPos
SetScrollInfo

gdi32

LineTo
MoveToEx
CreatePen
DeleteObject
SelectObject

comctl32

InitCommonControlsEx

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetMalloc

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
free
strchr
__CxxFrameHandler
??2@YAPAXI@Z
atoi
strncpy
wcslen
??3@YAXPAX@Z
_onexit
_stricmp
_itoa

Exports

Exports

getMDXHeader

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/MDX.DLL
.dll windows:4 windows x86 arch:x86

34b86dab5c0b41a24220fe3732aef3a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
WaitForSingleObject
ReleaseMutex
CreateFileMappingA
UnmapViewOfFile
CloseHandle
GetProcAddress
SetLastError
GetModuleFileNameA
LoadLibraryA
GetLastError
FreeLibrary
GlobalSize
GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
GetCurrentProcessId
CreateMutexA

user32

SetWindowPos
GetWindowLongA
PostMessageA
DrawTextA
CreateWindowExA
SetWindowLongA
GetSysColorBrush
RedrawWindow
ChildWindowFromPointEx
GetParent
GetDlgCtrlID
GetWindowRect
ScreenToClient
MoveWindow
GetActiveWindow
SendMessageA
GetDlgItem
SetFocus
ShowWindow
InvalidateRgn
DestroyIcon
GetSysColor
CallWindowProcA
GetClientRect
GetClassNameA
EnumChildWindows
DestroyWindow
EnableWindow
MapWindowPoints
GetWindow
RegisterClipboardFormatA
LoadStringA

gdi32

DeleteDC
GetTextFaceA
GetTextMetricsA
SelectObject
CreateCompatibleDC
DeleteObject
GetObjectA
CreateFontIndirectA
CreateBrushIndirect
GetStockObject
GetBkColor
GetTextColor
SetTextColor
SetBkColor

shell32

ExtractIconExA
DragQueryFileA

ole32

ReleaseStgMedium

msvcrt

_initterm
_onexit
malloc
sprintf
vsprintf
__dllonexit
atoi
strtol
strncpy
_adjust_fdiv
_strdup
__CxxFrameHandler
??2@YAPAXI@Z
free
_stricmp
_itoa
??3@YAXPAX@Z

Exports

Exports

ControlFromPoint
ConvertCoords
DLLInfo
DynamicControl
ErrorInfo
GetFont
LoadDll
MarkDialog
MoveControl
Remove
SetBorderStyle
SetColor
SetControlMDX
SetDialog
SetFont
SetMDXStyle
SetMircVersion

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/MPopups.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddItem
Destroy
GetProperty
LoadImg
New
Popup
Remove
RemoveItem
SetMetrics
SetProperty
SetStyle

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/SysTray.dll
.dll windows:4 windows x86 arch:x86

f0639ea316a0aa3aba1acfdbbc59b832

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
MapViewOfFile
CreateFileMappingA
CloseHandle
UnmapViewOfFile
GetLastError
lstrcpyA
lstrcatA
GetSystemDirectoryA
InterlockedIncrement
InterlockedDecrement
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
GetProcAddress
LoadLibraryA

user32

ShowWindow
DialogBoxParamA
CreateWindowExA
LoadImageA
UnregisterClassA
SendMessageA
RegisterClassExA
wsprintfA
DefWindowProcA
EndDialog
DestroyWindow

shell32

ExtractIconExA
Shell_NotifyIconA

Exports

Exports

Balloon
Delete
DllInfo
DllMain
DoTray
Info
LoadDll
LoadShell
SetIcon
SetTip
UnloadDll
Visibility

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/UltraDock.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Dock
DockPos
DockRefresh
DockSide
IsMenubar
IsSwitchbar
IsToolbar
LoadDll
SBPos
SBSize
ShowMenubar
ShowSwitchbar
ShowToolbar
TBSize
UnDock
UnloadDll
Version

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/VIEWS.MDX
.dll windows:4 windows x86 arch:x86

07056cc36c129798d605c78512f748e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetLastError
GlobalFree
GlobalLock
GlobalUnlock
GetCurrentProcessId

user32

CallWindowProcA
SendMessageA
SetTimer
InvalidateRect
KillTimer
LoadStringA
MapWindowPoints
DestroyIcon
RedrawWindow
DefWindowProcA
GetWindowLongA
PostMessageA
LoadIconA
UpdateWindow
GetScrollInfo
SetScrollInfo
ScreenToClient
SetWindowLongA
SetFocus
GetClientRect
MessageBoxA
GetSysColorBrush
FillRect
GetSysColor
GetFocus
GetCursorPos

gdi32

GetBkColor
SetTextColor
CreateDIBPatternBrushPt
SelectObject
PatBlt
CreateSolidBrush
DeleteObject
SetBkMode
SetBkColor
GetTextExtentPoint32A
Ellipse
CreateRectRgnIndirect
SelectClipRgn

shell32

DragQueryFileA
ExtractIconExA

comctl32

InitCommonControlsEx
ImageList_SetOverlayImage
ImageList_Remove
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
DoDragDrop
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
atoi
free
vsprintf
__CxxFrameHandler
malloc
_adjust_fdiv
_itoa
_initterm
_stricmp
_strnicmp
_strdup
_purecall

Exports

Exports

getMDXHeader

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/XPopup.dll
.dll windows:4 windows x86 arch:x86

cb1d66d29d8b0e66b4ddd09fceac7913

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\VCPP_Projects NET\XPopup\Release\XPopup.pdb

Imports

comctl32

ImageList_Destroy
ImageList_DrawEx
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Create

kernel32

HeapAlloc
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadWritePtr
VirtualAlloc
WriteFile
DisableThreadLibraryCalls
UnhandledExceptionFilter
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
HeapCreate
MulDiv
lstrcpynA
lstrcmpA
lstrlenA
CreateFileMappingA
MapViewOfFile
GetModuleHandleA
UnmapViewOfFile
CloseHandle
lstrcpyA
HeapDestroy
GetStartupInfoA
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapReAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
HeapFree
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType

user32

SendMessageA
wsprintfA
UnregisterClassA
DestroyWindow
LoadImageA
DestroyIcon
TrackPopupMenuEx
SetRect
FillRect
DrawTextExA
InflateRect
CopyRect
GetDC
ReleaseDC
InsertMenuItemA
DeleteMenu
CreatePopupMenu
DestroyMenu
GetMenuItemInfoA
SetMenuItemInfoA
DefWindowProcA
RegisterClassA
CreateWindowExA
CallWindowProcA
PostMessageA
GetMenuItemCount
GetSubMenu
SetWindowLongA
GetMenu

gdi32

CreateCompatibleDC
GetObjectA
StretchBlt
DeleteDC
ExcludeClipRect
SetTextColor
SetBkMode
MoveToEx
LineTo
CreatePen
CreateSolidBrush
SelectObject
Rectangle
GetTextExtentPoint32A
DeleteObject

shell32

ExtractIconExA

Exports

Exports

LoadDll
UnloadDll
Version
_xpop
_xpopup
mpopup
xpop
xpopup

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/cnick.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

JOIN
LoadDll
UnloadDll

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Shadow/DLL/dialog.mdx
.dll windows:4 windows x86 arch:x86

252fa339fb91c0295d5e0b214a533f22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls

user32

ClientToScreen
GetCursorPos
SendMessageA
SetParent
SetTimer
ChildWindowFromPoint
ScreenToClient
IsWindow
CallWindowProcA
PostMessageA
ShowWindow
GetClientRect
GetWindowRect
SetCapture
ReleaseCapture
RedrawWindow
GetParent
GetWindowLongA
SetWindowLongA
SetWindowPos
KillTimer
DefWindowProcA
RegisterWindowMessageA
GetSysColorBrush
FillRect

msvcrt

_strdup
_stricmp
_itoa
_adjust_fdiv
malloc
_initterm
__CxxFrameHandler
atoi
free
strncpy
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

getMDXHeader

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/mDock61.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DockSwitchbar
DockToolbar
LoadDll
UnloadDll

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/nickLUST3.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddGroup
AddIcon
AttachChild
CollapseGroup
DllInfo
DllMain
FormatAppend
LoadDll
Mark
SetBkgImage
SetBranchImage
SetColor
SetFont
SetGroupIcon
SetGroupPos
SetGroupText
SetGroupView
SetHeaderColor
SetHeaderFontStyle
SetHeaderImage
SetHotCursor
SetTileSize
SetTipTitle
ShowGroup
UnloadDll
test

Sections

UPX0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/DLL/sendkey.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ABOUT
ALT
CTRL
KeyStroke

Sections

CODE
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 117B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Shadow/Grafica/KTEShadows.mrc
.js
Shadow/Grafica/Shadows.mrc
Shadow/Shadow.exe
.exe windows:4 windows x86 arch:x86

8214e7cce7af3e4e83adf61e8683973a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetDevCaps
mciGetErrorStringA
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mciGetDeviceIDA
mciSendStringA
mixerClose
sndPlaySoundA

wsock32

WSAStartup
setsockopt
WSACleanup
recvfrom
sendto
getsockname
bind
ntohs
socket
listen
inet_addr
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSACancelAsyncRequest
ntohl
gethostname
recv
send
htons
connect
WSAGetLastError
accept
WSAAsyncSelect
shutdown
closesocket
ioctlsocket
htonl
WSASetLastError

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetIconSize

kernel32

GetSystemDefaultLCID
GetWindowsDirectoryA
SetEndOfFile
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
lstrcatW
lstrlenW
lstrcpyW
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
EnumResourceNamesA
EnumResourceTypesA
LoadLibraryExA
GetDiskFreeSpaceA
QueryDosDeviceA
GetFileType
GetFileAttributesA
WinExec
_lwrite
_lclose
_hwrite
GlobalSize
OpenFile
_hread
_llseek
_lopen
WriteFile
MulDiv
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
SetFilePointer
GetLastError
GetLocaleInfoA
FlushFileBuffers
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
CreateMutexA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
SetErrorMode
CreateProcessA
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetEnvironmentVariableA
GetShortPathNameA
CompareFileTime
GetFileTime
ReleaseMutex
GetTimeZoneInformation
LocalAlloc
LocalReAlloc
LocalFree
GetTempPathA
SizeofResource
CreateFileMappingA
RtlUnwind
HeapFree
HeapAlloc
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
SetConsoleCtrlHandler
DeleteFileA
MoveFileA
GetACP
GetOEMCP
GetSystemDefaultLangID
CreateEventA
WaitForSingleObject
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThread
SetThreadPriority
SetEvent
Sleep
WideCharToMultiByte
GetCPInfo
ExitProcess
GetModuleHandleA
TerminateProcess
CloseHandle
MultiByteToWideChar
GetTickCount
FindResourceA
LoadResource
LockResource
ExitThread
TlsSetValue
TlsGetValue
CreateThread
GetCurrentProcess
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TlsFree
SetLastError
TlsAlloc
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
InitializeCriticalSection
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
RaiseException
SetEnvironmentVariableA
SetEnvironmentVariableW
VirtualProtect
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
CompareStringA
CompareStringW
HeapSize
GetSystemTimeAsFileTime
GetFileInformationByHandle
PeekNamedPipe
RemoveDirectoryA
ReadFile
CreateDirectoryA

user32

DdeNameService
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeQueryStringA
DdeCreateDataHandle
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
CallWindowProcA
DrawEdge
GetMessageA
SetKeyboardState
GetKeyboardState
ToAscii
ScrollDC
GetWindowThreadProcessId
ClipCursor
GetSystemMetrics
FlashWindow
SystemParametersInfoA
RedrawWindow
ShowScrollBar
CharLowerBuffA
CharLowerA
GetWindowDC
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
VkKeyScanA
GetKeyboardLayout
CopyAcceleratorTableA
MapVirtualKeyA
CallNextHookEx
GetCapture
CharUpperBuffA
DrawIcon
DefMDIChildProcA
GetScrollInfo
GetMenuState
IsMenu
RemoveMenu
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemID
TrackPopupMenu
GetMenuCheckMarkDimensions
RegisterWindowMessageA
SetWindowsHookExA
LoadAcceleratorsA
DispatchMessageA
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorA
IsDialogMessageA
GetForegroundWindow
LoadMenuA
PostQuitMessage
DefFrameProcA
RegisterClassExA
UnhookWindowsHookEx
ValidateRect
InvertRect
IntersectRect
DefWindowProcA
DrawFrameControl
RegisterClassA
CopyImage
CreateIconIndirect
FindWindowExA
FindWindowA
IsRectEmpty
OffsetRect
SetScrollInfo
DdeUninitialize
GetCursorPos
WindowFromPoint
ScreenToClient
SetMenu
SetActiveWindow
CreateDialogParamA
GetClassNameA
GetMessagePos
GetFocus
WinHelpA
GetWindowTextA
LoadImageA
GetAsyncKeyState
GetWindowLongA
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
EnumClipboardFormats
GetClipboardFormatNameA
CreateWindowExA
GetClipboardData
DestroyWindow
CloseClipboard
LoadStringA
MessageBeep
GetTopWindow
IsZoomed
GetActiveWindow
IsWindow
IsCharAlphaA
IsCharAlphaNumericA
GetDesktopWindow
IsIconic
GetDialogBaseUnits
SetDlgItemInt
GetDlgItemInt
GetSystemMenu
CheckMenuItem
LoadCursorA
SetCursor
CreatePopupMenu
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
EnableMenuItem
AppendMenuA
DrawMenuBar
FrameRect
FillRect
SetWindowTextA
GetClientRect
GetParent
DrawFocusRect
GetSysColor
CheckDlgButton
GetKeyState
IsDlgButtonChecked
PeekMessageA
MsgWaitForMultipleObjects
BeginPaint
EndPaint
LoadBitmapA
UpdateWindow
EndDialog
SetRect
IsWindowVisible
SetFocus
PtInRect
LoadIconA
EnableWindow
ShowWindow
MoveWindow
DdeDisconnect
DdeFreeStringHandle
DialogBoxParamA
IsChild
InsertMenuA
ModifyMenuA
GetNextDlgTabItem
ChildWindowFromPointEx
GetScrollPos
GetScrollRange
SetScrollPos
EqualRect
CreateMenu
SendMessageA
SetWindowPos
InvalidateRect
SetTimer
KillTimer
IsWindowEnabled
wsprintfA
SendDlgItemMessageA
GetDC
GetDlgItem
GetWindowRect
SetScrollRange
GetIconInfo
DrawIconEx
GetDlgCtrlID
DrawTextA
SetCapture
ReleaseCapture
DestroyIcon
GetWindowPlacement
SetWindowPlacement
GetWindowTextLengthA
SetForegroundWindow
BringWindowToTop
GetMenuStringA
MapWindowPoints
PostMessageA
ReleaseDC
CopyRect
ClientToScreen
SetWindowLongA
ChildWindowFromPoint
GetWindow

gdi32

CreateDIBitmap
CombineRgn
LineTo
MoveToEx
CreatePen
SelectClipRgn
CreateRectRgn
GetNearestColor
GetDeviceCaps
GetTextExtentPointA
CreateFontIndirectA
PtInRegion
CreatePolygonRgn
ExtFloodFill
GetDIBits
Rectangle
RoundRect
DeleteDC
GetStockObject
SetROP2
SetBkMode
ExtTextOutW
GetBkColor
GetTextColor
GetCurrentObject
EnumFontFamiliesExA
GetTextCharset
StretchDIBits
GetTextExtentPointW
IntersectClipRect
Polyline
SetPixel
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
SetBrushOrgEx
CreateCompatibleDC
GetObjectA
CreatePatternBrush
BitBlt
ExcludeClipRect
GetObjectType
CreateBitmap
CreateRectRgnIndirect
RectInRegion
CreateFontA
CreateSolidBrush
CreateHatchBrush
GetTextMetricsA
SetTextColor
SetBkColor
ExtTextOutA
DeleteObject
SelectObject
Ellipse
GetPixel
SetPixelV

comdlg32

ChooseFontA
CommDlgExtendedError
ChooseColorA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegEnumKeyA

shell32

Shell_NotifyIconA
SHBrowseForFolderA
SHFileOperationA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
DragQueryFileA
FindExecutableA
ShellExecuteA
ExtractIconExA
ExtractIconA
SHGetSpecialFolderLocation

ole32

ProgIDFromCLSID
CoCreateInstance
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
OleUninitialize
OleInitialize
CoLockObjectExternal
RevokeDragDrop
ReleaseStgMedium
RegisterDragDrop

oleaut32

SetErrorInfo
LoadRegTypeLi
VariantCopy
DispGetParam
VarR8FromCy
VarR8FromDate
VarCyFromR8
VarDateFromR8
VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Shadow/Thumbs.db
Shadow/Txt/Grazie/asmodeus.txt
Shadow/Txt/Grazie/budy.txt
Shadow/Txt/Grazie/chaos.txt
Shadow/Txt/Grazie/fata.txt
Shadow/Txt/Grazie/king.txt
Shadow/Txt/Grazie/lily.txt
Shadow/Txt/Grazie/pana.txt
Shadow/Txt/Quit.txt
Shadow/Txt/SP.txt
Shadow/Txt/bruno.txt
Shadow/Txt/citaz.txt
Shadow/Txt/kick/kickfr.txt
Shadow/Txt/kick/kicksi.txt
Shadow/Txt/kick/kickst.txt
Shadow/Txt/soj.txt
Shadow/Varie/AcroManager/AcroManager.mrc
.js
Shadow/Varie/AcroManager/Acronyms.hsh
Shadow/Varie/AcroManager/MDX/BARS.GID
Shadow/Varie/AcroManager/MDX/CTL_GEN.GID
Shadow/Varie/AcroManager/MDX/DIALOG.GID
Shadow/Varie/AcroManager/MDX/MDX.DLL
.dll windows:4 windows x86 arch:x86

34b86dab5c0b41a24220fe3732aef3a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
WaitForSingleObject
ReleaseMutex
CreateFileMappingA
UnmapViewOfFile
CloseHandle
GetProcAddress
SetLastError
GetModuleFileNameA
LoadLibraryA
GetLastError
FreeLibrary
GlobalSize
GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
GetCurrentProcessId
CreateMutexA

user32

SetWindowPos
GetWindowLongA
PostMessageA
DrawTextA
CreateWindowExA
SetWindowLongA
GetSysColorBrush
RedrawWindow
ChildWindowFromPointEx
GetParent
GetDlgCtrlID
GetWindowRect
ScreenToClient
MoveWindow
GetActiveWindow
SendMessageA
GetDlgItem
SetFocus
ShowWindow
InvalidateRgn
DestroyIcon
GetSysColor
CallWindowProcA
GetClientRect
GetClassNameA
EnumChildWindows
DestroyWindow
EnableWindow
MapWindowPoints
GetWindow
RegisterClipboardFormatA
LoadStringA

gdi32

DeleteDC
GetTextFaceA
GetTextMetricsA
SelectObject
CreateCompatibleDC
DeleteObject
GetObjectA
CreateFontIndirectA
CreateBrushIndirect
GetStockObject
GetBkColor
GetTextColor
SetTextColor
SetBkColor

shell32

ExtractIconExA
DragQueryFileA

ole32

ReleaseStgMedium

msvcrt

_initterm
_onexit
malloc
sprintf
vsprintf
__dllonexit
atoi
strtol
strncpy
_adjust_fdiv
_strdup
__CxxFrameHandler
??2@YAPAXI@Z
free
_stricmp
_itoa
??3@YAXPAX@Z

Exports

Exports

ControlFromPoint
ConvertCoords
DLLInfo
DynamicControl
ErrorInfo
GetFont
LoadDll
MarkDialog
MoveControl
Remove
SetBorderStyle
SetColor
SetControlMDX
SetDialog
SetFont
SetMDXStyle
SetMircVersion

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/AcroManager/MDX/VIEWS.GID
Shadow/Varie/AcroManager/MDX/VIEWS.MDX
.dll windows:4 windows x86 arch:x86

07056cc36c129798d605c78512f748e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetLastError
GlobalFree
GlobalLock
GlobalUnlock
GetCurrentProcessId

user32

CallWindowProcA
SendMessageA
SetTimer
InvalidateRect
KillTimer
LoadStringA
MapWindowPoints
DestroyIcon
RedrawWindow
DefWindowProcA
GetWindowLongA
PostMessageA
LoadIconA
UpdateWindow
GetScrollInfo
SetScrollInfo
ScreenToClient
SetWindowLongA
SetFocus
GetClientRect
MessageBoxA
GetSysColorBrush
FillRect
GetSysColor
GetFocus
GetCursorPos

gdi32

GetBkColor
SetTextColor
CreateDIBPatternBrushPt
SelectObject
PatBlt
CreateSolidBrush
DeleteObject
SetBkMode
SetBkColor
GetTextExtentPoint32A
Ellipse
CreateRectRgnIndirect
SelectClipRgn

shell32

DragQueryFileA
ExtractIconExA

comctl32

InitCommonControlsEx
ImageList_SetOverlayImage
ImageList_Remove
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
DoDragDrop
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
atoi
free
vsprintf
__CxxFrameHandler
malloc
_adjust_fdiv
_itoa
_initterm
_stricmp
_strnicmp
_strdup
_purecall

Exports

Exports

getMDXHeader

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/AcroManager/MDX/mdx.GID
Shadow/Varie/DLL/BARS.MDX
.dll windows:4 windows x86 arch:x86

99eee5c933b3e274b3f9aa164c57762c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

InvalidateRect
PostMessageA
SendMessageA
SetWindowLongA
DestroyIcon
CallWindowProcA
GetWindowLongA
DefWindowProcA
CreateWindowExA
DestroyWindow
GetKeyState
LoadIconA
GetClientRect
FillRect
LoadImageA
GetParent
EnableWindow

gdi32

GetObjectA
CreateBrushIndirect
DeleteDC
Rectangle
CreatePen
SelectObject
StretchBlt
BitBlt
CreateCompatibleDC
DeleteObject

shell32

ExtractIconExA

comctl32

ImageList_ReplaceIcon
ImageList_Add
ImageList_Replace
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

msvcrt

??2@YAPAXI@Z
malloc
_adjust_fdiv
_initterm
free
_itoa
_stricmp
strncpy
__CxxFrameHandler
atoi
??3@YAXPAX@Z

kernel32

DisableThreadLibraryCalls

Exports

Exports

getMDXHeader

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/CTL_GEN.MDX
.dll windows:4 windows x86 arch:x86

36f31ad565ef7d1c14a9e5b079ac75ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
DisableThreadLibraryCalls
ReadFile
LoadLibraryA
CloseHandle
FreeLibrary

user32

PostMessageA
CallWindowProcA
GetScrollPos
LoadImageA
SetWindowPos
EnableWindow
GetScrollInfo
MoveWindow
DestroyWindow
SetCursor
UnregisterClassA
RegisterClassA
SendMessageA
GetCursorPos
ScreenToClient
DefWindowProcA
GetWindowLongA
SetWindowLongA
MessageBoxA
ClientToScreen
GetWindowRect
CreateWindowExA
GetParent
GetClientRect
GetSysColorBrush
FillRect
BeginPaint
GetSysColor
EndPaint
GetCursor
SetScrollPos
SetScrollInfo

gdi32

LineTo
MoveToEx
CreatePen
DeleteObject
SelectObject

comctl32

InitCommonControlsEx

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetMalloc

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
free
strchr
__CxxFrameHandler
??2@YAPAXI@Z
atoi
strncpy
wcslen
??3@YAXPAX@Z
_onexit
_stricmp
_itoa

Exports

Exports

getMDXHeader

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/MDX.DLL
.dll windows:4 windows x86 arch:x86

34b86dab5c0b41a24220fe3732aef3a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
WaitForSingleObject
ReleaseMutex
CreateFileMappingA
UnmapViewOfFile
CloseHandle
GetProcAddress
SetLastError
GetModuleFileNameA
LoadLibraryA
GetLastError
FreeLibrary
GlobalSize
GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
GetCurrentProcessId
CreateMutexA

user32

SetWindowPos
GetWindowLongA
PostMessageA
DrawTextA
CreateWindowExA
SetWindowLongA
GetSysColorBrush
RedrawWindow
ChildWindowFromPointEx
GetParent
GetDlgCtrlID
GetWindowRect
ScreenToClient
MoveWindow
GetActiveWindow
SendMessageA
GetDlgItem
SetFocus
ShowWindow
InvalidateRgn
DestroyIcon
GetSysColor
CallWindowProcA
GetClientRect
GetClassNameA
EnumChildWindows
DestroyWindow
EnableWindow
MapWindowPoints
GetWindow
RegisterClipboardFormatA
LoadStringA

gdi32

DeleteDC
GetTextFaceA
GetTextMetricsA
SelectObject
CreateCompatibleDC
DeleteObject
GetObjectA
CreateFontIndirectA
CreateBrushIndirect
GetStockObject
GetBkColor
GetTextColor
SetTextColor
SetBkColor

shell32

ExtractIconExA
DragQueryFileA

ole32

ReleaseStgMedium

msvcrt

_initterm
_onexit
malloc
sprintf
vsprintf
__dllonexit
atoi
strtol
strncpy
_adjust_fdiv
_strdup
__CxxFrameHandler
??2@YAPAXI@Z
free
_stricmp
_itoa
??3@YAXPAX@Z

Exports

Exports

ControlFromPoint
ConvertCoords
DLLInfo
DynamicControl
ErrorInfo
GetFont
LoadDll
MarkDialog
MoveControl
Remove
SetBorderStyle
SetColor
SetControlMDX
SetDialog
SetFont
SetMDXStyle
SetMircVersion

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/MPopups.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddItem
Destroy
GetProperty
LoadImg
New
Popup
Remove
RemoveItem
SetMetrics
SetProperty
SetStyle

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/SysTray.dll
.dll windows:4 windows x86 arch:x86

f0639ea316a0aa3aba1acfdbbc59b832

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
MapViewOfFile
CreateFileMappingA
CloseHandle
UnmapViewOfFile
GetLastError
lstrcpyA
lstrcatA
GetSystemDirectoryA
InterlockedIncrement
InterlockedDecrement
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
GetProcAddress
LoadLibraryA

user32

ShowWindow
DialogBoxParamA
CreateWindowExA
LoadImageA
UnregisterClassA
SendMessageA
RegisterClassExA
wsprintfA
DefWindowProcA
EndDialog
DestroyWindow

shell32

ExtractIconExA
Shell_NotifyIconA

Exports

Exports

Balloon
Delete
DllInfo
DllMain
DoTray
Info
LoadDll
LoadShell
SetIcon
SetTip
UnloadDll
Visibility

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/UltraDock.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Dock
DockPos
DockRefresh
DockSide
IsMenubar
IsSwitchbar
IsToolbar
LoadDll
SBPos
SBSize
ShowMenubar
ShowSwitchbar
ShowToolbar
TBSize
UnDock
UnloadDll
Version

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/VIEWS.MDX
.dll windows:4 windows x86 arch:x86

07056cc36c129798d605c78512f748e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetLastError
GlobalFree
GlobalLock
GlobalUnlock
GetCurrentProcessId

user32

CallWindowProcA
SendMessageA
SetTimer
InvalidateRect
KillTimer
LoadStringA
MapWindowPoints
DestroyIcon
RedrawWindow
DefWindowProcA
GetWindowLongA
PostMessageA
LoadIconA
UpdateWindow
GetScrollInfo
SetScrollInfo
ScreenToClient
SetWindowLongA
SetFocus
GetClientRect
MessageBoxA
GetSysColorBrush
FillRect
GetSysColor
GetFocus
GetCursorPos

gdi32

GetBkColor
SetTextColor
CreateDIBPatternBrushPt
SelectObject
PatBlt
CreateSolidBrush
DeleteObject
SetBkMode
SetBkColor
GetTextExtentPoint32A
Ellipse
CreateRectRgnIndirect
SelectClipRgn

shell32

DragQueryFileA
ExtractIconExA

comctl32

InitCommonControlsEx
ImageList_SetOverlayImage
ImageList_Remove
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
DoDragDrop
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
atoi
free
vsprintf
__CxxFrameHandler
malloc
_adjust_fdiv
_itoa
_initterm
_stricmp
_strnicmp
_strdup
_purecall

Exports

Exports

getMDXHeader

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/dialog.mdx
.dll windows:4 windows x86 arch:x86

252fa339fb91c0295d5e0b214a533f22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls

user32

ClientToScreen
GetCursorPos
SendMessageA
SetParent
SetTimer
ChildWindowFromPoint
ScreenToClient
IsWindow
CallWindowProcA
PostMessageA
ShowWindow
GetClientRect
GetWindowRect
SetCapture
ReleaseCapture
RedrawWindow
GetParent
GetWindowLongA
SetWindowLongA
SetWindowPos
KillTimer
DefWindowProcA
RegisterWindowMessageA
GetSysColorBrush
FillRect

msvcrt

_strdup
_stricmp
_itoa
_adjust_fdiv
malloc
_initterm
__CxxFrameHandler
atoi
free
strncpy
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

getMDXHeader

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/mDock61.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DockSwitchbar
DockToolbar
LoadDll
UnloadDll

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadow/Varie/DLL/nickLUST3.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddGroup
AddIcon
AttachChild
CollapseGroup
DllInfo
DllMain
FormatAppend
LoadDll
Mark
SetBkgImage
SetBranchImage
SetColor
SetFont
SetGroupIcon
SetGroupPos
SetGroupText
SetGroupView
SetHeaderColor
SetHeaderFontStyle
SetHeaderImage
SetHotCursor
SetTileSize
SetTipTitle
ShowGroup
UnloadDll
test

Sections

UPX0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Shadow/Varie/Input.mrc
.js
Shadow/Varie/Scan.mrc
.js
Shadow/Varie/Script.mrc
Shadow/Varie/Script2.mrc
.js
Shadow/Varie/lag/Thumbs.db
Shadow/Varie/lag/lagbkg.bmp
Shadow/Varie/lag/tbwin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Attach
Detach
GetMouse
GetTBInfo
LoadDll
OnMouse
OnSize
Select
UnloadDll

Sections

CODE
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 213B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Shadow/Varie/lag/zlagbar.ini
Shadow/Varie/xpopup.mrc
Shadow/addon/urla/urla.ini
Shadow/addon/urla/urla2.ini
Shadow/addon/urla/urla3.ini
Shadow/addon/urla/urla4.ini
Shadow/addon/urla/urla5.ini
Shadow/addon/urla/urla6.ini
Shadow/aliases.ini
Shadow/mirc.ini
Shadow/popups.ini
.vbs
Shadow/remote.ini
Shadow/servers.ini
Shadow/skin/15.bmp
Shadow/skin/Away.ico
Shadow/skin/HOP.ico
Shadow/skin/Joker.jpg
.jpg
Shadow/skin/Logo_.JPG
.jpg
Shadow/skin/Nero.bmp
Shadow/skin/Query.ico
Shadow/skin/Server.ico
Shadow/skin/Thumbs.db
Shadow/skin/User.ico
Shadow/skin/atake.ico
Shadow/skin/channel.ico
Shadow/skin/danger.ico
Shadow/skin/funny1.ico
Shadow/skin/help.ico
Shadow/skin/in.ico
Shadow/skin/mc.bmp
Shadow/skin/mp3.ico
Shadow/skin/muro.ico
Shadow/skin/no.ico
Shadow/skin/rej.ICO
Shadow/skin/si.ico
Shadow/skin/ttake.ico
Shadow/skin/uban.ico
Shadow/skin/varie.ico
Shadow/tempcolour.bmp

Sharing

General

Malware Config

Signatures

Files

a6db2bcb0d672c0fa8aba87f42c7ea20

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.reloc Size: 512B - Virtual size: 500B

99eee5c933b3e274b3f9aa164c57762c

Headers

File Characteristics

Imports

user32

gdi32

shell32

comctl32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

36f31ad565ef7d1c14a9e5b079ac75ff

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

34b86dab5c0b41a24220fe3732aef3a1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 10KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.reloc
Size: 512B - Virtual size: 500B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 10KB - Virtual size: 12KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 18KB - Virtual size: 20KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB