0843d0f43bb4d201ff9e017031249582_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0843d0f43bb4d201ff9e017031249582_JaffaCakes118
Size

13.5MB
MD5

0843d0f43bb4d201ff9e017031249582
SHA1

8395cab69022c7197be3d7e89a7eeefd29d632a5
SHA256

465f467b94525612b6d1ab20738218ab130d5843bc12d2e1dab1fa4cc84fcc4c
SHA512

4e468ff3d969fa8739a9f38eb110ac05fc8f2f534afb6ab1b49213fff14021aeb75ec5566464e1fffd32512fcca5d56b4127f93828b580a3ffe8686be5f1cd78
SSDEEP

196608:xnQeHunSwEMbWa21QpEni8eS8M1Kt4gHC22+pVuUuxpUbZBNrfeEaukmxpieQlVD:u9nQMB8edFKzVOuuDeElxEf7

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ieframe.dll
unpack001/msvbvm60.dll
unpack001/䮭 ࠢ筨 ॢ 2019.exe

Files

0843d0f43bb4d201ff9e017031249582_JaffaCakes118
.zip
COMCTL32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
ord16
ord17
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_Remove

kernel32

lstrcmpA
GetProcAddress
GlobalSize
CloseHandle
GetFileSize
ReadFile
lstrcmpiA
IsDBCSLeadByte
lstrcmpiW
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
GetLastError
GetLocaleInfoA
OpenFile
MultiByteToWideChar
lstrcatA
DisableThreadLibraryCalls
GetVersion
GetProcessHeap
GetDateFormatA
GetLocalTime
GetTimeFormatA
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryA
GlobalUnlock
GlobalAlloc
GlobalLock
CompareStringA
GlobalFree
GetVersionExA
lstrlenA
lstrcpyA
IsBadReadPtr
HeapReAlloc
lstrcpynA
IsBadWritePtr
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
InterlockedIncrement
HeapAlloc
lstrlenW
LeaveCriticalSection
EnterCriticalSection

user32

IsWindowVisible
EndPaint
BeginPaint
MoveWindow
CharUpperA
IntersectRect
MessageBeep
SetCursor
EndDialog
RedrawWindow
GetMessagePos
CreateAcceleratorTableA
VkKeyScanA
PeekMessageA
PeekMessageW
SetWindowRgn
RegisterWindowMessageA
RegisterClipboardFormatA
SetCursorPos
OffsetRect
EqualRect
IsChild
GetWindowTextA
SetCapture
GetCursorPos
ScreenToClient
PostMessageA
DrawEdge
GetSysColor
wsprintfA
FillRect
InflateRect
DrawTextA
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetParent
GetAsyncKeyState
SetWindowLongA
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetActiveWindow
CreateDialogIndirectParamA
IsDialogMessageA
GetNextDlgTabItem
GetWindow
CharNextA
SetParent
InvalidateRect
UpdateWindow
UnregisterClassA
MessageBoxA
SetWindowsHookExA
SetTimer
KillTimer
CheckRadioButton
CallNextHookEx
SetActiveWindow
DestroyIcon
SetFocus
DrawIcon
UnionRect
DialogBoxParamA
PtInRect
LoadCursorA
GetWindowDC
SetRect
IsRectEmpty
GetDC
ReleaseDC
GetClipboardFormatNameA
ClientToScreen
PostMessageW
FrameRect
GetClientRect
CallWindowProcA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
LoadIconA
GetSystemMetrics
CopyImage
MapDialogRect
GetWindowLongA
SetWindowPos
GetFocus
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
LoadStringA
DefWindowProcA
SendMessageA
ShowWindow
WinHelpA
UnhookWindowsHookEx

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CreateOleAdviseHolder
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
DoDragDrop
ReleaseStgMedium
OleLoadFromStream
OleSaveToStream

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayRedim
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
VariantCopy
GetErrorInfo
OleCreateFontIndirect
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
LoadRegTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreatePictureIndirect
VariantCopyInd
OleTranslateColor
VariantChangeType
SysFreeString
SysStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

GetNearestColor
CreatePalette
LPtoDP
GetWindowExtEx
GetBitmapBits
TextOutA
CreateDIBitmap
RealizePalette
GetViewportExtEx
SelectPalette
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
CreateICA
CopyMetaFileA
StretchBlt
Rectangle
GetObjectA
SetBkColor
CreateDCA
CreateRectRgn
SetViewportOrgEx
SetWindowOrgEx
DeleteObject
SetWindowExtEx
SetMapMode
SetViewportExtEx
CreateSolidBrush
GetDeviceCaps
SelectObject
ExcludeClipRect
GetClipRgn
SelectClipRgn
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
PatBlt
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateBitmap
GetStockObject
GetTextExtentPoint32A

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.txt
data.dll
ieframe.dll
.dll regsvr32 windows:6 windows x64 arch:x64

359f8118ed0f25419a195ab66b8157a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ieframe.pdb

Imports

msvcrt

memset
_errno
_wcslwr
memmove
wcschr
memcpy
memcmp
__C_specific_handler
_vsnprintf
_wcstoui64
wcsstr
_wcsnicmp
free
wcsncmp
iswspace
iswascii
time
wcsrchr
malloc
realloc
strstr
_wcsicmp
_wtoi
strchr
isalnum
rand
sin
_time64
towupper
qsort
_wcsdup
iswalpha
iswalnum
_isnan
towlower
_wtol
isdigit
strtol
isxdigit
isalpha
iswxdigit
ceilf
sqrt
ceil
wcscspn
wcstok
strrchr
_itow
bsearch
wcstoul
_wtof
wcstol
_XcptFilter
_initterm
_amsg_exit
_unlock
__dllonexit
ungetc
_fileno
_read
__pioinfo
__badioinfo
wcstombs
iswctype
wctomb
_vsnwprintf
localeconv
isleadbyte
__mb_cur_max
mbtowc
calloc
_onexit
_lock

ntdll

VerSetConditionMask
RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnicodeStringToAnsiString
RtlFreeAnsiString

kernel32

GlobalAddAtomA
lstrcmpiA
GetUserDefaultUILanguage
GetCurrentThread
GetVersionExA
GetCurrentThreadId
FreeLibraryAndExitThread
SetEvent
WaitForSingleObject
CreateThread
CreateEventA
VirtualQuery
DeleteFileW
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
GetCPInfo
lstrcmpA
GetThreadLocale
CompareStringA
GetLocaleInfoW
OpenThread
OpenProcess
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
OpenEventW
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetFileAttributesExW
GetExitCodeThread
OpenMutexA
GlobalAddAtomW
GlobalAlloc
GetLongPathNameW
GetShortPathNameW
GetSystemDirectoryA
WriteFile
ReadFile
GetFileSize
CopyFileW
GetTempFileNameW
GetTempPathW
FormatMessageW
GetSystemDefaultLCID
CompareFileTime
LocalReAlloc
InitializeCriticalSection
SystemTimeToFileTime
SetThreadExecutionState
GetCurrentProcess
CreateMutexA
ResetEvent
CreateEventW
GetSystemInfo
SetCurrentDirectoryW
SetProcessShutdownParameters
MulDiv
RaiseException
GetSystemTime
VirtualAlloc
HeapDestroy
GlobalUnlock
GlobalLock
SetEnvironmentVariableW
TryEnterCriticalSection
WaitForSingleObjectEx
FlushInstructionCache
GlobalReAlloc
GetLocalTime
GetDateFormatW
FileTimeToSystemTime
ReleaseMutex
GetSystemWow64DirectoryA
IsWow64Process
TerminateThread
HeapReAlloc
GetTimeFormatW
FileTimeToLocalFileTime
MoveFileW
DecodePointer
GetExitCodeProcess
OpenEventA
EncodePointer
SetUnhandledExceptionFilter
DuplicateHandle
GlobalSize
LockFile
UnlockFile
GetFileTime
GetFileSizeEx
SetFilePointer
InterlockedPushEntrySList
UnregisterWaitEx
SetEndOfFile
RegisterWaitForSingleObject
InterlockedFlushSList
QueryDepthSList
SetThreadPriority
GetThreadPriority
InitializeSListHead
QueryPerformanceCounter
OpenMutexW
QueryPerformanceFrequency
IsDebuggerPresent
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
VerifyVersionInfoW
LocalSize
GetProcessTimes
ResumeThread
TerminateProcess
OutputDebugStringW
OpenSemaphoreW
GlobalMemoryStatusEx
EnumResourceLanguagesW
EnumUILanguagesW
GetUserDefaultLangID
GetSystemDefaultLangID
CreateMutexW
GetAtomNameW
GetDriveTypeW
DeactivateActCtx
ActivateActCtx
GetNativeSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
WritePrivateProfileStringW
GetSystemWow64DirectoryW
SetThreadContext
GetThreadContext
SuspendThread
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetPrivateProfileStringW
SizeofResource
LockResource
LoadResource
FindResourceW
VirtualFree
InterlockedPopEntrySList
OutputDebugStringA
UnhandledExceptionFilter
GetPrivateProfileSectionNamesW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GlobalFlags
GlobalDeleteAtom
GetTickCount
GetModuleHandleA
IsDBCSLeadByte
TlsGetValue
TlsSetValue
WideCharToMultiByte
GetUserDefaultLCID
lstrlenA
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleExA
LoadLibraryA
QueueUserWorkItem
ExpandEnvironmentStringsW
GetLastError
CompareStringW
GetEnvironmentVariableW
LCMapStringW
SetFileAttributesW
GetSystemTimeAsFileTime
SetFileTime
GetWindowsDirectoryW
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
FindClose
SearchPathW
GetFullPathNameW
lstrcmpW
lstrcmpiW
SetLastError
LocalAlloc
LocalFree
SetErrorMode
GetFileAttributesW
lstrlenW
Sleep
VirtualProtect
GetModuleFileNameA
CreateFileW
GetFileInformationByHandle
CreateProcessW
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetACP
FreeLibrary
EnterCriticalSection
CloseHandle
LeaveCriticalSection
DeleteCriticalSection
TlsFree
GetModuleHandleW
GetVersionExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
WinExec
GetDiskFreeSpaceExW
FlushViewOfFile
FlushFileBuffers
GetPrivateProfileStringA
UnlockFileEx
ReplaceFileW
SetFilePointerEx
LockFileEx
GetNumberFormatW
GetLogicalDriveStringsW
QueryDosDeviceW
GlobalFree
GetCurrentDirectoryW
FreeResource
LocalFileTimeToFileTime
DebugBreak
FindAtomW
DeleteAtom
AddAtomW
GetVersion
HeapCreate
SetProcessWorkingSetSize
FindResourceExW
GetSystemDefaultUILanguage
ReleaseActCtx
CreateActCtxW
ExpandEnvironmentStringsA

gdi32

GetBkColor
ExtTextOutW
SetBrushOrgEx
GetBkMode
GetRgnBox
GetRegionData
OffsetRgn
ExtCreateRegion
GetBrushOrgEx
PlayEnhMetaFile
SetStretchBltMode
DeleteEnhMetaFile
GetPixel
StretchDIBits
CreatePatternBrush
CreateDIBPatternBrushPt
SelectClipRgn
RectVisible
GetClipRgn
OffsetWindowOrgEx
GetLayout
GetTextExtentPoint32A
TextOutA
GetTextColor
CreateFontIndirectA
CreateFontW
SetDCPenColor
GetClipBox
CreateSolidBrush
CreateRoundRectRgn
EqualRgn
CombineRgn
SetRectRgn
CreateRectRgn
GetTextAlign
SetTextAlign
SetViewportExtEx
CreatePolygonRgn
PatBlt
CreateDIBSection
CreatePen
Rectangle
MoveToEx
LineTo
BitBlt
SelectPalette
RealizePalette
SetPaletteEntries
StretchBlt
GetStockObject
CreateDCW
CreateRectRgnIndirect
CreateEnhMetaFileA
CloseEnhMetaFile
CreateMetaFileW
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
CreateDCA
SaveDC
LPtoDP
SetMapMode
SetViewportOrgEx
IntersectClipRect
RestoreDC
GetTextMetricsW
CreateFontIndirectW
SetTextColor
SetBkMode
TextOutW
CreateHalftonePalette
GetPaletteEntries
GetSystemPaletteEntries
CreatePalette
CreateCompatibleDC
SetLayout
GetObjectW
CreateCompatibleBitmap
CreateBitmap
GetDIBits
SetBkColor
GetDeviceCaps
GetObjectA
GetTextExtentPoint32W
SelectObject
GetTextExtentPointW
GetGlyphIndicesW
GetTextExtentExPointI
DeleteDC
DeleteObject

user32

OffsetRect
MonitorFromRect
GetLastActivePopup
IsRectEmpty
AppendMenuW
SetRectEmpty
CheckRadioButton
InsertMenuItemW
SetWindowLongW
TrackPopupMenuEx
GetMessagePos
GetMenuItemInfoW
TranslateAcceleratorW
CharNextW
GetWindowTextW
CreateMenu
InflateRect
CheckMenuRadioItem
DeleteMenu
GetCursorPos
KillTimer
GetClassNameW
MessageBeep
GetMessageW
LoadAcceleratorsW
EndPaint
BeginPaint
SetWindowRgn
EqualRect
PtInRect
UnionRect
CallWindowProcW
AttachThreadInput
GetWindow
SystemParametersInfoW
IsIconic
SetClipboardViewer
ChangeClipboardChain
ScreenToClient
WindowFromPoint
wsprintfW
GetClassInfoExW
GetDoubleClickTime
GetCapture
GetMenuItemID
LoadBitmapW
FillRect
GetWindowTextLengthW
CopyImage
CloseClipboard
GetClipboardData
OpenClipboard
SetCursorPos
GetMessageTime
ReleaseCapture
SetCapture
SetRect
DdeCreateDataHandle
DdeDisconnect
DdeClientTransaction
DdeConnect
DdeFreeStringHandle
DdeCreateStringHandleW
DdeUninitialize
DdeNameService
GetForegroundWindow
DdeFreeDataHandle
DdeQueryStringW
DdeGetData
DdeInitializeW
GetWindowDC
DrawFocusRect
GetSysColorBrush
TrackMouseEvent
EnumWindows
IsHungAppWindow
GetActiveWindow
MsgWaitForMultipleObjectsEx
CopyIcon
ShowOwnedPopups
PostThreadMessageW
GetWindowPlacement
EnumThreadWindows
FindWindowW
MonitorFromPoint
CopyRect
GetMenuState
GetMessageExtraInfo
GetKeyboardLayout
RedrawWindow
ShowScrollBar
SetScrollInfo
GetScrollInfo
SetScrollPos
GetDialogBaseUnits
EnumDisplayMonitors
NotifyWinEvent
IntersectRect
SetWindowPlacement
ClientToScreen
GetClassWord
EnumDesktopWindows
GetClassLongW
GetGUIThreadInfo
SetKeyboardState
GetKeyboardState
MessageBoxA
MessageBoxExW
MessageBoxExA
MessageBoxIndirectW
MessageBoxIndirectA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
CreateWindowExA
CreateDialogParamA
CreateDialogParamW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
DefWindowProcA
keybd_event
SendInput
IsDialogMessageA
DrawEdge
VkKeyScanExW
AdjustWindowRectEx
GetMenuStringW
SetClipboardData
SetActiveWindow
GetNextDlgTabItem
GetCursor
UpdateWindow
EndMenu
DrawFrameControl
GetTopWindow
HideCaret
ShowCaret
LockSetForegroundWindow
UpdateLayeredWindow
ChildWindowFromPoint
SetMenu
GetMenuItemRect
GetThreadDesktop
GetUserObjectInformationW
GetDlgItemInt
SetDlgItemInt
EmptyClipboard
GetShellWindow
CharPrevA
InSendMessage
SetTimer
GetDlgCtrlID
SetMenuItemInfoW
TrackPopupMenu
GetClipboardFormatNameW
GetSystemMenu
GetAsyncKeyState
WaitMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
IsDialogMessageW
SetForegroundWindow
GetSysColor
InvalidateRect
RegisterWindowMessageA
RegisterClassExW
MoveWindow
CharLowerBuffW
GetDesktopWindow
LoadCursorW
GetPropW
SetPropW
RemovePropW
GetDlgItemTextW
MonitorFromWindow
GetMonitorInfoW
GetComboBoxInfo
GetWindowInfo
AdjustWindowRect
CheckDlgButton
SetFocus
SetDlgItemTextW
SetMenuDefaultItem
InsertMenuW
SetWindowsHookExW
GetFocus
DestroyWindow
CallNextHookEx
UnhookWindowsHookEx
IsWindow
GetWindowLongW
GetWindowLongPtrW
FindWindowExW
IsWindowEnabled
IsWindowVisible
SendMessageTimeoutA
RegisterClipboardFormatW
WaitForInputIdle
GetAncestor
AllowSetForegroundWindow
LoadStringA
CharNextA
DrawIconEx
CreateIconIndirect
IsCharAlphaNumericW
CharLowerW
GetIconInfo
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
SetParent
GetWindowLongA
SetWindowLongA
SystemParametersInfoA
GetWindowThreadProcessId
SendNotifyMessageW
WinHelpW
FindWindowA
DefWindowProcW
CreateWindowExW
SetWindowLongPtrW
LoadCursorA
SetCursor
CreatePopupMenu
GetMenuDefaultItem
IsChild
MsgWaitForMultipleObjects
PeekMessageA
DialogBoxParamA
DialogBoxParamW
MessageBoxW
EndDialog
IsDlgButtonChecked
ShowWindow
EnableWindow
DrawTextW
BeginDeferWindowPos
EndDeferWindowPos
GetWindowRect
SetWindowPos
MapWindowPoints
DeferWindowPos
UnregisterClassW
GetClassInfoW
RegisterClassW
CheckMenuItem
EnableMenuItem
GetMenuItemCount
GetMenuItemInfoA
PostMessageW
EnumChildWindows
GetParent
LoadMenuW
GetSubMenu
RemoveMenu
SetWindowLongPtrA
GetWindowLongPtrA
GetKeyState
DestroyAcceleratorTable
RegisterClipboardFormatA
SendMessageA
LoadStringW
GetDlgItem
GetClientRect
SendMessageW
SetWindowTextW
GetDC
ReleaseDC
CharUpperW
CharPrevW
RegisterWindowMessageW
GetSystemMetrics
DestroyIcon
LoadImageW
LoadIconW
SendDlgItemMessageW
GetKeyNameTextW
MapVirtualKeyW
GetWindowRgnBox
AnimateWindow
EnumDisplaySettingsW
DrawTextExW
SetPropA
GetPropA
RemovePropA
DestroyMenu
SendMessageTimeoutW

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueW
RegEnumValueA
RegOpenCurrentUser
OpenThreadToken
RegDeleteKeyW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueExA
CreateProcessAsUserW
RegDeleteKeyA
TraceEvent
CryptAcquireContextW
CryptReleaseContext
ConvertSidToStringSidW
OpenProcessToken
RegCreateKeyA
GetUserNameW
TraceMessage
ConvertStringSidToSidW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CryptGenRandom
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueW
EqualSid
RevertToSelf
ImpersonateSelf
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
IsTextUnicode

ole32

CoWaitForMultipleHandles
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CreateBindCtx
PropVariantClear
CoAllowSetForegroundWindow
CoInitializeEx
StringFromGUID2
ProgIDFromCLSID
StringFromCLSID
CoRevokeClassObject
CLSIDFromString
OleRegGetUserType
CoRegisterClassObject
CoDisconnectObject
CoGetTreatAsClass
CoCreateInstanceEx
CoRevertToSelf
CoImpersonateClient
IIDFromString
CoGetObject
OleSave
CreateILockBytesOnHGlobal
MkParseDisplayName
OleDraw
CoGetClassObject
CoCreateInstance
OleCreateFromData
StgCreateDocfile
ReleaseStgMedium
OleRun
CreateOleAdviseHolder
CreateDataAdviseHolder
OleLoadFromStream
OleRegEnumVerbs
OleRegGetMiscStatus
WriteClassStm
OleSaveToStream
OleUninitialize
DoDragDrop
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateFreeThreadedMarshaler
CoRegisterMessageFilter
CreateStreamOnHGlobal
GetRunningObjectTable
CoUnmarshalInterface
OleSetClipboard
CoFileTimeNow
CoInitializeSecurity
PropVariantCopy
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
ReadClassStm
CoFreeUnusedLibraries
HBITMAP_UserSize
HBITMAP_UserMarshal
HBITMAP_UserUnmarshal
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemRealloc
GetHGlobalFromStream

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantTimeToSystemTime
LoadTypeLi
RegisterTypeLi
SetErrorInfo
SystemTimeToVariantTime
VariantInit
SafeArrayRedim
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetDim
OleCreatePropertyFrameIndirect
LoadRegTypeLi
OleCreatePropertyFrame
SysStringByteLen
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayUnaccessData
SysAllocStringByteLen
VariantCopyInd
SysAllocStringLen
SafeArrayCreateVector
VariantChangeType
VariantCopy
SysReAllocString
SysStringLen

shell32

SHGetSpecialFolderLocation
ord23
ord153
ord24
SHBrowseForFolderW
ord16
ord68
ord164
ord43
Shell_NotifyIconW
Shell_NotifyIconA
ord63
ord100
ShellExecuteA
ExtractIconExW
SHFileOperationW
ord165
SHGetPathFromIDListW
SHGetDesktopFolder
ord6
ExtractIconW
ord75
ord162
ord171
ord74
SHGetSpecialFolderPathW
ord77
SHGetFileInfoW
ShellExecuteExW
SHBindToParent
ord88
ord182
ShellExecuteW
SHGetInstanceExplorer
ord176
ord72
SHGetFolderPathW
ord66
SHChangeNotify
ord102
ord747
SHGetFolderLocation
ord83
ord727
ord67
ord21
ord193
ord73
ord174
ord196
ord195
ord147
DragQueryFileW
ord62
ord59
ord152
ord132
ord680
ord17
ord85
ord4
ord2
ord98
ord645
ord644
DuplicateIcon
SHPathPrepareForWriteW
SHSetLocalizedName
SHGetFolderPathAndSubDirW
ord22
ord134
ord136
ord129
SHCreateDirectoryExW
ord28
SHCreateShellItem
ord704
ord71

iertutil

ord352
ord351
ord370
ord371
ord378
ord440
ord329
ord533
ord364
ord335
ord434
ord413
ord481
ord313
ord93
ord326
ord369
ord80
ord73
ord72
ord685
ord202
ord205
ord203
ord204
ord206
ord201
ord163
ord56
ord16
ord86
ord87
ord88
ord681
ord686
ord661
ord48
ord30
ord172
ord17
ord84
ord66
ord662
ord653
ord656
ord652
ord664
ord650
ord658
ord657
ord651
ord669
ord655
ord672
ord678
ord675
ord660
ord665
ord654
ord670
ord358
ord9
ord58
ord32
ord44
ord321
ord42
ord320
ord55
ord54
ord309
ord79
ord151
ord166
ord61
ord64
ord68
ord63
ord70
ord460
ord518
ord519
ord95
ord150
ord81
ord89
ord74
ord76
ord85
ord20
ord155
ord78
ord91
ord457
ord458
ord453
ord96
ord100
ord347
ord28
ord528
ord59
ord49
ord24
ord527
ord306
ord40
ord308
ord33
ord37
ord402
ord34
ord38
ord35
ord304
ord31
ord391
ord514
ord401
ord90
ord346
ord170
ord67
ord71
ord65
ord342
ord343
ord41
ord46
ord333
ord405
ord455
ord450
ord334
ord535
ord530
ord224
ord223
ord531
ord404
ord403
ord341
ord345
ord406
ord425
ord475
ord526
ord511
ord445
ord443
ord359
ord357
ord375
ord377
ord380
ord300
ord688
ord470
ord336
ord459
ord520
ord421
ord424
ord541
ord354
ord538
ord601
ord367
ord366
ord441
ord50
ord387
ord302
ord438
ord437
ord539
ord324
ord430
ord537
ord516
ord534
ord515
ord222
ord221
ord301
ord480
ord444
ord412
ord417
ord501
ord436
ord331
ord435
ord39
ord388
ord62
ord77
ord503
ord174
ord36
ord683
ord393
ord368
ord383
ord390
ord500
ord477
ord431
ord305
ord225
ord381
ord372
ord392
ord570
ord344
ord340
ord82
ord314
ord312
ord311
ord682
ord684
ord330
ord385
ord382
ord384
ord451
ord512
ord504
ord175
ord356

rpcrt4

UuidCreateSequential

Exports

Exports

AddUrlToFavorites
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoAddToFavDlg
DoAddToFavDlgW
DoFileDownload
DoOrganizeFavDlg
DoOrganizeFavDlgW
DoPrivacyDlg
ExportCookieFileByProcessW
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEAssociateThreadWithTab
IECancelSaveFile
IECreateDirectory
IECreateFile
IEDeleteFile
IEDisassociateThreadWithTab
IEFindFirstFile
IEGetFileAttributesEx
IEGetProtectedModeCookie
IEGetWriteableFolderPath
IEGetWriteableHKCU
IEInPrivateFilteringEnabled
IEIsInPrivateBrowsing
IEIsProtectedModeProcess
IEIsProtectedModeURL
IELaunchManageAddOnsUI
IELaunchURL
IEMoveFileEx
IERefreshElevationPolicy
IERegCreateKeyEx
IERegSetValueEx
IERegisterWritableRegistryKey
IERegisterWritableRegistryValue
IERemoveDirectory
IESaveFile
IESetProtectedModeCookie
IEShowSaveFileDialog
IEUnregisterWritableRegistry
ImportCookieFileByProcessW
ImportPrivacySettings
OpenURL
SHAddSubscribeFavorite
SetQueryNetSessionCount
SoftwareUpdateMessageBox
URLQualifyA
URLQualifyW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvbvm60.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ce5958d8adf86078d58c0c6f95621ee9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
SetEnvironmentVariableA
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
RaiseException
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
OpenFile
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
GetCurrentProcessId
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
lstrcpynA
_lclose
_llseek
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
HeapSize
lstrlenA

user32

DdeClientTransaction
DdeAbandonTransaction
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
RegisterClassExA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
EnumWindows
EnumChildWindows
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
GetCaretPos
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeDisconnect
DdeConnect
DdeSetUserHandle
DdeNameService
DdeCreateStringHandleA
DdeUninitialize
DdeInitializeA
DdeFreeStringHandle
DdeQueryConvInfo
DdeQueryStringA
DdeFreeDataHandle
SetScrollRange
SetScrollPos
DrawFrameControl
LockWindowUpdate
CharLowerBuffA
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
GetCaretBlinkTime
SetCaretPos
GetWindowTextLengthA
CreateCaret
ShowCaret
HideCaret
DestroyCaret
GetScrollPos
GetClipboardFormatNameA
DrawTextExA
SetWindowRgn
ToAscii
CreateAcceleratorTableA
DestroyAcceleratorTable
ShowScrollBar
GetScrollInfo
GetLastActivePopup
GetMenuItemInfoA
SetMenuItemInfoA
SetKeyboardState
GetKeyboardState
GetQueueStatus
GetDoubleClickTime
SetWindowContextHelpId
TrackPopupMenu
SetMenuDefaultItem
DrawMenuBar
DeleteMenu
InsertMenuA
GetSubMenu
GetMenuItemID
GetMenu
SetMenu
CreateMenu
ModifyMenuA
CheckMenuItem
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
PostThreadMessageA
VkKeyScanA
CharLowerA
DrawIcon
MessageBoxIndirectA
DialogBoxParamA
IsCharAlphaA
EnumThreadWindows
SetScrollInfo

gdi32

RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
CreateCompatibleBitmap
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateCompatibleDC
SetViewportOrgEx
BitBlt
DeleteDC
IntersectClipRect
OffsetWindowOrgEx
SelectClipRgn
SelectPalette
CreatePalette
PtInRegion
OffsetRgn
ExtSelectClipRgn
CreateRectRgnIndirect
CreateRectRgn
SetRectRgn
CombineRgn
CreateFontIndirectA
GetTextExtentPointA
GetObjectA
GetBitmapBits
SetBkMode
SelectObject
ExtTextOutA
CreateBitmap
CreatePatternBrush
SetTextColor
SetBkColor
CreatePen
CreateHatchBrush
UnrealizeObject
CreateSolidBrush
EndPage
DeleteObject

advapi32

RegQueryInfoKeyA
RegCreateKeyW
RegQueryValueExW
RegEnumValueA
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
BindMoniker
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
OleCreateLinkToFile
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad
CoLockObjectExternal

oleaut32

OleTranslateColor
OleCreatePropertyFrame
VariantInit
VariantClear
SysAllocString
SysFreeString
OleCreateFontIndirect
OleCreatePictureIndirect
SysAllocStringByteLen
OaBuildVersion
SysAllocStringLen
VariantChangeType
SetErrorInfo
CreateErrorInfo
GetErrorInfo
DispGetParam
LoadTypeLi
SysStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLibEx
UnRegisterTypeLi
LHashValOfNameSys
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
OleLoadPicture
SafeArrayDestroy
VariantCopy
VariantCopyInd
SafeArrayDestroyData
VariantChangeTypeEx
CreateDispTypeInfo
DispGetIDsOfNames
DispInvoke
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayCopy
OleIconToCursor
RevokeActiveObject
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayLock
SafeArrayUnlock
VarDateFromStr
SysReAllocStringLen
GetActiveObject
VarR8FromStr
VarCyFromI4
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromDate
VarBstrFromCy
VarI2FromStr
VarI4FromStr
VarI4FromR8
VarR4FromStr
VarCyFromStr
SysReAllocString
LHashValOfNameSysA
SysStringLen

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mx.dll
䮭 ࠢ筨 ॢ 2019.exe
.exe windows:4 windows x86 arch:x86

52b639b68a81f4910e84c7f85305e5b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord621
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaWriteFile
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaVarForInit
ord593
ord594
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord524
__vbaErase
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
ord561
DllFunctionCall
_adj_fpatan
__vbaStrR8
__vbaRedim
EVENT_SINK_Release
ord601
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
_adj_fprem
_adj_fdivr_m64
ord714
__vbaFPException
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord645
_CIlog
__vbaFileOpen
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

Signer

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 332KB - Virtual size: 332KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 24KB - Virtual size: 23KB

359f8118ed0f25419a195ab66b8157a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

gdi32

user32

advapi32

ole32

oleaut32

shell32

iertutil

rpcrt4

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 754KB - Virtual size: 754KB

.data Size: 33KB - Virtual size: 43KB

.pdata Size: 239KB - Virtual size: 238KB

.rsrc Size: 7.0MB - Virtual size: 7.0MB

.reloc Size: 59KB - Virtual size: 58KB

ce5958d8adf86078d58c0c6f95621ee9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1008KB - Virtual size: 1007KB

ENGINE Size: 52KB - Virtual size: 51KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 196KB - Virtual size: 195KB

.reloc Size: 64KB - Virtual size: 61KB

52b639b68a81f4910e84c7f85305e5b9

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 204KB - Virtual size: 201KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 332KB - Virtual size: 332KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 754KB - Virtual size: 754KB

.data
Size: 33KB - Virtual size: 43KB

.pdata
Size: 239KB - Virtual size: 238KB

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

.reloc
Size: 59KB - Virtual size: 58KB

.text
Size: 1008KB - Virtual size: 1007KB

ENGINE
Size: 52KB - Virtual size: 51KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 196KB - Virtual size: 195KB

.reloc
Size: 64KB - Virtual size: 61KB

.text
Size: 204KB - Virtual size: 201KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB