2c6cae03316e01c816d2d38260723016_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c6cae03316e01c816d2d38260723016_JaffaCakes118
Size

19.1MB
MD5

2c6cae03316e01c816d2d38260723016
SHA1

d1c423d18981bd3e634f054508337a938bf56532
SHA256

d205d4ecc450122e0ccb74bec89eee71051dbf1dea4cb788a3cad0c10d92eccb
SHA512

cbc964a4e61c99264d09dbeadaf722a3e3ee1ca5901ec801c690b4d4b8978c6818de865f0ae19247818917f471fbc5aa04c13ee875c113d023adbb1675ac9fc9
SSDEEP

393216:2+M5r7aKk/Rf8DFh4Q/+tc2s6Wa3s2lQy90oOZ+NH5AQtXI6q68zHhcH7oo6O:2vr7k5SFhAz1hQy1Oo/AQtXIA8rhK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/game.dll

Files

2c6cae03316e01c816d2d38260723016_JaffaCakes118
.rar
qsmy611zsb/8M补丁.zip
.zip
game.dll
.dll windows:4 windows x86 arch:x86

cbd36fa7be631228469b7c2e42d54d83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Drive1\temp\buildwar3x\War3\bin\Game.pdb

Imports

comctl32

ImageList_Create
ImageList_EndDrag
ImageList_DragLeave
ImageList_BeginDrag
ImageList_DragEnter
ImageList_GetImageCount
ImageList_Add
ImageList_Replace
ImageList_DragMove
_TrackMouseEvent
ImageList_DragShowNolock
InitCommonControlsEx
ImageList_Destroy

wsock32

WSASetLastError
getservbyport
gethostbyaddr
getservbyname
inet_addr
WSAGetLastError
WSACleanup
accept
select
connect
send
gethostbyname
recv
recvfrom
sendto
WSAStartup
socket
ioctlsocket
getsockopt
ntohl
inet_ntoa
ntohs
closesocket
getpeername
getsockname
listen
bind
setsockopt
gethostname

winmm

timeGetTime

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualProtect
FlushInstructionCache
VirtualFree
GetLogicalDriveStringsA
GetDriveTypeA
SuspendThread
ResumeThread
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
TerminateThread
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetCurrentThreadId
CreateSemaphoreA
ReleaseMutex
OpenMutexA
CreateMutexA
ReleaseSemaphore
WaitForMultipleObjects
DuplicateHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
WaitForSingleObject
GetDiskFreeSpaceA
FindFirstFileA
FindNextFileA
FindClose
SetCurrentDirectoryA
RemoveDirectoryA
CreateDirectoryA
CopyFileA
MoveFileA
SetFileAttributesA
SetEndOfFile
SetFileTime
GetFileTime
FormatMessageA
FreeLibrary
GetModuleHandleA
MultiByteToWideChar
GetACP
Sleep
OutputDebugStringA
GetLastError
WideCharToMultiByte
InterlockedExchange
InterlockedCompareExchange
WriteFile
CreateFileA
DeleteFileA
CreateProcessA
GetUserDefaultLangID
GetTimeZoneInformation
GetDiskFreeSpaceExA
GetUserDefaultLCID
GetSystemDefaultLangID
GetLocaleInfoA
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetModuleFileNameA
GetWindowsDirectoryA
GetFileAttributesA
GetSystemInfo
GetVersionExA
GetComputerNameA
GlobalMemoryStatus
CreateEventA
ReadFile
FlushFileBuffers
SetFilePointer
GetFileSize
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
LocalFree
SetEvent
OpenEventA
GetCurrentProcess
CreateThread
RaiseException
TryEnterCriticalSection

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCreateKeyExA
FreeSid
CryptGenRandom
CryptAcquireContextA
GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData

wininet

InternetCanonicalizeUrlA

storm

ord612
ord609
ord638
ord603
ord633
ord601
ord636
ord403
ord293
ord252
ord263
ord253
ord267
ord266
ord270
ord423
ord151
ord264
ord268
ord300
ord578
ord465
ord401
ord422
ord622
ord501
ord405
ord426
ord425
ord507
ord509
ord543
ord542
ord541
ord548
ord280
ord504
ord279
ord587
ord545
ord572
ord470
ord496
ord590
ord272
ord568
ord469
ord460
ord565
ord567
ord585
ord289
ord506
ord576
ord275
ord281
ord288
ord607
ord621
ord628
ord619
ord428
ord406
ord291
ord524
ord525
ord534
ord537
ord580
ord503
ord575
ord508
ord571
ord574
ord570
ord581
ord589
ord482
ord510
ord295
ord579
ord596
ord461
ord553
ord595
ord551
ord552
ord472
ord474
ord479
ord476
ord569
ord577
ord462
ord463
ord269
ord265
ord586
ord424
ord502
ord421
ord597
ord563
ord624
ord606
ord584
ord471
ord251
ord294
ord302
ord271
ord544

ijl15

ord2
ord4
ord3

msvcr80

_CIexp
_CIatan
_CItan
iswspace
isalnum
strncpy
malloc
realloc
fread
fseek
ftell
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
strstr
isupper
isdigit
strnlen
setvbuf
_beginthreadex
_CIlog10
_clearfp
strncmp
_time64
_ctime64
exit
__iob_func
fprintf
vfprintf
fputc
fputs
putc
toupper
sprintf
srand
sscanf
atof
printf
rand
floor
fopen
fwrite
fclose
_ismbcspace
_HUGE
ceil
_CIatan2
_CIasin
_mbsstr
_itoa
atoi
memmove
_CIfmod
qsort
_CIpow
isprint
_CIsqrt
_CIsin
_CIcos
strcat_s
sprintf_s
strtoul
strncpy_s
free
calloc
strcpy_s
strchr
strtol
_vsnprintf
memset
atol
__CxxFrameHandler3
_snprintf_s
_localtime64_s
_strnicmp
_stricmp
_fsopen
fflush
sscanf_s
strtok_s
_itoa_s
_CIacos
_vsnprintf_s
_purecall
_control87
memcpy

mss32

_AIL_3D_sample_attribute@12
_AIL_set_3D_sample_preference@12
_AIL_open_stream@12
_AIL_shutdown@0
_AIL_mem_use_malloc@4
_AIL_mem_use_free@4
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_open_digital_driver@16
_AIL_set_file_callbacks@16
_AIL_open_XMIDI_driver@4
_AIL_DLS_open@28
_AIL_set_3D_orientation@28
_AIL_DLS_unload@8
_AIL_set_3D_position@16
_AIL_digital_CPU_percent@4
_AIL_set_3D_speaker_type@8
_AIL_set_3D_provider_preference@12
_AIL_set_3D_room_type@8
_AIL_set_XMIDI_master_volume@8
_AIL_open_3D_provider@4
_AIL_last_error@0
_AIL_open_3D_listener@4
_AIL_set_3D_distance_factor@8
_AIL_enumerate_3D_providers@12
_AIL_file_type@8
_AIL_MIDI_to_XMI@20
_AIL_register_EOS_callback@8
_AIL_set_sample_user_data@12
_AIL_register_3D_EOS_callback@8
_AIL_set_3D_user_data@12
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_sequence_status@4
_AIL_stream_status@4
_AIL_sample_position@4
_AIL_3D_sample_offset@4
_AIL_stream_position@4
_AIL_stream_ms_position@12
_AIL_3D_sample_length@4
_AIL_set_sample_ms_position@8
_AIL_set_stream_ms_position@8
_AIL_set_sample_playback_rate@8
_AIL_sample_playback_rate@4
_AIL_set_3D_sample_playback_rate@8
_AIL_3D_sample_playback_rate@4
_AIL_set_stream_playback_rate@8
_AIL_stream_playback_rate@4
_AIL_set_3D_sample_obstruction@8
_AIL_3D_user_data@8
_AIL_sample_user_data@8
_AIL_set_3D_sample_distances@12
_AIL_sequence_user_data@8
_AIL_set_sample_volume@8
_AIL_set_3D_sample_volume@8
_AIL_set_stream_volume@8
_AIL_set_sequence_volume@12
_AIL_DLS_compact@4
_AIL_DLS_load_memory@12
_AIL_pause_stream@8
_AIL_set_stream_loop_count@8
_AIL_set_3D_velocity@20
_AIL_set_sample_pan@8
_AIL_init_sequence@12
_AIL_sequence_ms_position@12
_AIL_set_3D_sample_cone@16
_AIL_set_stream_pan@8
_AIL_set_3D_sample_occlusion@8
_AIL_end_sequence@4
_AIL_end_3D_sample@4
_AIL_end_sample@4
_AIL_allocate_3D_sample_handle@4
_AIL_stop_sequence@4
_AIL_stop_3D_sample@4
_AIL_set_3D_sample_effects_level@8
_AIL_register_sequence_callback@8
_AIL_set_sequence_user_data@12
_AIL_allocate_sample_handle@4
_AIL_allocate_sequence_handle@4
_AIL_close_stream@4
_AIL_release_sequence_handle@4
_AIL_release_sample_handle@4
_AIL_extract_DLS@28
_AIL_find_DLS@24
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_set_sequence_loop_count@8
_AIL_resume_sequence@4
_AIL_start_sequence@4
_AIL_set_sample_loop_count@8
_AIL_resume_sample@4
_AIL_start_sample@4
_AIL_set_3D_sample_info@8
_AIL_set_3D_sample_loop_count@8
_AIL_resume_3D_sample@4
_AIL_stop_sample@4
_AIL_register_stream_callback@8
_AIL_mem_free_lock@4
_AIL_init_sample@4
_AIL_set_named_sample_file@20
_AIL_WAV_info@8
_AIL_sample_ms_position@12
_AIL_close_3D_listener@4
_AIL_close_3D_provider@4
_AIL_DLS_close@8
_AIL_close_XMIDI_driver@4
_AIL_close_digital_driver@4
_AIL_stream_user_data@8
_AIL_set_stream_user_data@12
_AIL_release_3D_sample_handle@4

opengl32

glVertexPointer
glNormalPointer
glNormal3fv
glColorPointer
glDrawElements
glTexCoordPointer
glViewport
glDepthRange
glScissor
glMatrixMode
glLoadMatrixf
glFinish
wglSwapLayerBuffers
glReadBuffer
glReadPixels
glClearColor
glClear
glPolygonOffset
glMaterialfv
glLightModelfv
glTexGeni
glColorMaterial
glLightfv
glLightf
glDepthFunc
glDrawBuffer
glFogi
glFogf
glFogfv
glDepthMask
glTexEnvi
glDisable
glDisableClientState
glEnable
glEnableClientState
glBlendFunc
glAlphaFunc
glGenTextures
glBindTexture
glTexParameteri
glPixelStorei
glTexImage2D
glTexSubImage2D
glDeleteTextures
wglGetProcAddress
glGetIntegerv
glGetString
wglDeleteContext
wglCreateContext
wglMakeCurrent

imm32

ImmNotifyIME
ImmGetCandidateListA
ImmGetConversionStatus
ImmGetOpenStatus
ImmAssociateContext
ImmGetContext
ImmGetCompositionStringA
ImmAssociateContextEx
ImmReleaseContext

rpcrt4

RpcStringFreeA
UuidToStringA

secur32

FreeCredentialsHandle
DeleteSecurityContext
FreeContextBuffer
InitializeSecurityContextA
QueryContextAttributesA
EncryptMessage
DecryptMessage
ApplyControlToken
AcquireCredentialsHandleA

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext

user32

DestroyIcon
GetKeyState
MessageBeep
SetWindowPlacement
GetWindowPlacement
EnableWindow
SetActiveWindow
SetClassLongA
GetWindowTextA
SetCursor
SetScrollPos
GetScrollInfo
SetScrollInfo
OpenClipboard
GetClipboardData
CloseClipboard
GetSysColor
GetSysColorBrush
GetWindowTextLengthA
GetFocus
GetWindowInfo
IsWindowEnabled
IsWindowVisible
GetParent
DrawMenuBar
GetMenuItemInfoA
SetMenuItemInfoA
GetMenuItemCount
GetActiveWindow
KillTimer
RemovePropA
SetPropA
GetPropA
SendMessageA
wvsprintfA
EmptyClipboard
SetClipboardData
ScreenToClient
ClientToScreen
CreateDialogIndirectParamA
DeleteMenu
TranslateAcceleratorA
MessageBoxA
DrawFocusRect
DrawTextA
SetWindowTextA
PeekMessageA
IsDialogMessageA
SetParent
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenu
InsertMenuItemA
CreatePopupMenu
CreateMenu
SetCapture
GetMenu
DestroyMenu
SystemParametersInfoA
WindowFromPoint
ReleaseCapture
GetClassLongA
TrackPopupMenu
GetWindow
GetDesktopWindow
SetForegroundWindow
GetDCEx
SetCursorPos
GetCursorPos
GetWindowRect
ClipCursor
UnregisterClassA
DestroyWindow
ShowWindow
SetWindowPos
ChangeDisplaySettingsExA
EnumDisplaySettingsA
EnumDisplayDevicesA
ReleaseDC
GetDC
DefWindowProcA
EndPaint
BeginPaint
SetWindowLongA
GetWindowLongA
MapWindowPoints
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadImageA
SetFocus
PostMessageA
GetClientRect
ChangeDisplaySettingsA
DispatchMessageA
TranslateMessage
GetMessageA
ShowCursor
InvalidateRect
SetTimer
FillRect
RegisterClassA
CallWindowProcA
GetForegroundWindow
UpdateWindow

gdi32

CreateDIBitmap
SetDeviceGammaRamp
GetDeviceGammaRamp
CreateFontA
GetStockObject
TextOutW
CreatePen
MoveToEx
LineTo
GetTextExtentPoint32A
CreateRectRgnIndirect
CombineRgn
SetBkMode
SelectObject
CreateSolidBrush
FillRgn
GetBkColor
GetDeviceCaps
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
DeleteObject
SetBkColor
SetTextColor
SetTextAlign

shell32

ShellExecuteA
SHGetPathFromIDListA
DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
FindExecutableA
SHGetFolderPathA
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid

Exports

Exports

GameMain

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 820KB - Virtual size: 817KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:4 windows x86 arch:x86

b1ce86732ca5e0ef531f0a541177d693

Code Sign

19:9d:f8:72
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=Time-Stamping Authority WoSign,O=WoSign eCommerce Services Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:cb:93:7f:07:32:59
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/03/2013, 08:46

Not After

19/03/2014, 18:02

Subject

CN=南京凡游网络技术有限公司,O=南京凡游网络技术有限公司,L=南京市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c0e70756a63406b756169382e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Apps\release\KuaibaDown.pdb

Imports

wininet

InternetOpenW
InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetOpenUrlA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentThreadId
ResumeThread
SetEvent
ResetEvent
CreateEventW
SetFilePointer
SetEndOfFile
GetFileSize
ReadFile
WriteFile
FindNextFileW
FindClose
FindFirstFileW
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
MulDiv
InterlockedIncrement
InterlockedDecrement
GetConsoleMode
GetConsoleCP
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
HeapReAlloc
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTempPathW
RemoveDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
CreateFileW
CreateDirectoryW
GetLongPathNameW
GetCurrentDirectoryW
GetFileAttributesW
DeleteFileW
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetLastError
Sleep
GetTickCount
CreateProcessW
LoadLibraryA
SetStdHandle
WriteConsoleA
GetLocaleInfoA
GetStringTypeA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetStringTypeW

user32

ShowCaret
HideCaret
CreateCaret
SetCaretPos
GetSysColor
FillRect
DrawTextW
CharPrevW
DrawIconEx
MoveWindow
RedrawWindow
ClientToScreen
OffsetRect
IntersectRect
CharNextW
IsRectEmpty
DrawFocusRect
SetCursor
CharNextA
DestroyIcon
RegisterClassExW
LoadImageW
GetAsyncKeyState
CreateAcceleratorTableW
InvalidateRgn
GetPropW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
LoadCursorW
SetPropW
LoadBitmapW
GetFocus
IsWindow
GetMessageW
EndPaint
GetUpdateRect
GetDC
CreateWindowExW
DestroyAcceleratorTable
DestroyWindow
ReleaseDC
ReleaseCapture
GetMonitorInfoW
IsChild
SetCapture
MonitorFromWindow
SendMessageW
TranslateAcceleratorW
UpdateLayeredWindow
SetWindowRgn
GetCursorPos
DispatchMessageW
SetFocus
GetKeyState
ScreenToClient
InvalidateRect
BeginPaint
PtInRect
IsIconic
GetClientRect
IsZoomed
MapWindowPoints
GetWindowTextW
GetWindow
GetWindowTextLengthW
SetWindowTextW
SetForegroundWindow
GetWindowRect
ShowWindow
GetParent
LoadStringW
PostMessageW
KillTimer
GetWindowLongW
SetTimer
PostQuitMessage
SetWindowLongW
GetSystemMetrics
SetWindowPos
TranslateMessage
EnableWindow

gdi32

RoundRect
ExtSelectClipRgn
SetBkMode
SetBkColor
GetClipBox
StretchBlt
ExtTextOutW
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateRoundRectRgn
Rectangle
SetTextColor
CreateSolidBrush
SelectClipRgn
GetObjectW
CombineRgn
GetStockObject
CreateRectRgnIndirect
BitBlt
CreateCompatibleDC
GetDeviceCaps
SetStretchBltMode
GetCharABCWidthsW
SetBitmapBits
GetBitmapBits
TextOutW
CreateEllipticRgn
CreateRectRgn
CreateFontIndirectW
GetTextMetricsW
SelectObject
CreateDIBSection
DeleteDC
DeleteObject
CreatePen

advapi32

RegOpenKeyExW
RegCloseKey

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

OleLoadPicture
SysFreeString
SysAllocString

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qsmy611zsb/使用说明.txt
qsmy611zsb/游迅网.url
.url
qsmy611zsb/秦时明月6.1.1正式版.w3x

Sharing

General

Malware Config

Signatures

Files

cbd36fa7be631228469b7c2e42d54d83

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

wsock32

winmm

kernel32

comdlg32

advapi32

wininet

storm

ijl15

msvcr80

mss32

opengl32

imm32

rpcrt4

secur32

crypt32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 388KB - Virtual size: 642KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 820KB - Virtual size: 817KB

b1ce86732ca5e0ef531f0a541177d693

Code Sign

19:9d:f8:72Certificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

0f:cb:93:7f:07:32:59Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

msimg32

comctl32

riched20

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 428KB - Virtual size: 425KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 18KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 8.5MB - Virtual size: 8.5MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 388KB - Virtual size: 642KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 820KB - Virtual size: 817KB

19:9d:f8:72
Certificate

19:9d:f8:8e
Certificate

0f:cb:93:7f:07:32:59
Certificate

3d
Certificate

01
Certificate

.text
Size: 428KB - Virtual size: 425KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 18KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 48KB - Virtual size: 45KB