2fca2691e0c8398c45631b0d60b477c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fca2691e0c8398c45631b0d60b477c2_JaffaCakes118
Size

1004KB
MD5

2fca2691e0c8398c45631b0d60b477c2
SHA1

f5892f187e3cac312d8a34d4bf7e8322739d2d88
SHA256

c67eb97a9e9e965a41a9146c48aa599ffad71f72df282ecd3829b59f9bda6439
SHA512

49e2dae1574ab34eb47d53e01f1127439a976844a9f7b5e9748da67ba4336159a6dc0e58bcd78e742bd2806cf1817ed35043e93f6b350e9a1f9355b2a4739b5e
SSDEEP

24576:iNSMgq4J6DaaB4DUoPtRuamKch7mPrkk736RDd+Odh/v7f++lr:iUG4J6DFhoP7uaAwmRp+OdRvr

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
2fca2691e0c8398c45631b0d60b477c2_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/QTranslate.exe
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack001/bass.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

2fca2691e0c8398c45631b0d60b477c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7c2c71dfce9a27650634dc8b1ca03bf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetFileAttributesA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileTime
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MulDiv
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowExA
IsWindow
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.rtf
.rtf
Locales/Arabic/help.txt
Locales/Arabic/lang.json
Locales/Bulgarian/help.txt
Locales/Bulgarian/lang.json
Locales/Chinese (Simplified)/help.txt
Locales/Chinese (Simplified)/lang.json
Locales/Chinese (Traditional)/help.txt
Locales/Chinese (Traditional)/lang.json
Locales/Czech/help.txt
Locales/Czech/lang.json
Locales/Danish/help.txt
Locales/Danish/lang.json
Locales/Dutch/help.txt
Locales/Dutch/lang.json
Locales/English/help.txt
Locales/English/lang.json
Locales/Farsi/help.txt
Locales/Farsi/lang.json
Locales/Finnish/help.txt
Locales/Finnish/lang.json
Locales/French/help.txt
Locales/French/lang.json
Locales/German/help.txt
Locales/German/lang.json
Locales/Greek/help.txt
Locales/Greek/lang.json
Locales/Hebrew/help.txt
Locales/Hebrew/lang.json
Locales/Hungarian/help.txt
Locales/Hungarian/lang.json
Locales/Indonesia/help.txt
Locales/Indonesia/lang.json
Locales/Italian/help.txt
Locales/Italian/lang.json
Locales/Japanese/help.txt
Locales/Japanese/lang.json
Locales/Korean/help.txt
Locales/Korean/lang.json
Locales/Latvian/help.txt
Locales/Latvian/lang.json
Locales/Polish/help.txt
Locales/Polish/lang.json
Locales/Portuguese (Brazilian)/help.txt
Locales/Portuguese (Brazilian)/lang.json
Locales/Portuguese (Europian)/help.txt
Locales/Portuguese (Europian)/lang.json
Locales/Romanian/help.txt
Locales/Romanian/lang.json
Locales/Russian/help.txt
Locales/Russian/lang.json
Locales/Serbian/help.txt
Locales/Serbian/lang.json
Locales/Slovak/help.txt
Locales/Slovak/lang.json
Locales/Slovenian/help.txt
Locales/Slovenian/lang.json
Locales/Spanish/help.txt
Locales/Spanish/lang.json
Locales/Swedish/help.txt
Locales/Swedish/lang.json
Locales/Turkish/help.txt
Locales/Turkish/lang.json
Locales/Ukrainian/help.txt
Locales/Ukrainian/lang.json
Locales/Uyghur/help.txt
Locales/Uyghur/lang.json
Locales/Vietnamese/help.txt
Locales/Vietnamese/lang.json
Plugins/History/Csv.js
Plugins/History/Html.js
Plugins/History/Json.js
.js
Plugins/History/Txt.js
QTranslate.exe
.exe windows:5 windows x86 arch:x86

951d949c2ea429a8266bb176e2f69d8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\qtranslate\Bin\QTranslate.pdb

Imports

kernel32

CreateDirectoryW
FindFirstFileW
FindNextFileW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
GetTimeZoneInformation
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
ReadConsoleW
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
CloseHandle
OpenProcess
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
QueryPerformanceFrequency
FindFirstFileA
ExpandEnvironmentStringsA
VerifyVersionInfoW
HeapReAlloc
FormatMessageA
InitializeCriticalSection
SleepEx
GetTempPathW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetSystemDefaultUILanguage
SetFilePointer
InterlockedIncrement
DeleteFileW
GetFileSize
WriteFile
ReadFile
CreateFileW
GetModuleHandleW
GetCommandLineW
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
LocalFree
GetTempFileNameW
FormatMessageW
LCMapStringW
GetThreadPriority
SetThreadPriority
TerminateThread
ResumeThread
SuspendThread
CreateThread
ResetEvent
WaitForSingleObject
SetEvent
CreateEventW
FreeLibrary
GetProcAddress
LoadLibraryW
DecodePointer
CreateMutexW
WideCharToMultiByte
lstrcmpiW
GetModuleFileNameW
CompareStringW
MultiByteToWideChar
SetLastError
GetLocaleInfoW
Sleep
QueueUserWorkItem
GetSystemTime
MulDiv
GetCurrentThreadId
GetVersionExW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
WriteConsoleW
SetEndOfFile
QueryDosDeviceW
HeapSize
HeapDestroy
GetFileAttributesW
RaiseException
VerSetConditionMask
InitializeCriticalSectionAndSpinCount

user32

ReleaseDC
TranslateMessage
GetWindowDC
IsWindow
EndPaint
BeginPaint
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageW
MsgWaitForMultipleObjectsEx
OpenClipboard
CloseClipboard
DefWindowProcW
LoadImageW
FindWindowW
WindowFromPoint
EnumChildWindows
MonitorFromRect
GetComboBoxInfo
GetClassLongW
SetWindowRgn
GetAncestor
GetClassNameW
GetDesktopWindow
GetClientRect
DispatchMessageW
DispatchMessageA
GetWindowInfo
IsZoomed
CopyImage
EnumWindows
IsRectEmpty
SetActiveWindow
SetRectEmpty
GetMenuState
SendInput
TranslateAcceleratorW
LoadAcceleratorsW
GetAsyncKeyState
SetWindowPlacement
CreateDialogParamW
IsMenu
SetLayeredWindowAttributes
DialogBoxParamW
EndDialog
CheckDlgButton
IsDlgButtonChecked
GetClassInfoExW
RegisterClassExW
RedrawWindow
EqualRect
IntersectRect
PostQuitMessage
MessageBoxW
GetRawInputData
SystemParametersInfoW
RegisterWindowMessageW
GetLastInputInfo
GetGUIThreadInfo
GetKeyboardLayout
GetForegroundWindow
GetCapture
GetIconInfo
DrawIconEx
FrameRect
EnumClipboardFormats
CountClipboardFormats
SetWindowLongW
UnhookWinEvent
GetDlgCtrlID
SetTimer
SetWinEventHook
SetClipboardData
GetClipboardSequenceNumber
GetMessagePos
DestroyIcon
OffsetRect
SetRect
DrawFocusRect
GetFocus
GetActiveWindow
LoadIconW
SendDlgItemMessageW
SetDlgItemInt
GetKeyState
GetDoubleClickTime
GetClipboardData
EmptyClipboard
GetWindowLongW
GetDlgItem
SetDlgItemTextW
SetWindowPos
MapWindowPoints
GetParent
GetWindowRect
GetMonitorInfoW
InvalidateRect
MonitorFromWindow
GetWindow
ScreenToClient
SetWindowTextW
IsChild
IsDialogMessageW
DestroyWindow
GetWindowThreadProcessId
GetSysColor
PostMessageW
MapVirtualKeyW
GetKeyNameTextW
CreateWindowExW
SendMessageW
CheckMenuItem
CheckMenuRadioItem
GetMenuItemInfoW
CreatePopupMenu
LoadMenuW
GetSubMenu
DestroyMenu
SetMenuItemInfoW
KillTimer
GetDlgItemInt
EnableWindow
InsertMenuItemW
ClientToScreen
AppendMenuW
RemoveMenu
EnableMenuItem
GetMenuItemCount
SetForegroundWindow
TrackPopupMenu
GetCursorPos
GetKeyboardLayoutList
VkKeyScanExW
ToUnicodeEx
GetSystemMetrics
RegisterRawInputDevices
RegisterHotKey
UnregisterHotKey
GetCursor
LoadCursorW
SetCursor
DrawTextW
CopyRect
MoveWindow
InflateRect
SetFocus
IsIconic
ShowWindow
GetWindowPlacement
MonitorFromPoint
PtInRect
ReleaseCapture
SetCapture
IsWindowEnabled
UnregisterClassW
CallWindowProcW
IsWindowVisible
GetWindowTextLengthW
GetWindowTextW
GetDC

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptImportKey
CryptEncrypt
CryptDestroyKey

ole32

OleInitialize
CoTaskMemFree
OleRun
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
OleUninitialize
CoUninitialize

shell32

Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW
ExtractIconW

oleaut32

SetErrorInfo
VariantInit
VariantClear
SysStringLen
GetErrorInfo
CreateErrorInfo
SysFreeString
SysAllocString
SafeArrayCreateVector
SafeArrayDestroy
VariantCopy
VariantChangeType
VariantCopyInd
DispCallFunc
SysAllocStringLen

shlwapi

PathFindExtensionW
PathFindFileNameW
HashData
PathRemoveExtensionW
ColorHLSToRGB
ColorRGBToHLS
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

gdi32

DeleteDC
CreateBitmap
RoundRect
CreateSolidBrush
GetStockObject
SetBkColor
ExtTextOutW
GetPixel
GetDIBits
GetObjectW
GetTextMetricsW
SetViewportOrgEx
GetTextExtentPoint32W
CreateRectRgn
CreateRoundRectRgn
CreatePolygonRgn
ExcludeClipRect
SelectClipRgn
IntersectClipRect
CreateCompatibleDC
SetPixelV
GetTextColor
LineTo
MoveToEx
CreateFontIndirectW
BitBlt
Rectangle
SelectObject
CreatePen
SetROP2
EnumFontFamiliesExW
GetDeviceCaps
SetTextColor
SetBkMode
CreateCompatibleBitmap
DeleteObject

psapi

EnumProcesses
GetProcessImageFileNameW

oleacc

AccessibleObjectFromPoint

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpOpen

sensapi

IsNetworkAlive

msimg32

GradientFill
AlphaBlend

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_SetBkColor
_TrackMouseEvent
ImageList_GetIcon
ImageList_GetIconSize
ord413
ord410
ord412
ord411
ImageList_Create

gdiplus

GdipFree
GdipAlloc
GdipDeleteBrush
GdipCloneBrush
GdipCreateLineBrushFromRect
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangle
GdipCreateSolidFill
GdipDeletePen
GdipDrawRectangle
GdipDisposeImage
GdipCreatePath
GdipDeletePath
GdipResetPath
GdipClosePathFigure
GdipAddPathLine
ord1
GdipDrawPath
GdipFillPath
GdipCloneImage
GdipSaveImageToFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipCreateHICONFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreatePen1
GdipSetSmoothingMode
GdipCreatePen2

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

bass

BASS_Init
BASS_StreamCreateFile
BASS_RecordInit
BASS_RecordFree
BASS_RecordStart
BASS_ErrorGetCode
BASS_ChannelStop
BASS_StreamFree
BASS_RecordGetInput
BASS_Free
BASS_ChannelSetSync
BASS_ChannelPlay
BASS_RecordSetDevice

ws2_32

getpeername
WSAStartup
WSACleanup
WSAGetLastError
recv
send
setsockopt
htons
getsockopt
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
__WSAFDIsSet
select
connect
WSAIoctl
closesocket
WSASetLastError
bind
getsockname
socket
ntohs

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resources/XdxfArticle.xslt
Services/ABBYY Lingvo Live/Bin/Services/ABBYY Lingvo Live/Service.ico
Services/ABBYY Lingvo Live/Service.js
.js
Services/Babylon Dictionary/Bin/Services/Babylon Dictionary/Service.ico
Services/Babylon Dictionary/Service.js
Services/Babylon/Bin/Services/Babylon/Service.ico
Services/Babylon/Service.js
.js
Services/Baidu/Bin/Services/Baidu/Service.ico
Services/Baidu/Service.js
.js
Services/Common.js
.js
Services/DeepL/Bin/Services/DeepL/Service.ico
Services/DeepL/Service.js
.js
Services/Google Search/Bin/Services/Google Search/Service.ico
Services/Google Search/Service.js
.js
Services/Google Translate/Bin/Services/Google Translate/Service.ico
Services/Google Translate/Service.js
.js
Services/ImTranslator/Bin/Services/ImTranslator/Service.ico
Services/ImTranslator/Service.js
Services/Microsoft Translator/Bin/Services/Microsoft Translator/Service.ico
Services/Microsoft Translator/Service.js
.js
Services/Multitran/Bin/Services/Multitran/Service.ico
Services/Multitran/Service.js
.js
Services/Naver/Bin/Services/Naver/Service.ico
Services/Naver/Service.js
.js
Services/Oxford Learner Dictionary/Bin/Services/Oxford Learner Dictionary/Service.ico
Services/Oxford Learner Dictionary/Service.js
.js
Services/Promt/Bin/Services/Promt/Service.ico
Services/Promt/Service.js
Services/Reverso/Bin/Services/Reverso/Service.ico
Services/Reverso/Service.js
.js
Services/Urban Dictionary/Bin/Services/Urban Dictionary/Service.ico
Services/Urban Dictionary/Service.js
.js
Services/Wikipedia/Bin/Services/Wikipedia/Service.ico
Services/Wikipedia/Service.js
.js
Services/WordReference/Bin/Services/WordReference/Service.ico
Services/WordReference/Service.js
.js
Services/Yandex/Bin/Services/Yandex/Service.ico
Services/Yandex/Service.js
.js
Services/youdao/Bin/Services/youdao/Service.ico
Services/youdao/Service.js
.js
Themes/Blue.json
Themes/Brackets.json
Themes/Flat Dark.json
Themes/Holo Dark.json
Themes/Holo Light.json
Themes/Metro.json
Themes/Outlook Gray.json
Themes/Photoshop Dark.json
Uninstall.exe
.exe windows:4 windows x86 arch:x86

7c2c71dfce9a27650634dc8b1ca03bf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetFileAttributesA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileTime
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MulDiv
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowExA
IsWindow
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetAttributeEx
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetLevelEx
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetAttributeEx
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_FXSetPriority
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_IsStarted
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 120KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

petite
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c2c71dfce9a27650634dc8b1ca03bf0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 28KB - Virtual size: 27KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 700B

.rdata Size: 1024B - Virtual size: 705B

.data Size: 512B - Virtual size: 88B

.reloc Size: 512B - Virtual size: 240B

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 628B

951d949c2ea429a8266bb176e2f69d8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 1024B - Virtual size: 700B

.rdata
Size: 1024B - Virtual size: 705B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 628B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 19KB - Virtual size: 34KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 50KB - Virtual size: 49KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 1024B - Virtual size: 700B

.rdata
Size: 1024B - Virtual size: 705B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 240B