5090650c65890b81c6d84038ce351371_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5090650c65890b81c6d84038ce351371_JaffaCakes118
Size

20.5MB
MD5

5090650c65890b81c6d84038ce351371
SHA1

8d53abf036121aeabd080b26fd1c1874db4d44db
SHA256

ef965f7a0ce63b03f2d5b936c3ede0b7b8de63ce59e8b2ff79745bdb00111a62
SHA512

c82f19d7784d82494e47a602641b1fe4e860f63e92186cbbfcd906a1d980229ce9efd80a3c96e1eba919ea83cba98c99b71913193bc7e48d883505370fb60f06
SSDEEP

393216:Ll9PCXROXXcZSlucOv8Xxt+UMKsK7OKMJE+f+7/URbxBJlCTmrtWmFK:Ll4XRy2SkcJxt+UZsmFMJE+f6/yrSmrM

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ChiitransLite/ChiitransLite.exe
unpack001/ChiitransLite/IHF.dll
unpack001/ChiitransLite/IHF_DLL.dll
unpack001/ChiitransLite/IHF_compat.dll
unpack001/ChiitransLite/ITH_Engine.dll
unpack001/ChiitransLite/ITH_TLS.dll
unpack001/ChiitransLite/ithwrapper.dll
unpack001/ChiitransLite/ithwrapper_compat.dll
unpack001/ChiitransLite/tools/agth/agth.dll
unpack001/ChiitransLite/tools/agth/agth.exe
unpack001/ChiitransLite/tools/le/LECommonLibrary.dll
unpack001/ChiitransLite/tools/le/LEProc.exe
unpack001/ChiitransLite/tools/le/LoaderDll.dll
unpack001/ChiitransLite/tools/le/LocaleEmulator.dll
unpack001/ChiitransLite/vnrcli.dll
unpack001/ChiitransLite/vnrclixp.dll
unpack001/ChiitransLite/vnreng.dll
unpack001/ChiitransLite/vnrengxp.dll

Files

5090650c65890b81c6d84038ce351371_JaffaCakes118
.zip
ChiitransLite/ChiitransLite.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\ChiitransLite\ChiitransLite\obj\Release\ChiitransLite.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/IHF.dll
.dll windows:5 windows x86 arch:x86

28ea7ca4613917c4b0a6008bf6c964c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtWriteVirtualMemory
NtFsControlFile
NtCreateNamedPipeFile
LdrDisableThreadCalloutsForDll
NtDuplicateObject
NtQueryInformationThread
NtFreeVirtualMemory
NtOpenProcessToken
wcsrchr
NtWriteFile
NtUnmapViewOfSection
NtQueryVirtualMemory
_wcsicmp
swprintf
NtMapViewOfSection
NtSetEvent
NtClearEvent
memset
memcpy
NtWaitForSingleObject
NtReleaseMutant
NtOpenProcess
NtClose
NtQueryInformationProcess
LdrUnloadDll
NtQuerySystemInformation
RtlInitUnicodeString
NtCreateFile
NtAdjustPrivilegesToken
NtAllocateVirtualMemory
NtReadVirtualMemory
NtReadFile
NtCreateSection
NtOpenDirectoryObject
NtOpenFile
NtCreateEvent
NtCreateMutant
NtOpenMutant
NtTerminateThread
NtResumeThread
NtSetContextThread
NtCreateThread
NtProtectVirtualMemory

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

CreateRemoteThread
GetModuleFileNameW
GetSystemDirectoryW
GetFileAttributesW
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
LoadLibraryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

user32

KillTimer
CreateWindowExW
DestroyWindow
MessageBoxW
SetTimer

comctl32

ord17

Exports

Exports

_IHF_ActiveDetachProcess@4
_IHF_AddLink@8
_IHF_Cleanup@0
_IHF_GetHookManager@4
_IHF_GetPIDByName@4
_IHF_GetSettings@4
_IHF_Init@0
_IHF_InjectByPID@8
_IHF_InsertHook@12
_IHF_IsAdmin@0
_IHF_ModifyHook@8
_IHF_RemoveHook@8
_IHF_Start@0
_IHF_UnLink@4
_IHF_UnLinkAll@4

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/IHF_DLL.dll
.dll windows:5 windows x86 arch:x86

5756d4ab5da2b888035408f01ed44985

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlCreateHeap
NtCreateThread
RtlDestroyHeap
NtOpenEvent
NtSetContextThread
NtOpenDirectoryObject
RtlSetHeapInformation
NtCreateMutant
NtOpenFile
NtCreateSection
NtTerminateThread
NtSetEvent
NtResumeThread
NtAllocateVirtualMemory
NtQueryVirtualMemory
NtFlushBuffersFile
NtFlushInstructionCache
NtWriteVirtualMemory
NtProtectVirtualMemory
NtReadFile
NtReleaseMutant
NtCreateFile
NtClearEvent
RtlInitUnicodeString
NtDelayExecution
RtlAllocateHeap
NtClose
NtWaitForSingleObject
NtUnmapViewOfSection
RtlFreeHeap
NtMapViewOfSection
NtWriteFile
LdrDisableThreadCalloutsForDll

msvcrt

memset
_wcsicmp
wcsrchr
_wcslwr
swprintf
_stricmp
memcpy

user32

DrawTextExA
MessageBoxW
DrawTextW
DrawTextA
DrawTextExW

gdi32

TextOutW
GetTextExtentPoint32W
GetGlyphOutlineA
GetTextExtentPoint32A
GetCharABCWidthsA
ExtTextOutW
GetCharABCWidthsW
GetGlyphOutlineW
ExtTextOutA
TextOutA

Exports

Exports

_GetFunctionAddr@20
_NewHook@12
_NotifyHookInsert@4
_OutputConsole@4
_OutputDWORD@4
_OutputRegister@4
_RegisterEngineModule@12
_RemoveHook@4
_SwitchTrigger@4

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/IHF_compat.dll
.dll windows:5 windows x86 arch:x86

5b31fb3959c2ee20d4a1a8e1a787308a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\ith\ITH3\Release\IHF_compat.pdb

Imports

comctl32

ord17

ntdll

NtFsControlFile
NtCreateNamedPipeFile
NtReadFile
NtFlushBuffersFile
RtlAllocateHeap
NtReadVirtualMemory
NtClose
NtClearEvent
NtWaitForSingleObject
NtUnmapViewOfSection
NtQueryInformationProcess
RtlFreeHeap
NtMapViewOfSection
NtSetEvent
NtDuplicateObject
NtAdjustPrivilegesToken
NtOpenProcessToken
NtCreateFile
NtWriteVirtualMemory
RtlInitUnicodeString
NtQueryInformationThread
NtQuerySystemInformation
LdrUnloadDll
NtWriteFile
NtAllocateVirtualMemory
LdrDisableThreadCalloutsForDll
NtFreeVirtualMemory
NtOpenProcess
NtResumeThread
NtProtectVirtualMemory
NtTerminateThread
NtSetContextThread
RtlCreateHeap
NtOpenMutant
NtCreateThread
RtlDestroyHeap
NtOpenDirectoryObject
RtlSetHeapInformation
NtCreateEvent
NtCreateMutant
NtOpenFile
NtCreateSection
NtReleaseMutant
NtQueryVirtualMemory

kernel32

LoadLibraryW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

user32

DestroyWindow
CreateWindowExW
MessageBoxW

msvcr100

memset
_swprintf
wcsrchr
_wcsicmp
memcpy

Exports

Exports

_IHF_ActiveDetachProcess@4
_IHF_AddLink@8
_IHF_Cleanup@0
_IHF_GetHookManager@4
_IHF_GetPIDByName@4
_IHF_GetSettingManager@4
_IHF_Init@0
_IHF_InjectByPID@8
_IHF_InsertHook@12
_IHF_IsAdmin@0
_IHF_ModifyHook@8
_IHF_RemoveHook@8
_IHF_Start@0
_IHF_UnLink@4
_IHF_UnLinkAll@4

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/ITH_Engine.dll
.dll windows:5 windows x86 arch:x86

1121fffd57db733d59ceaf1c851ca55c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ihf_dll

_OutputConsole@4
_OutputDWORD@4
_RegisterEngineModule@12
_NewHook@12
_GetFunctionAddr@20
_SwitchTrigger@4

msvcrt

swprintf
sscanf
_wcslwr
wcsstr
qsort
strstr
wcsrchr
_wcsicmp
memcpy

ntdll

NtMapViewOfSection
RtlInitUnicodeString
NtQueryDirectoryFile
NtUnmapViewOfSection
NtCreateFile
NtOpenDirectoryObject
RtlSetHeapInformation
NtOpenFile
NtCreateSection
RtlCreateHeap
NtReadFile
NtQueryVirtualMemory
NtClose
NtAllocateVirtualMemory
LdrDisableThreadCalloutsForDll
NtFreeVirtualMemory
RtlDestroyHeap

kernel32

IsDBCSLeadByte

user32

DrawTextExA
DrawTextExW

gdi32

ExtTextOutA
GetGlyphOutlineA
GetTextExtentPoint32A
GetTextMetricsA
GetGlyphOutlineW
GetTextExtentPoint32W
TextOutA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/ITH_TLS.dll
.dll windows:5 windows x86 arch:x86

981a76fb839503a3c4889203eb0205e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\ITH-project\ITH3\Release\ITH_TLS.pdb

Imports

ws2_32

WSACleanup
WSAStartup
send
gethostbyname
closesocket
socket
recv
shutdown
htons
connect

ntdll

RtlSetHeapInformation
NtDelayExecution
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtQuerySystemTime
RtlAllocateHeap
RtlDestroyHeap
RtlCreateHeap
LdrDisableThreadCalloutsForDll
RtlFreeHeap

msvcrt

memset
memcpy
sscanf
_stricmp

Exports

Exports

_ITH_TLS_Cleanup@0
_ITH_TLS_DestroyHashCalculator@4
_ITH_TLS_DestroySocket@4
_ITH_TLS_Init@0
_ITH_TLS_NewHashCalculator@4
_ITH_TLS_NewSocket@4
_ITH_TLS_RSAEncrypt@16

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/LICENSE
ChiitransLite/data/Conjugations.txt
ChiitransLite/data/JMdict.xml
.xml
ChiitransLite/data/JMdict.xml.url
ChiitransLite/data/JMnedict.xml
.xml
ChiitransLite/data/Jmnedict.xml.url
ChiitransLite/data/names.txt
ChiitransLite/ithwrapper.dll
.dll windows:5 windows x86 arch:x86

01e6060b1578134a3626cfcc3beff7c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ihf

_IHF_InjectByPID@8
_IHF_Cleanup@0
_IHF_Start@0
_IHF_Init@0
_IHF_InsertHook@12
_IHF_RemoveHook@8
_IHF_GetHookManager@4
_IHF_ActiveDetachProcess@4

ntdll

NtCreateSection
NtOpenFile
NtCreateMutant
NtQueryVirtualMemory
NtOpenDirectoryObject
NtUnmapViewOfSection
RtlInitUnicodeString
NtMapViewOfSection
NtReleaseMutant
NtClose
NtWaitForSingleObject
LdrDisableThreadCalloutsForDll
RtlUnwind

kernel32

IsProcessorFeaturePresent
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
GetCurrentProcess
GetSystemDirectoryW
GetFileAttributesW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetLastError
GetProcAddress
HeapFree
Sleep
ExitProcess
HeapSize

Exports

Exports

_TextHookAddHook@8
_TextHookCleanup@0
_TextHookConnect@4
_TextHookDisconnect@0
_TextHookInit@0
_TextHookOnConnect@4
_TextHookOnCreateThread@4
_TextHookOnDisconnect@4
_TextHookOnInput@4
_TextHookOnRemoveThread@4
_TextHookRemoveHook@4

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/ithwrapper_compat.dll
.dll windows:5 windows x86 arch:x86

225a63b354dc95ea3c0127b40c9d0432

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ihf_compat

_IHF_InjectByPID@8
_IHF_Cleanup@0
_IHF_Start@0
_IHF_Init@0
_IHF_InsertHook@12
_IHF_RemoveHook@8
_IHF_GetHookManager@4
_IHF_ActiveDetachProcess@4

ntdll

NtCreateSection
NtOpenFile
NtCreateMutant
NtQueryVirtualMemory
RtlSetHeapInformation
NtOpenDirectoryObject
NtUnmapViewOfSection
RtlDestroyHeap
RtlInitUnicodeString
NtMapViewOfSection
RtlCreateHeap
NtReleaseMutant
NtClose
NtWaitForSingleObject
LdrDisableThreadCalloutsForDll
RtlUnwind

kernel32

HeapSize
IsProcessorFeaturePresent
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
Sleep
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetLastError
GetProcAddress

Exports

Exports

_TextHookAddHook@8
_TextHookCleanup@0
_TextHookConnect@4
_TextHookDisconnect@0
_TextHookInit@0
_TextHookOnConnect@4
_TextHookOnCreateThread@4
_TextHookOnDisconnect@4
_TextHookOnInput@4
_TextHookOnRemoveThread@4
_TextHookRemoveHook@4

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/tools/agth/agth.dll
.dll windows:4 windows x86 arch:x86

87a70b87aad221cbdb0f5f7642338538

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
VirtualQuery
CreateProcessW
HeapAlloc
HeapFree
VirtualFree
IsBadReadPtr
Thread32First
WideCharToMultiByte
GetLocaleInfoW
Sleep
CreateProcessA
Thread32Next
ReadFile
GetModuleFileNameW
SetFilePointer
lstrcatA
lstrlenW
FlushFileBuffers
SetThreadLocale
VirtualAlloc
OpenThread
lstrcatW
CreateToolhelp32Snapshot
ResumeThread
lstrcpyW
CreateThread
lstrcpyA
GetSystemDirectoryW
GetFileSize
GetEnvironmentVariableW
SetNamedPipeHandleState
MultiByteToWideChar
CreateFileW
WriteFile
GetTickCount
CloseHandle
LoadLibraryW
SetEnvironmentVariableW
GetTimeZoneInformation
VirtualProtect

user32

wvsprintfW
DrawTextA
CharNextExA
wsprintfA
CharNextA
DrawTextExW
CharPrevA
wsprintfW
DrawTextExA
MessageBoxA
IsWindowUnicode
wvsprintfA
CallWindowProcA
GetPropW
CallWindowProcW
CharPrevExA
DrawTextW

gdi32

GetTextColor
ExtTextOutA
TextOutW
GetGlyphOutlineW
GetCharABCWidthsW
GetOutlineTextMetricsW
ExtTextOutW
GetCharABCWidthsA
CreateFontIndirectA
GetOutlineTextMetricsA
GetTextExtentPoint32A
GetGlyphOutlineA
GetTextExtentPoint32W
TranslateCharsetInfo
TextOutA

ntdll

NtWriteVirtualMemory
NtGetContextThread
LdrDisableThreadCalloutsForDll
NtQueryDefaultLocale
NtSetContextThread
memchr
NtSetInformationThread
KiUserExceptionDispatcher
NtProtectVirtualMemory
NtContinue
NtFlushInstructionCache
memcpy
_chkstk
memset

version

GetFileVersionInfoW
GetFileVersionInfoA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/tools/agth/agth.exe
.exe windows:4 windows x86 arch:x86

389f6fb73eccba97418c4ccd8d725b6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
FreeLibrary
CreateProcessW
HeapAlloc
LoadLibraryExW
HeapFree
ConnectNamedPipe
CreateNamedPipeW
OpenProcess
Sleep
GetModuleFileNameW
SetThreadPriority
WaitForMultipleObjects
GetCommandLineW
ResumeThread
CreateThread
GlobalLock
GlobalAlloc
GlobalUnlock
ReadFile
GetOverlappedResult
MultiByteToWideChar
DisconnectNamedPipe
ExitProcess
CloseHandle
VirtualAllocEx
LoadLibraryW
SetEnvironmentVariableW
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
lstrcmpiW

user32

RegisterClassW
OpenClipboard
CreateWindowExW
IsDlgButtonChecked
CheckDlgButton
SetWindowPos
EndDialog
SetWindowLongW
EmptyClipboard
LoadMenuW
SetDlgItemInt
TranslateMessage
SetFocus
LoadCursorW
DialogBoxParamW
GetKeyState
KillTimer
PostMessageW
UnregisterClassW
PostQuitMessage
GetMessageW
SetTimer
GetDlgItemInt
CloseClipboard
SendMessageW
SetClipboardData
GetDialogBaseUnits
CallWindowProcW
MoveWindow
DispatchMessageW
MessageBoxA
MessageBoxW
DefWindowProcW

gdi32

CreateFontW

advapi32

AdjustTokenPrivileges
OpenThreadToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
ImpersonateSelf

ntdll

NtProtectVirtualMemory
NtSetContextThread
NtWriteVirtualMemory
NtFlushInstructionCache
NtGetContextThread
wcschr
ZwQuerySystemInformation
wcsrchr
memmove
memcpy
_chkstk
memset

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/tools/le/LECommonLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Documents\Visual Studio 2012\Projects\LocaleEmulator\LECommonLibrary\obj\Release\LECommonLibrary.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/tools/le/LEConfig.xml
ChiitransLite/tools/le/LEProc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Documents\Visual Studio 2012\Projects\LocaleEmulator\LEProc\obj\Release\LEProc.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/tools/le/LoaderDll.dll
.dll windows:5 windows x86 arch:x86

6b2555e184268d9f23ec828843db4e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrGetProcedureAddress
ZwOpenThread
ZwOpenDirectoryObject
RtlFreeUnicodeString
ZwCreateFile
ZwUnmapViewOfSection
ZwFreeVirtualMemory
ZwClose
NtReadVirtualMemory
NtFlushInstructionCache
DbgUiStopDebugging
ZwOpenProcess
ZwQueryInformationProcess
ZwSuspendProcess
ZwCreateSection
LdrLoadDll
NtGetContextThread
ZwTerminateProcess
DbgUiWaitStateChange
ZwQueryInformationFile
RtlMultiByteToUnicodeN
LdrFindEntryForAddress
ZwQueryInformationThread
ZwOpenSection
RtlDosPathNameToNtPathName_U
ZwAllocateVirtualMemory
NtWriteVirtualMemory
RtlInitAnsiString
ZwGetContextThread
swprintf
RtlInitUnicodeString
ZwMapViewOfSection
ZwReadFile
NtSetContextThread
NtProtectVirtualMemory
DbgUiContinue
RtlExpandEnvironmentStrings_U
ZwResumeProcess
ZwDuplicateObject

kernel32

CreateProcessInternalW

Exports

Exports

LeCreateProcess

Sections

.Asuna
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/tools/le/LocaleEmulator.dll
.dll windows:5 windows x86 arch:x86

5f791a17fb60c98dcfa3ac489a5d3b0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Desktop\Source\LocaleEmulator2\LocaleEmulator\LocaleEmulator.pdb

Imports

ntdll

RtlSetUnhandledExceptionFilter
LdrRegisterDllNotification
LdrUnregisterDllNotification
LdrInitializeThunk
LdrResSearchResource
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSectionAndSpinCount
swprintf
RtlCreateUnicodeString
RtlFreeHeap
RtlAllocateHeap
ZwUnmapViewOfSection
ZwClose
ZwDuplicateObject
ZwMapViewOfSection
ZwCreateSection
ZwOpenSection
ZwOpenDirectoryObject
RtlDuplicateUnicodeString
RtlDestroyHeap
RtlCreateHeap
RtlInitNlsTables
RtlResetRtlTranslations
RtlFreeUnicodeString
RtlEqualUnicodeString
LdrDisableThreadCalloutsForDll
RtlDeleteCriticalSection
RtlReAllocateHeap
ZwQueryInformationProcess
ZwProtectVirtualMemory
ZwReadVirtualMemory
ZwWriteVirtualMemory
RtlInitUnicodeString
RtlPushFrame
RtlDosPathNameToNtPathName_U
LdrLoadDll
RtlPopFrame
RtlExpandEnvironmentStrings_U
RtlCompareMemory
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwFlushInstructionCache
LdrLockLoaderLock
LdrUnlockLoaderLock
LdrFindEntryForAddress
RtlImageNtHeader
RtlInitAnsiString
LdrGetProcedureAddress
ZwOpenProcess
RtlGetFrame
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwRaiseHardError
ZwContinue
ZwQueryKey
RtlValidateUnicodeString
RtlFreeAnsiString
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteSize
RtlGetLastWin32Error
RtlSetLastWin32Error
ZwAddAtom
ZwDeleteAtom
LdrAddRefDll
RtlUnwind

Sections

.Asuna
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/vnrcli.dll
.dll windows:5 windows x86 arch:x86

ffba6d2e74f18ef2ab3e32f3ce2e70c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtFlushInstructionCache
NtReleaseMutant
memcpy
NtDelayExecution
NtReadFile
NtClearEvent
NtWriteVirtualMemory
NtFlushBuffersFile
NtProtectVirtualMemory
_stricmp
NtQueryVirtualMemory
RtlInitUnicodeString
NtCreateFile
LdrDisableThreadCalloutsForDll
swprintf
NtMapViewOfSection
NtWaitForSingleObject
NtClose
NtUnmapViewOfSection
memset
NtWriteFile
_wcslwr
wcsrchr
_wcsicmp
NtCreateSection
NtOpenDirectoryObject
NtOpenFile
NtOpenEvent
NtSetEvent
NtCreateMutant
NtTerminateThread
NtAllocateVirtualMemory
NtQueryInformationProcess
NtResumeThread
NtSetContextThread
NtCreateThread

msvcrt

free
malloc
_XcptFilter
_initterm
_except_handler4_common
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_amsg_exit

kernel32

CreateRemoteThread
GetSystemDirectoryW
GetFileAttributesW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrlenA
lstrlenW
GetCurrentThreadId

user32

DrawTextW
DrawTextExA
DrawTextA
MessageBoxW
DrawTextExW

gdi32

GetTextExtentPoint32A
GetGlyphOutlineA
ExtTextOutA
TextOutA
GetCharABCWidthsA
GetTextExtentPoint32W
GetGlyphOutlineW
ExtTextOutW
TextOutW
GetCharABCWidthsW

Exports

Exports

?InsertNonGuiHooks@@YGXXZ
_ConsoleOutput@4
_GetFunctionAddr@20
_NewHook@12
_NotifyHookInsert@4
_RegisterEngineModule@12
_RemoveHook@4
_SwitchTrigger@4

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/vnrclixp.dll
.dll windows:5 windows x86 arch:x86

4288cfee73e3378f61f4abd6e21bb928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtReleaseMutant
memcpy
NtDelayExecution
NtReadFile
NtClearEvent
_stricmp
NtFlushBuffersFile
NtProtectVirtualMemory
NtQueryVirtualMemory
_wcslwr
NtFlushInstructionCache
RtlInitUnicodeString
NtCreateFile
LdrDisableThreadCalloutsForDll
swprintf
NtMapViewOfSection
NtWaitForSingleObject
NtClose
NtUnmapViewOfSection
memset
NtWriteFile
NtWriteVirtualMemory
wcsrchr
_wcsicmp
NtCreateSection
NtOpenDirectoryObject
NtOpenFile
NtOpenEvent
NtSetEvent
NtCreateMutant
NtTerminateThread
NtAllocateVirtualMemory
NtQueryInformationProcess
NtResumeThread
NtSetContextThread
NtCreateThread

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

CreateRemoteThread
GetSystemDirectoryW
GetFileAttributesW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrlenA
lstrlenW

user32

MessageBoxW
DrawTextA
DrawTextExA
DrawTextW
DrawTextExW

gdi32

GetTextExtentPoint32A
GetGlyphOutlineA
ExtTextOutA
TextOutA
GetCharABCWidthsA
GetTextExtentPoint32W
GetGlyphOutlineW
ExtTextOutW
TextOutW
GetCharABCWidthsW

Exports

Exports

?InsertNonGuiHooks@@YGXXZ
_ConsoleOutput@4
_GetFunctionAddr@20
_NewHook@12
_NotifyHookInsert@4
_RegisterEngineModule@12
_RemoveHook@4
_SwitchTrigger@4

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/vnreng.dll
.dll windows:5 windows x86 arch:x86

dc2adcdfaf733160ac578565bf53ef7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrDisableThreadCalloutsForDll
wcsstr
memcpy
qsort
NtQueryVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
_wcsicmp
NtReadFile
NtClose
sscanf
strstr
_wcslwr
wcsncmp
wcsrchr
NtMapViewOfSection
NtCreateSection
NtOpenDirectoryObject
NtOpenFile
RtlInitUnicodeString
NtUnmapViewOfSection
NtCreateFile
wcsncpy
wcschr
NtQueryDirectoryFile

msvcrt

_except_handler4_common
_XcptFilter
_amsg_exit
_initterm
free
malloc

vnrcli

_SwitchTrigger@4
_NewHook@12
_RegisterEngineModule@12
?InsertNonGuiHooks@@YGXXZ
_ConsoleOutput@4
_GetFunctionAddr@20

kernel32

CreateFileW
CloseHandle
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDBCSLeadByte
GetFileAttributesW

user32

DrawTextExA
DrawTextExW

gdi32

GetTextMetricsA
ExtTextOutA
GetTextExtentPoint32A
TextOutA
GetGlyphOutlineA
GetGlyphOutlineW
GetTextExtentPoint32W

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/vnrengxp.dll
.dll windows:5 windows x86 arch:x86

5c1026b367f4631de751dbef77c040ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrDisableThreadCalloutsForDll
qsort
NtQueryVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
wcsstr
memcpy
_wcsicmp
NtReadFile
NtClose
sscanf
strstr
_wcslwr
wcsncmp
wcsrchr
NtMapViewOfSection
NtCreateSection
NtOpenDirectoryObject
NtOpenFile
RtlInitUnicodeString
NtUnmapViewOfSection
NtCreateFile
wcsncpy
wcschr
NtQueryDirectoryFile

vnrclixp

_SwitchTrigger@4
_NewHook@12
_RegisterEngineModule@12
?InsertNonGuiHooks@@YGXXZ
_ConsoleOutput@4
_GetFunctionAddr@20

kernel32

CreateFileW
CloseHandle
GetSystemDirectoryW
GetFileAttributesW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDBCSLeadByte

user32

DrawTextExA
DrawTextExW

gdi32

GetTextMetricsA
ExtTextOutA
GetTextExtentPoint32A
TextOutA
GetGlyphOutlineA
GetGlyphOutlineW
GetTextExtentPoint32W

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChiitransLite/www/hint.html
.html
ChiitransLite/www/index.html
.html
ChiitransLite/www/js/hint.js
.js
ChiitransLite/www/js/host.js
.js
ChiitransLite/www/js/index.js
.js
ChiitransLite/www/js/jquery-ui.js
.js
ChiitransLite/www/js/jquery.js
.js
ChiitransLite/www/js/options.js
.js
ChiitransLite/www/js/translation.js
.js
ChiitransLite/www/js/translators.coffee
ChiitransLite/www/js/translators.js
.js
ChiitransLite/www/js/underscore.js
.js
ChiitransLite/www/options.html
ChiitransLite/www/res/font/fontello.eot
ChiitransLite/www/res/fontello.css
ChiitransLite/www/res/hint.css
ChiitransLite/www/res/images/animated-overlay.gif
.gif
ChiitransLite/www/res/images/ui-bg_flat_0_aaaaaa_40x100.png
.png
ChiitransLite/www/res/images/ui-bg_flat_75_ffffff_40x100.png
.png
ChiitransLite/www/res/images/ui-bg_glass_55_fbf9ee_1x400.png
.png
ChiitransLite/www/res/images/ui-bg_glass_65_ffffff_1x400.png
.png
ChiitransLite/www/res/images/ui-bg_glass_75_dadada_1x400.png
.png
ChiitransLite/www/res/images/ui-bg_glass_75_e6e6e6_1x400.png
.png
ChiitransLite/www/res/images/ui-bg_glass_95_fef1ec_1x400.png
.png
ChiitransLite/www/res/images/ui-bg_highlight-soft_75_cccccc_1x100.png
.png
ChiitransLite/www/res/images/ui-icons_222222_256x240.png
.png
ChiitransLite/www/res/images/ui-icons_2e83ff_256x240.png
.png
ChiitransLite/www/res/images/ui-icons_454545_256x240.png
.png
ChiitransLite/www/res/images/ui-icons_888888_256x240.png
.png
ChiitransLite/www/res/images/ui-icons_cd0a0a_256x240.png
.png
ChiitransLite/www/res/index.css
ChiitransLite/www/res/jquery-ui.css
ChiitransLite/www/res/options.css
ChiitransLite/www/res/style.css
ChiitransLite/www/res/translation.css
ChiitransLite/www/themes/HideFurigana.css
ChiitransLite/www/themes/Neko.css
ChiitransLite/www/themes/PlainText.css
ChiitransLite/www/themes/kuroneko.png
.png
ChiitransLite/www/translation.html
.html

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 238KB - Virtual size: 237KB

.rsrc Size: 87KB - Virtual size: 87KB

.reloc Size: 512B - Virtual size: 12B

28ea7ca4613917c4b0a6008bf6c964c0

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

kernel32

user32

comctl32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

5756d4ab5da2b888035408f01ed44985

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

user32

gdi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

5b31fb3959c2ee20d4a1a8e1a787308a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

ntdll

kernel32

user32

msvcr100

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

1121fffd57db733d59ceaf1c851ca55c

Headers

DLL Characteristics

File Characteristics

Imports

ihf_dll

msvcrt

ntdll

kernel32

user32

gdi32

Sections

.text Size: 23KB - Virtual size: 22KB

.text
Size: 238KB - Virtual size: 237KB

.rsrc
Size: 87KB - Virtual size: 87KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 14KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.data
Size: - Virtual size: 392B

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 2KB - Virtual size: 1KB