5f576134bf13b78759330f9f56abd247_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5f576134bf13b78759330f9f56abd247_JaffaCakes118
Size

3.8MB
MD5

5f576134bf13b78759330f9f56abd247
SHA1

cca006f263942bbbcaa7d605d65f29fec6902ee5
SHA256

6f7b6fcc5e39784aeb658cb8bbe2b2366657bb8aa4940aaf0e843d00ce8c4575
SHA512

36db781a5af9decd4a67a374912a3de8693b9e22b3514773a7addd340d906d45529e1e96e10457de6fec55579be371a036878d135bbdbe4dc144fc7dbb7cf5be
SSDEEP

98304:RLhZedLFgP1ddirQCsUWD898zhRCIl8lMmF7wWkSal5:RtJN3WsUP9SQlAW2l5

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tw6805a驱动/Driver/Driver Install.exe
unpack001/tw6805a驱动/Driver/aaaPci.sys
unpack001/tw6805a驱动/P2PClient/FTPPlayer.exe
unpack001/tw6805a驱动/P2PClient/GBL.dll
unpack001/tw6805a驱动/P2PClient/LocalPlayer.exe
unpack001/tw6805a驱动/P2PClient/SHXPlayM4.dll
unpack001/tw6805a驱动/P2PClient/Setup.exe
unpack001/tw6805a驱动/P2PClient/client.dll
unpack001/tw6805a驱动/P2PClient/dvrclient.exe

Files

5f576134bf13b78759330f9f56abd247_JaffaCakes118
.rar
tw6805a驱动/Driver/Driver Install.exe
.exe windows:4 windows x86 arch:x86

841c36d31afad4a4604615a594e51791

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupCloseFileQueue
SetupInstallFilesFromInfSectionA
SetupCommitFileQueueA
SetupInstallFromInfSectionA
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackA
SetupOpenInfFileA
SetupFindFirstLineA
SetupGetStringFieldA
SetupGetLineCountA
SetupGetLineByIndexA
SetupCloseInfFile
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiRemoveDevice
SetupDiGetClassImageIndex
SetupDiGetINFClassA
SetupDiGetClassDevsA
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiSetClassInstallParamsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetClassImageList
SetupDiDestroyDeviceInfoList
SetupDiDestroyClassImageList

newdev

UpdateDriverForPlugAndPlayDevicesA

cfgmgr32

CM_Reenumerate_DevNode_Ex
CM_Get_DevNode_Status
CM_Locate_DevNode_ExA

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
SetErrorMode
GetTickCount
RtlUnwind
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
RaiseException
HeapAlloc
HeapFree
SetStdHandle
GetFileType
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetFullPathNameA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVolumeInformationA
GetProfileStringA
Sleep
WideCharToMultiByte
lstrlenW
LockResource
LoadResource
FindResourceA
FreeLibrary
LoadLibraryA
FindFirstFileA
SetLastError
lstrlenA
LocalAlloc
LocalFree
GetLastError
GetComputerNameA
GetPrivateProfileIntA
GetModuleFileNameA
lstrcmpiA
GetVersionExA
GetCurrentProcess
FormatMessageA
FindClose
DeleteFileA
lstrcpyA
CloseHandle
CreateEventA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ResetEvent
TerminateThread
WaitForSingleObject
SetEvent
WaitForMultipleObjects
GetProcAddress
GetModuleHandleA
GlobalDeleteAtom
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
GetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
SizeofResource
GetCurrentDirectoryA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
lstrcpynA
MulDiv
FindNextFileA
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
lstrcmpA
GetCurrentThread
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetDriveTypeA

user32

CharUpperA
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
InflateRect
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DestroyMenu
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
InvalidateRect
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
AdjustWindowRectEx
ScreenToClient
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
PostThreadMessageA
GetNextDlgTabItem
RegisterClipboardFormatA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
wsprintfA
EnableWindow
FindWindowA
PostMessageA
GetDlgItem
LoadStringA
EnumWindows
GetWindowTextA
GetClassNameA
RegisterWindowMessageA
LoadIconA
GetWindowRect
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
KillTimer
IsWindowVisible
ShowWindow
ReleaseDC
GetDC
CopyRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SetForegroundWindow
GetForegroundWindow
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup

gdi32

DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
BitBlt
CreateCompatibleDC
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
PatBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptDestroyHash
RegSetValueExA
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
RegCreateKeyExA
CryptReleaseContext
OpenProcessToken
LookupPrivilegeValueA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish
ShellExecuteA

comctl32

ImageList_GetImageCount
ImageList_Destroy
ImageList_SetOverlayImage
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tw6805a驱动/Driver/aaaPci.inf
tw6805a驱动/Driver/aaaPci.sys
.sys windows:5 windows x86 arch:x86

999947f8bc3e0de418fc1f95d45073c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
KeSynchronizeExecution
IofCompleteRequest
ObfDereferenceObject
IoAllocateMdl
MmBuildMdlForNonPagedPool
IofCallDriver
IoFreeMdl
KeInitializeDpc
IoGetDmaAdapter
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
KeSetEvent
KeInsertQueueDpc
PoSetPowerState
RtlInitUnicodeString
PoStartNextPowerIrp
PoCallDriver
ExFreePool
READ_REGISTER_UCHAR
READ_REGISTER_BUFFER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_BUFFER_USHORT
READ_REGISTER_BUFFER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_BUFFER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_BUFFER_USHORT
WRITE_REGISTER_BUFFER_ULONG
MmSizeOfMdl
MmProbeAndLockPages
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
ZwClose
ZwUnmapViewOfSection
MmUnlockPages
KefAcquireSpinLockAtDpcLevel
KeCancelTimer
KefReleaseSpinLockFromDpcLevel
MmUnmapIoSpace
RtlUnwind
KeInitializeTimer
ExAllocatePoolWithTag
KeReleaseMutex
MmAllocateContiguousMemory
RtlAppendUnicodeStringToString
ZwOpenKey
ZwCreateKey
memmove
RtlCopyUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
IoAttachDeviceToDeviceStack
ExQueueWorkItem
IoAcquireCancelSpinLock
InterlockedExchange
IoReleaseCancelSpinLock
KeInitializeSpinLock
RtlFreeUnicodeString
InterlockedIncrement
MmFreeContiguousMemory
InterlockedDecrement
KeWaitForSingleObject
IoDetachDevice
KeClearEvent
PoRequestPowerIrp
IoFreeIrp
IoAllocateIrp
IoCancelIrp
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoConnectInterrupt
IoDisconnectInterrupt
KeInitializeEvent
MmMapIoSpace
KeSetTimer
KeSetTimerEx
KeInitializeMutex
KeRemoveEntryDeviceQueue
MmGetPhysicalAddress

hal

KeQueryPerformanceCounter
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 224B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STL
Size: 32B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tw6805a驱动/P2PClient/DummySignal.bmp
tw6805a驱动/P2PClient/FTPPlayer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 786KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 694KB - Virtual size: 694KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tw6805a驱动/P2PClient/GBL.dll
.dll windows:4 windows x86 arch:x86

db61644a22aee620a59c8be8ed690795

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RemoveDirectoryA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
CloseHandle
DeviceIoControl
CreateFileA
MoveFileExA
DeleteFileA
GetLogicalDrives
FileTimeToLocalFileTime
SetFileTime
SetFileAttributesA
GetFileInformationByHandle
GetModuleFileNameA
CreateDirectoryA
GetLocalTime
VirtualQuery
GetDriveTypeA
GetSystemDirectoryA
EnterCriticalSection
TlsFree
SetLastError
FlushFileBuffers
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
LeaveCriticalSection
ExitProcess
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
LCMapStringW
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
LCMapStringA
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
SetStdHandle

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tw6805a驱动/P2PClient/LocalPlayer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 989KB - Virtual size: 989KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6.5MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tw6805a驱动/P2PClient/Logo.bmp
tw6805a驱动/P2PClient/NoSignal.bmp
tw6805a驱动/P2PClient/OEM.ini
tw6805a驱动/P2PClient/SHXPlayM4.dll
.dll windows:4 windows x86 arch:x86

c9948bc5b844fa315e8bcb70e275a4b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CreateEventA
WaitForSingleObject
TerminateThread
SuspendThread
ResumeThread
CloseHandle
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
HeapReAlloc
WideCharToMultiByte
GetEnvironmentStrings
WaitForMultipleObjects
ResetEvent
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleHandleA
GetExitCodeThread
VirtualFree
VirtualAlloc
ReadFile
SetFilePointer
CreateFileA
SetFileTime
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
GetModuleFileNameA
HeapAlloc
RaiseException
DeleteFileA
WriteFile
GetFileType
SetEndOfFile
SetStdHandle
ExitProcess
GetACP
TerminateProcess
GetCurrentProcess
HeapSize
TlsAlloc
TlsFree
SetLastError
TlsGetValue
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LoadLibraryA
GetOEMCP
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
GetProcAddress
SetUnhandledExceptionFilter
FlushFileBuffers
GetCPInfo
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr

user32

MessageBoxA
GetMessageA
SetRect
GetSystemMetrics
ReleaseDC
GetDC
GetWindowRect
PostThreadMessageA
ClientToScreen
GetActiveWindow
GetClientRect
InvalidateRect
PostMessageA

ole32

CoUninitialize
CoInitialize

ddraw

DirectDrawCreateEx

msvfw32

DrawDibBegin
DrawDibClose
DrawDibOpen
DrawDibEnd
DrawDibDraw

avifil32

AVIFileExit
AVIStreamLength
AVIStreamRead
AVIStreamTimeToSample
AVIStreamFindSample
AVIStreamSampleToTime
AVIStreamStart
AVIStreamRelease
AVIFileRelease
AVIFileInit
AVIFileOpenA
AVIFileInfoA
AVIFileGetStream
AVIStreamInfoA
AVIStreamReadFormat

winmm

waveOutUnprepareHeader
waveOutWrite
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutClose

gdi32

SetPixel
GetPixel

Exports

Exports

SHX_PlayM4_CapImageBmp
SHX_PlayM4_CapImageJpg
SHX_PlayM4_DecodeAudio
SHX_PlayM4_DecodeVideo
SHX_PlayM4_EnableSound
SHX_PlayM4_Fast
SHX_PlayM4_GetCurrentFrameRate
SHX_PlayM4_GetPlayedFrames
SHX_PlayM4_GetPlayedTime
SHX_PlayM4_GetTotalFrames
SHX_PlayM4_GetTotalTime
SHX_PlayM4_Init
SHX_PlayM4_InputData
SHX_PlayM4_OneByOne
SHX_PlayM4_OneByOneBack
SHX_PlayM4_OpenFile
SHX_PlayM4_OpenStream
SHX_PlayM4_Pause
SHX_PlayM4_PlayData
SHX_PlayM4_Read
SHX_PlayM4_SetFileEndMsg
SHX_PlayM4_SetPlayedTime
SHX_PlayM4_SetWnd
SHX_PlayM4_Slow
SHX_PlayM4_Start
SHX_PlayM4_StartCapture
SHX_PlayM4_Stop
SHX_PlayM4_StopCapture
SHX_PlayM4_Uninit

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tw6805a驱动/P2PClient/Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tw6805a驱动/P2PClient/Thumbs.db
tw6805a驱动/P2PClient/client.dll
.dll windows:4 windows x86 arch:x86

aac758b4ee08ce45dfc3a87f054f8cf5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

j:\SHXApp\working-v4.1\client\release_CCTVHW\client.pdb

Imports

kernel32

GetLastError
FormatMessageA
LocalFree
WideCharToMultiByte
GetFileAttributesA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
QueryPerformanceFrequency
GetProcessAffinityMask
GetCurrentThread
QueryPerformanceCounter
GetCurrentProcess
GetModuleHandleA
CreateSemaphoreA
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
SetEvent
PulseEvent
CreateEventA
GetLocaleInfoA
CreateMutexA
WaitForSingleObject
EnterCriticalSection
Sleep
GetSystemTimeAsFileTime
ReleaseMutex
lstrcpyA
CloseHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryA
ReadFile
GetStartupInfoA
GetFileType
SetHandleCount
VirtualQuery
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
WriteFile
SetFileTime
CreateFileA
ExitThread
GetCurrentThreadId
CreateThread
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetProcAddress
ExitProcess
GetCommandLineA
GetVersionExA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
RtlUnwind
GetStdHandle
GetModuleFileNameA
HeapSize
RaiseException
GetConsoleCP
GetConsoleMode

user32

GetClientRect
ReleaseDC
SetRect
GetDC
GetSystemMetrics
GetWindowRect

gdi32

SetPixel
GetPixel
StretchDIBits

ole32

CoUninitialize
CoInitialize

avifil32

AVIFileInit
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileOpenA
AVIStreamWrite
AVIFileExit
AVIStreamRelease
AVIFileRelease

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

ws2_32

WSAGetLastError
send
getsockopt
htons
ntohs
gethostbyname
WSAEventSelect
WSAWaitForMultipleEvents
inet_ntoa
inet_addr
ntohl
recvfrom
connect
gethostname
ioctlsocket
bind
sendto
setsockopt
getsockname
WSAStartup
recv
WSACleanup
closesocket
socket

ddraw

DirectDrawCreateEx
DirectDrawCreate

Exports

Exports

CaptureImage
ChannelClose
ChannelOpen
ConnectNATServer
ConnectUser1
ConnectUser2
ControlPTZ
DeInitNetSDK
DisconnectNATServer
GetAudioEncoder
GetBoardCount
GetBoardDetail
GetBoardInfo
GetCapability
GetDspCount
GetDspDetail
GetEncodeChannelCount
GetEncoderPictureFormat
GetIBPMode
GetNetLastError
GetNetLocalPort
GetTotalChannels
GetTotalDSPs
GetVideoCaptureSize
GetVideoEncoder
GetVideoPara
GetVideoSignal
GetVideoStandard
InitNetSDK
IsConnectedNATServer
IsLegalIp
LoginDVRServer
LogoutDVRServer
RegisterStreamDirectReadCallback
SendRecvUserData
SendUserData
SetOsd
SetOsdDisplayModeEx
SetOverlayColorKey
SetVideoPara
SetVideoPriority
StartCaptureFile
StartMotionDetection
StartVideoPreview
StopCaptureFile
StopMotionDetection
StopVideoPreview
_GetSDKVersion@4

Sections

.text
Size: 996KB - Virtual size: 995KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dtors
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tw6805a驱动/P2PClient/dvrclient.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

841c36d31afad4a4604615a594e51791

Headers

File Characteristics

Imports

setupapi

newdev

cfgmgr32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 168KB - Virtual size: 166KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 16KB - Virtual size: 12KB

999947f8bc3e0de418fc1f95d45073c0

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 224B - Virtual size: 193B

.CRT Size: 32B - Virtual size: 12B

.STL Size: 32B - Virtual size: 16B

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

Headers

File Characteristics

Sections

CODE Size: 786KB - Virtual size: 786KB

DATA Size: 23KB - Virtual size: 22KB

BSS Size: - Virtual size: 8KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 51KB - Virtual size: 50KB

.rsrc Size: 694KB - Virtual size: 694KB

db61644a22aee620a59c8be8ed690795

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 816B

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 989KB - Virtual size: 989KB

DATA Size: 15KB - Virtual size: 14KB

BSS Size: - Virtual size: 6.5MB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 168KB - Virtual size: 166KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 16KB - Virtual size: 12KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 224B - Virtual size: 193B

.CRT
Size: 32B - Virtual size: 12B

.STL
Size: 32B - Virtual size: 16B

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

CODE
Size: 786KB - Virtual size: 786KB

DATA
Size: 23KB - Virtual size: 22KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 51KB - Virtual size: 50KB

.rsrc
Size: 694KB - Virtual size: 694KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 816B

.reloc
Size: 8KB - Virtual size: 4KB

CODE
Size: 989KB - Virtual size: 989KB

DATA
Size: 15KB - Virtual size: 14KB

BSS
Size: - Virtual size: 6.5MB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 714KB - Virtual size: 714KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 340KB - Virtual size: 339KB

.data
Size: 68KB - Virtual size: 424KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 60KB - Virtual size: 59KB

CODE
Size: 373KB - Virtual size: 373KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 996KB - Virtual size: 995KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 44KB - Virtual size: 550KB

.dtors
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 648B

.reloc
Size: 36KB - Virtual size: 33KB

CODE
Size: 672KB - Virtual size: 671KB

DATA
Size: 8KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 625KB - Virtual size: 625KB