6493355ba1cff0b1f9b2cbcd5b1993cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6493355ba1cff0b1f9b2cbcd5b1993cf_JaffaCakes118
Size

1.4MB
MD5

6493355ba1cff0b1f9b2cbcd5b1993cf
SHA1

a8d16fdb8cd45890ee42fb5387c068d134811f4f
SHA256

46174e43c5073c87c4d4a4f390e4fac87328970e29f3f1b821a956c971e61d4d
SHA512

54f74c7ae9d6d872389ee941405c2f57d488da9210989570b0b0f1b16264f2f5c6d3effac978409a35795d6ab3fe4a49718eecdca6f1e61337079a088e118028
SSDEEP

24576:X6skOS4wppgxuyh0EIwVTEc7HDfkC+87+M/WyWWffSV9Wv48TUIUiLNiUdaSEc6r:TSvgxuzQDfk8DCc4mL3qc6854bJ9oc

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cr-znwb/znwb60/CHENXF.EXE
unpack001/cr-znwb/znwb60/CHENZNWB.EXE
unpack001/cr-znwb/znwb60/chenbfck.exe
unpack001/cr-znwb/znwb60/chenbmxg.exe
unpack001/cr-znwb/znwb60/chencksz.exe
unpack001/cr-znwb/znwb60/chendel.exe
unpack001/cr-znwb/znwb60/chendel64.exe
unpack001/cr-znwb/znwb60/chenhfck.exe
unpack001/cr-znwb/znwb60/chenhu32.ime
unpack001/cr-znwb/znwb60/chenhu4.ime
unpack001/cr-znwb/znwb60/chenhu64.ime
unpack001/cr-znwb/znwb60/install.exe
unpack001/cr-znwb/znwb60/setupwb64.exe
unpack001/cr-znwb/znwb60/wbftxf.exe

Files

6493355ba1cff0b1f9b2cbcd5b1993cf_JaffaCakes118
.rar
cr-znwb/znwb60/Autorun.inf
cr-znwb/znwb60/CHENXF.EXE
.exe windows:4 windows x86 arch:x86

77785f0d6d97db0c0200f36ce5f6be23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetStartupInfoA
GetCommandLineA
FlushFileBuffers
LCMapStringW
CloseHandle
GetStringTypeW
LCMapStringA
SetStdHandle
LoadLibraryA
GetStringTypeA
HeapReAlloc
GetProcAddress
HeapAlloc
GetOEMCP
VirtualAlloc
GetCPInfo
MultiByteToWideChar
GetACP
GetLastError
WriteFile
SetFilePointer
HeapFree
VirtualFree
RtlUnwind
GlobalFree
ExitProcess
HeapDestroy
lstrcpyA
lstrlenA
GetVersion
_lopen
_llseek
_lread
GlobalAlloc
GlobalLock
_lclose
GlobalUnlock
GetModuleHandleA
FreeEnvironmentStringsA
GetFileType
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle

user32

LoadAcceleratorsA
GetMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
GetActiveWindow
RegisterClassA
ShowWindow
LoadIconA
UpdateWindow
InvalidateRect
CreateWindowExA
GetSystemMetrics
DialogBoxParamA
SendDlgItemMessageA
EndDialog
SetActiveWindow
MessageBoxA
BeginPaint
PostQuitMessage
SetRect
DefWindowProcA
wsprintfA
EndPaint

gdi32

CreateDIBitmap
DeleteDC
DeleteObject
GetStockObject
TextOutA
CreateCompatibleDC
StretchBlt
SetTextColor
SelectObject
Rectangle
MoveToEx
LineTo
SetBkMode

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/CHENZNWB.EXE
.exe windows:4 windows x86 arch:x86

7c81ceb2da4a2c22f23e74a4223d322c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
GetDriveTypeA
GetShortPathNameA
GetVersion
OpenFileMappingA
SetCurrentDirectoryA
lstrlenA
lstrcpyA
GetOEMCP
GetSystemDirectoryA
GetLogicalDriveStringsA
FindClose
FindFirstFileA
FindNextFileA
_lopen
_lwrite
_lcreat
GlobalLock
_llseek
GlobalAlloc
GlobalFree
_lclose
_lread
UnmapViewOfFile
GlobalUnlock
CloseHandle
LCMapStringW
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetACP
GetCPInfo
WriteFile
LCMapStringA
HeapFree
WinExec
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
GetStringTypeW
GetStringTypeA
GetModuleHandleA

user32

LoadIconA
LoadCursorA
LoadAcceleratorsA
GetMessageA
DispatchMessageA
TranslateMessage
UpdateWindow
ShowWindow
CreateWindowExA
GetSystemMetrics
GetWindowTextA
DialogBoxParamA
InvalidateRect
PostMessageA
MessageBoxA
DefWindowProcA
SetRect
EndPaint
BeginPaint
SetWindowsHookExA
wsprintfA
ReleaseDC
GetDlgItemTextA
LoadKeyboardLayoutA
GetKeyboardLayoutList
CallNextHookEx
SendMessageA
EndDialog
SetFocus
SetWindowTextA
UnhookWindowsHookEx
SetActiveWindow
PostQuitMessage
GetDC
RegisterClassA
GetActiveWindow
ActivateKeyboardLayout
SetDlgItemTextA

gdi32

GetStockObject
SetBkColor
SetBkMode
SetTextColor
CreateFontA
GetTextExtentPoint32A
SelectObject
DeleteObject
LineTo
GetTextMetricsA
Rectangle
DeleteDC
MoveToEx
CreateCompatibleDC
CreateDIBitmap
StretchBlt
TextOutA

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

imm32

ImmGetDescriptionA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/CHZNWB41.BMP
cr-znwb/znwb60/CHZNWB52.BMP
cr-znwb/znwb60/big5hz.ov1
cr-znwb/znwb60/chen1.wav
cr-znwb/znwb60/chen2.wav
cr-znwb/znwb60/chenbfck.exe
.exe windows:4 windows x86 arch:x86

a1cfad95790962adda669fad8822c145

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
_lopen
_llseek
_lread
GlobalLock
GetModuleHandleA
GetStartupInfoA
CopyFileA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
lstrlenA
SetHandleCount
_lclose
GlobalAlloc
GetCommandLineA
WideCharToMultiByte
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
GlobalUnlock
GlobalFree
lstrcpyA
GetEnvironmentStringsW
TerminateProcess
GetEnvironmentStrings
GetVersion
ExitProcess
GetModuleFileNameA
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

TranslateMessage
GetActiveWindow
InvalidateRect
DispatchMessageA
GetMessageA
RegisterClassA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
SetRect
CreateWindowExA
GetSystemMetrics
SetActiveWindow
PostQuitMessage
SetWindowTextA
SetFocus
DefWindowProcA
GetWindowTextA
wsprintfA
PostMessageA
EndPaint
BeginPaint

gdi32

SelectObject
DeleteDC
StretchBlt
CreateDIBitmap
CreateCompatibleDC
GetStockObject
TextOutA
SetTextColor
SetBkColor
MoveToEx
SetBkMode
Rectangle
DeleteObject
LineTo

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chenbmxg.exe
.exe windows:4 windows x86 arch:x86

804d4bb129a0878f9e1ececf7639fb14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CloseHandle
OpenFileMappingA
_lcreat
MapViewOfFile
GetShortPathNameA
CreateProcessA
_lwrite
lstrcpyA
_llseek
GetSystemDirectoryA
_lopen
GlobalAlloc
GetModuleHandleA
GetStartupInfoA
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
LoadLibraryA
LCMapStringA
HeapReAlloc
GetProcAddress
HeapAlloc
GetOEMCP
VirtualAlloc
GetCPInfo
WriteFile
GetACP
HeapFree
VirtualFree
lstrlenA
RtlUnwind
GetCommandLineA
_lread
GetVersion
HeapDestroy
GetFileType
HeapCreate
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
WideCharToMultiByte
FreeEnvironmentStringsW
GlobalLock
_lclose
GlobalUnlock
GlobalFree
TerminateProcess
GetModuleFileNameA
GetEnvironmentStrings
ExitProcess
UnhandledExceptionFilter
GetCurrentProcess
FreeEnvironmentStringsA

user32

SetRect
TranslateMessage
CreateWindowExA
LoadAcceleratorsA
DispatchMessageA
GetMessageA
LoadCursorA
GetActiveWindow
RegisterClassA
ShowWindow
LoadIconA
UpdateWindow
GetSystemMetrics
EndPaint
EndDialog
GetDlgItemTextA
PostQuitMessage
SetActiveWindow
GetWindowTextA
SetFocus
DefWindowProcA
DialogBoxParamA
PostMessageA
InvalidateRect
SetWindowTextA
BeginPaint
wsprintfA

gdi32

SetTextColor
CreateFontA
GetStockObject
SelectObject
SetBkColor
SetBkMode
TextOutA
LineTo
MoveToEx
DeleteObject
CreateCompatibleDC
CreateDIBitmap
Rectangle
DeleteDC
StretchBlt

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chencksz.exe
.exe windows:4 windows x86 arch:x86

7c780bb69a509336a58f1b12692008ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingA
GetSystemDirectoryA
UnmapViewOfFile
CloseHandle
MapViewOfFile
lstrlenA
GetShortPathNameA
_lcreat
_lopen
_lwrite
lstrcpyA
_lread
GlobalFree
GetModuleHandleA
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
LoadLibraryA
LCMapStringA
HeapReAlloc
GetProcAddress
HeapAlloc
GetOEMCP
VirtualAlloc
GetCPInfo
WriteFile
GetACP
HeapFree
VirtualFree
RtlUnwind
GetVersion
GetStartupInfoA
GlobalAlloc
_llseek
GetCommandLineA
ExitProcess
HeapDestroy
GetFileType
HeapCreate
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
WideCharToMultiByte
GlobalLock
_lclose
GlobalUnlock
TerminateProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
GetCurrentProcess
FreeEnvironmentStringsA

user32

CreateWindowExA
ShowWindow
GetSystemMetrics
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassA
LoadAcceleratorsA
GetActiveWindow
UpdateWindow
LoadCursorA
LoadIconA
GetDlgItemTextA
InvalidateRect
SendDlgItemMessageA
SetDlgItemTextA
EndDialog
SetActiveWindow
GetDC
ReleaseDC
BeginPaint
PostQuitMessage
SetRect
DefWindowProcA
wsprintfA
EndPaint
MessageBoxA
PostMessageA
DialogBoxParamA

gdi32

SetBkColor
SelectObject
CreateFontA
GetStockObject
TextOutA
SetBkMode
DeleteObject
SetTextColor
MoveToEx
Rectangle
LineTo
StretchBlt
CreateCompatibleDC
CreateDIBitmap
DeleteDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chencyzk.txt
cr-znwb/znwb60/chendat.dat
cr-znwb/znwb60/chendel.exe
.exe windows:5 windows x86 arch:x86

f93e67dedcb1855bcb1259fdcec96f45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetLocaleInfoA
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryA
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetWindowsDirectoryA
lstrlenA
_lread
FindFirstFileA
SetCurrentDirectoryA
FindNextFileA
FindClose
RemoveDirectoryA
SetFileAttributesA
_lopen
_lclose
lstrcpyA
GetLastError
DeleteFileA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA

user32

LoadAcceleratorsA
GetMessageA
DispatchMessageA
TranslateMessage
LoadIconA
LoadCursorA
RegisterClassA
PostQuitMessage
SetRect
BeginPaint
EndPaint
DefWindowProcA
InvalidateRect
FindWindowA
PostMessageA
wsprintfA
MessageBoxA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow

gdi32

SetTextColor
TextOutA
GetStockObject
SelectObject
Rectangle
MoveToEx
LineTo
SetBkMode

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chendel64.exe
.exe windows:5 windows x64 arch:x64

58f21d1392a069d7aa63bb9d6fdc64f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapReAlloc
HeapAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
GetLocaleInfoA
HeapSize
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetSystemDirectoryA
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetWindowsDirectoryA
lstrlenA
_lread
FindFirstFileA
SetCurrentDirectoryA
FindNextFileA
FindClose
RemoveDirectoryA
SetFileAttributesA
_lopen
_lclose
LCMapStringA
lstrcpyA
GetLastError
DeleteFileA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection

user32

LoadAcceleratorsA
GetMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
InvalidateRect
BeginPaint
EndPaint
PostQuitMessage
SetRect
FindWindowA
PostMessageA
wsprintfA
MessageBoxA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow

gdi32

SetTextColor
TextOutA
GetStockObject
SelectObject
Rectangle
MoveToEx
LineTo
SetBkMode

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chendhz.chh
cr-znwb/znwb60/chendwdw.txt
cr-znwb/znwb60/chengbk.ovl
cr-znwb/znwb60/chenhfck.exe
.exe windows:4 windows x86 arch:x86

7fe6926658d6fb3ba0efb414d0e2d86d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
_lopen
_llseek
_lread
GlobalLock
GetModuleHandleA
GetStartupInfoA
CopyFileA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
lstrlenA
SetHandleCount
_lclose
GlobalAlloc
GetCommandLineA
WideCharToMultiByte
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
GlobalUnlock
GlobalFree
lstrcpyA
GetEnvironmentStringsW
TerminateProcess
GetEnvironmentStrings
GetVersion
ExitProcess
GetModuleFileNameA
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

TranslateMessage
GetActiveWindow
InvalidateRect
DispatchMessageA
GetMessageA
RegisterClassA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
SetRect
CreateWindowExA
GetSystemMetrics
SetActiveWindow
PostQuitMessage
SetWindowTextA
SetFocus
DefWindowProcA
GetWindowTextA
wsprintfA
PostMessageA
EndPaint
BeginPaint

gdi32

SelectObject
DeleteDC
StretchBlt
CreateDIBitmap
CreateCompatibleDC
GetStockObject
TextOutA
SetTextColor
SetBkColor
MoveToEx
SetBkMode
Rectangle
DeleteObject
LineTo

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chenhu32.ime
.dll windows:5 windows x86 arch:x86

4cc006cdf9ede475e86f042e7c27ab5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

winmm

PlaySoundA

imm32

ImmLockIMC
ImmGetOpenStatus
ImmUnlockIMCC
ImmLockIMCC
ImmGenerateMessage
ImmUnlockIMC

kernel32

GlobalUnlock
GlobalFree
GetFileTime
lstrcpyW
MapViewOfFile
UnmapViewOfFile
GetLastError
CopyFileA
CreateFileMappingA
OpenFileMappingA
LocalFree
DeleteFileA
lstrcmpA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
RaiseException
HeapReAlloc
VirtualAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
IsValidCodePage
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
Sleep
FileTimeToSystemTime
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
CreateThread
ResumeThread
ExitThread
ReadFile
GetFileAttributesA
HeapSize
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
WriteFile
SetFilePointer
OpenFile
CreateFileA
GetProcAddress
GetVersionExW
LoadLibraryW
WideCharToMultiByte
FreeLibrary
GetSystemTime
lstrcatA
lstrlenW
GetWindowsDirectoryA
GetTickCount
lstrcpyA
MultiByteToWideChar
lstrlenA
CreateProcessA
GlobalAlloc
GlobalLock
GetVersion
CloseHandle
SetFileAttributesA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapDestroy

user32

LoadMenuA
PtInRect
GetWindowTextA
GetKeyboardLayout
GetSubMenu
GetDesktopWindow
LoadBitmapW
SetCursor
FindWindowA
BringWindowToTop
TrackPopupMenu
ScreenToClient
FindWindowW
SetWindowRgn
GetClientRect
BeginPaint
SystemParametersInfoW
CreateWindowExW
DestroyMenu
SetCapture
SetWindowLongW
GetCursorPos
ReleaseCapture
GetSystemMetrics
DialogBoxParamW
keybd_event
CloseClipboard
GetClassNameA
GetParent
GetClipboardData
PostMessageA
OpenClipboard
GetWindowRect
GetDlgItem
EndDialog
SendDlgItemMessageW
CreateDialogParamW
ClientToScreen
DestroyWindow
SetTimer
SetActiveWindow
UnregisterClassW
PostMessageW
KillTimer
LoadCursorW
SetFocus
GetDC
RegisterClassExW
GetWindowLongW
ReleaseDC
DefWindowProcW
MoveWindow
RegisterWindowMessageW
EnumChildWindows
SendMessageTimeoutW
SendMessageW
GetFocus
MessageBeep
wsprintfA
wsprintfW
MessageBoxA
InvalidateRect
GetWindowTextW
GetClassNameW
SetWindowPos
ShowWindow
GetActiveWindow
IsWindow
SetWindowTextW
GetWindow
EndPaint

gdi32

CreateRectRgn
CreatePen
TextOutA
PatBlt
DeleteDC
CreateDCA
SelectObject
CombineRgn
GetTextExtentPointA
GetStockObject
TextOutW
StretchBlt
GetDeviceCaps
GetTextMetricsW
SetBkMode
SetBkColor
SetTextColor
LineTo
MoveToEx
CreateRoundRectRgn
Rectangle
CreateFontA
CreateDIBitmap
DeleteObject
CreateCompatibleDC
GetClipBox

advapi32

GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteA

ole32

CoUninitialize
CLSIDFromProgID
CoInitialize
CoCreateInstance

oleaut32

SysFreeString

comctl32

ord17

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hchenhuz
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chenhu4.ime
.dll windows:5 windows x86 arch:x86

5ba421b2d6fe96185172d3465ec5d14a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

winmm

PlaySoundA

imm32

ImmLockIMC
ImmGetOpenStatus
ImmUnlockIMCC
ImmLockIMCC
ImmGenerateMessage
ImmUnlockIMC

kernel32

GlobalAlloc
CreateProcessA
FileTimeToSystemTime
GlobalUnlock
GlobalFree
GetFileTime
lstrcpyW
MapViewOfFile
UnmapViewOfFile
GetLastError
CopyFileA
CreateFileMappingA
OpenFileMappingA
DeleteFileA
lstrcmpA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
RaiseException
HeapReAlloc
VirtualAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
ExitProcess
Sleep
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
CreateThread
ResumeThread
ExitThread
SetFilePointer
OpenFile
HeapSize
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
GetProcAddress
GetVersionExW
LoadLibraryW
WideCharToMultiByte
FreeLibrary
GetSystemTime
lstrcatA
lstrlenW
GetWindowsDirectoryA
GetTickCount
lstrcpyA
MultiByteToWideChar
lstrlenA
GlobalLock
GetVersion
CloseHandle
SetFileAttributesA
IsValidCodePage
ReadFile
SetHandleCount
GetFileAttributesA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualFree

user32

LoadMenuA
PtInRect
GetWindowTextA
GetKeyboardLayout
GetSubMenu
GetDesktopWindow
LoadBitmapW
SetCursor
FindWindowA
BringWindowToTop
TrackPopupMenu
ScreenToClient
FindWindowW
SetWindowRgn
EndPaint
BeginPaint
SystemParametersInfoW
CreateWindowExW
DestroyMenu
SetCapture
SetWindowLongW
GetCursorPos
ReleaseCapture
GetSystemMetrics
DialogBoxParamW
keybd_event
CloseClipboard
GetClassNameA
GetParent
GetClipboardData
PostMessageA
OpenClipboard
GetWindowRect
GetDlgItem
EndDialog
SendDlgItemMessageW
CreateDialogParamW
ClientToScreen
DestroyWindow
SetTimer
SetActiveWindow
UnregisterClassW
PostMessageW
KillTimer
LoadCursorW
SetFocus
GetDC
RegisterClassExW
GetWindowLongW
ReleaseDC
DefWindowProcW
MoveWindow
RegisterWindowMessageW
EnumChildWindows
SendMessageTimeoutW
SendMessageW
GetFocus
MessageBeep
wsprintfA
wsprintfW
MessageBoxA
InvalidateRect
GetWindowTextW
GetClassNameW
SetWindowPos
ShowWindow
GetActiveWindow
IsWindow
SetWindowTextW
GetWindow
GetClientRect

gdi32

CreateRectRgn
CreatePen
TextOutA
PatBlt
DeleteDC
CreateDCA
SelectObject
DeleteObject
CombineRgn
GetStockObject
TextOutW
CreateDIBitmap
GetClipBox
CreateCompatibleDC
StretchBlt
GetDeviceCaps
GetTextMetricsW
SetBkMode
SetBkColor
SetTextColor
LineTo
MoveToEx
CreateRoundRectRgn
GetTextExtentPointA
CreateFontA
Rectangle

shell32

ShellExecuteA

ole32

CoUninitialize
CLSIDFromProgID
CoInitialize
CoCreateInstance

oleaut32

SysFreeString

comctl32

ord17

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hchenhuz
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chenhu64.ime
.dll windows:5 windows x64 arch:x64

9ad383d7807b448731dac914e3bb0faa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

winmm

PlaySoundA

imm32

ImmLockIMC
ImmGetOpenStatus
ImmUnlockIMCC
ImmLockIMCC
ImmGenerateMessage
ImmUnlockIMC

kernel32

GlobalUnlock
GlobalFree
GetFileTime
lstrcpyW
MapViewOfFile
UnmapViewOfFile
GetLastError
CopyFileA
CreateFileMappingA
OpenFileMappingA
LocalFree
DeleteFileA
lstrcmpA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlPcToFileHeader
RaiseException
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapDestroy
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
IsValidCodePage
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
Sleep
GetModuleHandleW
RtlUnwindEx
FlsAlloc
FileTimeToSystemTime
SetLastError
FlsFree
FlsGetValue
DecodePointer
EncodePointer
HeapFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
CreateThread
ResumeThread
ExitThread
ReadFile
GetFileAttributesA
HeapSize
HeapReAlloc
GetLocaleInfoA
WriteFile
SetFilePointer
OpenFile
CreateFileA
GetProcAddress
GetVersionExW
LoadLibraryW
WideCharToMultiByte
FreeLibrary
GetSystemTime
lstrcatA
lstrlenW
GetWindowsDirectoryA
GetTickCount
lstrcpyA
MultiByteToWideChar
lstrlenA
CreateProcessA
GlobalAlloc
GlobalLock
GetVersion
CloseHandle
SetFileAttributesA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsW

user32

LoadMenuA
PtInRect
GetWindowTextA
GetKeyboardLayout
BringWindowToTop
GetDesktopWindow
GetSubMenu
TrackPopupMenu
LoadBitmapW
DestroyMenu
FindWindowA
ScreenToClient
FindWindowW
EndPaint
GetClientRect
SetCursor
BeginPaint
SystemParametersInfoW
CreateWindowExW
SetCapture
SetWindowLongW
GetCursorPos
ReleaseCapture
GetSystemMetrics
DialogBoxParamW
keybd_event
CloseClipboard
GetClassNameA
GetParent
GetClipboardData
PostMessageA
OpenClipboard
GetWindowRect
GetDlgItem
EndDialog
SendDlgItemMessageW
CreateDialogParamW
ClientToScreen
DestroyWindow
SetTimer
SetActiveWindow
UnregisterClassW
PostMessageW
KillTimer
LoadCursorW
SetFocus
GetDC
RegisterClassExW
GetWindowLongW
ReleaseDC
DefWindowProcW
MoveWindow
RegisterWindowMessageW
EnumChildWindows
SendMessageTimeoutW
SendMessageW
GetFocus
MessageBeep
wsprintfA
wsprintfW
MessageBoxA
InvalidateRect
GetWindowTextW
GetClassNameW
SetWindowPos
ShowWindow
GetActiveWindow
IsWindow
SetWindowTextW
GetWindow
SetWindowRgn

gdi32

SetBkColor
SetBkMode
CombineRgn
CreateRectRgn
CreatePen
TextOutA
PatBlt
SetTextColor
CreateDCA
SelectObject
DeleteObject
GetTextExtentPointA
GetStockObject
TextOutW
LineTo
MoveToEx
CreateRoundRectRgn
Rectangle
CreateFontA
CreateDIBitmap
GetClipBox
CreateCompatibleDC
StretchBlt
DeleteDC
GetTextMetricsW
GetDeviceCaps

advapi32

GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteA

ole32

CoUninitialize
CLSIDFromProgID
CoInitialize
CoCreateInstance

oleaut32

SysFreeString

comctl32

ord17

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

hchenhuz
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/chenjfk.ov1
cr-znwb/znwb60/chenpymb.ov1
cr-znwb/znwb60/chenskfh.chh
cr-znwb/znwb60/chenszsj.chh
cr-znwb/znwb60/chenynhz.txt
cr-znwb/znwb60/chenzdfh.txt
cr-znwb/znwb60/chenzdym.txt
cr-znwb/znwb60/chfz0.bmp
cr-znwb/znwb60/chfz1.bmp
cr-znwb/znwb60/chfz2.bmp
cr-znwb/znwb60/chfz3.bmp
cr-znwb/znwb60/chfz4.bmp
cr-znwb/znwb60/chgbkbh.chh
cr-znwb/znwb60/chpyjm1.txt
cr-znwb/znwb60/chpykey0.txt
cr-znwb/znwb60/chpykey1.txt
cr-znwb/znwb60/chpykey2.txt
cr-znwb/znwb60/chpykey3.txt
cr-znwb/znwb60/chpykey4.txt
cr-znwb/znwb60/chpykey5.txt
cr-znwb/znwb60/chszsj01.chh
cr-znwb/znwb60/chszsj02.chh
cr-znwb/znwb60/chszsj03.chh
cr-znwb/znwb60/chszsj04.chh
cr-znwb/znwb60/chszsj43.chh
cr-znwb/znwb60/chszsj44.chh
cr-znwb/znwb60/chszsjpy.chh
cr-znwb/znwb60/chver.txt
cr-znwb/znwb60/chwbjm.txt
cr-znwb/znwb60/chwbpy.txt
cr-znwb/znwb60/chword.chh
cr-znwb/znwb60/chznwb11.bmp
cr-znwb/znwb60/chznwb12.bmp
cr-znwb/znwb60/chznwb13.bmp
cr-znwb/znwb60/chznwb14.bmp
cr-znwb/znwb60/chznwb15.bmp
cr-znwb/znwb60/chznwb16.bmp
cr-znwb/znwb60/chznwb17.bmp
cr-znwb/znwb60/chznwb18.bmp
cr-znwb/znwb60/chznwb21.bmp
cr-znwb/znwb60/chznwb22.bmp
cr-znwb/znwb60/chznwb23.bmp
cr-znwb/znwb60/chznwb24.bmp
cr-znwb/znwb60/chznwb25.bmp
cr-znwb/znwb60/chznwb26.bmp
cr-znwb/znwb60/chznwb27.bmp
cr-znwb/znwb60/chznwb28.bmp
cr-znwb/znwb60/chznwb31.bmp
cr-znwb/znwb60/chznwb32.bmp
cr-znwb/znwb60/chznwb33.bmp
cr-znwb/znwb60/chznwb34.bmp
cr-znwb/znwb60/chznwb51.BMP
cr-znwb/znwb60/chznwb61.bmp
cr-znwb/znwb60/cwb.ov1
cr-znwb/znwb60/cwbzlcz1.txt
cr-znwb/znwb60/install.exe
.exe windows:5 windows x86 arch:x86

1823fe6659043f1172e97df4e499d75c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

imm32

ImmInstallIMEA
ImmInstallIMEW

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA

kernel32

GetSystemDirectoryW
GetVersion
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetOEMCP
GetVersionExA
GetDriveTypeA
WaitForSingleObject
GetLastError
CreateProcessA
SetCurrentDirectoryA
GetLogicalDriveStringsA
GetSystemTime
SetStdHandle
SetFilePointer
HeapSize
_llseek
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
HeapReAlloc
_lcreat
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
IsValidCodePage
GlobalAlloc
GlobalLock
_lread
_lwrite
GlobalUnlock
GlobalFree
SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
WinExec
CreateFileA
CloseHandle
GetCurrentDirectoryA
lstrcpyA
lstrlenA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
_lopen
VirtualAlloc
_lclose
ReadFile
CreateDirectoryA
DeleteFileA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP

user32

LoadAcceleratorsA
GetMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassA
SetFocus
PostQuitMessage
SetRect
BeginPaint
EndPaint
DefWindowProcA
MessageBoxW
SetWindowTextA
GetWindowTextA
DestroyWindow
InvalidateRect
CharUpperA
wsprintfW
MessageBoxA
wsprintfA
GetDC
ReleaseDC
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
PostMessageA

gdi32

GetTextMetricsA
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
CreatePalette
SelectPalette
RealizePalette
StretchDIBits
GetStockObject
Rectangle
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
SetBkMode
SetTextColor
TextOutA
CreateFontA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/jfhzb.txt
cr-znwb/znwb60/pyqspmb.txt
cr-znwb/znwb60/setupwb64.exe
.exe windows:5 windows x64 arch:x64

4c649a1e605736d67c7cf271268b11d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netapi32

Netbios

imm32

ImmInstallIMEA
ImmInstallIMEW

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA

kernel32

GetSystemDirectoryW
GetVersion
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetOEMCP
GetVersionExA
GetDriveTypeA
WaitForSingleObject
GetLastError
CreateProcessA
SetCurrentDirectoryA
GetLogicalDriveStringsA
GetSystemTime
SetStdHandle
SetFilePointer
HeapSize
_llseek
HeapReAlloc
HeapAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
_lcreat
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
HeapFree
IsValidCodePage
GetACP
GetCPInfo
GlobalAlloc
GlobalLock
_lread
_lwrite
GlobalUnlock
GlobalFree
SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
WinExec
CreateFileA
CloseHandle
GetCurrentDirectoryA
lstrcpyA
lstrlenA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
_lopen
InitializeCriticalSectionAndSpinCount
_lclose
ReadFile
CreateDirectoryA
DeleteFileA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

LoadAcceleratorsA
GetMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassA
SetFocus
PostQuitMessage
SetRect
BeginPaint
EndPaint
DefWindowProcA
MessageBoxW
SetWindowTextA
GetWindowTextA
DestroyWindow
InvalidateRect
CharUpperA
wsprintfW
MessageBoxA
wsprintfA
GetDC
ReleaseDC
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
PostMessageA

gdi32

GetTextMetricsA
CreateFontA
CreateSolidBrush
SetBkColor
CreatePalette
SelectPalette
RealizePalette
StretchDIBits
GetStockObject
Rectangle
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
SetBkMode
SetTextColor
TextOutA
GetTextExtentPoint32A

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/softkey.txt
cr-znwb/znwb60/uwb.chh
cr-znwb/znwb60/wbftxf.exe
.exe windows:4 windows x86 arch:x86

5b252f53572e66caf1c6e4a880faa928

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
lstrcpyA
lstrlenA
WideCharToMultiByte
VirtualFree
HeapFree
FlushFileBuffers
LCMapStringW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetOEMCP
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualAlloc
CloseHandle
RtlUnwind
WriteFile
GetLastError
SetFilePointer
MultiByteToWideChar
GetCPInfo
GetACP
HeapAlloc
SetStdHandle
HeapReAlloc
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
ReadFile
LCMapStringA

user32

MessageBoxA
CharUpperA
wsprintfA

imm32

ImmInstallIMEA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cr-znwb/znwb60/znwb1.bmp
cr-znwb/znwb60/znwb2.bmp
cr-znwb/下载说明.htm
.html
cr-znwb/飘荡精品软件.url
.url

Sharing

General

Malware Config

Signatures

Files

77785f0d6d97db0c0200f36ce5f6be23

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 2KB

7c81ceb2da4a2c22f23e74a4223d322c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

imm32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 1KB

a1cfad95790962adda669fad8822c145

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

804d4bb129a0878f9e1ececf7639fb14

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

7c780bb69a509336a58f1b12692008ff

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

f93e67dedcb1855bcb1259fdcec96f45

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 17KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 25KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 19KB

hchenhuz
Size: 512B - Virtual size: 304B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 22KB - Virtual size: 21KB