7fa8b1d22eb1f003343c7c17c71f6742_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7fa8b1d22eb1f003343c7c17c71f6742_JaffaCakes118
Size

989KB
MD5

7fa8b1d22eb1f003343c7c17c71f6742
SHA1

c7b2015fa4a03ebb26788a8befc20d2b0098389b
SHA256

0aabb2fc46513b351c164ce16f6b0b4056c3e9a110df59a7089012bd43b2723d
SHA512

cf1cc716749789d5bd521256be7414952422311e67ac14fe5676f414a4695cee7b12599a5293ba4f2c54b4cfc10e331b880ba9cd5911f393ca629592ae06a6e3
SSDEEP

24576:CR6uHpvfa9opyLziPZqJ/MLLHxvOk1Z75wriD6VtA9hRxv4SPlcEB5:CRbHpHgWhIJ/MLLR2k1heKjfv4SNcQ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
7fa8b1d22eb1f003343c7c17c71f6742_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/QTranslate.exe
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack001/bass.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

7fa8b1d22eb1f003343c7c17c71f6742_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetFileAttributesA
SetFileAttributesA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
GetCurrentProcess
GetFullPathNameA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
SetErrorMode
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.rtf
.rtf
Locales/Arabic/help.txt
Locales/Arabic/lang.json
Locales/Bulgarian/help.txt
Locales/Bulgarian/lang.json
Locales/Chinese (Simplified)/help.txt
Locales/Chinese (Simplified)/lang.json
Locales/Chinese (Traditional)/help.txt
Locales/Chinese (Traditional)/lang.json
Locales/Czech/help.txt
Locales/Czech/lang.json
Locales/Danish/help.txt
Locales/Danish/lang.json
Locales/Dutch/help.txt
Locales/Dutch/lang.json
Locales/English/help.txt
Locales/English/lang.json
Locales/Farsi/help.txt
Locales/Farsi/lang.json
Locales/Finnish/help.txt
Locales/Finnish/lang.json
Locales/French/help.txt
Locales/French/lang.json
Locales/German/help.txt
Locales/German/lang.json
Locales/Greek/help.txt
Locales/Greek/lang.json
Locales/Hebrew/help.txt
Locales/Hebrew/lang.json
Locales/Hungarian/help.txt
Locales/Hungarian/lang.json
Locales/Italian/help.txt
Locales/Italian/lang.json
Locales/Japanese/help.txt
Locales/Japanese/lang.json
Locales/Korean/help.txt
Locales/Korean/lang.json
Locales/Latvian/help.txt
Locales/Latvian/lang.json
Locales/Polish/help.txt
Locales/Polish/lang.json
Locales/Portuguese (Brazilian)/help.txt
Locales/Portuguese (Brazilian)/lang.json
Locales/Portuguese (Europian)/help.txt
Locales/Portuguese (Europian)/lang.json
Locales/Romanian/help.txt
Locales/Romanian/lang.json
Locales/Russian/help.txt
Locales/Russian/lang.json
Locales/Serbian/help.txt
Locales/Serbian/lang.json
Locales/Slovak/help.txt
Locales/Slovak/lang.json
Locales/Slovenian/help.txt
Locales/Slovenian/lang.json
Locales/Spanish/help.txt
Locales/Spanish/lang.json
Locales/Swedish/help.txt
Locales/Swedish/lang.json
Locales/Turkish/help.txt
Locales/Turkish/lang.json
Locales/Ukrainian/help.txt
Locales/Ukrainian/lang.json
Locales/Uyghur/help.txt
Locales/Uyghur/lang.json
Locales/Vietnamese/help.txt
Locales/Vietnamese/lang.json
Plugins/History/Csv.js
Plugins/History/Html.js
Plugins/History/Json.js
.js
Plugins/History/Txt.js
QTranslate.exe
.exe windows:5 windows x86 arch:x86

98872403d959a18bc9855de59955c1c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Programming\QTranslate\Bin\QTranslate.pdb

Imports

kernel32

CreateDirectoryW
FindFirstFileW
FindNextFileW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
GetTimeZoneInformation
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
ReadConsoleW
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
CloseHandle
OpenProcess
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
QueryPerformanceFrequency
FindFirstFileA
ExpandEnvironmentStringsA
VerifyVersionInfoW
HeapReAlloc
FormatMessageA
InitializeCriticalSection
SleepEx
GetTempPathW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetSystemDefaultUILanguage
SetFilePointer
InterlockedIncrement
DeleteFileW
GetFileSize
WriteFile
ReadFile
CreateFileW
GetModuleHandleW
GetCommandLineW
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
LocalFree
GetTempFileNameW
FormatMessageW
LCMapStringW
GetThreadPriority
SetThreadPriority
TerminateThread
ResumeThread
SuspendThread
CreateThread
ResetEvent
WaitForSingleObject
SetEvent
CreateEventW
FreeLibrary
GetProcAddress
LoadLibraryW
DecodePointer
CreateMutexW
WideCharToMultiByte
lstrcmpiW
GetModuleFileNameW
CompareStringW
MultiByteToWideChar
SetLastError
GetLocaleInfoW
Sleep
QueueUserWorkItem
GetSystemTime
MulDiv
GetCurrentThreadId
GetVersionExW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
WriteConsoleW
SetEndOfFile
QueryDosDeviceW
HeapSize
HeapDestroy
GetFileAttributesW
RaiseException
VerSetConditionMask
InitializeCriticalSectionAndSpinCount

user32

ReleaseDC
TranslateMessage
GetWindowDC
IsWindow
EndPaint
BeginPaint
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageW
MsgWaitForMultipleObjectsEx
OpenClipboard
CloseClipboard
DefWindowProcW
LoadImageW
FindWindowW
WindowFromPoint
EnumChildWindows
MonitorFromRect
GetComboBoxInfo
GetClassLongW
SetWindowRgn
GetAncestor
GetClassNameW
GetDesktopWindow
GetClientRect
DispatchMessageW
DispatchMessageA
GetWindowInfo
IsZoomed
CopyImage
EnumWindows
IsRectEmpty
SetActiveWindow
SetRectEmpty
GetMenuState
SendInput
TranslateAcceleratorW
LoadAcceleratorsW
GetAsyncKeyState
SetWindowPlacement
CreateDialogParamW
IsMenu
SetLayeredWindowAttributes
DialogBoxParamW
EndDialog
CheckDlgButton
IsDlgButtonChecked
GetClassInfoExW
RegisterClassExW
RedrawWindow
EqualRect
IntersectRect
PostQuitMessage
MessageBoxW
GetRawInputData
SystemParametersInfoW
RegisterWindowMessageW
GetLastInputInfo
GetGUIThreadInfo
GetKeyboardLayout
GetForegroundWindow
GetCapture
GetIconInfo
DrawIconEx
FrameRect
EnumClipboardFormats
CountClipboardFormats
SetWindowLongW
UnhookWinEvent
GetDlgCtrlID
SetTimer
SetWinEventHook
SetClipboardData
GetClipboardSequenceNumber
GetMessagePos
DestroyIcon
OffsetRect
SetRect
DrawFocusRect
GetFocus
GetActiveWindow
LoadIconW
SendDlgItemMessageW
SetDlgItemInt
GetKeyState
GetDoubleClickTime
GetClipboardData
EmptyClipboard
GetWindowLongW
GetDlgItem
SetDlgItemTextW
SetWindowPos
MapWindowPoints
GetParent
GetWindowRect
GetMonitorInfoW
InvalidateRect
MonitorFromWindow
GetWindow
ScreenToClient
SetWindowTextW
IsChild
IsDialogMessageW
DestroyWindow
GetWindowThreadProcessId
GetSysColor
PostMessageW
MapVirtualKeyW
GetKeyNameTextW
CreateWindowExW
SendMessageW
CheckMenuItem
CheckMenuRadioItem
GetMenuItemInfoW
CreatePopupMenu
LoadMenuW
GetSubMenu
DestroyMenu
SetMenuItemInfoW
KillTimer
GetDlgItemInt
EnableWindow
InsertMenuItemW
ClientToScreen
AppendMenuW
RemoveMenu
EnableMenuItem
GetMenuItemCount
SetForegroundWindow
TrackPopupMenu
GetCursorPos
GetKeyboardLayoutList
VkKeyScanExW
ToUnicodeEx
GetSystemMetrics
RegisterRawInputDevices
RegisterHotKey
UnregisterHotKey
GetCursor
LoadCursorW
SetCursor
DrawTextW
CopyRect
MoveWindow
InflateRect
SetFocus
IsIconic
ShowWindow
GetWindowPlacement
MonitorFromPoint
PtInRect
ReleaseCapture
SetCapture
IsWindowEnabled
UnregisterClassW
CallWindowProcW
IsWindowVisible
GetWindowTextLengthW
GetWindowTextW
GetDC

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptImportKey
CryptEncrypt
CryptDestroyKey

ole32

OleInitialize
CoTaskMemFree
OleRun
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
OleUninitialize
CoUninitialize

shell32

Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW
ExtractIconW

oleaut32

SetErrorInfo
VariantInit
VariantClear
SysStringLen
GetErrorInfo
CreateErrorInfo
SysFreeString
SysAllocString
SafeArrayCreateVector
SafeArrayDestroy
VariantChangeType
VariantCopy
VariantCopyInd
DispCallFunc
SysAllocStringLen

shlwapi

PathFindExtensionW
PathFindFileNameW
HashData
PathRemoveExtensionW
ColorHLSToRGB
ColorRGBToHLS
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

gdi32

DeleteDC
CreateBitmap
RoundRect
CreateSolidBrush
GetStockObject
SetBkColor
ExtTextOutW
GetPixel
GetDIBits
CreateCompatibleDC
GetTextMetricsW
SetViewportOrgEx
GetTextExtentPoint32W
CreateRectRgn
CreateRoundRectRgn
CreatePolygonRgn
ExcludeClipRect
SelectClipRgn
IntersectClipRect
SetPixelV
GetTextColor
LineTo
MoveToEx
BitBlt
Rectangle
SelectObject
CreatePen
SetROP2
EnumFontFamiliesExW
GetDeviceCaps
SetTextColor
SetBkMode
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap
DeleteObject

psapi

EnumProcesses
GetProcessImageFileNameW

oleacc

AccessibleObjectFromPoint

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpOpen

sensapi

IsNetworkAlive

msimg32

GradientFill
AlphaBlend

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_SetBkColor
_TrackMouseEvent
ImageList_GetIcon
ImageList_GetIconSize
ord413
ord410
ord412
ord411
ImageList_Create

gdiplus

GdipFree
GdipAlloc
GdipDeleteBrush
GdipCloneBrush
GdipCreateLineBrushFromRect
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangle
GdipCreateSolidFill
GdipDeletePen
GdipDrawRectangle
GdipDisposeImage
GdipCreatePath
GdipDeletePath
GdipResetPath
GdipClosePathFigure
GdipAddPathLine
ord1
GdipDrawPath
GdipFillPath
GdipCloneImage
GdipSaveImageToFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipCreateHICONFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreatePen1
GdipSetSmoothingMode
GdipCreatePen2

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

bass

BASS_Init
BASS_StreamCreateFile
BASS_RecordInit
BASS_RecordFree
BASS_RecordStart
BASS_ErrorGetCode
BASS_ChannelStop
BASS_StreamFree
BASS_RecordGetInput
BASS_Free
BASS_ChannelSetSync
BASS_ChannelPlay
BASS_RecordSetDevice

ws2_32

getpeername
WSAStartup
WSACleanup
WSAGetLastError
recv
send
setsockopt
htons
getsockopt
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
__WSAFDIsSet
select
connect
WSAIoctl
closesocket
WSASetLastError
bind
getsockname
socket
ntohs

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resources/XdxfArticle.xslt
Services/ABBYY Lingvo Live/Service.ico
Services/ABBYY Lingvo Live/Service.js
.js
Services/Babylon Dictionary/Service.ico
Services/Babylon Dictionary/Service.js
Services/Babylon/Service.ico
Services/Babylon/Service.js
.js
Services/Baidu/Service.ico
Services/Baidu/Service.js
.js
Services/Common.js
.js
Services/DeepL/Service.ico
Services/DeepL/Service.js
.js
Services/Google Search/Service.ico
Services/Google Search/Service.js
.js
Services/Google Translate/Service.ico
Services/Google Translate/Service.js
.js
Services/ImTranslator/Service.ico
Services/ImTranslator/Service.js
Services/Microsoft Translator/Service.ico
Services/Microsoft Translator/Service.js
.js
Services/Multitran/Service.ico
Services/Multitran/Service.js
.js
Services/Naver/Service.ico
Services/Naver/Service.js
.js
Services/Oxford Learner Dictionary/Service.ico
Services/Oxford Learner Dictionary/Service.js
.js
Services/Promt/Service.ico
Services/Promt/Service.js
Services/Reverso/Service.ico
Services/Reverso/Service.js
.js
Services/Urban Dictionary/Service.ico
Services/Urban Dictionary/Service.js
.js
Services/Wikipedia/Service.ico
Services/Wikipedia/Service.js
.js
Services/WordReference/Service.ico
Services/WordReference/Service.js
.js
Services/Yandex/Service.ico
Services/Yandex/Service.js
.js
Services/youdao/Service.ico
Services/youdao/Service.js
.js
Themes/Blue.json
Themes/Brackets.json
Themes/Flat Dark.json
Themes/Holo Dark.json
Themes/Holo Light.json
Themes/Metro.json
Themes/Outlook Gray.json
Themes/Photoshop Dark.json
Uninstall.exe
.exe windows:4 windows x86 arch:x86

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetFileAttributesA
SetFileAttributesA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
GetCurrentProcess
GetFullPathNameA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
SetErrorMode
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetAttributeEx
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetLevelEx
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetAttributeEx
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_FXSetPriority
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_IsStarted
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 120KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

petite
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 28KB - Virtual size: 27KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

cce05dea98cbac3a9d486b233588f528

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 692B

.rdata Size: 1024B - Virtual size: 673B

.data Size: 512B - Virtual size: 120B

.reloc Size: 512B - Virtual size: 240B

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 620B

98872403d959a18bc9855de59955c1c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 1024B - Virtual size: 692B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 620B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 19KB - Virtual size: 34KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 50KB - Virtual size: 49KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 1024B - Virtual size: 692B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 512B - Virtual size: 240B