7fd7f66eeb4027972a82156a2e80efcd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7fd7f66eeb4027972a82156a2e80efcd_JaffaCakes118
Size

4.7MB
MD5

7fd7f66eeb4027972a82156a2e80efcd
SHA1

2cb9ce64a2ca5ee037ab7326f161cda5bbc3edeb
SHA256

bd5b9cbc55f800add8b36d3f528e368824923f5f3d29ef31080ce1162ed236be
SHA512

4a53b7d7b825f641d9eecbf2997e672eabf7ab27af5fe54b4ee3e3c0a0aa6e4272f32a2ca5bb5dd0e7202e22c9ba90d5ff898ce61317b34d127b529721d29bc4
SSDEEP

98304:jBq+WEE5G/hdVTQLcXaxgSgnROJL92tM20ve7M8HlnY8N6+iyvcOLkrUQPasRNeh:t5E5GHVDXaoOl9sOvonWP4WDo

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$APPDATA/StarMule/config/countryflag.dll
unpack001/$APPDATA/StarMule/config/countryflag32.dll
unpack001/$PLUGINSDIR/SimpleFC.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/StarMule.exe
unpack001/config/countryflag.dll
unpack001/config/countryflag32.dll

Files

7fd7f66eeb4027972a82156a2e80efcd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c6:67:10:f8:a0:ab:39:43:95:39:eb:e7:b5:f9:18:6c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/11/2017, 00:00

Not After

08/11/2018, 23:59

Subject

CN=Prospera Software\, Inc.,O=Prospera Software\, Inc.,POSTALCODE=30024,STREET=1000 Peachtree Ind Blvd\, Suite 6-189,L=Suwanee,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:9a:68:0c:8a:3f:34:2a:55:45:a7:a1:16:c5:01:33:3c:93:72:67
Signer

Actual PE Digest

ba:9a:68:0c:8a:3f:34:2a:55:45:a7:a1:16:c5:01:33:3c:93:72:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/StarMule/config/countryflag.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\eMule0.49c-Xtreme7.2\srchybrid\flag\Dynamic\flag.pdb

Sections

.rdata
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/StarMule/config/countryflag32.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\eMule0.49c-Xtreme7.2\srchybrid\flag\Dynamic\flag.pdb

Sections

.rdata
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/StarMule/config/ip-to-country.csv
$APPDATA/StarMule/config/nodes.dat
$APPDATA/StarMule/config/server.met
$PLUGINSDIR/PW001.exe
.exe windows:4 windows x86 arch:x86

e00de6e48b9b06aceb12a81e7bf494c9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c6:67:10:f8:a0:ab:39:43:95:39:eb:e7:b5:f9:18:6c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/11/2017, 00:00

Not After

08/11/2018, 23:59

Subject

CN=Prospera Software\, Inc.,O=Prospera Software\, Inc.,POSTALCODE=30024,STREET=1000 Peachtree Ind Blvd\, Suite 6-189,L=Suwanee,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:87:77:80:c3:cd:2e:2d:72:04:fe:7f:82:9b:26:e4:13:ae:5c:ad
Signer

Actual PE Digest

5a:87:77:80:c3:cd:2e:2d:72:04:fe:7f:82:9b:26:e4:13:ae:5c:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
DialogBoxParamW
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
KillTimer
SetWindowTextA

shell32

ShellExecuteExA

kernel32

GetCurrentDirectoryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
CloseHandle
CreateProcessA
GetCommandLineW
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LoadLibraryA
GetModuleFileNameW
GetModuleFileNameA
LocalFree
FormatMessageW
FormatMessageA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesW
SetFileAttributesA
RemoveDirectoryW
RemoveDirectoryA
CreateDirectoryW
CreateDirectoryA
DeleteFileW
DeleteFileA
GetFullPathNameW
GetFullPathNameA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathW
GetTempPathA
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetStdHandle
WaitForMultipleObjects
Sleep
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
CreateThread
TlsSetValue
TlsGetValue
ExitThread

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleFC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddApplication
AddPort
AdvAddRule
AdvExistsRule
AdvRemoveRule
AllowDisallowExceptionsNotAllowed
AllowDisallowIcmpInboundEchoRequest
AllowDisallowIcmpInboundMaskRequest
AllowDisallowIcmpInboundRouterRequest
AllowDisallowIcmpInboundTimestampRequest
AllowDisallowIcmpOutboundDestinationUnreachable
AllowDisallowIcmpOutboundPacketTooBig
AllowDisallowIcmpOutboundParameterProblem
AllowDisallowIcmpOutboundSourceQuench
AllowDisallowIcmpOutboundTimeExceeded
AllowDisallowIcmpRedirect
AreExceptionsNotAllowed
AreNotificationsEnabled
EnableDisableApplication
EnableDisableFirewall
EnableDisableNotifications
EnableDisablePort
IsApplicationAdded
IsApplicationEnabled
IsFirewallEnabled
IsFirewallServiceRunning
IsIcmpTypeAllowed
IsPortAdded
IsPortEnabled
RemoveApplication
RemovePort
RestoreDefaults
StartStopFirewallService

Sections

CODE
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:6 windows x86 arch:x86

11cd6df8cede073a0e00bd840833dd26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetErrorDlg
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW

comctl32

ord17

kernel32

GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
lstrlenW
lstrlenA
lstrcatW
lstrcpyW
lstrcmpiW
GlobalFree
MulDiv
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetTickCount
TerminateThread
CreateThread
SleepEx
lstrcmpW
lstrcpynW
CreateFileA
CreateFileW
DeleteFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
WaitForSingleObject

user32

SetDlgItemTextW
SendDlgItemMessageW
SetTimer
KillTimer
EnableWindow
UpdateWindow
RedrawWindow
SetWindowTextW
GetWindowTextW
GetClientRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
GetParent
FindWindowExW
LoadIconW
IsDialogMessageW
SystemParametersInfoW
GetDlgItem
wsprintfA
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
IsWindowVisible
CreateDialogParamW

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StarMule.exe
.exe windows:5 windows x86 arch:x86

fa0dfcd23c26bae1574f8c43504a98f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\MIHAELA\PROIECTE\DevHancer\StarMule\xtremule\srchybrid\Unicode_Release\StarMule.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeBeginPeriod
PlaySoundW
timeGetTime
timeGetDevCaps
timeEndPeriod

ws2_32

gethostname
FreeAddrInfoW
WSASocketW
WSAConnect
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
GetAddrInfoW
recvfrom
sendto
WSAAsyncGetHostByAddr
WSAAccept
WSAStartup
WSACleanup
ntohl
getpeername
ioctlsocket
connect
WSACancelAsyncRequest
getsockname
shutdown
setsockopt
recv
bind
socket
closesocket
send
getsockopt
WSAAsyncSelect
WSAAsyncGetHostByName
listen
accept
inet_ntoa
inet_addr
WSAGetLastError
htons
ntohs
WSASetLastError
gethostbyname
WSACloseEvent
htonl

crypt32

CertGetCertificateContextProperty
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertGetNameStringW
CertNameToStrW
CryptEncryptMessage

kernel32

CreateFileA
SetEndOfFile
lstrcmpA
SuspendThread
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSizeEx
GlobalSize
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
CompareStringA
EnumResourceLanguagesW
ConvertDefaultLocale
GetPrivateProfileIntW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleA
VirtualProtect
GetProfileIntW
GlobalGetAtomNameW
GlobalFlags
SetErrorMode
GetStartupInfoW
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
PeekNamedPipe
GetFileType
GetTimeFormatA
GetDateFormatA
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitThread
CreateThread
SetStdHandle
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
LCMapStringA
GetCurrentDirectoryA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
SetEnvironmentVariableA
GetCurrentThread
ReleaseMutex
GetSystemDirectoryW
LocalAlloc
LocalLock
LocalUnlock
GetDateFormatW
FindNextFileW
SetCurrentDirectoryW
GetWindowsDirectoryW
InterlockedExchange
GetLogicalDriveStringsW
GetComputerNameW
FreeResource
WaitForMultipleObjects
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
CreateEventW
GetLocalTime
GetACP
GetOverlappedResult
GetProcessHeap
HeapFree
HeapAlloc
lstrlenA
GetDriveTypeW
IsBadReadPtr
RemoveDirectoryW
DeviceIoControl
MoveFileW
SetThreadPriority
GetFileAttributesW
Beep
TerminateThread
SetEvent
GetVolumeInformationW
LocalFree
DeleteFileW
GetNumberFormatW
FindClose
GetDiskFreeSpaceW
SetLastError
CompareStringW
GetTimeZoneInformation
MulDiv
lstrcpynW
FormatMessageW
OutputDebugStringW
CreateDirectoryW
FindFirstFileW
GetFileInformationByHandle
ReadFile
WriteFile
InterlockedDecrement
InterlockedIncrement
SetFilePointer
GetCurrentProcessId
SetUnhandledExceptionFilter
ExitProcess
ResumeThread
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryW
WritePrivateProfileStringW
GetModuleFileNameW
GetThreadLocale
SetThreadLocale
GetLocaleInfoW
FindResourceExW
lstrlenW
ExpandEnvironmentStringsW
SetConsoleCtrlHandler
LoadLibraryA
GlobalFree
GetProcAddress
GlobalUnlock
GetVersionExW
LoadLibraryW
GlobalAlloc
GetPrivateProfileStringW
GlobalLock
GetCurrentProcess
FreeLibrary
SetPriorityClass
CreateMutexW
RaiseException
CreateFileW
CopyFileW
GetFileSize
GetTickCount
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
GetLastError
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
CloseHandle
MultiByteToWideChar
WaitForSingleObject
Sleep
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GetFileTime

user32

SendDlgItemMessageW
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
EndDialog
GetMenuItemInfoW
CopyAcceleratorTableW
InvalidateRgn
DeleteMenu
SetParent
ReuseDDElParam
UnpackDDElParam
CharNextW
GetNextDlgGroupItem
UnregisterClassW
PostThreadMessageW
GetDCEx
LockWindowUpdate
SendDlgItemMessageA
GetWindowTextLengthW
GetForegroundWindow
GetTopWindow
GetMessageTime
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetClassInfoExW
RegisterClassW
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindowThreadProcessId
IsWindowEnabled
CharUpperW
GetMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
GetMenuItemID
IsZoomed
IsMenu
GetClassLongW
GetScrollInfo
GetClassInfoW
EnumChildWindows
IsChild
ChildWindowFromPointEx
InsertMenuItemW
SubtractRect
UnionRect
EndPaint
PostQuitMessage
GetLastActivePopup
SetFocus
BeginPaint
WaitMessage
IsDialogMessageW
CreateDialogIndirectParamW
GetWindowTextW
GetClassNameW
LoadStringW
CheckDlgButton
SetWindowTextW
WinHelpW
GetDialogBaseUnits
MoveWindow
ShowWindow
SetMenuItemInfoW
SetWindowRgn
GetWindowRgn
FindWindowExW
ShowCursor
SetRectEmpty
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetWindowTextA
SetWindowTextA
SetDlgItemTextA
ScrollDC
CheckMenuRadioItem
FindWindowW
AdjustWindowRectEx
TranslateAcceleratorW
LoadAcceleratorsW
TabbedTextOutW
DrawTextExW
GrayStringW
DrawTextW
ShowScrollBar
DrawIconEx
CopyImage
SetMenuDefaultItem
GetSystemMenu
SetActiveWindow
IsIconic
MessageBeep
DrawIcon
CreateMenu
ModifyMenuW
IntersectRect
BringWindowToTop
EnableMenuItem
GetMenuItemCount
RemoveMenu
FlashWindow
InsertMenuW
EqualRect
CheckMenuItem
GetDoubleClickTime
GetSysColorBrush
RegisterClipboardFormatW
GetKeyState
GetWindowDC
LoadBitmapW
GetFocus
MapVirtualKeyW
GetWindow
SetCapture
GetCapture
SetRect
SystemParametersInfoW
ReleaseCapture
GetMessagePos
LoadCursorW
DrawEdge
DrawFrameControl
PtInRect
ScreenToClient
RedrawWindow
GetCursorPos
RemovePropW
SetPropW
SetWindowPos
MapWindowPoints
GetPropW
CallWindowProcW
GetNextDlgTabItem
SetCursor
GetSubMenu
GetParent
WindowFromPoint
GetClientRect
CreateIconIndirect
DrawFocusRect
InflateRect
OffsetRect
LoadMenuW
DrawStateW
GetActiveWindow
DestroyMenu
CopyRect
CreatePopupMenu
InvalidateRect
FrameRect
UpdateWindow
TranslateMessage
PeekMessageW
DispatchMessageW
IsWindowVisible
IsWindow
AppendMenuW
SetForegroundWindow
GetDlgItem
GetDesktopWindow
GetSysColor
FillRect
ClientToScreen
GetClassNameA
GetWindowRect
GetIconInfo
GetDC
ReleaseDC
SetTimer
KillTimer
ExitWindowsEx
IsRectEmpty
MessageBoxW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
CloseClipboard
RegisterWindowMessageW
LoadImageW
IsClipboardFormatAvailable
EnumWindows
LoadIconW
GetClipboardData
EmptyClipboard
SendMessageTimeoutW
OpenClipboard
GetSystemMetrics
SetClipboardData
DestroyIcon
EnableWindow
DestroyWindow
PostMessageW
RegisterClassExW
GetWindowLongW
SetWindowLongW
CreateWindowExW
DefWindowProcW
SendMessageW
GetAsyncKeyState

gdi32

GetWindowOrgEx
CombineRgn
SetBkMode
GetViewportOrgEx
CreateDCW
SetPixelV
SetBoundsRect
CreateRectRgn
GetWindowExtEx
GetMapMode
ExtTextOutW
PtVisible
GetBkColor
Escape
RectVisible
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
GetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetBitmapBits
SelectPalette
GetRgnBox
CreateEllipticRgn
LPtoDP
Ellipse
EnumFontFamiliesExW
SetViewportExtEx
GetTextMetricsW
MoveToEx
LineTo
IntersectClipRect
SetBitmapBits
TextOutW
CreateDIBSection
SetDIBColorTable
GdiFlush
CreateRectRgnIndirect
GetTextExtentPoint32W
CreatePalette
Rectangle
RealizePalette
CreatePen
CreateSolidBrush
Polygon
GetTextColor
BitBlt
SetTextColor
DeleteDC
SetBkColor
SetPixel
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
CopyMetaFileW
CreatePolygonRgn
SetRectRgn
OffsetRgn
FillRgn
SetDIBitsToDevice
GetPixel
GetStockObject
GetDeviceCaps
DPtoLP
CreateFontIndirectW
CreateBitmap
CreateBrushIndirect
CreateFontW
GetObjectW
DeleteObject
PatBlt
GetDIBits
SaveDC
SetStretchBltMode
GetClipBox
ExtSelectClipRgn
RestoreDC
GetCharWidthW
CreatePatternBrush
SetTextAlign
GetBitmapDimensionEx
SetBitmapDimensionEx

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
CryptGenRandom
IsTextUnicode
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW

shell32

SHGetFileInfoW
ShellExecuteW
ExtractIconExW
SHFileOperationW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
DragQueryFileW
Shell_NotifyIconW
DragFinish
ShellExecuteExW

comctl32

ord17
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Destroy
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_GetIcon
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Create

shlwapi

PathMatchSpecW
PathRenameExtensionW
PathIsRelativeW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathAddBackslashW
PathStripToRootW
PathBuildRootW
PathCanonicalizeW
PathIsURLW
PathStripPathW
UrlUnescapeW
StrStrIW
PathGetArgsW
PathIsRootW
PathCombineW
StrStrW
PathIsUNCW
PathGetDriveNumberW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
StgOpenStorageOnILockBytes
CoGetClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
ReleaseStgMedium
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleSetContainedObject
OleCreateStaticFromData
CreateStreamOnHGlobal
CoTaskMemAlloc
StgOpenStorage
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
OleCreateFontIndirect
VariantCopy
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen
SafeArrayGetUBound
SysStringByteLen
SafeArrayPutElement
SafeArrayGetElement
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VariantClear
SysAllocStringLen
SafeArrayGetLBound
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayCreate
VariantChangeType

urlmon

FindMimeFromData

wsock32

select

wininet

InternetCanonicalizeUrlW
HttpQueryInfoW
InternetCrackUrlW
InternetOpenUrlW
InternetWriteFile
InternetSetFilePointer
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 872KB - Virtual size: 871KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/countryflag.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\eMule0.49c-Xtreme7.2\srchybrid\flag\Dynamic\flag.pdb

Sections

.rdata
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/countryflag32.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\eMule0.49c-Xtreme7.2\srchybrid\flag\Dynamic\flag.pdb

Sections

.rdata
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/ip-to-country.csv
config/nodes.dat
config/server.met
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

c6:67:10:f8:a0:ab:39:43:95:39:eb:e7:b5:f9:18:6cCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

ba:9a:68:0c:8a:3f:34:2a:55:45:a7:a1:16:c5:01:33:3c:93:72:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 1.3MB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 4KB - Virtual size: 3KB

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 108B

.rsrc Size: 272KB - Virtual size: 269KB

.reloc Size: 4KB - Virtual size: 8B

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 108B

.rsrc Size: 332KB - Virtual size: 331KB

.reloc Size: 4KB - Virtual size: 8B

e00de6e48b9b06aceb12a81e7bf494c9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

c6:67:10:f8:a0:ab:39:43:95:39:eb:e7:b5:f9:18:6cCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

5a:87:77:80:c3:cd:2e:2d:72:04:fe:7f:82:9b:26:e4:13:ae:5c:adSigner

Headers

File Characteristics

Imports

oleaut32

user32

shell32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

c6:67:10:f8:a0:ab:39:43:95:39:eb:e7:b5:f9:18:6c
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

ba:9a:68:0c:8a:3f:34:2a:55:45:a7:a1:16:c5:01:33:3c:93:72:67
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 108B

.rsrc
Size: 272KB - Virtual size: 269KB

.reloc
Size: 4KB - Virtual size: 8B

.rdata
Size: 4KB - Virtual size: 108B

.rsrc
Size: 332KB - Virtual size: 331KB

.reloc
Size: 4KB - Virtual size: 8B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

c6:67:10:f8:a0:ab:39:43:95:39:eb:e7:b5:f9:18:6c
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

5a:87:77:80:c3:cd:2e:2d:72:04:fe:7f:82:9b:26:e4:13:ae:5c:ad
Signer

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 22KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 9KB - Virtual size: 8KB

CODE
Size: 148KB - Virtual size: 148KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB