8b5adfe41e6da138fbb57b81cb75d29c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b5adfe41e6da138fbb57b81cb75d29c_JaffaCakes118
Size

1.3MB
MD5

8b5adfe41e6da138fbb57b81cb75d29c
SHA1

61a88637632c9172baf7de8864e5bf0ad67cb709
SHA256

1c788878ac935ed06193fa73cbabd973e85db05b07ec7413ed9dea4ea6c62899
SHA512

1717e00d165116590b3bd1b730485f3d2986e0d6bdaae7eb4a795ca5f8eb2a126f1a4dcf2e58ec109b8c3d10d42d7e6a50df30014fd28c32106717a431636457
SSDEEP

24576:m+IyIZUYgVFtrqtMJZuaXksqXZAQIRnsYRZB6PsNcgZDfB0Be:eZUluQua0sGZAxRZB5Ffv

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
8b5adfe41e6da138fbb57b81cb75d29c_JaffaCakes118
unpack001/$APPDATA/acdkantu/AcdData.exe
unpack001/$APPDATA/acdkantu/AcdFrame.dll
unpack001/$APPDATA/acdkantu/AcdTool.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/AcdKantu.exe
unpack001/acdmenu.dll
unpack001/acdmenu64.dll
unpack001/uninst.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/NSISdl.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsProcess.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

8b5adfe41e6da138fbb57b81cb75d29c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/acdkantu/AcdData.exe
.exe windows:5 windows x86 arch:x86

655da984346112aaaf81b28c76f8cd1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
WritePrivateProfileStringW
GetPrivateProfileStringW
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
lstrlenW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentProcess
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
FlushInstructionCache
DeleteCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
GetModuleHandleW
LoadLibraryW
GetLastError
GetProcAddress
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
RtlUnwind
Sleep
TlsFree
TlsSetValue
TlsAlloc
lstrcatW
ExitProcess
TlsGetValue
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange

user32

MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
GetParent
BeginPaint
SendMessageW
SetWindowLongW
CharNextW
ShowWindow
PostMessageW
PtInRect
SetRectEmpty
CopyRect
EndPaint
SetTimer
InvalidateRect
GetClientRect
SetWindowPos
MoveWindow
LoadImageW
GetSystemMetrics
DefWindowProcW
CreateDialogParamW
DispatchMessageW
TranslateMessage
SetWindowTextW
DestroyWindow
PeekMessageW
IsWindow
UnregisterClassA
GetMessageW

gdi32

DeleteObject
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
DeleteDC
BitBlt
SetBkColor
ExtTextOutW
CreateSolidBrush

advapi32

RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAlloc
GdipFree
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawString
GdipDrawImageRectI
GdipCreateFont
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipDeleteFont
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/acdkantu/AcdFrame.dll
.dll regsvr32 windows:5 windows x86 arch:x86

f992681d9af6bc4603f1011f62da1b10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Users\yufan\AppData\Roaming\acdkantu\AcdFrame.pdb

Imports

kernel32

GetCurrentProcess
ExitProcess
Sleep
GetProcAddress
GetCurrentThreadId
TerminateThread
DisableThreadLibraryCalls
SetLastError
SetThreadLocale
GetThreadLocale
CloseHandle
lstrcmpW
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
GlobalAlloc
GlobalFree
lstrcpynA
lstrlenA
lstrcpynW
FindClose
FindFirstFileW
lstrcatW
GetSystemDirectoryW
SystemTimeToFileTime
GetWindowsDirectoryW
ExpandEnvironmentStringsW
LoadLibraryW
lstrcmpiA
VirtualQuery
VirtualProtect
LoadLibraryA
LoadLibraryExA
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetModuleHandleA
CreateDirectoryW
lstrcpyW
WriteFile
SetFilePointer
CreateFileW
MoveFileExW
DeviceIoControl
CreateFileA
FormatMessageW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
FlushInstructionCache
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
ReadFile
LCMapStringW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapCreate
GetCommandLineA
CreateThread
ExitThread
MoveFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetCurrentProcessId
DeleteFileW
GetTempPathW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileIntA
GetVersionExW
GetSystemTime
LocalAlloc
WideCharToMultiByte
LocalFree
GetModuleHandleW
MultiByteToWideChar
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
lstrlenW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException

user32

LoadAcceleratorsW
LoadImageW
EnumChildWindows
FindWindowExW
CharNextW
CallWindowProcW
SetWindowLongW
FindWindowW
LoadMenuW
GetWindowThreadProcessId
SetWindowPlacement
wvsprintfW
EndPaint
BeginPaint
GetShellWindow
DestroyCursor
SystemParametersInfoW
GetActiveWindow
DialogBoxParamW
PtInRect
MessageBeep
AppendMenuW
TrackPopupMenuEx
SetRectEmpty
GetMenuItemCount
DestroyMenu
ShowWindow
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
SetTimer
GetWindowRect
GetWindow
GetParent
GetClassInfoExW
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
CreateWindowExW
PostMessageW
DefWindowProcW
SendMessageTimeoutW
RegisterWindowMessageW
GetClassNameW
DestroyWindow
SendMessageW
OffsetRect
ClientToScreen
UpdateWindow
TranslateAcceleratorW
MoveWindow
InvalidateRect
LockWindowUpdate
RedrawWindow
SetWindowRgn
CopyRect
EqualRect
GetSystemMetrics
IsWindow
PostQuitMessage
GetWindowDC
ReleaseDC
EndDialog
CreatePopupMenu
RemoveMenu
SetWindowTextW
GetDlgItem
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuDefaultItem
LoadStringW
SetFocus
LoadStringA
SetCursor
ShowCursor
GetWindowLongW
MonitorFromWindow
UnregisterClassA
MonitorFromPoint

advapi32

RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetKeySecurity

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CLSIDFromProgID
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
ord680

oleaut32

SysAllocString
VarUI4FromStr
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
DispCallFunc
VariantClear
VariantInit
SysFreeString

shlwapi

PathUnquoteSpacesW
PathFindFileNameW
SHDeleteKeyW
SHDeleteValueW
PathFileExistsW
SHSetValueW
SHGetValueW
PathRemoveArgsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdi32

CreateRoundRectRgn
DeleteObject
CreateCompatibleDC
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
DeleteDC
BitBlt
ExtTextOutW
SetBkColor
CreateSolidBrush
CombineRgn

dbghelp

ImageDirectoryEntryToData

gdiplus

GdipCreateFromHDC
GdiplusShutdown
GdipCreateBitmapFromFile
GdipDrawImageRectI
GdipCreateFromHDC2
GdipCloneBrush
GdipDrawImageRectRectI
GdiplusStartup
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipFree
GdipDrawString
GdipCloneImage

wininet

HttpSendRequestW
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW
InternetOpenW
InternetCloseHandle
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

WSCEnumProtocols
WSCDeinstallProvider
WSCInstallProvider
WSCWriteProviderOrder
send

rpcrt4

UuidCreate

setupapi

SetupIterateCabinetW

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetMainFrameWnd
IntoMain
RunAsDesk
SendInstallData
SendUnInstallData
SetChildWnd

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/acdkantu/AcdTool.dll
.dll windows:5 windows x86 arch:x86

727f7d68045ab8e5ae6257dc7d0bf672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Users\yufan\AppData\Roaming\acdkantu\AcdTool.pdb

Imports

kernel32

lstrlenA
FindResourceExW
FindResourceW
LoadResource
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
WideCharToMultiByte
SizeofResource
LeaveCriticalSection
MultiByteToWideChar
lstrlenW
GetLastError
EnterCriticalSection
GetPrivateProfileStringA
LockResource
GetModuleFileNameA
DeleteCriticalSection
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryW
GetPrivateProfileIntA
GetSystemTime
WritePrivateProfileStringA
GetTickCount
Sleep
ExpandEnvironmentStringsW
CreateFileA
SetStdHandle
WriteConsoleW
InterlockedExchange
InterlockedCompareExchange
LCMapStringA
LCMapStringW
LoadLibraryA
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP

user32

FindWindowW
LoadStringW
CharLowerW

ws2_32

WSCDeinstallProvider
WSCGetProviderPath
WSCEnumProtocols

Exports

Exports

WSPStartup

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/acdkantu/acdskins/default/upd_bg.png
.png
$APPDATA/acdkantu/acdskins/default/upd_bgl.png
.png
$APPDATA/acdkantu/acdskins/default/upd_cancle.png
.png
$APPDATA/acdkantu/acdskins/default/upd_ok.png
.png
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AcdKantu.exe
.exe windows:5 windows x86 arch:x86

f6267eadfd3c162b16f01e9088de82c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\workspace\cximage701_full\bin\AcdKantu.pdb

Imports

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
GetFileAttributesA
SetStdHandle
GetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
SetEvent
GetModuleFileNameA
GetStdHandle
HeapSize
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetFullPathNameA
GetDriveTypeA
HeapReAlloc
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
WriteFile
SetFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
GetFileType
SetFilePointer
CreateFileW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
ResumeThread
GlobalFree
SizeofResource
LoadResource
LockResource
GetSystemInfo
GetLocalTime
GetPrivateProfileStringW
GetLastError
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
CopyFileW
GetFileAttributesW
GetModuleHandleW
MulDiv
DeleteFileW
ResetEvent
FindNextFileW
lstrcpyW
GetFullPathNameW
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WaitForSingleObject
CreateThread
FindClose
FindFirstFileW
GetModuleFileNameW
WritePrivateProfileStringW
RaiseException
CreateEventW
GetFileAttributesExW
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
lstrcpynW
InterlockedIncrement
GetPrivateProfileIntW
MultiByteToWideChar
CreateDirectoryW
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
InterlockedDecrement
WideCharToMultiByte
HeapFree
GetFileSize
ReadFile
LoadLibraryW
GetProcAddress
GetCurrentDirectoryW
GetACP
FindResourceW
FreeResource
ExitProcess
GetProcessHeap
HeapAlloc
SetHandleCount
DeleteFileA

user32

SetRectEmpty
SetRect
RegisterWindowMessageW
PostQuitMessage
CharUpperW
UnregisterClassA
CreateAcceleratorTableW
InvalidateRgn
SetCaretPos
ShowCaret
HideCaret
CreateCaret
CharPrevW
FillRect
GetWindowTextLengthW
RegisterClassW
SetPropW
GetPropW
EnableWindow
PeekMessageW
TranslateAcceleratorW
GetParent
GetWindow
GetUpdateRect
MapWindowPoints
GetFocus
KillTimer
SetTimer
CopyRect
SendMessageW
GetWindowTextW
GetDlgItem
GetActiveWindow
SetWindowLongW
LoadStringW
CharNextW
wvsprintfW
GetSysColor
IntersectRect
FindWindowW
LoadAcceleratorsW
MoveWindow
LoadIconW
SetClassLongW
GetMonitorInfoW
MonitorFromPoint
TrackPopupMenu
LoadBitmapW
ClientToScreen
LoadCursorW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
LockWindowUpdate
SetWindowTextW
wsprintfW
DestroyWindow
IsZoomed
ReleaseCapture
SetCursor
SetCapture
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
GetSubMenu
LoadMenuW
SetWindowsHookExW
GetClassNameW
GetMenu
GetMenuContextHelpId
IsRectEmpty
CallNextHookEx
GetCursorPos
UnhookWindowsHookEx
DestroyMenu
GetMenuStringW
GetMenuState
SetFocus
IsWindow
GetCursorInfo
GetIconInfo
SetWindowPos
IsWindowVisible
ShowWindow
GetClientRect
GetWindowRect
ScreenToClient
DrawTextW
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetSystemMetrics
GetDC
ReleaseDC
EndPaint
BeginPaint
PostMessageW
CharLowerW
OffsetRect
DispatchMessageW
TranslateMessage
GetMessageW
CloseClipboard
RegisterClipboardFormatW
MessageBoxW
SetClipboardData
EmptyClipboard
OpenClipboard
PtInRect
EqualRect
IsIconic
MonitorFromWindow
SetWindowRgn
SetWindowPlacement
GetWindowPlacement
GetKeyState
InvalidateRect
GetWindowDC

gdi32

GetEnhMetaFilePaletteEntries
CreatePalette
SelectPalette
PlayEnhMetaFile
SetEnhMetaFileBits
GetEnhMetaFileHeader
DeleteEnhMetaFile
SetWinMetaFileBits
GetStockObject
StretchBlt
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
RealizePalette
GetDIBits
GetObjectA
CombineRgn
SaveDC
SetStretchBltMode
StretchDIBits
SetDIBitsToDevice
CreateDIBSection
RestoreDC
GetObjectW
GetBitmapDimensionEx
CreateCompatibleDC
CreateCompatibleBitmap
SetViewportOrgEx
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
RoundRect
CreatePenIndirect
MoveToEx
LineTo
SelectClipRgn
CreateSolidBrush
Rectangle
SetWindowOrgEx
CreatePen
GetTextMetricsW
CreateRoundRectRgn
BitBlt
ExtTextOutW
SetBkColor
SetBkMode
SetTextColor
SelectObject
DeleteObject
DPtoLP
CreateFontIndirectW
GetDeviceCaps
DeleteDC
ExtTextOutA

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyA
RegSetKeySecurity
InitializeSecurityDescriptor
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueA
RegSetValueExA
RegQueryValueExA

shell32

SHChangeNotify
ShellExecuteW
DragQueryFileW
ord155
SHGetSpecialFolderPathW
ord190
SHGetDesktopFolder

ole32

CLSIDFromString
OleLockRunning
CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromProgID

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathIsDirectoryW
SHDeleteKeyA
PathFileExistsW
SHGetValueW

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDrawImageRectRect
GdipDrawImageRectI
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill

ws2_32

ntohl
htonl
ntohs
htons

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acdmenu.dll
.dll regsvr32 windows:5 windows x86 arch:x86

03ba1f9b11336958e882e4fb1e7ba374

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\yufan\jingfan\src\acdkantu\bin\acdmenu.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiA
LeaveCriticalSection
SystemTimeToFileTime
GetLocalTime
SetThreadLocale
GetThreadLocale
CloseHandle
FlushFileBuffers
CreateFileA
lstrcpynA
EnterCriticalSection
lstrcpynW
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrcatW
lstrlenW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
VirtualFree
VirtualAlloc
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

user32

LoadBitmapW
InsertMenuItemW
CharNextW

gdi32

DeleteObject

advapi32

RegCreateKeyA
RegSetValueA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegDeleteKeyA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
SHGetValueW
StrCmpIW
SHSetValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acdmenu64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

f9fdb9b7e501eaa92da9a8be3f348bf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\yufan\jingfan\src\acdkantu\bin\acdmenu64.pdb

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiA
lstrcatW
LockResource
GetLocalTime
SetThreadLocale
GetThreadLocale
CloseHandle
FlushFileBuffers
CreateFileA
LeaveCriticalSection
SizeofResource
EnterCriticalSection
lstrcpynW
lstrcpynA
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SystemTimeToFileTime
lstrlenW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte

user32

LoadBitmapW
InsertMenuItemW
CharNextW

gdi32

DeleteObject

advapi32

RegCreateKeyA
RegSetValueA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegDeleteKeyA

shell32

ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragQueryFileW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi

shlwapi

SHSetValueW
StrCmpIW
SHGetValueW
PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/config.ini
res/filters.xml
skin/bkgnd_menu.png
.png
skin/default.zip
.zip
ACD_Picture.ico
OriginSize.png
.png
bkgnd_button.png
.png
bkgnd_dimedit.png
.png
bkgnd_edit.png
.png
bkgnd_image.png
.png
bkgnd_progress.png
.png
bkgnd_thumbnail.png
.png
cancel.png
.png
checkbox.png
.png
close.png
.png
close_fullscreen.png
.png
close_thumbnail.png
.png
delete.png
.png
down.png
.png
expand.png
.png
fullscreen.png
.png
line.png
.png
link.png
.png
logo.png
.png
max.png
.png
menu.png
.png
min.png
.png
next.png
.png
next_round.png
.png
num.png
.png
ok.png
.png
openfile.png
.png
pause.png
.png
percent.png
.png
play.png
.png
play_a.png
.png
prev.png
.png
prev_round.png
.png
radiobutton.png
.png
restore.png
.png
rowbkgnd_bottom.png
.png
rowbkgnd_top.png
.png
scrollbar.bmp
scrollbar.png
.png
setting.png
.png
setting_down.png
.png
shrink.png
.png
thumb.png
.png
topleft.png
.png
topmid.png
.png
up.png
.png
up_down.png
.png
wallpaper.png
.png
welcome.png
.png
whirl_left.png
.png
whirl_right.png
.png
xml/dim.xml
xml/link.xml
xml/main - .xml
xml/main.xml
xml/menu.xml
.xml
xml/setting.xml
skin/delete.png
.png
skin/open.png
.png
skin/pause.png
.png
skin/play.png
.png
skin/rotatel.png
.png
skin/rotater.png
.png
skin/separator.png
.png
skin/separator_vert.png
.png
skin/setting.png
.png
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 37KB - Virtual size: 37KB

655da984346112aaaf81b28c76f8cd1c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 7KB - Virtual size: 7KB

f992681d9af6bc4603f1011f62da1b10

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

dbghelp

gdiplus

wininet

version

ws2_32

rpcrt4

setupapi

netapi32

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 384KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 28KB - Virtual size: 27KB

727f7d68045ab8e5ae6257dc7d0bf672

Headers

DLL Characteristics

File Characteristics

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 37KB - Virtual size: 37KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 384KB - Virtual size: 384KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 28KB - Virtual size: 27KB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 1KB - Virtual size: 1KB