966ea80646c5acfb3291c6942576bfa0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

966ea80646c5acfb3291c6942576bfa0_JaffaCakes118
Size

878KB
MD5

966ea80646c5acfb3291c6942576bfa0
SHA1

84d931d4da78db1db69bb2603ebce1464dae7a9a
SHA256

6e3b14b7f2ba0ef463b37aea9c850fa61795f67941110c7623bb96cc83e6c9b6
SHA512

6ece29887ea6fac333393b734d19d47f23bf0f2c21b8e8ea072fa3a1774155cb391953e3d5adadb9a977136cbd3d4107dca1b1f280b912eb57758c5a9e147820
SSDEEP

24576:MOM/nFDmzkcrmGGcnTVG8XiwQAfPx1GCRNYZbnaBzBNkT:O/FDmz8cTVrSGPx1Gee5naZbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bink.exe
unpack001/binkconv.exe
unpack001/binkmake.dll
unpack001/binkmix.exe
unpack001/binkplay.exe
unpack001/rad2exe.exe
unpack001/radana.exe
unpack001/radbatch.exe
unpack001/radinfo.exe
unpack001/radutil.dll
unpack001/radvideo.exe
unpack001/smack.exe
unpack001/smackmix.exe
unpack001/smackplw.exe

Files

966ea80646c5acfb3291c6942576bfa0_JaffaCakes118
.rar
bink.exe
.exe windows:4 windows x86 arch:x86

81b654fdb3b2a02ddf5c9dbdcb84c5f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devel\Projects\bink\build\bink.pdb

Imports

user32

EnableWindow
SendMessageA
MessageBoxA
GetDlgItem
SetWindowTextA
wsprintfA

kernel32

TerminateProcess
GetCurrentProcess
GetStringTypeA
MultiByteToWideChar
GetLastError
GetStringTypeW
ExitProcess
GlobalLock
WaitForSingleObject
GetCommandLineA
GlobalAlloc
Sleep
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetModuleHandleA
CreateThread
LoadLibraryA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualFree
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
WideCharToMultiByte
GetLocaleInfoA
HeapAlloc
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
GetProcAddress

radutil

_GetSwitch@8
_HasExtension@4
_RADFileAtEnd@4
_RADFileGetLine@12
_SFileOpen@44
_RemoveMinusSwitches@4
_RADTimerRead@0
_RADDialogSetTimer@8
_RADFileClose@4
_CommaNum@12
_RADFileOpen@12
_GetAndRemoveFirstQuoted@8
_GFileClose@4
_radmalloc@4
_RADFileErase@4
_GFileOpen@92
_RADDialogInit@28
_GetSwitchFractional@24
_GetSwitchStr@16
_Trim@4
_GFileGet@28
_overwrite@8
_GFileCommandLine@108
_SFileClose@4
_SFileGet@12
_SFileCommandLine@36
_RemoveQuotes@4
_atofr@12
_GetElapsedTime@8
_GetAndRemoveFirst@8
_GetFilePieces@20
_RADDialogAsk@8
_GetSwitchNum@12
_RADDialogMessage@8

binkmake

_BinkMakeClose@8
_BinkMakeFlush@4
_BinkMakePutVideo@20
_BinkMake@52
BinkMakeSetMaxCPUs

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binkconv.exe
.exe windows:4 windows x86 arch:x86

51ebbfec2f830d5e10df3fbf92df76b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devel\Projects\bink\build\binkconv.pdb

Imports

user32

wsprintfA
SendMessageA
MessageBoxA
GetDlgItem
SetWindowTextA
EnableWindow

kernel32

TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
ExitProcess
GlobalLock
GetCommandLineA
GlobalAlloc
Sleep
GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
GetCPInfo
GetLocaleInfoA
HeapReAlloc
VirtualFree
LCMapStringW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
VirtualQuery
GetSystemInfo
GetProcAddress

radutil

_GetSwitch@8
_HasExtension@4
_CheckForDup@8
_SFileOpen@44
_RADDialogMessage@8
_RemoveMinusSwitches@4
_RADTimerRead@0
_RADFileClose@4
_CommaNum@12
_RADFileSize@4
_OGFileClose@4
_GetAndRemoveFirstQuoted@8
_GFileClose@4
_radmalloc@4
_GFileOpen@92
_RADDialogInit@28
_radfree@4
_GFileGet@28
_OGFileCreate@44
_overwrite@8
_GFileCommandLine@108
_SFileClose@4
_SFileGet@12
_SFileCommandLine@36
_RADFileCreate@8
_RemoveQuotes@4
_RADFileSetPos@12
_OGFilePut@12
_GetElapsedTime@8
_GetFilePieces@20
_RADDialogAsk@8
_OGFilePutSound@12
_RADFilePut@12
_GetSwitchNum@12
_OGFilePutSoundAmount@16
_RADDialogSetTimer@8

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binkmake.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BinkMakeSetMaxCPUs
_BinkMake@52
_BinkMakeClose@8
_BinkMakeFlush@4
_BinkMakePutVideo@20
_BinkMix@36
_RADSetMemory@8
_RADTimerRead@0
_radfree@4
_radmalloc@4

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKDATA
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
binkmix.exe
.exe windows:4 windows x86 arch:x86

41a27b54d0355f4b1b56c9cdd67e8423

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devel\Projects\bink\build\binkmix.pdb

Imports

user32

wsprintfA
SendMessageA
GetDlgItem
SetWindowTextA
EnableWindow

kernel32

LoadLibraryA
MultiByteToWideChar
GetStringTypeA
HeapAlloc
HeapReAlloc
GetCurrentProcess
ExitProcess
GlobalLock
WaitForSingleObject
GetCommandLineA
GlobalAlloc
Sleep
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetModuleHandleA
CreateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
WideCharToMultiByte
GetLocaleInfoA
VirtualAlloc
HeapFree
VirtualFree
TerminateProcess
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetProcAddress
GetLastError

radutil

_GetSwitch@8
_CSFileCommandline@44
_SFileOpen@44
_RADDialogMessage@8
_RemoveMinusSwitches@4
_RADTimerRead@0
_RADDialogSetTimer@8
_CommaNum@12
_GetAndRemoveFirstQuoted@8
_RADDialogInit@28
_GetSwitchFractional@24
_overwrite@8
_SFileClose@4
_SFileGet@12
_RemoveQuotes@4
_SFileReset@4
_GetElapsedTime@8
_GetFilePieces@20
_RADDialogAsk@8
_GetSwitchNum@12
_HasExtension@4

binkmake

_BinkMix@36

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
binkplay.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK16
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK4444
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK5551
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32A
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK16X2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32X2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK16MX
Size: 1024B - Virtual size: 515B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32MX
Size: 1024B - Virtual size: 687B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK16M
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32M
Size: 1024B - Virtual size: 547B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKYUY2
Size: 512B - Virtual size: 361B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKYUY2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKYUY2
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKYUY2
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32R
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32RA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32RX
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK24
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK24X2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK24M
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK24R
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK24RX
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK24RM
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKUYVY
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKUYVY
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKUYVY
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKUYVY
Size: 512B - Virtual size: 327B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKYV12
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKDATA
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rad2exe.exe
.exe windows:4 windows x86 arch:x86

e1ae9f466179e1cc31e5e0bae713d15a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devel\Projects\bink\build\rad2exe.pdb

Imports

user32

SendMessageA
GetDlgItem
SetWindowTextA
wsprintfA
EnableWindow

kernel32

RtlUnwind
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
ExitProcess
GlobalLock
WaitForSingleObject
GetCommandLineA
GlobalAlloc
CreateProcessA
GetStartupInfoA
GetModuleHandleA
CreateThread
VirtualAlloc
HeapFree
GetProcAddress

radutil

_RADFileErase@4
_radmalloc@4
_GFileClose@4
_GetAndRemoveFirstQuoted@8
_RADFileSize@4
_RADFileOpen@12
_RADFileGetPos@4
_CommaNum@12
_RADFileClose@4
_RADTimerRead@0
_RADDialogMessage@8
_CheckForDup@8
_HasExtension@4
_GetSwitch@8
_RADDialogInit@28
_radfree@4
_Trim@4
_overwrite@8
_RADFileGet@12
_RADFileCreate@8
_RADFileSetPos@12
_GetElapsedTime@8
_GetFilePieces@20
_RADDialogAsk@8
_RADFilePut@12
_GetSwitchNum@12
_GFileOpen@92

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
radana.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 258KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
radbatch.exe
.exe windows:4 windows x86 arch:x86

9144ada82d5ee6bdceccd17c30ed7e06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devel\Projects\bink\build\radbatch.pdb

Imports

user32

SetWindowTextA
MessageBoxA
GetWindowTextA
SendMessageA
GetWindowTextLengthA
CharUpperA
GetDlgItem

kernel32

RtlUnwind
VirtualAlloc
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GlobalLock
WaitForSingleObject
GetCommandLineA
GlobalAlloc
Sleep
GetExitCodeProcess
CreateProcessA
SetCurrentDirectoryA
GetStartupInfoA
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcess
TerminateProcess
GetProcAddress

comdlg32

GetSaveFileNameA

shell32

ShellExecuteA

radutil

_RADDialogMessage@8
_GetSwitchNum@12
_radfree@4
_GetSwitch@8
_RADDialogSetFilter@4
_RADTimerRead@0
_RADFileClose@4
_RADFileOpen@12
_RADFileSize@4
_RADDialogInit@28
_RADFileGet@12
_RADFileCreate@8
_RADDialogAsk@8
_radmalloc@4
_RADFilePut@12

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
radinfo.exe
.exe windows:4 windows x86 arch:x86

6dad4785a8b16a1c8474fb3eecaccea8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devel\Projects\bink\build\radinfo.pdb

Imports

user32

wsprintfA

kernel32

RtlUnwind
TerminateProcess
GetCurrentProcess
ExitProcess
GetCommandLineA
FileTimeToSystemTime
FindFirstFileA
FindClose
GetModuleHandleA
FileTimeToLocalFileTime
VirtualAlloc
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress

radutil

_GetSwitch@8
_SFileOpen@44
_CommaNum@12
_GFileOpen@92
_StatusCheck@0
_StatusInit@12
_SFileClose@4
_RemoveQuotes@4
_StatusMessageTitle@12
_GetSwitchNum@12
_GFileClose@4

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
radsiw.exe
radutil.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_AddBackslash@4
_CSFileClose@4
_CSFileCommandline@44
_CSFileOpen@60
_CSFilePut@8
_CSFileSetOutput@8
_CheckForDup@8
_CommaNum@12
_CopyData@20
_ExpandFileName@4
_GCDNums@8
_GFileBestPalette@64
_GFileClose@4
_GFileCommandLine@108
_GFileGet@28
_GFileOpen@92
_GFileReset@4
_GetAndRemoveFirst@8
_GetAndRemoveFirstQuoted@8
_GetDrive@4
_GetElapsedTime@8
_GetFilePieces@20
_GetSwitch@8
_GetSwitchFractional@24
_GetSwitchNum@12
_GetSwitchStr@16
_GetTempName@16
_HasExtension@4
_HuffAddStat@8
_HuffClose@4
_HuffEncode@8
_HuffInitLasts@4
_HuffInitStats@4
_HuffOpen@4
_HuffSetOutput@8
_HuffStartEncode@4
_IsDirectory@8
_LogString@8
_MakeFrameRate@4
_OGFileClose@4
_OGFileCreate@44
_OGFilePut@12
_OGFilePutSound@12
_OGFilePutSoundAmount@16
_QTFileClose@4
_QTFileGet@4
_QTFileGoto@8
_QTFileOpen@12
_QTSFileClose@4
_QTSFileGet@12
_QTSFileGoto@8
_QTSFileOpen@8
_RADAVIInit@0
_RADDialogAsk@8
_RADDialogInit@28
_RADDialogMessage@8
_RADDialogSetFilter@4
_RADDialogSetTimer@8
_RADFileAlign@8
_RADFileAtEnd@4
_RADFileBitPos@4
_RADFileByteAlign@4
_RADFileClose@4
_RADFileCreate@8
_RADFileCreateWithRead@8
_RADFileErase@4
_RADFileFlush@8
_RADFileGet16@4
_RADFileGet32@4
_RADFileGet8@4
_RADFileGet@12
_RADFileGetBits@8
_RADFileGetLine@12
_RADFileGetNB@12
_RADFileGetName@8
_RADFileGetPos@4
_RADFileGetTime@4
_RADFileIsInBuffer@12
_RADFileOpen@12
_RADFilePut16@8
_RADFilePut32@8
_RADFilePut8@8
_RADFilePut@12
_RADFilePutBits@12
_RADFilePutNB@12
_RADFileRename@8
_RADFileSetPos@12
_RADFileSetTime@8
_RADFileSize@4
_RADFlicClose@4
_RADFlicGetName@8
_RADFlicGetNext@8
_RADFlicGetPalette@4
_RADFlicGoto@12
_RADFlicOpen@4
_RADOFlicClose@4
_RADOFlicCreate@16
_RADOFlicPutNext@12
_RADQTShutdown@0
_RADSetMemory@8
_RADTimerRead@0
_RADVICInit@0
_RemoveMinusSwitches@4
_RemoveQuotes@4
_SFileClose@4
_SFileCommandLine@36
_SFileGet@12
_SFileOpen@44
_SFileReset@4
_StatusAsk@8
_StatusCheck@0
_StatusClose@4
_StatusDoCancel@0
_StatusGetHWND@0
_StatusInit@12
_StatusMessage@8
_StatusMessageTitle@12
_StatusOpen@12
_StatusSet@4
_Trim@4
_TrimAscii@4
_TrimL@4
_U32toa@8
_YUV_blit_32abpp@52
_YUV_blit_32bpp@48
_YUV_init@4
_atoU32@4
_atofr@12
_findchar@8
_overwrite@8
_radfilesize@4
_radfree@4
_radmalloc@4
allocimage
bmpinfo
convertpaltorgb
convertrgbtopal
freeimage
gifinfo
jpeginfo
loadbmp
loadgif
loadjpg
loadpcx
loadtga
loadtif
pcxinfo
tgainfo
tiffinfo
viewimage

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32A
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_UNSTEXT
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32M
Size: 1024B - Virtual size: 547B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32X2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32MX
Size: 1024B - Virtual size: 687B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKDATA
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
radvideo.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smack.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smackmix.exe
.exe windows:4 windows x86 arch:x86

619c7b8fae1f160eb36144c21d5603e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devel\Projects\bink\build\smackmix.pdb

Imports

user32

wsprintfA
SendMessageA
GetDlgItem
SetWindowTextA
EnableWindow

kernel32

LoadLibraryA
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
GetStringTypeA
ExitProcess
GlobalLock
WaitForSingleObject
GetCommandLineA
GlobalAlloc
Sleep
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetModuleHandleA
CreateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
WideCharToMultiByte
GetLocaleInfoA
VirtualAlloc
HeapFree
VirtualFree
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetLastError
GetProcAddress

radutil

_GetSwitch@8
_HasExtension@4
_CheckForDup@8
_CSFileCommandline@44
_RADDialogMessage@8
_RemoveMinusSwitches@4
_RADTimerRead@0
_RADDialogSetTimer@8
_CommaNum@12
_RADFileOpen@12
_RADFileSize@4
_GetAndRemoveFirstQuoted@8
_CSFilePut@8
_radmalloc@4
_RADFileErase@4
_CSFileOpen@60
_RADDialogInit@28
_GetSwitchFractional@24
_radfree@4
_CSFileSetOutput@8
_overwrite@8
_RADFileGet@12
_RADFileCreate@8
_RemoveQuotes@4
_RADFileSetPos@12
_CSFileClose@4
_GetElapsedTime@8
_GetFilePieces@20
_RADDialogAsk@8
_RADFilePut@12
_GetSwitchNum@12
_RADFileClose@4

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smackplw.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_UNSTEXT
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKDATA
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smackply.exe
smackpw6.exe
下载说明.url
汉化说明.rtf
.rtf

Sharing

General

Malware Config

Signatures

Files

81b654fdb3b2a02ddf5c9dbdcb84c5f6

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

radutil

binkmake

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 9KB

51ebbfec2f830d5e10df3fbf92df76b1

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

radutil

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 113KB

BINK Size: 18KB - Virtual size: 17KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 2KB - Virtual size: 4KB

BINKDATA Size: 512B - Virtual size: 328B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

41a27b54d0355f4b1b56c9cdd67e8423

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

radutil

binkmake

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 9KB - Virtual size: 9KB

Headers

File Characteristics

Sections

.text Size: 64KB - Virtual size: 63KB

BINK Size: 70KB - Virtual size: 69KB

BINK16 Size: 6KB - Virtual size: 6KB

BINK4444 Size: 7KB - Virtual size: 7KB

BINK5551 Size: 6KB - Virtual size: 6KB

BINK32 Size: 6KB - Virtual size: 6KB

BINK32A Size: 7KB - Virtual size: 7KB

BINK16X2 Size: 3KB - Virtual size: 3KB

BINK32X2 Size: 3KB - Virtual size: 3KB

BINK16MX Size: 1024B - Virtual size: 515B

BINK32MX Size: 1024B - Virtual size: 687B

BINK16M Size: 512B - Virtual size: 503B

BINK32M Size: 1024B - Virtual size: 547B

BINKYUY2 Size: 512B - Virtual size: 361B

BINKYUY2 Size: 3KB - Virtual size: 3KB

BINKYUY2 Size: 512B - Virtual size: 492B

BINKYUY2 Size: 512B - Virtual size: 292B

BINK32R Size: 5KB - Virtual size: 5KB

BINK32RA Size: 6KB - Virtual size: 5KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 113KB

BINK
Size: 18KB - Virtual size: 17KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 2KB - Virtual size: 4KB

BINKDATA
Size: 512B - Virtual size: 328B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 64KB - Virtual size: 63KB

BINK
Size: 70KB - Virtual size: 69KB

BINK16
Size: 6KB - Virtual size: 6KB

BINK4444
Size: 7KB - Virtual size: 7KB

BINK5551
Size: 6KB - Virtual size: 6KB

BINK32
Size: 6KB - Virtual size: 6KB

BINK32A
Size: 7KB - Virtual size: 7KB

BINK16X2
Size: 3KB - Virtual size: 3KB

BINK32X2
Size: 3KB - Virtual size: 3KB

BINK16MX
Size: 1024B - Virtual size: 515B

BINK32MX
Size: 1024B - Virtual size: 687B

BINK16M
Size: 512B - Virtual size: 503B

BINK32M
Size: 1024B - Virtual size: 547B

BINKYUY2
Size: 512B - Virtual size: 361B

BINKYUY2
Size: 3KB - Virtual size: 3KB

BINKYUY2
Size: 512B - Virtual size: 492B

BINKYUY2
Size: 512B - Virtual size: 292B

BINK32R
Size: 5KB - Virtual size: 5KB

BINK32RA
Size: 6KB - Virtual size: 5KB

BINK32RX
Size: 3KB - Virtual size: 3KB

BINK24
Size: 8KB - Virtual size: 7KB

BINK24X2
Size: 4KB - Virtual size: 4KB

BINK24M
Size: 1024B - Virtual size: 714B

BINK24R
Size: 7KB - Virtual size: 6KB

BINK24RX
Size: 4KB - Virtual size: 4KB

BINK24RM
Size: 1024B - Virtual size: 804B

BINKUYVY
Size: 512B - Virtual size: 488B

BINKUYVY
Size: 512B - Virtual size: 369B

BINKUYVY
Size: 3KB - Virtual size: 3KB

BINKUYVY
Size: 512B - Virtual size: 327B

BINKYV12
Size: 1024B - Virtual size: 704B

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 14KB

BINKDATA
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 10KB - Virtual size: 9KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 18KB

.rsrc
Size: 9KB - Virtual size: 9KB

CODE
Size: 331KB - Virtual size: 330KB

DATA
Size: 3KB - Virtual size: 3KB

BSS
Size: - Virtual size: 258KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 129KB

.rsrc
Size: 9KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB