9e1d9dffd90bb06ab4e13a8421e8d5f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9e1d9dffd90bb06ab4e13a8421e8d5f7_JaffaCakes118
Size

3.2MB
MD5

9e1d9dffd90bb06ab4e13a8421e8d5f7
SHA1

5824710e62b77cf7f311f077b586e0e5519a466c
SHA256

35c1b6d2036ce9d71ba1575d977dd19e1988a7e07fb84dd20a6b368823523fc5
SHA512

b846baaae08ba1414933f2e97de168b16805aab54b9c1f68a8706255c136b305ea3f9263bbbd59a643c4f526fc4098e0bacc274eb02f69cd914d29b3dcf5bff6
SSDEEP

49152:HM0wUN3IK536JER73aCyyBrGzVsi7ZbffDb7oeShuw7z8JML3ftbvBDMT8XdaMK+:HM0wUBJ8BC5CzVs8jL/dShvjfkMqpKZX

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/VisualBoyAdvance.exe
unpack001/JingLingBaoKeMengPiKaQiu_chs_setup/JingLingBaoKeMengPiKaQiu_chs/7z.dll
unpack003/????.exe
unpack003/Unistall.exe
unpack001/JingLingBaoKeMengPiKaQiu_chs_setup/点击使用.exe

Files

9e1d9dffd90bb06ab4e13a8421e8d5f7_JaffaCakes118
.rar
JingLingBaoKeMengPiKaQiu_chs_setup/JingLingBaoKeMengPiKaQiu_chs/#YouXun#
.7z
JingLingBaoKeMengPiKaQiu_chs.ico
Pokemon_Yellow[T+Chi](V1.0).gbc
Pokemon_Yellow[T+Chi](V1.0).sav
VisualBoyAdvance.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 411KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vba.ini
JingLingBaoKeMengPiKaQiu_chs_setup/JingLingBaoKeMengPiKaQiu_chs/7z.dll
.dll windows:5 windows x86 arch:x86

82dc00c29a6aea96c6ff9b7fcd4e6e2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CompareFileTime
SetLastError
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
ReadFile
WriteFile
CreateFileA
GetSystemInfo
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount

user32

CharNextA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharPrevExA

oleaut32

VariantCopy
SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 607KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
JingLingBaoKeMengPiKaQiu_chs_setup/JingLingBaoKeMengPiKaQiu_chs/gameyxdown.dat
JingLingBaoKeMengPiKaQiu_chs_setup/JingLingBaoKeMengPiKaQiu_chs/info.dat
JingLingBaoKeMengPiKaQiu_chs_setup/JingLingBaoKeMengPiKaQiu_chs/install.yx
JingLingBaoKeMengPiKaQiu_chs_setup/JingLingBaoKeMengPiKaQiu_chs/setup
.7z
????.exe
.exe windows:5 windows x86 arch:x86

4ad702c5b52ccad8eadf5fceb4ad5bd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SVN_Downloader\trunk\bin\Win32\Release\gamestart\gamestart.pdb

Imports

wininet

InternetCheckConnectionW
GetUrlCacheEntryInfoW
InternetOpenW
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses

dbghelp

MiniDumpWriteDump

kernel32

GetShortPathNameW
IsBadWritePtr
SetFileAttributesW
CopyFileW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
ResumeThread
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
FileTimeToSystemTime
SetEvent
CreateEventW
ExitThread
WaitForMultipleObjects
GetDriveTypeW
SetVolumeLabelW
MoveFileW
GetDiskFreeSpaceExW
ReleaseSemaphore
CreateSemaphoreW
SetLastError
FileTimeToLocalFileTime
MulDiv
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetThreadLocale
lstrcmpA
InterlockedExchange
CompareStringA
GetLocaleInfoW
OutputDebugStringA
ConvertDefaultLocale
GetCurrentThread
GetModuleHandleA
DuplicateHandle
GetVolumeInformationW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
GlobalFlags
SetErrorMode
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetConsoleCP
GetConsoleMode
GetFileType
SetStdHandle
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
DeleteFileA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
FindNextFileW
FindClose
FindFirstFileW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetLastError
RaiseException
LeaveCriticalSection
GetModuleHandleW
LoadLibraryExW
FreeLibrary
FreeResource
GlobalUnlock
GlobalLock
CreateThread
CreateDirectoryA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVersionExW
Sleep
InitializeCriticalSection
CreateDirectoryW
InterlockedIncrement
GetStartupInfoW
ReadFile
LoadLibraryW
WaitForSingleObject
lstrlenA
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetCurrentProcess
SetUnhandledExceptionFilter
GetCommandLineW
lstrlenW
WideCharToMultiByte
LoadLibraryA
GetProcAddress
GetTickCount
InterlockedDecrement
DeleteFileW
CloseHandle
LockResource
LocalAlloc
GlobalFree
MultiByteToWideChar
CreateFileW
GetFileAttributesW
SizeofResource
GlobalAlloc
WriteFile
GetPrivateProfileStringW
LoadResource
FindResourceW
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetDateFormatA
GetVersionExA
EnumResourceLanguagesW

user32

GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterClipboardFormatW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetRectEmpty
SetCapture
SetFocus
CallWindowProcW
GetDesktopWindow
GetWindowThreadProcessId
TrackPopupMenu
GetSubMenu
DeleteMenu
LoadMenuW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
ScreenToClient
GetCursorPos
CharNextW
LoadIconW
CopyRect
UpdateLayeredWindow
GetSystemMetrics
SetCursor
LoadImageW
LoadCursorW
PtInRect
wsprintfW
PostThreadMessageW
UnregisterClassW
InvalidateRect
SystemParametersInfoW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
DestroyMenu
IsWindowVisible
SendMessageW
SetTimer
KillTimer
FindWindowExW
EnableWindow
EndPaint
GetWindowRect
GetWindowDC
PostMessageW
GetParent
GetClientRect
BeginPaint
GetDC
RegisterClassExW
GetWindowLongW
CreateWindowExA
ReleaseDC
SetWindowLongW
SetWindowPos
ShowWindow
IsWindow
EqualRect
ReleaseCapture
DefWindowProcW
MoveWindow
GetSysColorBrush
CharUpperW
ClientToScreen

gdi32

ExtSelectClipRgn
SetWindowExtEx
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
GetWindowExtEx
GetViewportExtEx
ScaleViewportExtEx
SetViewportExtEx
GetStockObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteDC
CreateDIBSection
GetDeviceCaps
BitBlt
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
PtVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

UrlUnescapeW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFileExistsW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoCreateInstance
OleSetContainedObject
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoUninitialize
OleRun
OleDraw
OleCreate
CoGetClassObject

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysStringLen
VarUI4FromStr
VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

gdiplus

GdipCreatePath
GdipDeletePath
GdipGetFontSize
GdipAddPathString
GdipGetFamily
GdipGetFontStyle
GdipGetPathWorldBounds
GdipDrawRectangleI
GdipDeleteStringFormat
GdipCreatePen1
GdipCreateStringFormat
GdipFillRectangleI
GdipSetSolidFillColor
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateImageAttributes
GdipCreateFont
GdipDisposeImageAttributes
GdipCreateSolidFill
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDrawImageRectRect
GdipDeleteBrush
GdipDeletePen
GdipCloneBrush
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetImageAttributesWrapMode
GdipSetStringFormatAlign
GdipDeleteFontFamily

ws2_32

gethostbyname
send
connect
select
WSAGetLastError
htons
recv
socket
__WSAFDIsSet
closesocket
WSAStartup

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unistall.exe
.exe windows:5 windows x86 arch:x86

dee4cacb71631970321dfda41bd99f22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\svn_超哥\unist\Release\unist.pdb

Imports

kernel32

GetStartupInfoW
Sleep
ExitProcess
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileTime
GetFileSizeEx
GetModuleHandleA
CompareStringA
InterlockedExchange
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryA
GetVersionExA
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GlobalAddAtomW
GlobalFlags
lstrcmpW
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
lstrlenA
lstrcmpA
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
FreeResource
GetTickCount
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
MulDiv
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
WriteFile
WideCharToMultiByte
CreateFileW
GetLastError
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetPrivateProfileStringW
IsDebuggerPresent
GetModuleFileNameW

user32

DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CharUpperW
ClientToScreen
GetClassNameW
MessageBeep
IsChild
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
ReleaseCapture
GetDesktopWindow
SetCapture
InvalidateRgn
InvalidateRect
GetClientRect
GetWindowRect
EqualRect
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
PtInRect
CopyRect
CharNextW
GetFocus
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
LoadStringW
GetMessageW
GetDlgItem
PostThreadMessageW
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
GetWindowThreadProcessId
CreateDialogIndirectParamW
SendMessageW
GetWindowLongW
DestroyMenu
GetWindowDC
CheckMenuItem
GrayStringW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
MessageBoxW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
RegisterClipboardFormatW
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
GetWindowTextW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetMenu

gdi32

ExtSelectClipRgn
DeleteDC
GetMapMode
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetObjectW
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegOpenKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
OleUninitialize

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
VariantInit

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gameyxdown.dat
JingLingBaoKeMengPiKaQiu_chs_setup/安装说明.txt
JingLingBaoKeMengPiKaQiu_chs_setup/游迅网.url
.url
JingLingBaoKeMengPiKaQiu_chs_setup/点击使用.exe
.exe windows:5 windows x86 arch:x86

a61e1a6bd89891db55e6a2a47c5a5158

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\yxbox\trunk\bin\Win32\Release\build\GameGuide\点此安装.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dbghelp

MiniDumpWriteDump

kernel32

GlobalAddAtomW
MulDiv
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
FileTimeToLocalFileTime
GetModuleHandleA
LocalAlloc
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
UnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
ExitThread
ConvertDefaultLocale
GetConsoleCP
GetConsoleMode
GetFileType
GetProcessHeap
SetStdHandle
RtlUnwind
ExitProcess
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
EnumResourceLanguagesW
lstrcmpA
SetLastError
CompareStringA
InterlockedExchange
lstrcmpW
LocalFree
FormatMessageW
TerminateProcess
GetStdHandle
FindNextFileW
SetEndOfFile
GetFullPathNameW
SetFileTime
ResumeThread
Sleep
SetFileAttributesW
GlobalFree
CreateDirectoryA
GetSystemTimeAsFileTime
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
SetFilePointer
GetFileSize
FindClose
FindFirstFileW
FreeLibrary
SetErrorMode
WideCharToMultiByte
GetStartupInfoW
ReadFile
LoadLibraryW
GetTickCount
lstrlenA
GetShortPathNameW
GetProcAddress
GetLastError
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
GetModuleHandleW
FreeResource
CreateThread
DeleteFileW
GetDiskFreeSpaceExW
GlobalUnlock
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
lstrcpynW
CopyFileW
GlobalAlloc
WriteFile
GetPrivateProfileStringW
WaitForSingleObject
GlobalLock
CreateDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
LockResource
CreateFileW
SizeofResource
GetCurrentProcess
SetUnhandledExceptionFilter
LoadResource
FindResourceW
GetCommandLineW
GlobalDeleteAtom
GetLocaleInfoW
GetCurrentThread
InterlockedCompareExchange
HeapReAlloc

user32

CharNextW
GetSysColorBrush
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
UnregisterClassW
SendDlgItemMessageW
RegisterClipboardFormatW
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
MessageBoxW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SetCapture
SetFocus
GetWindowLongW
DestroyMenu
PostThreadMessageW
SetWindowLongW
ReleaseCapture
CallWindowProcW
DefWindowProcW
PtInRect
SetRectEmpty
IsRectEmpty
IsWindow
GetWindowThreadProcessId
GetDesktopWindow
wsprintfW
SetWindowRgn
GetWindowRect
CopyRect
SetRect
IsWindowVisible
SetCursor
SetTimer
ScreenToClient
PostMessageW
KillTimer
LoadCursorW
GetClientRect
LoadIconW
InvalidateRect
GetCursorPos
GetSystemMetrics
SendMessageW
EnableWindow
UpdateWindow
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
GetDlgItem

gdi32

GetStockObject
CreateFontIndirectW
CreateRectRgnIndirect
ExtSelectClipRgn
Escape
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtTextOutW
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetClipBox
OffsetViewportOrgEx
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
SetViewportOrgEx
BitBlt
CreateCompatibleDC
GetMapMode
CreateCompatibleBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
SelectObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

InitializeSecurityDescriptor
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueExW

shell32

SHBrowseForFolderW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW

comctl32

_TrackMouseEvent

shlwapi

ord156
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantChangeType
SysStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
VariantInit

gdiplus

GdipDeleteBrush
GdipCloneBrush
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateSolidFill
GdipCreateFont
GdipDrawString
GdipFillRectangle
GdipCreateFontFamilyFromName
GdipFillRectangleI
GdipDrawImageRectRect
GdipDeletePen
GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdipSetTextRenderingHint
GdipSetImageAttributesWrapMode
GdipCloneImage
GdipSetStringFormatAlign
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetSolidFillColor
GdipCreateStringFormat
GdipGetImageWidth
GdipCreatePen1
GdipDeleteStringFormat
GdipDrawRectangleI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipDeletePath
GdipCreatePath
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 411KB - Virtual size: 1.5MB

Size: 20KB - Virtual size: 40KB

Size: 22KB - Virtual size: 2.0MB

Size: 32KB - Virtual size: 168KB

.rsrc Size: 48KB - Virtual size: 48KB

.data Size: 138KB - Virtual size: 140KB

.adata Size: - Virtual size: 4KB

82dc00c29a6aea96c6ff9b7fcd4e6e2a

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 607KB - Virtual size: 606KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 29KB - Virtual size: 54KB

.rsrc Size: 95KB - Virtual size: 95KB

.reloc Size: 41KB - Virtual size: 41KB

4ad702c5b52ccad8eadf5fceb4ad5bd4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

psapi

dbghelp

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 186KB - Virtual size: 186KB

.data Size: 44KB - Virtual size: 63KB

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 80KB - Virtual size: 80KB

dee4cacb71631970321dfda41bd99f22

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.rsrc
Size: 48KB - Virtual size: 48KB

.data
Size: 138KB - Virtual size: 140KB

.adata
Size: - Virtual size: 4KB

.text
Size: 607KB - Virtual size: 606KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 29KB - Virtual size: 54KB

.rsrc
Size: 95KB - Virtual size: 95KB

.reloc
Size: 41KB - Virtual size: 41KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 44KB - Virtual size: 63KB

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 80KB - Virtual size: 80KB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 10KB - Virtual size: 26KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 33KB - Virtual size: 33KB

.text
Size: 461KB - Virtual size: 460KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 15KB - Virtual size: 32KB

.rsrc
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 63KB - Virtual size: 63KB