00f1cbccb798a9be15430f6a328e5b5e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

00f1cbccb798a9be15430f6a328e5b5e_JaffaCakes118
Size

1.1MB
MD5

00f1cbccb798a9be15430f6a328e5b5e
SHA1

294d6a637ff4a3c9e0fde017b6ca9a52b10c316d
SHA256

dba76d20514fc25cf7ae138876d81a1731eececa95fddde7a10bb3d5a04104a8
SHA512

2af64bf5ad66bc6add86ca5377e2d40ddffcae27fe3fa0f923a06f0e9ed423019582611f8e25648e76193d11316112bf1cfdde51dc95c84f1760101353f34ad8
SSDEEP

24576:ZXmWdMtNdhFFNwEIucdL60JtG7WU7YEW7yz489S9RGkWCj4NXS+:9FkwPdLrJc7W6WfLGTCj4NXt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/StationRipper/keygen.exe	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/StationRipper/AtomicParsley.exe
unpack001/StationRipper/LastFMConsole.exe
unpack001/StationRipper/PodCastConsole.exe
unpack001/StationRipper/StationRipper.exe
unpack001/StationRipper/StationRipperConsole.exe
unpack001/StationRipper/StationRipper_Danish.dll
unpack001/StationRipper/StationRipper_French.dll
unpack001/StationRipper/StationRipper_German.dll
unpack001/StationRipper/StationSniffer.exe
unpack001/StationRipper/keygen.exe
unpack002/out.upx

Files

00f1cbccb798a9be15430f6a328e5b5e_JaffaCakes118
.rar
StationRipper/AtomicParsley.exe
.exe windows:4 windows x86 arch:x86

2452071c1a69b528aa9ee02fba131c2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
WriteFile
WideCharToMultiByte
SetConsoleCP
GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
GetFileType
GetStdHandle
GetVersion
HeapFree
HeapAlloc
GetLastError
MultiByteToWideChar
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MoveFileA
MoveFileW
DeleteFileW
DeleteFileA
SetConsoleCtrlHandler
GetProcAddress
GetModuleHandleA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ReadFile
GetVersionExW
GetFullPathNameW
GetCurrentDirectoryA
CloseHandle
FlushFileBuffers
GetFileAttributesA
GetFileAttributesW
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
RtlUnwind
GetModuleFileNameA
SetStdHandle
GetCurrentDirectoryW
LCMapStringA
LCMapStringW
CreateFileA
CreateFileW
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateProcessW
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
LoadLibraryA
GetFullPathNameA
GetDriveTypeA
SetEndOfFile
SetEnvironmentVariableW
FindFirstFileA

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StationRipper/LastFMConsole.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StationRipper/LastFMConsole.exe.config
StationRipper/MM_AddTrack.vbs
.vbs
StationRipper/PodCastConsole.exe
.exe windows:4 windows x86 arch:x86

e43b1ce81216bbc8aef57925d91cdf83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetVersion
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
IsBadReadPtr
RaiseException
HeapAlloc
HeapFree
SetStdHandle
GetFileType
GetTimeZoneInformation
GetACP
HeapReAlloc
HeapSize
GlobalFlags
SetHandleCount
GetStdHandle
GetStartupInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
WaitForSingleObject
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
GetFileTime
GetFileSize
GetFileAttributesA
lstrcatA
SetErrorMode
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
LocalFree
LocalAlloc
FreeLibrary
EnterCriticalSection
SetLastError
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
GetModuleHandleA
CreateDirectoryA
Sleep

user32

ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadIconA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
GetMenu
GetSubMenu
GetMenuItemID
GetDlgItem
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
SendMessageA
FindWindowA
wsprintfA
CharUpperA
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetSystemMetrics
EnableWindow
MessageBoxA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
PostQuitMessage
PostMessageA
LoadStringA
UnhookWindowsHookEx
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
RegisterClassA

gdi32

PtVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GetDeviceCaps
RectVisible
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocStringLen
SysFreeString

wininet

InternetGetLastResponseInfoA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StationRipper/StationRipper.exe
.exe windows:4 windows x86 arch:x86

6eb552af501375f32771da4fc558c6ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA
timeGetTime

kernel32

CreateThread
ExitThread
GetFileInformationByHandle
PeekNamedPipe
GetFileType
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
GetACP
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
SetHandleCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExA
GetVersion
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
GetCPInfo
LockResource
LoadResource
FindResourceA
lstrcmpiA
GetLocalTime
Sleep
GlobalUnlock
GlobalLock
CreateProcessA
ReadFile
CloseHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
GetFileAttributesA
GetModuleFileNameA
lstrcmpA
FindClose
FindNextFileA
FindFirstFileA
GetExitCodeThread
LocalFree
FormatMessageA
CreateEventA
GlobalFree
MulDiv
ResumeThread
GlobalAlloc
SizeofResource
WaitForSingleObject
ResetEvent
SetEvent
TerminateProcess
OutputDebugStringA
CopyFileA
DeleteFileA
lstrcpyA
WinExec
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
GetSystemTime
GetTimeZoneInformation
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
GetOEMCP
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
GetProfileIntA
GetCurrentThread
LocalAlloc
GetFileTime
GetFileSize
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
LoadLibraryA
CreateDirectoryA
SetEndOfFile
SetFilePointer
CreateFileA
SetLastError
lstrcpynA
InterlockedExchange
GetProfileStringA
GetFullPathNameA
GetVolumeInformationA
MoveFileA
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GlobalSize
GlobalReAlloc
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrA
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
SuspendThread
GlobalDeleteAtom
SetThreadPriority
FreeLibrary
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA

user32

GetClassNameA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
CharUpperA
CharNextA
EndDialog
CreateDialogIndirectParamA
LoadStringA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
PtInRect
SetRectEmpty
ValidateRect
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
MessageBoxA
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetWindowPos
GetWindowPlacement
IntersectRect
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
DestroyMenu
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
LoadMenuA
KillTimer
RegisterWindowMessageA
IsIconic
DrawIcon
SetWindowLongA
GetSystemMenu
SetTimer
LoadIconA
GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
SetCapture
CopyAcceleratorTableA
MessageBeep
SetParent
ReleaseCapture
GetCapture
GetCursorPos
IsWindow
TranslateMessage
DispatchMessageA
GetMessageA
wsprintfW
FindWindowExA
FindWindowA
PostThreadMessageA
EnableScrollBar
ShowScrollBar
GetWindow
UpdateWindow
LoadCursorA
FrameRect
LoadImageA
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
EnableWindow
GrayStringA
TabbedTextOutA
GetSubMenu
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
RegisterClipboardFormatA
GetLastActivePopup
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
PostMessageA
IsWindowUnicode
DefDlgProcA
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
IsChild

gdi32

CombineRgn
CreateRectRgn
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextColor
GetBkColor
GetTextMetricsA
LPtoDP
CopyMetaFileA
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
GetDeviceCaps
GetBkMode
CreatePen
GetTextExtentPointA
CreateDIBitmap
CreateSolidBrush
CreateFontIndirectA
BitBlt
CreateCompatibleDC

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueA
RegCloseKey

shell32

DragAcceptFiles
Shell_NotifyIconA
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA
DragFinish
SHFileOperationA
ShellExecuteA
ShellExecuteExA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ord17

oledlg

ord8

ole32

CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
OleGetClipboard
CLSIDFromProgID
CLSIDFromString
OleFlushClipboard
CoLockObjectExternal
RevokeDragDrop
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemAlloc
OleDuplicateData
OleIsCurrentClipboard
RegisterDragDrop
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject

olepro32

ord251
ord253

oleaut32

SysStringLen
VariantTimeToSystemTime
VarDateFromStr
SysFreeString
VariantCopy
VariantInit
SysAllocString
VariantChangeType
SysAllocStringLen
SysAllocStringByteLen
VariantClear

odbc32

ord2
ord72
ord4
ord48
ord49
ord20
ord17
ord59
ord8
ord44
ord19
ord46
ord12
ord68
ord41
ord10
ord1
ord50
ord45
ord51
ord15
ord9
ord14
ord3
ord11
ord18
ord13
ord61
ord16
ord5

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionExA
InternetSetStatusCallback
InternetSetFilePointer
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetQueryOptionA

Exports

Exports

??0Lock@@QAE@AAVSync@@@Z
??0Sync@@QAE@XZ
??1Lock@@QAE@XZ
??1Sync@@QAE@XZ
??4Sync@@QAEAAV0@ABV0@@Z
?Lock@Sync@@QAEXXZ
?Release@Sync@@QAEXXZ

Sections

.text
Size: 816KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 712KB - Virtual size: 709KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StationRipper/StationRipper.url
StationRipper/StationRipperConsole.exe
.exe windows:4 windows x86 arch:x86

86004540b196dcde6cf54da3bfa0c6a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
WSAGetLastError
WSASetLastError
setsockopt
accept
ntohs
inet_ntoa
listen
ioctlsocket
send
select
recv
socket
htonl
htons
bind
WSACleanup
closesocket
inet_addr
gethostbyname
WSAStartup

kernel32

TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
SetLastError
GetProcAddress
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
FreeLibrary
LoadLibraryA
GetProcessVersion
GetCurrentProcess
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFullPathNameA
GetCPInfo
GetOEMCP
EnterCriticalSection
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
SetConsoleCtrlHandler
RtlUnwind
HeapAlloc
HeapFree
GetDriveTypeA
CreateThread
ExitThread
HeapReAlloc
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
OutputDebugStringA
ResumeThread
lstrcpynA
GetModuleFileNameA
lstrcpyA
lstrcatA
SetErrorMode
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GenerateConsoleCtrlEvent
TerminateProcess
PeekNamedPipe
ReadFile
CreatePipe
SetHandleInformation
CreateProcessA
SetEvent
ResetEvent
CreateEventA
WaitForSingleObject
FindFirstFileA
FindNextFileA
FindClose
WriteFile
DeleteFileA
CreateFileA
CloseHandle
MoveFileA
GetLastError
FormatMessageA
LocalFree
GetCommandLineA
GetModuleHandleA
Sleep
InterlockedExchange
CreateDirectoryA
DebugBreak

user32

SystemParametersInfoA
SetWindowPos
SetWindowLongA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
IsIconic
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
PostMessageA
PostQuitMessage
FindWindowA
SendMessageA
RegisterWindowMessageA
GetWindowPlacement
ShowWindow
GetSystemMetrics
GetParent

gdi32

TextOutA
RectVisible
PtVisible
DeleteDC
DeleteObject
ExtTextOutA
GetObjectA
Escape
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StationRipper/StationRipper_Art.bmp
StationRipper/StationRipper_Danish.dll
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StationRipper/StationRipper_French.dll
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StationRipper/StationRipper_German.dll
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 624KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StationRipper/StationSniffer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\stuff\rs\TheRipper\StationSniffer\obj\Release\StationSniffer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StationRipper/keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StationRipper/parse_rules.txt
StationRipper/sr_local.htm
.html
StationRipper/stationripper.mdb
StationRipper/stationripper_small_1.10.jpg
.jpg
StationRipper/tips.txt
StationRipper/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

2452071c1a69b528aa9ee02fba131c2e

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 152KB - Virtual size: 149KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 64KB - Virtual size: 130KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 31KB - Virtual size: 31KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 512B - Virtual size: 12B

e43b1ce81216bbc8aef57925d91cdf83

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

ole32

oleaut32

wininet

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 160B

6eb552af501375f32771da4fc558c6ba

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

odbc32

wininet

Exports

Exports

Sections

.text Size: 816KB - Virtual size: 812KB

.rdata Size: 164KB - Virtual size: 160KB

.data Size: 208KB - Virtual size: 385KB

.rsrc Size: 712KB - Virtual size: 709KB

86004540b196dcde6cf54da3bfa0c6a9

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 64KB - Virtual size: 130KB

.text
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 160B

.text
Size: 816KB - Virtual size: 812KB

.rdata
Size: 164KB - Virtual size: 160KB

.data
Size: 208KB - Virtual size: 385KB

.rsrc
Size: 712KB - Virtual size: 709KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 16KB - Virtual size: 365KB

.rsrc
Size: 4KB - Virtual size: 160B

.text
Size: 4KB - Virtual size: 508B

.rdata
Size: 4KB - Virtual size: 289B

.data
Size: 4KB - Virtual size: 76B

.rsrc
Size: 480KB - Virtual size: 477KB

.reloc
Size: 4KB - Virtual size: 432B

.text
Size: 4KB - Virtual size: 508B

.rdata
Size: 4KB - Virtual size: 289B

.data
Size: 4KB - Virtual size: 76B

.rsrc
Size: 628KB - Virtual size: 626KB

.reloc
Size: 4KB - Virtual size: 432B

.text
Size: 4KB - Virtual size: 508B

.rdata
Size: 4KB - Virtual size: 289B

.data
Size: 4KB - Virtual size: 76B

.rsrc
Size: 624KB - Virtual size: 621KB

.reloc
Size: 4KB - Virtual size: 432B

.text
Size: 93KB - Virtual size: 92KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 108KB

UPX1
Size: 37KB - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 29KB

.rsrc
Size: 84KB - Virtual size: 84KB