01f7e1f9cf0a45bc9fa80bbe9ae4e676_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01f7e1f9cf0a45bc9fa80bbe9ae4e676_JaffaCakes118
Size

650KB
MD5

01f7e1f9cf0a45bc9fa80bbe9ae4e676
SHA1

97f135ca12d004702993cd14f83dc2e86623a0c4
SHA256

ac73f4a443ce1850c93afc1c7ffd36bd7fd181905f206ff7a3439745408f2b56
SHA512

efa60e890eba9f9a4bbb1a57e0db27eb9dc03747c9b40965e255ea7534873e144655d48ea7579532dd08aee7dfa1ef1df332596bd71122fad944787079583b38
SSDEEP

12288:Dkebwynb8WBnA5YPFVqRuu7ZS3tFThvasrOBHb+aClrSliInB5+YkOEV:DkebGvcFgHmasrWHb+j+UmB4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
01f7e1f9cf0a45bc9fa80bbe9ae4e676_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/Ktobj.dll
unpack001/$SYSDIR/Log.dll
unpack001/$SYSDIR/Update.dll
unpack001/$SYSDIR/lrcsys.exe
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack001/kooting.exe
unpack001/ktengine.dll
unpack001/lidx.dll
unpack001/update/Undate.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1

Files

01f7e1f9cf0a45bc9fa80bbe9ae4e676_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf730599ca246ea6f6df7d7646cab285

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/Ktcmd.img
$SYSDIR/Ktlog.img
$SYSDIR/Ktobj.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d1de853b780ce56575114ca564c46546

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\working\MediaClient\src\MediaClient\HelperOBJ\Release\HelperOBJ.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
lstrcpynA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
RaiseException
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CreateThread
CloseHandle
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedDecrement
InterlockedExchange
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
WriteFile
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Log.dll
.dll regsvr32 windows:4 windows x86 arch:x86

08efa82a5d0394910e8352d58c447d85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\working\MediaClient\src\MediaClient\LogService\Release\LogService.pdb

Imports

kernel32

lstrlenW
lstrcmpiA
lstrlenA
WriteFile
SetFilePointer
CloseHandle
CreateFileA
TerminateThread
GetExitCodeThread
WaitForSingleObject
CreateThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetCurrentThreadId
GetPrivateProfileStringA
FindResourceA
FindFirstFileA
FindClose
SetFileAttributesA
CreateDirectoryA
CreateMutexA
ReleaseMutex
LocalFree
FormatMessageA
GetLocalTime
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
VirtualFree
SetEndOfFile
GetLocaleInfoW
ReadFile
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
LoadResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemDirectoryA
InterlockedExchange
HeapCreate
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetOEMCP
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
SetUnhandledExceptionFilter
GetCurrentProcessId
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetTickCount

user32

CharNextA

advapi32

SetSecurityDescriptorDacl
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteValueA
InitializeSecurityDescriptor

ole32

CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocStringByteLen
SysStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantClear

shlwapi

PathFindExtensionA

wininet

InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetAttemptConnect
InternetSetOptionA
InternetConnectA
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Update.dll
.dll windows:4 windows x86 arch:x86

b4205391d500e47e692bb9dca77765d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\working\MediaClient\src\MediaClient\Update\Release\Update.pdb

Imports

ws2_32

gethostname
gethostbyname
inet_ntoa
WSAStartup

iphlpapi

GetAdaptersInfo

kernel32

GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
DeleteFileA
MoveFileA
GetTempPathA
CloseHandle
TerminateThread
GetExitCodeThread
WaitForSingleObject
CreateThread
WriteFile
SetFilePointer
GetFileAttributesExA
CreateFileA
WaitForMultipleObjects
InterlockedDecrement
CreateMutexA
WritePrivateProfileSectionA
GetLocaleInfoA
GetLocalTime
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetUserDefaultLCID
WritePrivateProfileStringA
GetModuleFileNameA
GlobalMemoryStatus
CreateProcessA
GetCurrentThreadId
GetPrivateProfileStringA
MoveFileExA
FindClose
GetFileAttributesA
FindNextFileA
SetFileAttributesA
CreateDirectoryA
ReleaseMutex
LocalFree
FormatMessageA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetACP
InterlockedExchange
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
GetPrivateProfileSectionA
SetLastError
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
TlsAlloc
GetOEMCP
GetFileType
GetStdHandle
SetHandleCount
ReadFile
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
VirtualFree
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
ResumeThread
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate

advapi32

RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

shell32

SHGetFolderPathA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantClear
SysAllocString

wininet

InternetSetOptionA
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

BeginUpdate
BeginUpdate2

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/lrcsys.exe
.exe windows:4 windows x86 arch:x86

a90695606c168dc74ff90837b8ba6d0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\working\CommonModule\bin\Release\BHOExe.pdb

Imports

kernel32

CreateDirectoryA
CopyFileA
WritePrivateProfileStringA
DeleteFileA
RemoveDirectoryA
ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetFilePointer
HeapAlloc
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
SetStdHandle
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo
CloseHandle

advapi32

RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugin.ini
Uninstall.exe
.exe windows:4 windows x86 arch:x86

bf730599ca246ea6f6df7d7646cab285

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
face/kwc.img
kooting.exe
.exe windows:4 windows x86 arch:x86

c4ed3b9cd9b3257f6af7bb2aabd89acb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\Cvs\MediaDeliver\src\KootingPlayer2\Release\KootingPlayer2.pdb

Imports

kernel32

UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
GetTimeZoneInformation
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
HeapSize
TerminateProcess
HeapReAlloc
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
ExitThread
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
SetErrorMode
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
MoveFileA
GetCurrentDirectoryA
SystemTimeToFileTime
GetOEMCP
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedIncrement
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersion
InterlockedExchange
lstrcatA
lstrcmpW
GetModuleHandleA
RaiseException
InterlockedDecrement
SetLastError
MulDiv
GlobalAlloc
GlobalLock
lstrcpynA
CreateDirectoryA
GetModuleFileNameA
CreateProcessA
GetCurrentThreadId
GetStringTypeExA
CompareStringW
CompareStringA
GetSystemTime
FileTimeToSystemTime
GetFileAttributesExA
SetFilePointer
WriteFile
DeleteFileA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetEvent
ResetEvent
Sleep
GetTickCount
FormatMessageA
LocalFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
CreateFileA
GetLastError
GlobalUnlock
GlobalFree
UnmapViewOfFile
CloseHandle
lstrlenW
GetCPInfo
FreeResource
lstrlenA
lstrcmpiA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
IsBadCodePtr

user32

DrawIcon
PostThreadMessageA
MessageBeep
InvalidateRgn
CopyAcceleratorTableA
LoadMenuA
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
DestroyCursor
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
wsprintfA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
SetMenuItemBitmaps
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
ScrollWindow
MessageBoxA
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
SetWindowPos
IntersectRect
IsIconic
GetWindowPlacement
EndPaint
BeginPaint
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
PeekMessageA
ValidateRect
UnhookWindowsHookEx
GetMenuStringA
DestroyMenu
InflateRect
GetNextDlgGroupItem
WindowFromPoint
GetCapture
CharUpperA
SetFocus
SetRectEmpty
CallWindowProcA
GetScrollInfo
SetParent
GetWindow
IsWindowVisible
PostMessageA
IsRectEmpty
KillTimer
GetParent
FindWindowA
SendMessageTimeoutA
DrawFocusRect
GetKeyState
ReleaseCapture
ShowCursor
SetCapture
MapWindowPoints
RedrawWindow
ClientToScreen
SetWindowRgn
IsZoomed
SetMenu
SetTimer
InvalidateRect
GetTabbedTextExtentA
GetDCEx
LockWindowUpdate
GetCursorPos
ScreenToClient
EnableMenuItem
LoadCursorA
SetCursor
UpdateWindow
TranslateMessage
DispatchMessageA
IsWindow
GetFocus
GetWindowDC
GetWindowRect
PtInRect
GetWindowLongA
SetWindowLongA
OffsetRect
EnableWindow
GetClientRect
SendMessageA
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
DrawIconEx
SetScrollInfo
DestroyIcon
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
ReleaseDC
GetDC
RemoveMenu
ModifyMenuA
InsertMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
DeleteMenu
CreatePopupMenu
CreateMenu
DrawEdge
LoadBitmapA
GetSysColorBrush
FillRect
GetSysColor
CopyRect
SetRect
TrackPopupMenu

gdi32

ExtSelectClipRgn
SelectClipRgn
CreatePatternBrush
CreateBitmap
GetCharWidthA
CreateFontA
CreateRectRgnIndirect
SetRectRgn
GetMapMode
GetBkColor
GetTextColor
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
CreateEllipticRgn
GetNearestColor
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetWindowOrgEx
StretchBlt
DPtoLP
OffsetRgn
CreateRectRgn
CombineRgn
StretchDIBits
SelectPalette
LPtoDP
GetViewportOrgEx
CreatePalette
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocA
GetWindowExtEx
GetViewportExtEx
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
GetStockObject
GetRgnBox
BitBlt
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
PatBlt
Rectangle
Ellipse
GetBkMode
GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
CreatePen
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteDC
DeleteObject
CreateSolidBrush
GetTextMetricsA

msimg32

TransparentBlt

comdlg32

CommDlgExtendedError
PrintDlgA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetJobA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegOpenCurrentUser
RegSetValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegQueryValueExA

shell32

DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
ShellExecuteA

comctl32

ord17
ImageList_Draw
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragLeave
_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_GetIcon
ImageList_GetImageInfo

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleUninitialize

oleaut32

SysFreeString
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

ws2_32

WSAWaitForMultipleEvents
WSAGetOverlappedResult
WSAResetEvent
connect
select
WSARecv
WSAGetLastError
htons
htonl
gethostbyname
inet_addr
gethostbyaddr
setsockopt
ioctlsocket
WSAStartup
WSASend
closesocket
shutdown
WSASocketA
WSACloseEvent
WSACreateEvent

Sections

.text
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ktengine.dll
.dll windows:4 windows x86 arch:x86

ec7c0267b4a80e6e3db84319477958b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\Cvs\MediaDeliver\src\p2pclientdll\Release_kootingdll\kootingdll.pdb

Imports

ws2_32

setsockopt
ioctlsocket
recvfrom
gethostbyaddr
inet_addr
gethostbyname
gethostname
WSAEnumNetworkEvents
WSAEventSelect
ntohl
WSAStartup
sendto
socket
accept
WSACloseEvent
WSACreateEvent
shutdown
closesocket
WSASend
WSARecv
WSAWaitForMultipleEvents
WSAGetOverlappedResult
WSAResetEvent
connect
getsockname
select
bind
listen
WSASocketA
WSAGetLastError
htons
htonl

iphlpapi

GetAdaptersInfo

kernel32

GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualQuery
GetSystemInfo
VirtualProtect
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
UnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
Sleep
InitializeCriticalSection
DeleteCriticalSection
GetOverlappedResult
GetLastError
WriteFile
ResetEvent
CloseHandle
ReadFile
CreateEventA
GetFileSize
CreateFileA
SetEvent
WaitForSingleObject
TryEnterCriticalSection
InterlockedDecrement
GetLocalTime
CreateSemaphoreA
ExitProcess
CreateMutexA
GetVersion
GetStringTypeW
GetModuleFileNameA
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileAttributesExA
ReleaseSemaphore
GetSystemDirectoryA
TerminateThread
CreateProcessA
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
FindNextFileA
FindClose
FindFirstFileA
CreateDirectoryA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcessId
HeapSize
HeapReAlloc
FlushFileBuffers
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
SetStdHandle
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
FreeConsole
TlsAlloc
SetUnhandledExceptionFilter
GetCPInfo
LCMapStringW
LCMapStringA
HeapFree
InterlockedIncrement
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
lstrlenA
LocalFree
RaiseException
RtlUnwind
ExitThread
CreateThread
HeapAlloc

user32

LoadCursorA
RegisterClassExA
DefWindowProcA
FindWindowA
PostMessageA
SendMessageTimeoutA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
LoadIconA

advapi32

RegOpenKeyA
RegCreateKeyExA
StartServiceA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegisterServiceCtrlHandlerA
CreateServiceA
ChangeServiceConfigA
SetServiceStatus
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService
DeleteService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
VariantClear
SysAllocString

Exports

Exports

InstallSVCHostService
ServiceHandler
ServiceMain
StartSVCHostService
StopSVCHostService
UnInstallSVCHostService

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lidx.dll
.dll windows:4 windows x86 arch:x86

dc5fbd8367a9787c2ed0361865278bd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\Cvs\MediaDeliver\src\localIndex\Release\localIndex.pdb

Imports

ws2_32

WSAStartup
inet_addr
gethostbyname
htons
socket
connect
ntohs
inet_ntoa
send
closesocket

kernel32

GetModuleHandleA
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
SetEnvironmentVariableA
CompareStringW
CompareStringA
InitializeCriticalSection
CloseHandle
TerminateThread
Sleep
LeaveCriticalSection
CancelIo
EnterCriticalSection
PostQueuedCompletionStatus
DeleteCriticalSection
InterlockedIncrement
ReadDirectoryChangesW
CreateIoCompletionPort
CreateFileA
InterlockedDecrement
WideCharToMultiByte
GetQueuedCompletionStatus
GetLocalTime
ReadFile
SetFilePointer
GetFileSize
GetModuleFileNameA
InterlockedExchange
RtlUnwind
RaiseException
ExitProcess
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
DeleteFileA
CreateDirectoryA
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
WriteFile
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
GetTimeZoneInformation
SetEndOfFile

Exports

Exports

AddItemToIndex
AddShareDirs
CloseLocalIndexer
QueryItem
RemoveIndexItem
RemoveShareDirs
SetShareDir
StartLocalIndexer

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
update/Undate.exe
.exe windows:4 windows x86 arch:x86

1bec43c6e62d9ad75892ecdf6aea3f2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\working\MediaClient\src\MediaClient\Undate\Release\Undate.pdb

Imports

kernel32

GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetSystemDirectoryA
CloseHandle
GetCurrentThreadId
MoveFileExA
FindFirstFileA
GetTempPathA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
MoveFileA
GetModuleHandleA
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
IsBadWritePtr
GetProcAddress
TerminateProcess
RaiseException
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetFilePointer
SetStdHandle
FlushFileBuffers
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcess
InterlockedExchange

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf730599ca246ea6f6df7d7646cab285

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 312KB

.rsrc Size: 16KB - Virtual size: 20KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

d1de853b780ce56575114ca564c46546

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 5KB

08efa82a5d0394910e8352d58c447d85

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 312KB

.rsrc
Size: 16KB - Virtual size: 20KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 14KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 312KB

.rsrc
Size: 16KB - Virtual size: 20KB