0fef1fb8a8083492c71625da541e4c6e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fef1fb8a8083492c71625da541e4c6e_JaffaCakes118
Size

1.4MB
MD5

0fef1fb8a8083492c71625da541e4c6e
SHA1

2eb7f37231f0a18dc1be19bafc5c0e2f77b605ae
SHA256

6b3c6b2da5bc0ccfffddec2d4e34eca7ac1106dcbdb8ec0c6940bf81dfcab60b
SHA512

3930f9badea8ecd4e901daf06abbe60fd90679a1e0ecc940502960b8bd4d5434a49042632cedc7e5942b0e1dd07fb808568aedbcd7a6de4c9a1c998becd7b62e
SSDEEP

24576:DJJrAfVqyFbzp5XdwT9gYj1W1CfbODsZLjJ97zM+ew1FmfIXOzCK/gmVPYZaRSqR:UIyFJwT9q1CfDPJ9PM+PXOzCuHfZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BT仓库/BTLocal.exe
unpack001/BT仓库/HttpDown.dll
unpack001/BT仓库/SiteMgr.dll
unpack001/BT仓库/myregexp.dll
unpack001/BT仓库/zlibwapi.dll

Files

0fef1fb8a8083492c71625da541e4c6e_JaffaCakes118
.rar
BT仓库/BTLocal.exe
.exe windows:4 windows x86 arch:x86

bd6df0a22f50d3cd4166e10c146448bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6242
ord613
ord5789
ord289
ord932
ord6648
ord6877
ord920
ord5933
ord3880
ord3425
ord3054
ord3810
ord3286
ord6762
ord3910
ord1168
ord3571
ord3626
ord3663
ord5785
ord4220
ord2584
ord3654
ord2438
ord2863
ord1644
ord1146
ord2860
ord2864
ord3370
ord567
ord2862
ord384
ord686
ord772
ord3701
ord500
ord1862
ord4083
ord5606
ord6142
ord2859
ord5875
ord4129
ord2763
ord4277
ord5683
ord2567
ord5788
ord2614
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord2096
ord2408
ord1175
ord539
ord2920
ord2012
ord3289
ord2120
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3395
ord3730
ord554
ord807
ord3693
ord3573
ord3619
ord940
ord5787
ord4133
ord4297
ord2764
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord5572
ord2919
ord472
ord6146
ord5883
ord1073
ord5860
ord1621
ord3986
ord5450
ord6394
ord5440
ord6383
ord4163
ord1949
ord4275
ord818
ord2152
ord1137
ord6215
ord5852
ord3495
ord6197
ord6379
ord1265
ord2233
ord3089
ord3092
ord6880
ord283
ord3220
ord5981
ord4287
ord4396
ord3574
ord809
ord609
ord556
ord4284
ord5053
ord3874
ord2122
ord4160
ord6358
ord1088
ord2575
ord3402
ord6663
ord4364
ord3583
ord620
ord298
ord4230
ord6335
ord1233
ord4076
ord2997
ord1709
ord5871
ord816
ord562
ord2681
ord6209
ord3103
ord2086
ord6449
ord2727
ord6467
ord2730
ord2729
ord5265
ord4998
ord2514
ord6052
ord1775
ord4425
ord3597
ord765
ord641
ord324
ord2302
ord4234
ord4710
ord6803
ord6785
ord6199
ord6710
ord3317
ord5280
ord3698
ord4376
ord4853
ord616
ord6283
ord6282
ord2513
ord293
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2642
ord810
ord3287
ord3398
ord3733
ord4000
ord6008
ord6508
ord6767
ord3337
ord6741
ord4224
ord5710
ord6597
ord6800
ord795
ord6241
ord3721
ord4614
ord4613
ord1942
ord4272
ord5259
ord2535
ord4532
ord3399
ord3734
ord303
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord5163
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord529
ord366
ord2627
ord6453
ord2117
ord4457
ord5252
ord1133
ord5030
ord2800
ord2626
ord3742
ord3610
ord656
ord3996
ord2100
ord2812
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord826
ord5301
ord617
ord5214
ord296
ord520
ord4159
ord6117
ord2621
ord1134
ord824
ord1199
ord1247
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord726
ord426
ord2251
ord2725
ord1223
ord1206
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1849
ord4244
ord2583
ord4403
ord5253
ord3998
ord3371
ord3641
ord1821
ord4611
ord4485
ord2539
ord3471
ord2002
ord5729
ord5196
ord5502
ord3446
ord3195
ord985
ord334
ord648
ord6069
ord2817
ord3019
ord2516
ord361
ord668
ord1980
ord3790
ord3181
ord4058
ord2781
ord2770
ord356
ord3811
ord2915
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6814
ord6846
ord6816
ord6815
ord6812
ord6856
ord6835
ord6817
ord4340
ord4347
ord4720
ord4889
ord4963
ord4960
ord6054
ord5281
ord1725
ord6691
ord6839
ord6858
ord6845
ord6614
ord6478
ord6514
ord6671
ord3005
ord2135
ord6699
ord832
ord936
ord4480
ord4400
ord3630
ord682
ord5786
ord2801
ord2740
ord3706
ord2580
ord2587
ord4406
ord3729
ord804
ord4267
ord3394
ord4271
ord2123
ord4125
ord3914
ord1929
ord6605
ord6904
ord6905
ord2108
ord2116
ord2078
ord2119
ord2714

msvcrt

_setmbcp
_CxxThrowException
atol
__CxxFrameHandler
_ftol
atof
strcmp
_mbscmp
memcpy
_access
strncpy
free
memset
malloc
wcscpy
wcslen
wcscmp
strlen
memmove
_mbsnbcpy
sprintf
sscanf
_atoi64
strchr
strstr
_purecall
atoi
time
memcmp
rand
_mbsstr
strcpy
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetShortPathNameA
HeapDestroy
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetCommandLineA
ReleaseMutex
CreateMutexA
GetFileSize
WritePrivateProfileStructA
GetPrivateProfileStructA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
CreateFileA
WriteFile
lstrcatA
MulDiv
lstrcpyA
WideCharToMultiByte
lstrcmpiA
FreeResource
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
GetVersion
GetVersionExA
GetTickCount
DeleteFileA
FormatMessageA
LocalAlloc
LocalFree
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetLastError
LeaveCriticalSection
EnterCriticalSection
WinExec
lstrcpynA
GetModuleHandleA
CloseHandle
GetStartupInfoA

user32

PostMessageA
LoadMenuA
GetSubMenu
EnableMenuItem
GetCursorPos
EnableWindow
KillTimer
SetTimer
GetDC
ReleaseDC
MessageBoxA
wsprintfA
LoadImageA
GetIconInfo
CreateIconIndirect
TrackPopupMenuEx
DestroyCursor
DestroyMenu
SetCapture
GetCapture
SetActiveWindow
RedrawWindow
UpdateWindow
GetWindowRect
FrameRect
SetCursor
IntersectRect
OffsetRect
SendMessageA
SetRectEmpty
PtInRect
IsRectEmpty
ReleaseCapture
LoadCursorA
GetDesktopWindow
RemoveMenu
ModifyMenuA
InsertMenuA
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
DeleteMenu
CreatePopupMenu
GetClientRect
ScreenToClient
InvalidateRect
IsWindowVisible
CheckMenuItem
CreateMenu
GrayStringA
TabbedTextOutA
DrawEdge
LoadBitmapA
GetSysColorBrush
FillRect
CopyRect
RegisterWindowMessageA
IsZoomed
IsIconic
WindowFromPoint
GetMenuItemInfoA
BroadcastSystemMessage
CharNextA
GetSysColor
SystemParametersInfoA
DestroyIcon
GetMenu
GetDlgCtrlID
LockWindowUpdate
GetDCEx
DrawFrameControl
IsWindow
GetWindowLongA
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
DrawStateA
InflateRect
MessageBeep
DrawIconEx
DrawTextA
GetSystemMetrics
SetRect
GetParent

gdi32

SetPixel
TextOutA
PatBlt
ExtTextOutA
GetTextExtentPoint32A
Escape
CreateHatchBrush
Rectangle
SetBkMode
GetPixel
GetGlyphOutlineA
GetStockObject
SetTextColor
SetBkColor
CreateBitmap
CreateFontA
CreateRectRgnIndirect
RoundRect
Ellipse
RectVisible
GetObjectA
PtVisible
CreateDIBSection
DeleteObject
DeleteDC
GetBkMode
GetDeviceCaps
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetTextExtentPoint32W
GetTextMetricsA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
StretchDIBits
CreateDIBitmap
SelectObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
ImageList_GetIconSize
_TrackMouseEvent

ole32

CoGetClassObject
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
CLSIDFromString

oleaut32

LoadTypeLi
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantChangeType
VariantInit
SysFreeString
GetErrorInfo
RegisterTypeLi

urlmon

CoInternetGetSession

winmm

sndPlaySoundA

httpdown

?Close@CDownManager@@QAEXXZ
?DownLoadFile@CDownManager@@QAEHPAD00@Z
??1CDownManager@@UAE@XZ
??0CDownManager@@QAE@XZ
?SetProxyInfo@CDownManager@@SAXPAU_tagProxyInfo@@@Z
?GetDownPercent@CDownManager@@QAEHXZ

sitemgr

CreateSitebyXml

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 908KB - Virtual size: 907KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BT仓库/HttpDown.dll
.dll windows:4 windows x86 arch:x86

0b45780e5bf08fc1855fbabea25a7f96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

sendto
WSASetLastError
htons
gethostbyname
setsockopt
getsockopt
ioctlsocket
accept
listen
shutdown
getsockname
getpeername
inet_ntoa
connect
WSAAsyncGetHostByName
WSAGetLastError
recvfrom
send
recv
closesocket
WSACancelAsyncRequest
bind
htonl
socket
WSAAsyncSelect
ntohs
inet_addr

zlibwapi

ord17
ord16
ord12

mfc42

ord1228
ord665
ord1979
ord353
ord4129
ord5683
ord6877
ord6662
ord858
ord6663
ord4278
ord540
ord1182
ord342
ord1253
ord825
ord823
ord2818
ord860
ord3584
ord543
ord803
ord537
ord800
ord535
ord939
ord940
ord941
ord1168

msvcrt

_except_handler3
?terminate@@YAXXZ
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_stricmp
sscanf
strncmp
time
srand
rand
strcmp
atoi
__CxxFrameHandler
strcpy
strlen
strncpy
strstr
memcmp
sprintf
memset
memcpy
strcat
_ftol
printf
_ltoa
_onexit

kernel32

WideCharToMultiByte
DeleteCriticalSection
GetModuleHandleA
GetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetLastError
FreeLibrary
GetTempPathA
DeleteFileA
InitializeCriticalSection
GetTickCount
LoadLibraryA
GetProcAddress

user32

PostMessageA
DestroyWindow
GetWindowLongA
DefWindowProcA
RegisterClassExA
CreateWindowExA
SetWindowLongA
MessageBoxA

Exports

Exports

??0CDownManager@@QAE@ABV0@@Z
??0CDownManager@@QAE@XZ
??0CEncoder@@QAE@ABV0@@Z
??0CEncoder@@QAE@XZ
??0CEscaper@@QAE@ABV0@@Z
??0CEscaper@@QAE@XZ
??1CDownManager@@UAE@XZ
??1CEncoder@@UAE@XZ
??1CEscaper@@UAE@XZ
??4CDownManager@@QAEAAV0@ABV0@@Z
??4CEncoder@@QAEAAV0@ABV0@@Z
??4CEscaper@@QAEAAV0@ABV0@@Z
??_7CDownManager@@6B@
??_7CEncoder@@6B@
??_7CEscaper@@6B@
?Close@CDownManager@@QAEXXZ
?DownLoadFile@CDownManager@@QAEHPAD00@Z
?GetDataBuf@CDownManager@@QAEPAEXZ
?GetDataLength@CDownManager@@QAEHXZ
?GetDownLength@CDownManager@@QAEHXZ
?GetDownPercent@CDownManager@@QAEHXZ
?GetProxyInfo@CDownManager@@SAPAU_tagProxyInfo@@XZ
?IsCanDownNow@CDownManager@@QAEHXZ
?ScriptDecoder@CEncoder@@SAHPAD0I@Z
?SetProxyInfo@CDownManager@@SAXPAU_tagProxyInfo@@@Z
?escape@CEscaper@@SA?AVCString@@V2@@Z
?hex@CEscaper@@0PAVCString@@A
?m_pProxyInfo@CDownManager@@0PAU_tagProxyInfo@@A
?m_staiDownCount@CDownManager@@0HA
?m_statmDown@CDownManager@@0KA
?unescape@CEscaper@@SA?AVCString@@V2@@Z
?val@CEscaper@@0PAEA

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BT仓库/SiteMgr.dll
.dll windows:4 windows x86 arch:x86

38f622dc2e30d3e2456e526b4ae39278

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord939
ord1168
ord1253
ord832
ord1182
ord3337
ord6663
ord6648
ord3811
ord6877
ord5933
ord938
ord936
ord836
ord354
ord5186
ord665
ord1979
ord922
ord535
ord537
ord5683
ord4129
ord924
ord2818
ord823
ord825
ord860
ord858
ord540
ord800
ord342

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_purecall
strlen
strcpy
__CxxFrameHandler
sprintf
??1type_info@@UAE@XZ
strncpy
tolower
strncmp
isspace
atoi
memset
time
_mbscmp
strstr
strchr
memcpy
_atoi64
sscanf
atof
isalnum
isalpha
fputs
_CxxThrowException
fprintf
fgets
fclose
ftell
fseek
fopen

kernel32

LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
CreateFileA
CloseHandle
GetModuleFileNameA
WritePrivateProfileStructA
GetPrivateProfileStructA
WritePrivateProfileStringA
WideCharToMultiByte
GetPrivateProfileStringA
lstrlenW
LocalFree
GetPrivateProfileSectionA

user32

SetTimer
KillTimer

oleaut32

CreateErrorInfo
SysFreeString
VariantChangeType
VariantClear
VariantCopy
VariantInit
GetErrorInfo
SetErrorInfo

httpdown

?GetDownPercent@CDownManager@@QAEHXZ
?GetDataBuf@CDownManager@@QAEPAEXZ
?GetDownLength@CDownManager@@QAEHXZ
?GetDataLength@CDownManager@@QAEHXZ
?Close@CDownManager@@QAEXXZ
?DownLoadFile@CDownManager@@QAEHPAD00@Z
??1CDownManager@@UAE@XZ
??0CDownManager@@QAE@XZ
?IsCanDownNow@CDownManager@@QAEHXZ

myregexp

CreateParse
DeleteParse

Exports

Exports

??0CControlIni@@QAE@ABV0@@Z
??0CControlIni@@QAE@XZ
??1CControlIni@@UAE@XZ
??4CControlIni@@QAEAAV0@ABV0@@Z
??_7CControlIni@@6B@
?GetFloat@CControlIni@@QAEMVCString@@0@Z
?GetSecString@CControlIni@@QAEHVCString@@PADH@Z
?GetStrFirstPart@CControlIni@@SAXAAVCString@@PAD@Z
?GetString@CControlIni@@QAEHVCString@@0AAV2@@Z
?GetString@CControlIni@@QAEHVCString@@0PADH@Z
?GetStruct@CControlIni@@QAEHVCString@@0PAXH@Z
?GetVal@CControlIni@@QAE_JVCString@@0HH@Z
?SetFileName@CControlIni@@QAEXVCString@@@Z
?WriteString@CControlIni@@QAEHVCString@@00@Z
?WriteString@CControlIni@@QAEHVCString@@0PAD@Z
?WriteStruct@CControlIni@@QAEHVCString@@0PAXH@Z
?WriteVal@CControlIni@@QAEHVCString@@0_JH@Z
CreateSitebyXml

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BT仓库/help.txt
BT仓库/kernel/btwuji.xml
.xml
BT仓库/kernel/dllmgr.ini
BT仓库/kernel/global.ini
BT仓库/kernel/greedland.xml
.xml
BT仓库/kernel/icefish.xml
.xml
BT仓库/kernel/kaicn.xml
.xml
BT仓库/kernel/ktxp.xml
.xml
BT仓库/kernel/popgo.xml
.xml
BT仓库/kernel/websdata.mdb
BT仓库/myregexp.dll
.dll windows:4 windows x86 arch:x86

ad26dff43e9728094b9e5e13f9182aa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

j:\shareware\project\SoBT\source\myregexp\Release\myregexp.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
CloseHandle
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
SetLastError
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LCMapStringW
InterlockedExchange

user32

RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
UnregisterClassA
GetSubMenu
GetMenuItemCount
SetWindowTextA
GetClassNameA
wsprintfA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
DestroyMenu
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
SetCursor
SendMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA

gdi32

DeleteDC
ExtTextOutA
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

CreateParse
DeleteParse

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BT仓库/zlibwapi.dll
.dll windows:4 windows x86 arch:x86

24fe21732b2ce036a30379584f658b90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
_vsnprintf
fflush
fseek
fputc
malloc
clearerr
ftell
fprintf
_fdopen
fopen
sprintf
rand
srand
time
_initterm

kernel32

CloseHandle
CreateFileA
GetLastError
ReadFile
WriteFile
SetFilePointer
GlobalFree
GlobalAlloc
GetVersion

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
fill_win32_filefunc
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetFilePos
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFilePos
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzOpenCurrentFile3
unzOpenCurrentFilePassword
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpen2
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipOpenNewFileInZip3
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BT仓库/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

bd6df0a22f50d3cd4166e10c146448bb

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

winmm

httpdown

sitemgr

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 316KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 908KB - Virtual size: 907KB

0b45780e5bf08fc1855fbabea25a7f96

Headers

File Characteristics

Imports

ws2_32

zlibwapi

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 848B

.reloc Size: 4KB - Virtual size: 3KB

38f622dc2e30d3e2456e526b4ae39278

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

oleaut32

httpdown

myregexp

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 8KB - Virtual size: 4KB

ad26dff43e9728094b9e5e13f9182aa0

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

.text
Size: 320KB - Virtual size: 316KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 908KB - Virtual size: 907KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 848B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 92B

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 1024B - Virtual size: 950B