0ee3a8b04f82d6fa75e35010855aae2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ee3a8b04f82d6fa75e35010855aae2a_JaffaCakes118
Size

927KB
MD5

0ee3a8b04f82d6fa75e35010855aae2a
SHA1

5b27a41c9eecfe84088915f0b1cd4b2b8680d382
SHA256

056fc7c63923a21340a90f021a609ce6713504c70b9d38f5196dca6ce214e10c
SHA512

c95ce79df78e16e5e0c3dc88e6b0747fe71adc0d5ff4fbaed714449dcbb462a554f3e88f4778b5f92d17bb2e01fb5374024aca50d5a8aff0527e4c0fcfe9d907
SSDEEP

24576:Lu/WeDpcOVEHBh2sb39m20ew28A7PwPDRNT:0WMpcOoBp4hewX4IPzT

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
0ee3a8b04f82d6fa75e35010855aae2a_JaffaCakes118
unpack001/$2/msimg32.dll
unpack001/$3/msimg32.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Processes.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/MLServ.exe
unpack001/MessengerLog.exe
unpack001/MlogLoader.exe
unpack001/MlogUploader.exe
unpack001/RichEdMonitor.dll
unpack001/Uninstall.exe
unpack001/msimg32.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

0ee3a8b04f82d6fa75e35010855aae2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$2/msimg32.dll
.dll windows:4 windows x86 arch:x86

a8fbd169da2ab231206783e753a0d76c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcatA
GetLocalTime
CloseHandle
WriteFile
FindResourceExA
ReadFile
GetFileSize
CreateDirectoryA
GetVersionExA
GetCurrentProcess
SetFilePointer
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
InterlockedExchange
GetConsoleCP
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

wvsprintfA
CharLowerA
UnregisterClassA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$3/msimg32.dll
.dll windows:4 windows x86 arch:x86

a8fbd169da2ab231206783e753a0d76c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcatA
GetLocalTime
CloseHandle
WriteFile
FindResourceExA
ReadFile
GetFileSize
CreateDirectoryA
GetVersionExA
GetCurrentProcess
SetFilePointer
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
InterlockedExchange
GetConsoleCP
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

wvsprintfA
CharLowerA
UnregisterClassA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
MLServ.exe
.exe windows:4 windows x86 arch:x86

3282153de5d3eeecb392dbc130d85355

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetLocalTime
LockResource
FindResourceExA
WriteFile
CreateFileA
ReadFile
GetFileSize
CreateDirectoryA
GetVersionExA
InterlockedExchange
OpenProcess
SetFilePointer
TerminateThread
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetCommandLineA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
SetEvent
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetCurrentThreadId
GetModuleHandleA
CreateEventA
CreateThread
Sleep
GetModuleFileNameA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
HeapCreate
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetProcAddress
GetSystemInfo
VirtualQuery
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoA
SetHandleCount
GetStdHandle
GetFileType
TerminateProcess

user32

PostThreadMessageA
LoadStringA
GetMessageA
CharUpperA
UnregisterClassA
MessageBoxA
TranslateMessage
DispatchMessageA
CharNextA
wvsprintfA

advapi32

QueryServiceStatus
CreateProcessAsUserA
OpenProcessToken
StartServiceA
ChangeServiceConfigA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegEnumKeyExA
CreateServiceA
ControlService
DeleteService
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoInitialize
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysFreeString
LoadRegTypeLi
SysAllocString

shlwapi

PathFileExistsA

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MessengerLog.chm
.chm
MessengerLog.exe
.exe windows:4 windows x86 arch:x86

b4257c1a6bbec898a1b9131106205f1b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
FtpPutFileA
InternetOpenA
InternetConnectA

kernel32

GetFileAttributesA
InterlockedIncrement
GlobalFlags
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
GetFullPathNameA
GetProcessHeap
GetStartupInfoA
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalSize
GlobalAlloc
FormatMessageA
SetLastError
GlobalLock
GlobalUnlock
FreeResource
FileTimeToDosDateTime
FindResourceExA
GetModuleHandleA
GetVolumeInformationA
GetSystemInfo
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitProcess
TerminateThread
GetProcAddress
GetComputerNameA
GetDateFormatA
GetTimeFormatA
Sleep
GetTickCount
GetTimeZoneInformation
RaiseException
GlobalFree
GetTempFileNameA
MulDiv
SetFilePointer
GetModuleFileNameA
GetTempPathA
GetCurrentProcess
GetVersionExA
CreateDirectoryA
GetFileSize
ReadFile
CreateFileA
WriteFile
GetLocalTime
lstrcatA
OutputDebugStringA
CreateSemaphoreA
CreateThread
LocalAlloc
LocalHandle
LocalFree
ReleaseSemaphore
lstrcpyA
OpenProcess
OpenMutexA
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
MoveFileA
RemoveDirectoryA
CopyFileA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetCommandLineA

user32

CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
RegisterClipboardFormatA
PostThreadMessageA
PostQuitMessage
GetCursorPos
WindowFromPoint
EndPaint
BeginPaint
GrayStringA
DrawTextExA
TabbedTextOutA
ShowWindow
MoveWindow
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
CharNextA
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetSubMenu
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetActiveWindow
LoadCursorA
ScreenToClient
DestroyCursor
GetCaretPos
ClientToScreen
EnableMenuItem
CheckMenuItem
CreatePopupMenu
wvsprintfA
wsprintfA
GetForegroundWindow
GetDesktopWindow
GetMenuState
GetMenuItemCount
AppendMenuA
DrawEdge
FillRect
DrawTextA
GetDC
GetWindow
GetClassNameA
SetWindowTextA
GetKeyState
FindWindowA
GetWindowThreadProcessId
KillTimer
SetTimer
UpdateWindow
IsZoomed
MessageBeep
UnregisterClassA
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
MapDialogRect
SetCursor
GetMessageA
TranslateMessage
TrackPopupMenu
ValidateRect
IsIconic
DrawIcon
GetNextDlgGroupItem
DrawIconEx
ReleaseCapture
SetCapture
GetCapture
IsWindowVisible
InvalidateRect
PtInRect
CopyRect
DestroyIcon
ReleaseDC
GetWindowDC
GetClientRect
GetWindowRect
FrameRect
InflateRect
GetSystemMetrics
DrawStateA
LoadImageA
SetForegroundWindow
SetRect
SendMessageA
CharUpperA
EnableWindow
GetParent
PostMessageA

gdi32

RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
PtVisible
CreateRectRgnIndirect
GetMapMode
GetTextColor
GetRgnBox
MoveToEx
LineTo
SetMapMode
GetWindowExtEx
GetViewportExtEx
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
GetTextExtentPoint32A
CreateFontA
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetTextColor
GetClipBox
CopyMetaFileA
CreateSolidBrush
EndDoc
EndPage
StartPage
StartDocA
GetDeviceCaps
GetBkColor
CreatePen
SelectObject
SetBkColor
DeleteObject
DeleteDC
SetPixel
BitBlt
RoundRect

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
OpenProcessToken
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrToIntExA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
StgCreateDocfileOnILockBytes
OleCreateStaticFromData
CoInitialize
CoUninitialize
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
OleSetContainedObject
OleIsCurrentClipboard
OleFlushClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocString

urlmon

URLDownloadToFileA

wsock32

WSAStartup
WSACleanup
shutdown
WSAGetLastError
connect
socket
gethostbyname
send
recv
select
getservbyname
closesocket
htons
ioctlsocket

psapi

GetModuleFileNameExA

Sections

.text
Size: 404KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MlogLoader.exe
.exe windows:4 windows x86 arch:x86

681ecad9d0c89a6cfb0fb5c1b239ffea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexA
OpenProcess
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
WaitForSingleObject
GetLastError
GetModuleHandleA
CreateDirectoryA
GetModuleFileNameA
GetLocalTime
SetFilePointer
WriteFile
lstrcatA
GetVersionExA
GetCurrentProcess
CreateFileA
GetFileSize
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
VirtualFreeEx
CreateRemoteThread
InterlockedExchange
WriteProcessMemory
lstrlenA
VirtualAllocEx
CloseHandle
GetConsoleCP
LoadLibraryA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind

user32

wvsprintfA
UnregisterClassA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MlogUploader.exe
.exe windows:4 windows x86 arch:x86

78ab7ea35a7f873708b8eb109357ad9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpPutFileA
InternetConnectA
InternetOpenA
InternetCloseHandle

kernel32

GetLastError
InterlockedExchange
lstrlenA
lstrcmpiA
MultiByteToWideChar
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
MoveFileA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
CloseHandle
GetLocalTime
GetVersionExA
SetFilePointer
lstrcatA
OutputDebugStringA
CreateFileA
lstrcpyA
GetFileSize
ReadFile
GetCurrentProcess
GetComputerNameA
Sleep
RaiseException
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetTickCount
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
LCMapStringW
CompareStringW
CompareStringA
GetConsoleMode
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
WriteFile
GetCurrentThreadId
LCMapStringA
GetStdHandle
ExitProcess
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
VirtualFree
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
LoadLibraryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate

user32

wsprintfA
wvsprintfA
UnregisterClassA

advapi32

OpenProcessToken

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA
StrToIntExA

wsock32

send
recv
select
closesocket
shutdown
connect
socket
gethostbyname
ioctlsocket
getservbyname
WSAStartup
WSAGetLastError
WSACleanup
htons

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RichEdMonitor.dll
.dll windows:4 windows x86 arch:x86

98e8e809a946e42cbac0c375757ae569

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
GlobalUnlock
GlobalLock
IsBadReadPtr
IsBadCodePtr
lstrcatA
GetLocalTime
WriteFile
CreateFileA
DeleteFileA
ReadFile
GetFileSize
FindClose
FindFirstFileA
CreateDirectoryA
GetVersionExA
GetCurrentProcess
GetModuleFileNameA
SetFilePointer
HeapFree
GetProcessHeap
WriteProcessMemory
VirtualProtect
VirtualQuery
HeapAlloc
FormatMessageA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateThread
Sleep
OpenMutexA
GetProcAddress
GetModuleHandleA
InitializeCriticalSection
CreateProcessA
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryA
SetThreadPriority
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LCMapStringW
lstrlenA
InterlockedExchange
lstrcmpiA
CompareStringW
CompareStringA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateThread
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
GetCommandLineA
GetCurrentThreadId
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
RtlUnwind
VirtualAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA

user32

FillRect
IsIconic
IsWindow
SendMessageA
SetRect
CharLowerA
SetTimer
GetWindowTextA
GetWindowLongA
KillTimer
FindWindowExA
FindWindowA
EnumWindows
GetWindow
WindowFromDC
GetParent
DestroyWindow
CreateWindowExA
SetWindowTextA
GetClassNameA
wvsprintfA
UnregisterClassA

gdi32

CreateFontA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
PlayMetaFile
DeleteObject
DeleteDC
SelectObject

advapi32

OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathA

ole32

OleCreateStaticFromData
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReleaseStgMedium
CoInitialize
CoUninitialize
OleDuplicateData

oleaut32

SysFreeString
VariantInit
SysStringLen
VariantClear

shlwapi

PathFileExistsA

oleacc

AccessibleObjectFromWindow
AccessibleChildren

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
msimg32.dll
.dll windows:4 windows x86 arch:x86

a8fbd169da2ab231206783e753a0d76c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcatA
GetLocalTime
CloseHandle
WriteFile
FindResourceExA
ReadFile
GetFileSize
CreateDirectoryA
GetVersionExA
GetCurrentProcess
SetFilePointer
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
InterlockedExchange
GetConsoleCP
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

wvsprintfA
CharLowerA
UnregisterClassA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 28KB - Virtual size: 27KB

a8fbd169da2ab231206783e753a0d76c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

a8fbd169da2ab231206783e753a0d76c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

Imports

kernel32

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 404KB - Virtual size: 402KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 80KB - Virtual size: 78KB