17608c98e0a3d94aa96f49eebf925d75_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17608c98e0a3d94aa96f49eebf925d75_JaffaCakes118
Size

3.8MB
MD5

17608c98e0a3d94aa96f49eebf925d75
SHA1

0cce7968fcfac8ca6fa63582dc1c66c57efe9be7
SHA256

febe03f22921d0e171e0aa3cf266e1c3e04c9c5d7c6b87681ab7e2d7e2a2eee1
SHA512

b50862b1a0f2f90bc455b90749b87c19156cd27e5243fd839d25a56acdebcd87912556686fd6678c6d4f97b15b3bc939c8595ab931391ea8b2de6692cf6faf51
SSDEEP

98304:L1+sldElsixdsFwbJz9axbbiqo3Q+0vOaTcjRo7fB7HlcXm6:LAgdcsMbbJz9avKQ+0NTcjRkBDlr6

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
17608c98e0a3d94aa96f49eebf925d75_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/Hetman Uneraser.exe
unpack001/RawIO32.bin
unpack001/Resources/DSKImageMenu.dll
unpack001/Resources/DiskMenu.dll
unpack001/Resources/FileExt.dll
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/InstallOptions.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1

Files

17608c98e0a3d94aa96f49eebf925d75_JaffaCakes118
.exe windows:4 windows x86 arch:x86

381e79edf6f32b225643e232be0965fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
SetFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
CreateWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
EmptyClipboard
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
GetDlgItem

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
MapWindowPoints
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadImageA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Options_De.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Hetman Uneraser.chm
.chm
Hetman Uneraser.exe
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nqqj6l9c
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sj2b9veu
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7808af0b
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 800KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t2jao6yx
Size: - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xjy6qa41
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pxz0vrup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
Language/Deutsch.lng
Language/English.lng
Language/French.lng
Language/Italian.lng
Language/Russian.lng
RawIO16.bin
RawIO32.bin
.dll windows:4 windows x86 arch:x86

eeeb977fae61ae4ecd19b8c8b7519a71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FT_Exit4
FT_Exit12
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
ThunkConnect32
FT_Thunk

msvcrt

_initterm
malloc
_adjust_fdiv
free

Exports

Exports

DllMain
EI13GetDriveParameters
EI13ReadSector
EI13WriteSector
ReadDiskGeometry
ReadPhysicalSector
ResetDisk
WritePhysicalSector

Sections

.text
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resources/DSKImageMenu.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e84f16affa7bf83c9771fced0d117219

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
RegisterTypeLib
LoadTypeLibEx
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
SetMenuItemBitmaps
ReleaseDC
PostThreadMessageA
MessageBoxA
LoadStringA
LoadIconA
InsertMenuA
GetSystemMetrics
GetSysColor
GetDC
FillRect
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
SizeofResource
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetShortPathNameA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
RealizePalette
PatBlt
MoveToEx
MaskBlt
GetTextMetricsA
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetBrushOrgEx
DeleteObject
DeleteDC
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

ole32

IsEqualGUID
CoTaskMemFree
StringFromCLSID
ReleaseStgMedium
CoTaskMemFree
StringFromCLSID
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
IsEqualGUID

shell32

DragQueryFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resources/DiskMenu.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3d972e4d41f4730ef41f8224ad8cf366

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
RegisterTypeLib
LoadTypeLibEx
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
SetMenuItemBitmaps
ReleaseDC
PostThreadMessageA
MessageBoxA
LoadStringA
LoadIconA
InsertMenuA
GetSystemMetrics
GetSysColor
GetDC
FillRect
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
SizeofResource
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetShortPathNameA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
RealizePalette
PatBlt
MoveToEx
MaskBlt
GetTextMetricsA
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetBrushOrgEx
DeleteObject
DeleteDC
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

ole32

IsEqualGUID
CoTaskMemFree
StringFromCLSID
ReleaseStgMedium
CoTaskMemFree
StringFromCLSID
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
IsEqualGUID

shell32

DragQueryFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resources/FileExt.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 373KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resources/StarBurn.dll
.dll windows:6 windows x86 arch:x86

ea720829252e09062268736bb8fda232

Code Sign

40:24:03:d6:91:0d:de:6e:b5:11:98:26:2d:2c:6f:9d
Certificate

Issuer

CN=Duplex Secure Root CA

Not Before

27/06/2004, 21:00

Not After

27/06/2009, 20:59

Subject

CN=Duplex Secure Timestamping Services,OU=Class A

Extended Key Usages

ExtKeyUsageTimeStamping

27:43:ed:1b:c8:d8:dc:b3:49:fb:ad:2b:57:34:62:ac
Certificate

Issuer

CN=Duplex Secure Root CA

Not Before

31/01/2007, 22:00

Not After

31/01/2012, 21:59

Subject

CN=Rocket Division Code Signing Services,OU=Class A

Extended Key Usages

ExtKeyUsageCodeSigning

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

27/06/2011, 20:59

Subject

CN=Duplex Secure Root CA

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

27/06/2011, 20:59

Subject

CN=Duplex Secure Root CA

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

31/12/2039, 23:59

Subject

CN=Generic Root Trust CA

53:a6:bf:9a:93:27:11:f6:e4:d0:38:56:70:9e:a4:dd:53:18:62:16
Signer

Actual PE Digest

53:a6:bf:9a:93:27:11:f6:e4:d0:38:56:70:9e:a4:dd:53:18:62:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\starburn\Bin\Dynamic\Debug\i386\StarBurn.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcsupr
_errno
__CxxFrameHandler
_statusfp
_clearfp
_controlfp
_strnicmp
fwrite
fread
ferror
feof
_iob
vfprintf
_strerror
fseek
ftell
_stricmp
calloc
_wcsicmp
_purecall
printf
ctime
swprintf
memcpy
free
malloc
srand
rand
time
localtime
toupper
_splitpath
_CxxThrowException
_snprintf
wcsncpy
??2@YAPAXI@Z
sprintf
memmove
fopen
fprintf
wcsstr
_wfopen
fflush
fclose
strncmp
strncpy
_strupr
strstr
??3@YAXPAX@Z
memset
vsprintf

kernel32

GlobalFree
GlobalAlloc
FindFirstFileW
IsBadWritePtr
CloseHandle
GetFileSize
GetLastError
CreateFileA
IsBadReadPtr
IsBadCodePtr
FindNextFileW
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetFileAttributesA
CreateThread
GetTickCount
FlushFileBuffers
InterlockedIncrement
ResetEvent
WaitForSingleObject
CreateEventA
FindFirstFileA
FindClose
FindNextFileA
CreateFileW
GetCurrentProcess
DuplicateHandle
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetProcAddress
GetLogicalDrives
DeviceIoControl
QueryDosDeviceA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
DeleteFileA
WriteFile
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
ReadFile
SetFilePointer
VirtualAlloc
VirtualFree
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
FreeLibrary
Sleep
CreatePipe
GetVersionExA
OutputDebugStringA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

user32

GetProcessWindowStation
GetUserObjectInformationA
MessageBoxA
wsprintfW

ole32

CoUninitialize
CoInitialize

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7
StarBurn_CdvdBurnerGrabber_AuthorizeDVD
StarBurn_CdvdBurnerGrabber_Blank
StarBurn_CdvdBurnerGrabber_BluRayFormat
StarBurn_CdvdBurnerGrabber_BluRayFormatQuery
StarBurn_CdvdBurnerGrabber_Cancel
StarBurn_CdvdBurnerGrabber_CloseSession
StarBurn_CdvdBurnerGrabber_Create
StarBurn_CdvdBurnerGrabber_CreateEx
StarBurn_CdvdBurnerGrabber_CreateExEx
StarBurn_CdvdBurnerGrabber_DisableHardwareErrorCorrection
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromTree
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFileAudioUnicode
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromTree
StarBurn_CdvdBurnerGrabber_DiscBasicInformation_Create
StarBurn_CdvdBurnerGrabber_DiscBasicInformation_Destroy
StarBurn_CdvdBurnerGrabber_Eject
StarBurn_CdvdBurnerGrabber_ExecuteGeneric
StarBurn_CdvdBurnerGrabber_GetAdvancedSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetBUP
StarBurn_CdvdBurnerGrabber_GetDVDProtectionSystem
StarBurn_CdvdBurnerGrabber_GetDVDRegionMask
StarBurn_CdvdBurnerGrabber_GetDeviceInformation
StarBurn_CdvdBurnerGrabber_GetDiscFileSystem
StarBurn_CdvdBurnerGrabber_GetDiscFreeSpace
StarBurn_CdvdBurnerGrabber_GetDiscInformation
StarBurn_CdvdBurnerGrabber_GetDiscUsedSpace
StarBurn_CdvdBurnerGrabber_GetInsertedDiscType
StarBurn_CdvdBurnerGrabber_GetLastAddress
StarBurn_CdvdBurnerGrabber_GetLastTrack
StarBurn_CdvdBurnerGrabber_GetMechanicalOptions
StarBurn_CdvdBurnerGrabber_GetMediaTrayStatus
StarBurn_CdvdBurnerGrabber_GetNumberOfSystemDescriptors
StarBurn_CdvdBurnerGrabber_GetRPC
StarBurn_CdvdBurnerGrabber_GetSpeeds
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsEx
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsExEx
StarBurn_CdvdBurnerGrabber_GetTOCInformation
StarBurn_CdvdBurnerGrabber_GetTrackInformation
StarBurn_CdvdBurnerGrabber_GetTrackInformationEx
StarBurn_CdvdBurnerGrabber_GrabCD
StarBurn_CdvdBurnerGrabber_GrabDVD
StarBurn_CdvdBurnerGrabber_GrabRange
StarBurn_CdvdBurnerGrabber_GrabTrack
StarBurn_CdvdBurnerGrabber_IsDiscBlank
StarBurn_CdvdBurnerGrabber_Load
StarBurn_CdvdBurnerGrabber_LoadEx
StarBurn_CdvdBurnerGrabber_Lock
StarBurn_CdvdBurnerGrabber_MSFToLBA
StarBurn_CdvdBurnerGrabber_ProbeSupportedReadModes
StarBurn_CdvdBurnerGrabber_ProbeSupportedWriteModes
StarBurn_CdvdBurnerGrabber_Read
StarBurn_CdvdBurnerGrabber_Read10
StarBurn_CdvdBurnerGrabber_ReadATIP
StarBurn_CdvdBurnerGrabber_ReadCD
StarBurn_CdvdBurnerGrabber_ReadCooked
StarBurn_CdvdBurnerGrabber_ReadEx
StarBurn_CdvdBurnerGrabber_ReadLB
StarBurn_CdvdBurnerGrabber_ReadRaw
StarBurn_CdvdBurnerGrabber_Release
StarBurn_CdvdBurnerGrabber_RestoreReadErrorRecovery
StarBurn_CdvdBurnerGrabber_SendOPC
StarBurn_CdvdBurnerGrabber_SessionAtOnce
StarBurn_CdvdBurnerGrabber_SessionAtOnceRawRawPW
StarBurn_CdvdBurnerGrabber_SessionAtOnceRawRawPWEx
StarBurn_CdvdBurnerGrabber_SetBUP
StarBurn_CdvdBurnerGrabber_SetCDTextItem
StarBurn_CdvdBurnerGrabber_SetReadSpeed
StarBurn_CdvdBurnerGrabber_SetSpeeds
StarBurn_CdvdBurnerGrabber_StopPlayScan
StarBurn_CdvdBurnerGrabber_SuperVideoCD
StarBurn_CdvdBurnerGrabber_SuperVideoCDEx
StarBurn_CdvdBurnerGrabber_SuperVideoCDExEx
StarBurn_CdvdBurnerGrabber_TestUnitReady
StarBurn_CdvdBurnerGrabber_TestUnitReadyEx
StarBurn_CdvdBurnerGrabber_TestUnitReadyExEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFile
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFileAudioUnicode
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFileAudioUnicodeEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFileEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromMemory
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromMemoryEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromPipe
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromPipeEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromTree
StarBurn_CdvdBurnerGrabber_VerifyFile
StarBurn_CdvdBurnerGrabber_VerifyTree
StarBurn_CdvdBurnerGrabber_VerifyTreeEx
StarBurn_CdvdBurnerGrabber_VideoCD
StarBurn_CdvdBurnerGrabber_VideoCDEx
StarBurn_CdvdBurnerGrabber_VideoCDExEx
StarBurn_CorrectISO9660Name_Default
StarBurn_CorrectJolietName_Default
StarBurn_CreatePipe
StarBurn_DVDVideo_Create
StarBurn_DVDVideo_Destroy
StarBurn_DVDVideo_GetSizeInUCHARs
StarBurn_DVDVideo_GetTreePointer
StarBurn_DVDVideo_Read
StarBurn_DVDVideo_SeekToBegin
StarBurn_Destroy
StarBurn_DestroyPipe
StarBurn_DownShut
StarBurn_ExpandCookedWithRawRawPW
StarBurn_ExpandRawPQWithRawRawPW
StarBurn_ExpandRawWithRawRawPW
StarBurn_FileClose
StarBurn_FileCreate
StarBurn_FileInitialize
StarBurn_FileOpen
StarBurn_FileOpenEx
StarBurn_FileReWind
StarBurn_FileRead
StarBurn_FileSeek
StarBurn_FileSeekRead
StarBurn_FileSizeInUCHARsGet
StarBurn_FileUnicodeCreate
StarBurn_FileUnicodeOpen
StarBurn_FileUnicodeOpenEx
StarBurn_FileWrite
StarBurn_FindDevice
StarBurn_GetAudioFileStreamSizeInUCHARs
StarBurn_GetBufferUnderrunTimeOutInMs
StarBurn_GetDVDPLUSRDLCompatibleMode
StarBurn_GetDVDPadding
StarBurn_GetDeviceLetter
StarBurn_GetDeviceNameByDeviceAddress
StarBurn_GetDeviceTimeOutByDeviceAddress
StarBurn_GetEjectAfterFail
StarBurn_GetFastReadTOC
StarBurn_GetFastReadTOCLastTrack
StarBurn_GetId
StarBurn_GetIs64KBIO
StarBurn_GetIsCollisionDetectionDisabled
StarBurn_GetIsSafeGrabbingEnabled
StarBurn_GetVersion
StarBurn_GetVolumeIDs
StarBurn_ISO9660JolietFileTree_Add
StarBurn_ISO9660JolietFileTree_AddEx
StarBurn_ISO9660JolietFileTree_AddMemory
StarBurn_ISO9660JolietFileTree_AddPascalStream
StarBurn_ISO9660JolietFileTree_AddW
StarBurn_ISO9660JolietFileTree_BuildImage
StarBurn_ISO9660JolietFileTree_BuildImageEx
StarBurn_ISO9660JolietFileTree_Cancel
StarBurn_ISO9660JolietFileTree_Create
StarBurn_ISO9660JolietFileTree_GetAttributes
StarBurn_ISO9660JolietFileTree_GetFileSizeInUCHARs
StarBurn_ISO9660JolietFileTree_GetFirstKid
StarBurn_ISO9660JolietFileTree_GetFullPath
StarBurn_ISO9660JolietFileTree_GetLevel
StarBurn_ISO9660JolietFileTree_GetNames
StarBurn_ISO9660JolietFileTree_GetNamesEx
StarBurn_ISO9660JolietFileTree_GetNamesW
StarBurn_ISO9660JolietFileTree_GetNextKid
StarBurn_ISO9660JolietFileTree_GetNodeISO9660DateTime
StarBurn_ISO9660JolietFileTree_GetNodePowerInUCHARs
StarBurn_ISO9660JolietFileTree_GetNodeStartingLBA
StarBurn_ISO9660JolietFileTree_GetNodeSystemTime
StarBurn_ISO9660JolietFileTree_GetParent
StarBurn_ISO9660JolietFileTree_GetRoot
StarBurn_ISO9660JolietFileTree_GetSizeInUCHARs
StarBurn_ISO9660JolietFileTree_ImportFile
StarBurn_ISO9660JolietFileTree_ImportTrack
StarBurn_ISO9660JolietFileTree_Read
StarBurn_ISO9660JolietFileTree_Remove
StarBurn_ISO9660JolietFileTree_SeekToBegin
StarBurn_ISO9660JolietFileTree_SetAttributes
StarBurn_ISO9660JolietFileTree_SetBootImage
StarBurn_ISO9660JolietFileTree_SetBootImageEx
StarBurn_ISO9660JolietFileTree_SetCallbackContext
StarBurn_ISO9660JolietFileTree_SetNames
StarBurn_IsAudioFileSupported
StarBurn_Memory_Allocate
StarBurn_Memory_Free
StarBurn_MutilateExceptionNumber
StarBurn_SPTD_GetVersion
StarBurn_SetBufferUnderrunTimeOutInMs
StarBurn_SetDVDPLUSRDLCompatibleMode
StarBurn_SetDVDPadding
StarBurn_SetDeviceTimeOutByDeviceAddress
StarBurn_SetEjectAfterFail
StarBurn_SetFastReadTOC
StarBurn_SetFastReadTOCLastTrack
StarBurn_SetIs64KBIO
StarBurn_SetIsCollisionDetectionDisabled
StarBurn_SetIsSafeGrabbingEnabled
StarBurn_StarPort_DeviceAddLocal
StarBurn_StarPort_DeviceAddLocalEx
StarBurn_StarPort_DeviceAddRemote
StarBurn_StarPort_DeviceAddRemoteEx
StarBurn_StarPort_DeviceListQueryLocal
StarBurn_StarPort_DeviceListQueryRemote
StarBurn_StarPort_DeviceRemove
StarBurn_StarPort_GetDeviceInformation
StarBurn_StarPort_GetDeviceLetter
StarBurn_StarPort_GetDeviceSCSIAddress
StarBurn_StarPort_GetVersion
StarBurn_StarWave2_EncodeMP3OGGFromWAV
StarBurn_StarWave_CompressedFileReaderObjectBeginSeek
StarBurn_StarWave_CompressedFileReaderObjectCreate
StarBurn_StarWave_CompressedFileReaderObjectDestroy
StarBurn_StarWave_CompressedFileReaderObjectRead
StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet
StarBurn_StarWave_CompressedFileReaderObjectUnicodeCreate
StarBurn_StarWave_CompressedFileRecompress
StarBurn_StarWave_CompressedFileSupportedIs
StarBurn_StarWave_CompressedFileUncompress
StarBurn_StarWave_CompressedFileWriterObjectCreate
StarBurn_StarWave_CompressedFileWriterObjectDestroy
StarBurn_StarWave_CompressedFileWriterObjectWrite
StarBurn_StarWave_UncompressedFileCompress
StarBurn_StarWave_UncompressedFileSupportedIs
StarBurn_StarWave_UncompressedFileSupportedUnicodeIs
StarBurn_StarWave_VersionGet
StarBurn_UDF2_DirectoryCreate
StarBurn_UDF2_DirectoryDestroy
StarBurn_UDF2_DirectoryProcess
StarBurn_UDF2_DirectoryProcessEx
StarBurn_UDF2_DirectoryRootCreate
StarBurn_UDF2_DirectoryUnicodeCreate
StarBurn_UDF2_DirectoryUnicodeProcess
StarBurn_UDF2_DirectoryUnicodeProcessEx
StarBurn_UDF2_FileCreate
StarBurn_UDF2_FileDestroy
StarBurn_UDF2_FileDirectoryDateTimeGet
StarBurn_UDF2_FileDirectoryDateTimeSet
StarBurn_UDF2_FileMemoryCreate
StarBurn_UDF2_FileMemoryUnicodeCreate
StarBurn_UDF2_FileUnicodeCreate
StarBurn_UDF2_ISO9660FileTreeCreate
StarBurn_UDF2_ImpVolumeCreate
StarBurn_UDF2_ImpVolumeDestroy
StarBurn_UDF2_ImpVolumeImport
StarBurn_UDF2_VolumeAnchorGet
StarBurn_UDF2_VolumeCreate
StarBurn_UDF2_VolumeDestroy
StarBurn_UDF2_VolumeSeekRead
StarBurn_UDF2_VolumeSizeInUCHARsGet
StarBurn_UDF2_VolumeStore
StarBurn_UDF2_VolumeUnicodeCreate
StarBurn_UDF_Add
StarBurn_UDF_CleanUp
StarBurn_UDF_Create
StarBurn_UDF_CreateEx
StarBurn_UDF_Destroy
StarBurn_UDF_DestroyNodeAndKids
StarBurn_UDF_FormatTreeItemAsDirectory
StarBurn_UDF_FormatTreeItemAsFile
StarBurn_UDF_GetFirstChild
StarBurn_UDF_GetNextSibling
StarBurn_UDF_GetNodeObject
StarBurn_UDF_GetParent
StarBurn_UpStart
StarBurn_UpStartEx

Sections

.text
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings.ini
Uninstall.exe
.exe windows:4 windows x86 arch:x86

381e79edf6f32b225643e232be0965fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
SetFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
CreateWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
EmptyClipboard
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
GetDlgItem

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
MapWindowPoints
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadImageA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp

Sharing

General

Malware Config

Signatures

Files

381e79edf6f32b225643e232be0965fa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 25KB - Virtual size: 28KB

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 930B

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 1.9MB

.itext Size: - Virtual size: 12KB

.data Size: - Virtual size: 32KB

.bss Size: - Virtual size: 28KB

nqqj6l9c Size: - Virtual size: 20KB

sj2b9veu Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 4KB

7808af0b Size: - Virtual size: 128KB

.rsrc Size: 800KB - Virtual size: 3.9MB

t2jao6yx Size: - Virtual size: 404KB

xjy6qa41 Size: 2.4MB - Virtual size: 2.4MB

pxz0vrup Size: 512B - Virtual size: 4KB

eeeb977fae61ae4ecd19b8c8b7519a71

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 768B

.rdata Size: 1024B - Virtual size: 660B

.data Size: 512B - Virtual size: 160B

.reloc Size: 512B - Virtual size: 210B

e84f16affa7bf83c9771fced0d117219

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 25KB - Virtual size: 28KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

.text
Size: - Virtual size: 1.9MB

.itext
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 32KB

.bss
Size: - Virtual size: 28KB

nqqj6l9c
Size: - Virtual size: 20KB

sj2b9veu
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 4KB

7808af0b
Size: - Virtual size: 128KB

.rsrc
Size: 800KB - Virtual size: 3.9MB

t2jao6yx
Size: - Virtual size: 404KB

xjy6qa41
Size: 2.4MB - Virtual size: 2.4MB

pxz0vrup
Size: 512B - Virtual size: 4KB

.text
Size: 1024B - Virtual size: 768B

.rdata
Size: 1024B - Virtual size: 660B

.data
Size: 512B - Virtual size: 160B

.reloc
Size: 512B - Virtual size: 210B

.text
Size: 122KB - Virtual size: 122KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 5KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 169B

.reloc
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 122KB - Virtual size: 121KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 5KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 165B

.reloc
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 7KB - Virtual size: 7KB

CODE
Size: 11KB - Virtual size: 10KB

DATA
Size: 512B - Virtual size: 200B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 820B

.rsrc
Size: 373KB - Virtual size: 376KB

40:24:03:d6:91:0d:de:6e:b5:11:98:26:2d:2c:6f:9d
Certificate

27:43:ed:1b:c8:d8:dc:b3:49:fb:ad:2b:57:34:62:ac
Certificate

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

53:a6:bf:9a:93:27:11:f6:e4:d0:38:56:70:9e:a4:dd:53:18:62:16
Signer

.text
Size: 700KB - Virtual size: 700KB