18e1153e88c8815d528648d1da76fac6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18e1153e88c8815d528648d1da76fac6_JaffaCakes118
Size

1.6MB
MD5

18e1153e88c8815d528648d1da76fac6
SHA1

eb05af22607f35b0b2044d68286d9a6df4042ffa
SHA256

59b1387ae7aea93858d489cc124b31358f4322ee343107c497fe1f3aba966b05
SHA512

716c9933a1f3b76c3d0952dfbe50bca260181a51b6f122555f21f1351a35fc3e646cde0f9914ab295b0e296146f74aa890bd2fc3ec7a0a2109181002390fb673
SSDEEP

24576:+7RuCw5lvGakyzWeZwrW7uvUlMxAxyhiuGltGlGW2VUn2yR1skWj35NP2DGsiGUk:4RuRbcO0rWY32x2pGWwyR/WNpVsiGUhS

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
18e1153e88c8815d528648d1da76fac6_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PROGRAMFILES/Rightdown Software SearchBar/rssb.dll
unpack001/$TEMP/Installer.exe
unpack001/$TEMP/eSellerateEngine.dll
unpack001/3D Checkerz.exe
unpack001/AdVisor.dll
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

18e1153e88c8815d528648d1da76fac6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PROGRAMFILES/Rightdown Software SearchBar/rssb.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c00f938a49915bbb49004f75e33534ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileW

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DisableThreadLibraryCalls
LoadLibraryA
GetVersionExW
Sleep
TerminateThread
GetCurrentProcessId
DeleteFileW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
MulDiv
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetModuleHandleA
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapReAlloc
HeapDestroy
HeapCreate
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ResumeThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
WideCharToMultiByte
lstrlenA
lstrcmpW
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
LoadLibraryExW
OutputDebugStringA
GetModuleFileNameW
SetLastError
LoadLibraryW
InterlockedIncrement
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetVersion
GetFileAttributesW
GetProcAddress
GetEnvironmentStrings
GetModuleHandleW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetACP
InitializeCriticalSectionAndSpinCount

user32

UnregisterClassA
EnumChildWindows
SetWindowTextA
TranslateMessage
DispatchMessageW
GetComboBoxInfo
SetActiveWindow
TrackPopupMenu
CreatePopupMenu
ShowWindow
CheckMenuRadioItem
AppendMenuW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
GetSysColorBrush
GetMenuItemInfoW
GetSystemMetrics
InflateRect
DrawEdge
FrameRect
IsWindowVisible
PostMessageW
DrawFrameControl
DestroyMenu
GetKeyState
SystemParametersInfoW
SetRectEmpty
GetWindowDC
GetMessagePos
LoadImageW
CopyRect
SetCursor
UpdateWindow
MapWindowPoints
GetWindowRect
DrawTextW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
MessageBoxW
CreateAcceleratorTableW
CreateWindowExW
LoadCursorW
IsWindow
SendMessageW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
DefWindowProcW
GetClassInfoExW
RegisterClassExW
GetWindowLongW
SetWindowLongW
CharNextW
OffsetRect

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoInitialize
RegisterDragDrop
ReleaseStgMedium
OleRun
OleLockRunning

shell32

ShellExecuteW

oleaut32

SysStringLen
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
LoadTypeLi
SysAllocStringByteLen
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
VariantCopy
VariantChangeType
VarBstrCat
VarBstrCmp
GetErrorInfo
SysFreeString

gdi32

DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
CreateFontW
CreateFontIndirectW
SetBrushOrgEx
SetBkColor
SetTextColor
PatBlt
CreateBitmap
SetBkMode
CreatePatternBrush
CreateDIBSection
GetTextExtentPointW
EnumFontFamiliesExW
DeleteObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Installer.exe
.exe windows:4 windows x86 arch:x86

c99ab3916bcc7e451c91fcac0067c514

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\!Work\new_proj\Installer\release\Installer.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
ExitProcess
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetStdHandle
GetCurrentProcess
GetACP
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
WriteFile
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
FormatMessageA
MulDiv
GlobalUnlock
GlobalFree
WritePrivateProfileStringA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
GetTempFileNameA
SetFileAttributesA
MoveFileA
FreeLibrary
FreeResource
DeleteFileA
CompareStringA
InterlockedExchange
MultiByteToWideChar
lstrlenA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
LocalFree
GetCommandLineW
OutputDebugStringA
GetModuleHandleA
GetModuleHandleW
GetFileAttributesW
GetVersion
GetProcAddress
GetModuleFileNameW
LoadLibraryW
LoadLibraryA
GetLastError
SetLastError

user32

LoadCursorA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
LoadIconA
IsIconic
SendMessageA
GetSystemMetrics
GetClientRect
DrawIcon
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
UnregisterClassA
DestroyMenu
GetSysColorBrush
UnhookWindowsHookEx
MessageBoxA
EnableWindow
GetWindowLongA
GetForegroundWindow
PostMessageA
PostQuitMessage
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

CommandLineToArgvW

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/eSellerateEngine.dll
.dll windows:4 windows x86 arch:x86

844e3ce531035c1816fe862b01cc8851

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
htons
WSAStartup
closesocket
recv
send
socket
WSAAsyncSelect
connect
WSAGetLastError
ioctlsocket
gethostbyname

kernel32

DeleteFileA
Sleep
GetSystemTime
SetFileAttributesA
GetTempPathA
CreateDirectoryA
GetDriveTypeA
GetDiskFreeSpaceA
FreeLibrary
GetProcAddress
LoadLibraryA
MoveFileA
lstrcpyA
LocalFree
lstrcmpiA
LocalAlloc
lstrlenA
lstrcpynA
lstrlenW
MultiByteToWideChar
GlobalDeleteAtom
GlobalAddAtomA
GetCurrentProcessId
GlobalUnlock
GlobalLock
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
DeleteCriticalSection
VirtualFree
CreateFileA
HeapDestroy
GetOEMCP
GetACP
SizeofResource
InitializeCriticalSection
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
GetLocalTime
GetTimeZoneInformation
InterlockedIncrement
InterlockedDecrement
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
IsBadReadPtr
SetEndOfFile
CompareStringA
WaitForSingleObject
CloseHandle
FindResourceA
LoadResource
LockResource
GetTickCount
WideCharToMultiByte
GetTempFileNameA
FindFirstFileA
FindClose
GetModuleFileNameA
GetWindowsDirectoryA
GetVolumeInformationA
GlobalMemoryStatus
GetStringTypeA
GetStringTypeW
SetStdHandle
GetCPInfo
FlushFileBuffers
SetFilePointer
IsBadCodePtr
CompareStringW
HeapCreate
SetEnvironmentVariableA

user32

LoadCursorA
CharNextA
RegisterClassA
GetWindowThreadProcessId
ReuseDDElParam
UnpackDDElParam
CreateWindowExA
DefWindowProcA
GetWindowLongA
OpenClipboard
GetClipboardData
SetClassLongA
LoadIconA
GetClassLongA
CloseClipboard
MessageBeep
CallWindowProcA
SetRect
OffsetRect
GetAsyncKeyState
UnregisterClassA
RedrawWindow
DialogBoxParamA
EndDialog
PeekMessageA
TranslateMessage
DispatchMessageA
SetTimer
KillTimer
DrawEdge
InvalidateRect
UpdateWindow
DrawFocusRect
FillRect
GetDlgItemTextA
GetSysColor
DrawTextA
ShowWindow
EnableWindow
GetWindowTextA
SetWindowTextA
GetDC
ReleaseDC
ScreenToClient
SetWindowPos
GetWindowRect
MoveWindow
SetFocus
PostMessageA
GetDlgItem
GetCursorPos
SendMessageA
GetClientRect
CopyRect
IsWindow
GetForegroundWindow
DestroyWindow
SetWindowLongA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
CreateDIBitmap
DeleteDC
CreateFontIndirectA
GetObjectA
DeleteObject
SetTextColor
SelectObject
GetTextExtentPoint32A
GetDeviceCaps

comdlg32

PrintDlgA
GetSaveFileNameA

comctl32

ord17
ord6

advapi32

RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetMalloc
ShellExecuteExA

ole32

CLSIDFromString
OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

SafeArrayCreateVector
VariantInit
VariantClear

Exports

Exports

MVESD_Entry2

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/license1.txt
$TEMP/license2.txt
3D Checkerz.exe
.exe windows:5 windows x86 arch:x86

33b31a9807d8c31f5874650325a7fdfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\!Work\new_proj\3D Checkerz\bin\release\3D Checkerz.pdb

Imports

ddraw

DirectDrawCreateClipper
DirectDrawEnumerateA
DirectDrawCreate

winmm

PlaySoundA

advisor

ord3
ord2

mfc90

ord4979
ord3213
ord305
ord1611
ord6684
ord2692
ord3808
ord3994
ord415
ord670
ord4706
ord4437
ord6164
ord2592
ord5598
ord2069
ord2651
ord4671
ord3217
ord6355
ord4683
ord1384
ord2369
ord5638
ord5581
ord1497
ord4330
ord6391
ord3346
ord1684
ord4415
ord2645
ord2646
ord3278
ord5786
ord978
ord6361
ord3222
ord6359
ord3221
ord5323
ord3224
ord4539
ord4716
ord5435
ord5432
ord2855
ord2079
ord2445
ord5339
ord4970
ord3783
ord310
ord2057
ord1918
ord2038
ord585
ord787
ord4023
ord436
ord686
ord3477
ord1183
ord1254
ord2106
ord3534
ord1358
ord1691
ord1087
ord1252
ord1061
ord2144
ord2143
ord4498
ord2282
ord3568
ord2130
ord1108
ord1361
ord2591
ord1536
ord6646
ord266
ord6802
ord3792
ord265
ord6791
ord1247
ord5750
ord3651
ord2137
ord5594
ord5388
ord2622
ord5635
ord6774
ord5578
ord1435
ord1429
ord5414
ord1436
ord2227
ord2265
ord2269
ord2288
ord2297
ord2289
ord2078
ord4382
ord5785
ord4306
ord4602
ord6504
ord1724
ord1787
ord3150
ord3579
ord3935
ord4028
ord588
ord792
ord5607
ord3528
ord6170
ord4759
ord4713
ord4679
ord1445
ord3670
ord5647
ord5584
ord4364
ord5279
ord5282
ord4786
ord4791
ord4788
ord4806
ord2854
ord4793
ord5195
ord5005
ord4585
ord4576
ord5403
ord5199
ord4608
ord5209
ord4850
ord4851
ord2948
ord404
ord663
ord5926
ord2950
ord3525
ord400
ord337
ord613
ord1603
ord6559
ord2458
ord2523
ord568
ord601
ord820
ord5615
ord4617
ord5152
ord5309
ord4993
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord5636
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord3135
ord4895
ord4668
ord3506
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2862
ord6742
ord2204
ord2239
ord5589
ord1466
ord5844
ord3004
ord5928
ord4663
ord5270
ord5156
ord2090
ord4627
ord6419
ord6533
ord4891
ord4670
ord300
ord1137
ord4502
ord2539
ord1062
ord5122
ord3331
ord3030
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord2447
ord4333
ord4981
ord5663
ord5646
ord6001
ord2766
ord2978
ord3107
ord4714
ord2698
ord316
ord800
ord4875
ord4878
ord710
ord462
ord650
ord388
ord4808
ord3991
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord3659
ord2208
ord3987
ord639
ord374
ord6584
ord5658
ord5552
ord617
ord341
ord994
ord570
ord798
ord1098
ord4197
ord793
ord1276
ord589
ord4029
ord5761

msvcr90

__CxxFrameHandler3
memset
memcpy
_CIsqrt
_CIcos
_CIsin
_CxxThrowException
_setmbcp
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_mbsnbcpy
rand
memmove_s
_purecall
free
malloc
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
memcpy_s
strrchr
__RTtypeid
??8type_info@@QBE_NABV0@@Z
__RTDynamicCast

kernel32

LockResource
SizeofResource
MulDiv
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
LoadResource
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FindResourceA
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
LoadLibraryA
Sleep
GetLastError
SetLastError
GetTickCount
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess

user32

EnableWindow
IsWindow
InvalidateRect
GetParent
GetSysColor
GetDesktopWindow
ClientToScreen
IntersectRect
GetSystemMetrics
ReleaseDC
GetDC
UpdateWindow
LoadBitmapA
MessageBoxExA
GetClientRect
SetClassLongA
SetCursor
LoadCursorA
GetSubMenu
LoadMenuA
SendMessageA
LoadImageA
PostQuitMessage

gdi32

DeleteObject
SelectObject
BitBlt
DeleteDC
CreateDIBitmap
GetDIBColorTable
GetDeviceCaps
GetSystemPaletteEntries
CreateFontA
GetObjectA
CreateCompatibleDC

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

comctl32

ord17

ole32

CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoInitializeEx
StgCreateDocfileOnILockBytes

oleaut32

OleLoadPicture

wsock32

WSACleanup
WSAStartup

msvcp90

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@HH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1strstreambuf@std@@UAE@XZ
??0strstreambuf@std@@QAE@PBDH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?ws@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AdVisor.dll
.dll windows:4 windows x86 arch:x86

3d31aaeb9d182d782d1372468f302f65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\!Work\new_proj\AdVisor\release\AdVisor.pdb

Imports

winmm

PlaySoundW

kernel32

GetFileAttributesW
GetFileTime
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
ExitProcess
HeapReAlloc
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetTickCount
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
lstrlenA
GetModuleHandleA
GlobalFlags
WritePrivateProfileStringW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetThreadLocale
InterlockedIncrement
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
CloseHandle
GetLastError
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
lstrlenW
InterlockedDecrement
SetLastError
FreeResource
GlobalFree
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
GetEnvironmentStrings

user32

CharUpperW
DestroyMenu
RegisterClipboardFormatW
PostThreadMessageW
IsRectEmpty
CopyAcceleratorTableW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
UnregisterClassW
CharNextW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetClientRect
UnregisterClassA
CreateWindowExW
LoadCursorW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextW
GetFocus
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
GetClassInfoExW
SetRect
SendMessageW
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsWindow
SetWindowTextW
GetWindowLongW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostMessageW
PostQuitMessage
EnableWindow
GetSystemMetrics
SetTimer
MessageBoxW
GetDesktopWindow
GetMenu

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
ScaleViewportExtEx
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
GetTextColor
GetBkColor
GetStockObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantChangeType
VariantClear
SysStringLen
SysAllocStringLen
VariantInit

Exports

Exports

AV_Initialize
AV_UnInitialize

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
click.wav
move.wav
pop.wav
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 14KB - Virtual size: 13KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

c00f938a49915bbb49004f75e33534ed

Headers

File Characteristics

Imports

urlmon

kernel32

user32

advapi32

ole32

shell32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 211KB - Virtual size: 210KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 15KB - Virtual size: 22KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 20KB - Virtual size: 20KB

c99ab3916bcc7e451c91fcac0067c514

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 176KB - Virtual size: 175KB

844e3ce531035c1816fe862b01cc8851

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 14KB - Virtual size: 13KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 211KB - Virtual size: 210KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 15KB - Virtual size: 22KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 176KB - Virtual size: 175KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 32KB - Virtual size: 30KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 16KB - Virtual size: 14KB