1af923cefd8ec75294e04aaa5d954d00_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1af923cefd8ec75294e04aaa5d954d00_JaffaCakes118
Size

4.9MB
MD5

1af923cefd8ec75294e04aaa5d954d00
SHA1

299925504c187cad2ec642bd93a38b22223eda20
SHA256

8220742fc956f41812326ddc265f5a488b0156ce2acdb8b03cc24aa48c3ae783
SHA512

46318a4b81d404c0c6fd4c73b81d5bda070ae940bacbf77176ebbfc08220395956e792444fa03abf0a224fa0d1e649e9e4e0c3d1ab2aceea9d913a496224d20b
SSDEEP

98304:9gF9y5N0APypMVrOFfZhQ8Z6wfLiwwm9au6GhKYW5eTI2WHJ+5xmEYxw:m9TAPguroQ9kL79auhddqJ+5xJYxw

Score

3^/10

Malware Config

Signatures

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Windows7Master/CleanMaster.exe
unpack001/Windows7Master/Controls.dll
unpack001/Windows7Master/DefragMaster.exe
unpack001/Windows7Master/DriverMaster.exe
unpack001/Windows7Master/FileShredder.exe
unpack001/Windows7Master/FileSplitter.exe
unpack001/Windows7Master/Helper.dll
unpack001/Windows7Master/IEMaster.exe
unpack001/Windows7Master/Interop.IWshRuntimeLibrary.dll
unpack001/Windows7Master/Lighting.dll
unpack001/Windows7Master/MS_FM.exe
unpack001/Windows7Master/MemoryMaster.exe
unpack001/Windows7Master/OptimizeGuide.exe
unpack001/Windows7Master/ServiceMaster.exe
unpack001/Windows7Master/UninstallMaster.exe
unpack001/Windows7Master/VisualMaster.exe
unpack001/Windows7Master/vmore.exe
unpack001/Windows7Master/wimgapi.dll
unpack001/Windows7Master/wimgapix64.dll

Files

1af923cefd8ec75294e04aaa5d954d00_JaffaCakes118
.rar
Windows7Master/CleanMaster.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/CleanMaster.xml
Windows7Master/Controls.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/DefragMaster.exe
.exe windows:5 windows x86 arch:x86

e785b36a0e7abedb0487bb8209549d30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\项目\老的项目\Windows7 Master\VistaMaster.DefragMaster\Release\DefragMaster.pdb

Imports

kernel32

FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetErrorMode
GetACP
IsValidCodePage
VirtualFree
HeapCreate
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
DuplicateHandle
UnlockFile
LockFile
GetOEMCP
GetCPInfo
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
ResumeThread
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
InterlockedDecrement
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GetModuleFileNameA
FreeResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
MulDiv
CreateMutexA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetFileAttributesA
SetLastError
FormatMessageA
MoveFileA
GetFileSize
SetEndOfFile
GetTickCount
QueryPerformanceCounter
GetDiskFreeSpaceA
WriteFile
CreateFileA
SetFilePointer
GetCurrentProcess
ReadFile
lstrcmpiA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
FlushFileBuffers
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
lstrlenA
FindFirstFileA
lstrcpyA
lstrcmpA
GetLastError
DeviceIoControl
WaitForSingleObject
Sleep
SetThreadPriority
FreeLibrary
lstrcatA
CloseHandle
GetModuleHandleA
GetProcAddress
LoadLibraryA
MultiByteToWideChar

user32

RegisterClipboardFormatA
PostThreadMessageA
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
UnregisterClassA
DestroyMenu
GetSysColorBrush
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
GetCursorPos
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetForegroundWindow
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageA
GetKeyState
SetMenu
SetForegroundWindow
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
GetActiveWindow
ShowWindow
SetWindowTextA
GetDlgItem
EnableWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
CopyRect
IsWindow
CharUpperA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
MapWindowPoints
SetRect
PostQuitMessage
MessageBoxA
SendMessageA
GetSysColor
LoadIconA
LoadBitmapA
GetWindowRect
GetDC
GetClientRect
FillRect
ReleaseDC
IsIconic
GetSystemMetrics
DrawIcon
InvertRect
GetSubMenu
MoveWindow
IsWindowVisible
UpdateWindow
SetCursor
LoadCursorA
SetFocus
GetMenuItemCount
InvalidateRect
GetFocus
GetWindowTextA
SetWindowLongA
GetMessagePos
ScreenToClient
PtInRect

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ScaleViewportExtEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
CreateFontA
GetClipBox
SetMapMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateRectRgnIndirect
CreateBitmap
GetTextExtentPoint32A
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
Rectangle
SetDCPenColor
DeleteObject
LineTo
MoveToEx
TextOutA
SelectObject
SetBkMode
GetStockObject
SetDCBrushColor
BitBlt
CreatePatternBrush

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFileInfoA

comctl32

ord6
ord17
InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows7Master/DriverMaster.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/DriverMaster.xml
Windows7Master/FileShredder.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/FileSplitter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/Helper.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/IEMaster.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/Interop.IWshRuntimeLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows7Master/Lighting.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/MS_FM.exe
.exe windows:5 windows x86 arch:x86

821c455b475c3595aa1e4e6ad93e77fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
TerminateProcess
GetCommandLineA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
CloseHandle
VirtualAlloc
VirtualFree
GetLastError

msvcrt

strncpy
strrchr
toupper
strstr
_strdup
strncat
printf
strchr
isspace
isdigit
_strupr
malloc
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__set_app_type
_except_handler3
_c_exit
__p__fmode

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

user32

EnumDesktopsA
EnumWindows
GetWindowThreadProcessId
GetWindow
GetWindowLongA
GetWindowTextA
FindWindowExA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
EnumWindowStationsA

ntdll

NtSetSystemInformation
RtlUnicodeStringToAnsiString
NtQuerySystemInformation

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/MemoryMaster.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/OptimizeGuide.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/ServiceMaster.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/UninstallMaster.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/Upgrade.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ec:36:12:43:5e:1d:19:ca:35:db:6f:dd:08:6b:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23-04-2010 00:00

Not After

22-06-2011 23:59

Subject

CN=Qingdao Loogoo InfoTech Co.\,ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qingdao Loogoo InfoTech Co.\,ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:89:2a:70:95:a0:e3:f0:64:ab:e5:ea:ed:aa:d0:5f:5c:4b:43:73
Signer

Actual PE Digest

3a:89:2a:70:95:a0:e3:f0:64:ab:e5:ea:ed:aa:d0:5f:5c:4b:43:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/Upgrade.xml
Windows7Master/VisualMaster.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/Windows7 Master.exe
.exe .vbs windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ec:36:12:43:5e:1d:19:ca:35:db:6f:dd:08:6b:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23-04-2010 00:00

Not After

22-06-2011 23:59

Subject

CN=Qingdao Loogoo InfoTech Co.\,ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qingdao Loogoo InfoTech Co.\,ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:33:9a:cc:28:6d:ff:ae:cd:b2:a1:53:c5:d1:94:dd:a9:64:7e:78
Signer

Actual PE Digest

5a:33:9a:cc:28:6d:ff:ae:cd:b2:a1:53:c5:d1:94:dd:a9:64:7e:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/Windows7 Master.xml
Windows7Master/vmore.exe
.exe windows:4 windows x86 arch:x86

04128daa5d2c7203c2b45a49779f3585

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
MoveFileA
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
GetACP
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

imagehlp

CheckSumMappedFile

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7Master/wimgapi.dll
.dll windows:6 windows x86 arch:x86

426aa623cfc1e5244eefc0728ebab432

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

wimgapi.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
wcsrchr
memmove
memcpy
memset
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
wcschr
_vsnwprintf
_wcsnicmp
wcstoul
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
iswspace
qsort
bsearch

ntdll

RtlUnwind
DbgUserBreakPoint
RtlRaiseStatus
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtYieldExecution
NtQueryInformationFile
RtlNtStatusToDosError
NtSetInformationFile
RtlAdjustPrivilege
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtOpenFile
RtlAllocateHeap
NtQueryDirectoryFile
NtClose
RtlFreeHeap

kernel32

Module32FirstW
lstrcmpiW
Module32NextW
GetLogicalDriveStringsW
QueryDosDeviceW
GetVolumePathNameW
UnlockFileEx
LockFileEx
GetOverlappedResult
HeapReAlloc
SetFilePointer
ReadFile
LocalAlloc
CreateThread
WaitForSingleObject
GetFileInformationByHandle
RemoveDirectoryW
CreateDirectoryW
FreeLibrary
WaitForMultipleObjects
ResetEvent
SetEvent
GetLongPathNameW
LoadLibraryW
GetDriveTypeW
GetCurrentDirectoryW
GetTempFileNameW
DisableThreadLibraryCalls
HeapAlloc
HeapFree
GetProcessHeap
CompareStringW
GetProcAddress
GetSystemInfo
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetCurrentDirectoryW
DeviceIoControl
WriteFile
CreateFileW
lstrcmpW
GetFullPathNameW
SetFileAttributesW
DeleteFileW
LocalFree
lstrlenW
CreateEventW
CreateToolhelp32Snapshot
GetFileSize
GetTempPathW
GetVolumeInformationW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
SetFilePointerEx
CloseHandle
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetLastError
DeleteCriticalSection

advapi32

RegUnLoadKeyW
RegLoadKeyW
RegFlushKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
GetSecurityInfo
GetSecurityDescriptorLength
WriteEncryptedFileRaw
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetAclInformation
SetNamedSecurityInfoW
SetSecurityInfo
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw

user32

CharNextW
CharPrevW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllMain
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCopyFile
WIMCreateFile
WIMDeleteImage
WIMExportImage
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImages
WIMInitFileIOCallbacks
WIMLoadImage
WIMMountImage
WIMRegisterMessageCallback
WIMSetBootImage
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSplitFile
WIMUnmountImage
WIMUnregisterMessageCallback

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows7Master/wimgapix64.dll
.dll windows:6 windows x64 arch:x64

7dc44b88789047bf70d127f5cdbebd23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

wimgapi.pdb

Imports

msvcrt

wcsrchr
_vsnwprintf
??3@YAXPEAX@Z
_wcsnicmp
_onexit
_lock
__dllonexit
_unlock
memmove
memset
memcpy
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
wcstoul
??2@YAPEAX_K@Z
iswspace
_purecall
wcschr
memcmp
qsort
bsearch
_local_unwind

ntdll

RtlVirtualUnwind
NtYieldExecution
DbgUserBreakPoint
RtlRaiseStatus
RtlInitializeCriticalSection
RtlReAllocateHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
NtQueryInformationFile
RtlNtStatusToDosError
NtSetInformationFile
RtlDosPathNameToNtPathName_U
NtQueryDirectoryFile
NtOpenFile
RtlInitUnicodeString
RtlFreeHeap
RtlAllocateHeap
RtlAdjustPrivilege
NtClose
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

GetFileSize
QueryDosDeviceW
GetLongPathNameW
GetTempPathW
UnlockFileEx
LockFileEx
GetOverlappedResult
HeapReAlloc
SetFilePointer
LocalAlloc
ReadFile
RemoveDirectoryW
SetEvent
WaitForSingleObject
ResetEvent
CreateDirectoryW
Module32FirstW
FreeLibrary
CreateThread
GetFileInformationByHandle
GetFileAttributesW
LoadLibraryW
WaitForMultipleObjects
GetSystemInfo
WriteFile
DeviceIoControl
SetCurrentDirectoryW
GetDriveTypeW
GetTempFileNameW
GetCurrentDirectoryW
lstrcmpiW
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcmpW
CreateFileW
SetLastError
GetLastError
HeapFree
GetFileSizeEx
SetFilePointerEx
HeapAlloc
GetFullPathNameW
SetEndOfFile
lstrlenW
CompareStringW
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Module32NextW
GetVolumePathNameW
GetVolumeInformationW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetProcAddress
SetFileAttributesW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
DeleteFileW
LocalFree
GetProcessHeap
CreateEventW

advapi32

RegQueryValueExW
RegUnLoadKeyW
RegCloseKey
RegLoadKeyW
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
GetSecurityInfo
GetSecurityDescriptorLength
SetSecurityInfo
GetSecurityDescriptorOwner
WriteEncryptedFileRaw
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetAclInformation
ReadEncryptedFileRaw
CloseEncryptedFileRaw
OpenEncryptedFileRawW

user32

CharPrevW
CharNextW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllMain
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCopyFile
WIMCreateFile
WIMDeleteImage
WIMExportImage
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImages
WIMInitFileIOCallbacks
WIMLoadImage
WIMMountImage
WIMRegisterMessageCallback
WIMSetBootImage
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSplitFile
WIMUnmountImage
WIMUnregisterMessageCallback

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows7Master/zh-CN/CleanMaster.xml
Windows7Master/zh-CN/FileEncrypt.xml
Windows7Master/zh-CN/FileShredder.xml
Windows7Master/zh-CN/IEMaster.xml
Windows7Master/zh-CN/OptimizeGuide.xml
Windows7Master/zh-CN/ServiceMaster.xml
Windows7Master/zh-CN/SystemPoint.xml
Windows7Master/zh-CN/Upgrade.xml
Windows7Master/zh-CN/VisualMaster.xml
Windows7Master/zh-CN/Windows7 Master.xml

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.textxc Size: 566KB - Virtual size: 565KB

.idata Size: 512B - Virtual size: 86B

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 92KB - Virtual size: 92KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.textxc Size: 98KB - Virtual size: 98KB

.idata Size: 512B - Virtual size: 86B

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 1024B - Virtual size: 888B

e785b36a0e7abedb0487bb8209549d30

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 10KB - Virtual size: 107KB

.rsrc Size: 342KB - Virtual size: 342KB

.reloc Size: 41KB - Virtual size: 40KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.textxc Size: 205KB - Virtual size: 204KB

.idata Size: 512B - Virtual size: 86B

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 114KB - Virtual size: 113KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.textxc Size: 390KB - Virtual size: 389KB

.idata Size: 512B - Virtual size: 86B

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 378KB - Virtual size: 378KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.textxc
Size: 566KB - Virtual size: 565KB

.idata
Size: 512B - Virtual size: 86B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 92KB - Virtual size: 92KB

.textxc
Size: 98KB - Virtual size: 98KB

.idata
Size: 512B - Virtual size: 86B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 888B

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 10KB - Virtual size: 107KB

.rsrc
Size: 342KB - Virtual size: 342KB

.reloc
Size: 41KB - Virtual size: 40KB

.textxc
Size: 205KB - Virtual size: 204KB

.idata
Size: 512B - Virtual size: 86B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 114KB - Virtual size: 113KB

.textxc
Size: 390KB - Virtual size: 389KB

.idata
Size: 512B - Virtual size: 86B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 378KB - Virtual size: 378KB

.textxc
Size: 168KB - Virtual size: 167KB

.idata
Size: 512B - Virtual size: 86B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 114KB - Virtual size: 114KB

.textxc
Size: 636KB - Virtual size: 636KB

.datax
Size: 512B - Virtual size: 64B

.idata
Size: 512B - Virtual size: 86B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 812B

.textxc
Size: 538KB - Virtual size: 538KB

.idata
Size: 512B - Virtual size: 86B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 319KB - Virtual size: 318KB

.text
Size: 36KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 12B

.textxc
Size: 248KB - Virtual size: 245KB

.datax
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 86B

.reloc
Size: 4KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 760B

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 2.8MB

.rsrc
Size: 1KB - Virtual size: 1KB