1b4672b5a97263b8573ec93635731ccd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b4672b5a97263b8573ec93635731ccd_JaffaCakes118
Size

550KB
MD5

1b4672b5a97263b8573ec93635731ccd
SHA1

f0be30d2dabc3b24ea524d6d79c38b46bef5301c
SHA256

e18e1114d412e827d19fc076e7196eb8ccb2029ebb6a0f8f5b904f2703b63b08
SHA512

5af81c4ba4430005b399e4c9cb795da832f2de6c38d57b2a7bdd32963d68a9e66983310021770e642acf93284efb4c52589bc7f26b903cc6b742d2265f3676b5
SSDEEP

12288:R1i5hOgIouVOfw6t8S3jFIy+JTEU32BamVz5EklxdExhjgf:RjjO4Ny82RWklxKtgf

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/locate32-3.1.8.02160/ImgHnd.dll
unpack001/locate32-3.1.8.02160/SetTool.exe
unpack001/locate32-3.1.8.02160/Updtdb32.exe
unpack001/locate32-3.1.8.02160/keyhelper.dll
unpack001/locate32-3.1.8.02160/lan_en.dll
unpack001/locate32-3.1.8.02160/loc_fndx.dll
unpack001/locate32-3.1.8.02160/locate.exe
unpack001/locate32-3.1.8.02160/locate32.exe

Files

1b4672b5a97263b8573ec93635731ccd_JaffaCakes118
.rar
locate32-3.1.8.02160/ImgHnd.dll
.dll windows:4 windows x86 arch:x86

388551a747778b01389f16ffac68fcb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\jmhuttun\Programming\public\Locate\Win32 - Release\bin\ImgHnd.pdb

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage
GdiplusStartup
GdipLoadImageFromFile
GdipGetImageHeight
GdipAlloc
GdipFree
GdipCloneImage
GdiplusShutdown

kernel32

FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
GetLocaleInfoA

Exports

Exports

GetImageDimensionsA
GetImageDimensionsW
InitLibrary
UninitLibrary

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
locate32-3.1.8.02160/Locate32.chm
.chm
locate32-3.1.8.02160/Readme.txt
locate32-3.1.8.02160/SetTool.exe
.exe windows:4 windows x86 arch:x86

85373e924f9b5d614b4b2cf7457aefb2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\jmhuttun\Programming\public\Locate\Win32 - Release\bin\SetTool.pdb

Imports

kernel32

FlushFileBuffers
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSection
LoadLibraryA
CreateProcessA
WaitForSingleObject
GetCurrentProcess
GetLastError
DeleteFileA
LocalFree
FormatMessageA
CloseHandle
WriteConsoleW
GetVersionExA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

DialogBoxParamA
FindWindowA
PostQuitMessage
MessageBoxA
DefDlgProcA
LoadStringA
LoadImageA
SetClassLongA
EndDialog

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumKeyExA
RegDeleteKeyA
RegSaveKeyA
RegCloseKey
RegOpenKeyExA
RegRestoreKeyA
RegCreateKeyExA
OpenProcessToken

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locate32-3.1.8.02160/Updtdb32.exe
.exe windows:4 windows x86 arch:x86

dc375f7246a46832deafafcf1069157d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\jmhuttun\Programming\public\Locate\Win32 - Release\bin\Updtdb32.pdb

Imports

kernel32

GetDriveTypeW
DeleteFileA
DeleteFileW
GetTickCount
GetCurrentProcess
InterlockedExchange
WaitForSingleObject
GetLocalTime
SystemTimeToFileTime
SetErrorMode
GetVolumeInformationA
GetVolumeInformationW
FindFirstFileA
GlobalAlloc
FindFirstFileW
CreateThread
FindNextFileA
GlobalFree
FindNextFileW
SetThreadPriority
FindClose
ResumeThread
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetModuleHandleA
CreateProcessA
GetProcAddress
CreateDirectoryW
CreateDirectoryA
GetVersion
SetEndOfFile
GetFileSize
LockFile
UnlockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFullPathNameA
GetShortPathNameA
GetLastError
WriteFile
CreateFileA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetDriveTypeA
CreateFileW
GetFullPathNameW
GetShortPathNameW
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
HeapSize
InitializeCriticalSection
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLogicalDriveStringsA
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExW
FindResourceA
LoadResource
FreeLibrary
Sleep
LoadLibraryExA
LockResource

advapi32

RegQueryValueExA
RegQueryValueExW
AdjustTokenPrivileges
RegOpenKeyExA
LookupPrivilegeValueA
RegRestoreKeyA
RegSaveKeyA
RegCloseKey
RegCreateKeyExA
OpenProcessToken
RegEnumKeyExA
RegDeleteKeyA

mpr

WNetCloseEnum
WNetOpenEnumW
WNetOpenEnumA
WNetEnumResourceW
WNetEnumResourceA

user32

GetActiveWindow
MessageBoxA
LoadStringA
LoadStringW
CharLowerBuffW
CharLowerBuffA
CharLowerW
CharLowerA

comdlg32

GetFileTitleA
GetFileTitleW

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locate32-3.1.8.02160/keyhelper.dll
.dll windows:4 windows x86 arch:x86

f44a8eb50357516a60ed00be9959ad55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\jmhuttun\Programming\public\Locate\Win32 - Release\bin\keyhelper.pdb

Imports

kernel32

GetModuleHandleA
GetProcAddress
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA

user32

GetForegroundWindow
GetWindowTextA
GetClassNameA
SendMessageA
GetKeyState
SetWindowsHookExA
CallNextHookEx
PostMessageA
keybd_event
UnhookWindowsHookEx

Exports

Exports

SetHook
UnsetHook
_HookKeyboardProc@12

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
locate32-3.1.8.02160/lan_en.dll
.dll windows:4 windows x86 arch:x86

d811d71710ad58776155b7a8da1fa9db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\jmhuttun\Programming\public\Locate\Win32 - Release\bin\lan_en.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
locate32-3.1.8.02160/loc_fndx.dll
.dll windows:4 windows x86 arch:x86

bb6df816bacc4335b0f3244e57164862

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\jmhuttun\Programming\public\Locate\Win32 - Release\bin\loc_fndx.pdb

Imports

kernel32

GetModuleFileNameA
LCMapStringW
LCMapStringA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
locate32-3.1.8.02160/locate-example.ini
locate32-3.1.8.02160/locate.exe
.exe windows:4 windows x86 arch:x86

194f643bfac9f7e5c96d2da84b3829f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\jmhuttun\Programming\public\Locate\Win32 - Release\bin\locate.pdb

Imports

kernel32

MultiByteToWideChar
InterlockedExchange
ReadConsoleA
GetConsoleScreenBufferInfo
GetStdHandle
LoadLibraryExW
SetConsoleMode
GetLocalTime
LoadResource
FreeLibrary
FindResourceA
LockResource
SetConsoleCtrlHandler
LoadLibraryExA
CloseHandle
GetProcAddress
GetCurrentProcess
CreateDirectoryA
GetModuleHandleA
CreateProcessA
CreateDirectoryW
WaitForSingleObject
SetEndOfFile
GetFileSize
LockFile
UnlockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFullPathNameA
GetShortPathNameA
GetLastError
WriteFile
FindClose
FindNextFileA
FindFirstFileA
CreateFileA
GetCurrentDirectoryW
GetModuleFileNameA
GetModuleFileNameW
CreateFileW
GetFullPathNameW
FindNextFileW
FindFirstFileW
GetShortPathNameW
WideCharToMultiByte
GetVersion
HeapFree
HeapAlloc
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
Sleep
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSection
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
DeleteFileA
GetDriveTypeA
GetCurrentDirectoryA
GetTickCount
DeleteFileW
GetDriveTypeW

user32

CharLowerA
CharLowerBuffW
GetActiveWindow
MessageBoxA
LoadStringW
LoadStringA
CharLowerBuffA
CharLowerW

advapi32

RegCreateKeyExA
RegSaveKeyA
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
LookupPrivilegeValueA
RegRestoreKeyA
RegEnumKeyExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

comdlg32

GetFileTitleW
GetFileTitleA

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locate32-3.1.8.02160/locate32.exe
.exe windows:4 windows x86 arch:x86

cf1a8e6aa4ee8ab765a12e22a9f8d95c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\jmhuttun\Programming\public\Locate\Win32 - Release\bin\locate32.pdb

Imports

kernel32

GetFileAttributesA
GetFileAttributesW
GetFileTime
GetFileSize
GetLogicalDriveStringsA
CreateProcessW
LoadLibraryA
CreateProcessA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
SetLastError
GetLogicalDrives
FindResourceA
LoadResource
LockResource
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathA
GetTempFileNameA
CopyFileA
CopyFileW
EnumTimeFormatsA
EnumDateFormatsA
SizeofResource
SetFileAttributesA
SetFileAttributesW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetTickCount
FindNextFileA
FindNextFileW
GetVolumeInformationA
GetVolumeInformationW
GlobalLock
GlobalFree
GlobalSize
GlobalAlloc
SystemTimeToFileTime
FileTimeToDosDateTime
GetLocaleInfoA
GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW
MultiByteToWideChar
GetLocalTime
InterlockedDecrement
WaitForSingleObject
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindFirstFileA
MoveFileExW
MoveFileExA
GlobalAddAtomA
GlobalAddAtomW
GetFullPathNameA
GetFullPathNameW
GetDriveTypeW
GetDriveTypeA
DeleteFileW
DeleteFileA
ResumeThread
SetErrorMode
LocalAlloc
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FormatMessageA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
RtlUnwind
GetStartupInfoA
GetProcessHeap
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
InterlockedIncrement
GetTempFileNameW
GetShortPathNameW
GetSystemDirectoryW
GetSystemDirectoryA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetTempPathW
GetCurrentDirectoryW
WriteFile
GetShortPathNameA
ReadFile
SetFilePointer
FlushFileBuffers
UnlockFile
LockFile
SetEndOfFile
GetPrivateProfileStringW
GetPrivateProfileStringA
lstrcpynA
GetVersion
GetModuleFileNameW
GetModuleFileNameA
GetCurrentThread
OpenEventA
CreateDirectoryA
CreateDirectoryW
SetThreadPriority
CreateThread
InterlockedExchange
CreateFileA
CreateFileW
FindNextChangeNotification
ResetEvent
Sleep
GetLastError
SetPriorityClass
FormatMessageW
InitializeCriticalSection
GetCommandLineW
LoadLibraryExW
LoadLibraryExA
GetNumberFormatA
GetNumberFormatW
FreeLibrary
GlobalGetAtomNameW
MulDiv
LocalFree
DeleteAtom
GlobalGetAtomNameA
SetStdHandle
GetOverlappedResult
WaitForMultipleObjects
SetEvent
CreateEventA
CloseHandle
GetModuleHandleA
GetProcAddress
GetVersionExA
TerminateThread
LeaveCriticalSection
GetExitCodeThread
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcess
FindCloseChangeNotification
DuplicateHandle
FindFirstChangeNotificationA
GetCurrentThreadId
FindFirstChangeNotificationW
WideCharToMultiByte
GlobalMemoryStatus
GlobalUnlock

user32

CharLowerBuffA
GetDlgCtrlID
GetWindowTextA
GetKeyboardState
GetDoubleClickTime
SendDlgItemMessageW
VkKeyScanA
DrawTextW
LoadCursorA
SetCursor
FillRect
GetSysColorBrush
SendMessageA
LoadImageA
ReleaseDC
SetDlgItemTextW
SendDlgItemMessageA
GetClientRect
EndDialog
GetDlgItemTextA
ToAscii
RegisterClassExA
DrawFrameControl
DrawIconEx
IsWindowVisible
CheckDlgButton
IsClipboardFormatAvailable
ChangeClipboardChain
CreateDialogParamW
DrawStateA
IsWindowEnabled
ScreenToClient
CharUpperBuffA
IsCharLowerW
DestroyAcceleratorTable
CreateMenu
CreatePopupMenu
CharLowerA
CreateAcceleratorTableA
SetMenu
GetSystemMetrics
CharUpperW
EnableWindow
SetMenuItemBitmaps
SetWindowPlacement
LoadBitmapA
SetDlgItemInt
SetClipboardViewer
DrawFocusRect
GetDlgItemInt
GetNextDlgTabItem
CheckMenuItem
SetFocus
SendMessageW
InsertMenuItemA
SetWindowLongA
EnumChildWindows
SetClipboardData
IsDlgButtonChecked
GetMenu
EmptyClipboard
GetKeyState
CallWindowProcA
UpdateWindow
DefDlgProcA
CharLowerBuffW
GetForegroundWindow
SendNotifyMessageA
OpenClipboard
DefWindowProcA
ShowWindow
InvalidateRect
SetWindowPos
GetSubMenu
MessageBoxW
BringWindowToTop
GetMenuItemInfoA
GetMenuItemCount
UnregisterHotKey
SetForegroundWindow
ReleaseCapture
GetWindowRect
GetWindowPlacement
GetSysColor
RegisterHotKey
DeleteMenu
GetMonitorInfoA
DrawTextA
MonitorFromWindow
CreateDialogParamA
GetDesktopWindow
GetFocus
FindWindowA
LoadImageW
EnumWindows
RegisterWindowMessageA
SetCapture
DialogBoxParamW
DialogBoxParamA
MessageBoxA
SetClassLongA
SetActiveWindow
EnableMenuItem
SetMenuDefaultItem
GetClassNameA
GetMenuItemID
TrackPopupMenu
DestroyIcon
SetTimer
KillTimer
CloseClipboard
LoadStringA
LoadStringW
GetMenuItemInfoW
BeginPaint
EndPaint
InsertMenuItemW
SetMenuItemInfoA
SetMenuItemInfoW
GetWindowTextLengthA
GetWindowTextW
GetClassNameW
GetWindowTextLengthW
GetDlgItemTextW
RedrawWindow
SetWindowTextA
SetWindowTextW
SetWindowLongW
GetWindow
CreateWindowExW
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
PeekMessageA
GetActiveWindow
AttachThreadInput
GetWindowThreadProcessId
DestroyMenu
GetDC
LoadMenuA
GetClipboardData
ClientToScreen
GetClipboardFormatNameA
RegisterClipboardFormatA
GetCursorPos
GetDlgItem
DestroyWindow
LoadIconA
CreateWindowExA
GetParent
CharUpperBuffW
PostMessageA
CharLowerW
GetWindowLongA
SetDlgItemTextA
PostQuitMessage
IsCharUpperW

gdi32

CreateCompatibleDC
SetBkColor
Rectangle
CreatePen
CreateFontIndirectW
SetBkMode
SetMapMode
GetStockObject
CreateFontIndirectA
GetDeviceCaps
GetTextMetricsA
SetTextColor
SelectObject
DeleteObject
GetTextFaceA
CreateSolidBrush
DeleteDC
CreateFontA
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap

advapi32

GetSecurityDescriptorOwner
LookupAccountSidA
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExA
RegEnumKeyExW
RegDeleteValueA
RegEnumValueA
GetFileSecurityW
GetFileSecurityA
RegDeleteKeyA
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueW
LookupAccountSidW
AdjustTokenPrivileges
RegOpenKeyExA
OpenProcessToken
RegCreateKeyExA
LookupPrivilegeValueA
RegSaveKeyA
RegRestoreKeyA

shell32

SHFileOperationW
SHFileOperationA
SHGetFileInfoW
SHGetDataFromIDListA
SHBrowseForFolderW
SHBrowseForFolderA
SHGetSettings
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteW
ExtractIconExA
SHGetSpecialFolderLocation
ExtractIconExW
SHGetFileInfoA
ShellExecuteExA
ShellExecuteExW
DragQueryFileW
Shell_NotifyIconW
Shell_NotifyIconA
DragFinish
DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA

ole32

CLSIDFromString
OleUninitialize
RevokeDragDrop
CoTaskMemAlloc
RegisterDragDrop
DoDragDrop
CoCreateInstance
PropVariantClear
CoUninitialize
CoInitialize
CoTaskMemFree
ReleaseStgMedium
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

keyhelper

UnsetHook
SetHook

comctl32

ImageList_GetIconSize
ord412
ord413
CreatePropertySheetPageW
CreatePropertySheetPageA
PropertySheetW
ImageList_Replace
ImageList_Add
ord410
ImageList_Destroy
ImageList_LoadImageA
ImageList_GetIcon
InitCommonControlsEx
PropertySheetA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mpr

WNetOpenEnumW
WNetOpenEnumA
WNetEnumResourceW
WNetEnumResourceA
WNetCloseEnum

comdlg32

GetFileTitleA
GetFileTitleW
ChooseColorA
ChooseFontA
GetSaveFileNameA
GetOpenFileNameA
GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 680KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locate32-3.1.8.02160/portable.ini
locate32-3.1.8.02160/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

388551a747778b01389f16ffac68fcb4

Headers

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

85373e924f9b5d614b4b2cf7457aefb2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

advapi32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 28KB - Virtual size: 26KB

dc375f7246a46832deafafcf1069157d

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

mpr

user32

comdlg32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 24KB - Virtual size: 20KB

f44a8eb50357516a60ed00be9959ad55

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 864B

.reloc Size: 4KB - Virtual size: 3KB

d811d71710ad58776155b7a8da1fa9db

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 72KB - Virtual size: 69KB

.reloc Size: 4KB - Virtual size: 3KB

bb6df816bacc4335b0f3244e57164862

Headers

File Characteristics

PDB Paths

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 24KB - Virtual size: 20KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 72KB - Virtual size: 69KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 196KB - Virtual size: 194KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 24KB - Virtual size: 20KB

.text
Size: 680KB - Virtual size: 676KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 200KB - Virtual size: 196KB