2239f113de89a78e390a1bb6e5dfc0c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2239f113de89a78e390a1bb6e5dfc0c8_JaffaCakes118
Size

902KB
MD5

2239f113de89a78e390a1bb6e5dfc0c8
SHA1

e5ee9a13fc508efd93ec386342dc2957580c6263
SHA256

66d9ba44e0a89f2a05269cfaf35be93a5384dcd95c1572b795d3054662b99316
SHA512

505f72fc76c2a51e13e6532d8461fd3ee9a09b54e1b9b5820df95feb63d26c6e31c3802fd1511e1e938cde203cd41c2720027f9817a0e5436df6ee59205b5e76
SSDEEP

24576:3R8mgSfzovaYFEc9UFpAE34h2sb39m2hufcQk5puzJBXEQ:CmgS7oSYFEc9iB34p4dk5oB0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
2239f113de89a78e390a1bb6e5dfc0c8_JaffaCakes118
unpack001/$2/msimg32.dll
unpack001/$3/msimg32.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Processes.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/MLServ.exe
unpack001/MessengerLog.exe
unpack001/MlogLoader.exe
unpack001/RichEdMonitor.dll
unpack001/Uninstall.exe
unpack001/msimg32.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

2239f113de89a78e390a1bb6e5dfc0c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$2/msimg32.dll
.dll windows:4 windows x86 arch:x86

addbfbd28e4941f1f8bb8b9b46d3f9d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcatA
GetLocalTime
CloseHandle
WriteFile
FindResourceExA
ReadFile
GetFileSize
CreateDirectoryA
GetVersionExA
GetCurrentProcess
SetFilePointer
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
InterlockedExchange
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

CharLowerA
UnregisterClassA
wvsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$3/msimg32.dll
.dll windows:4 windows x86 arch:x86

addbfbd28e4941f1f8bb8b9b46d3f9d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcatA
GetLocalTime
CloseHandle
WriteFile
FindResourceExA
ReadFile
GetFileSize
CreateDirectoryA
GetVersionExA
GetCurrentProcess
SetFilePointer
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
InterlockedExchange
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

CharLowerA
UnregisterClassA
wvsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
MLServ.exe
.exe windows:4 windows x86 arch:x86

6d7041e5ef21ff462801f11059cc4dc0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectA
InternetOpenA
FtpPutFileA
InternetCloseHandle

kernel32

FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CloseHandle
WaitForSingleObject
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
Sleep
CreateThread
CreateEventA
GetModuleHandleA
GetCurrentThreadId
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
LoadLibraryExA
GetCommandLineA
OutputDebugStringA
lstrcatA
GetLocalTime
WriteFile
CreateFileA
ReadFile
GetFileSize
CreateDirectoryA
GetVersionExA
lstrcpyA
OpenProcess
SetFilePointer
TerminateThread
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetTickCount
GetComputerNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetVolumeInformationA
GetSystemInfo
FileTimeToDosDateTime
lstrcmpA
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
GetStartupInfoA
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
MoveFileA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
InterlockedExchange
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
VirtualAlloc
VirtualProtect
GetProcessHeap
SetStdHandle
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
SetLastError
TlsFree
GetOEMCP

user32

wvsprintfA
wsprintfA
MessageBoxA
UnregisterClassA
LoadStringA
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
CharUpperA
CharNextA

advapi32

StartServiceCtrlDispatcherA
CreateProcessAsUserA
OpenProcessToken
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
ChangeServiceConfig2A
RegisterServiceCtrlHandlerA
RegEnumKeyExA
CreateServiceA
ControlService
DeleteService
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHGetFolderPathA

ole32

CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
LoadRegTypeLi
SysAllocString

shlwapi

PathFileExistsA
StrToIntExA

wsock32

socket
connect
shutdown
closesocket
select
recv
send
WSAStartup
gethostbyname
getservbyname
htons
ioctlsocket
WSACleanup

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MessengerLog.chm
.chm
MessengerLog.exe
.exe windows:4 windows x86 arch:x86

09e4277710c65fd67b5119b5a9e70083

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenA
FtpPutFileA
InternetConnectA

kernel32

DuplicateHandle
GetFullPathNameA
InterlockedIncrement
GlobalFlags
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
GetFileAttributesA
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
SetEndOfFile
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalSize
GlobalAlloc
FormatMessageA
SetLastError
GlobalLock
GlobalUnlock
FreeResource
lstrcmpA
FileTimeToDosDateTime
FindResourceExA
GetSystemInfo
GetModuleHandleA
GetVolumeInformationA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetExitCodeProcess
ExitProcess
GetProcAddress
GetComputerNameA
GetDateFormatA
GetTimeFormatA
Sleep
GetTickCount
GetTimeZoneInformation
RaiseException
GlobalFree
GetTempFileNameA
MulDiv
SetFilePointer
GetModuleFileNameA
GetTempPathA
GetCurrentProcess
lstrcpyA
GetVersionExA
CreateDirectoryA
GetFileSize
ReadFile
CreateFileA
WriteFile
GetLocalTime
lstrcatA
OutputDebugStringA
CreateSemaphoreA
LocalAlloc
LocalHandle
LocalFree
ReleaseSemaphore
OpenProcess
CreateThread
GetExitCodeThread
TerminateThread
OpenMutexA
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
MoveFileA
RemoveDirectoryA
CopyFileA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetSystemTimeAsFileTime

user32

MessageBeep
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
RegisterClipboardFormatA
PostThreadMessageA
BeginPaint
GrayStringA
DrawTextExA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetSubMenu
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CharNextA
GetActiveWindow
GetWindow
LoadCursorA
ScreenToClient
DestroyCursor
GetCaretPos
ClientToScreen
EnableMenuItem
CheckMenuItem
CreatePopupMenu
GetClassNameA
UnregisterClassA
wvsprintfA
wsprintfA
GetForegroundWindow
GetDesktopWindow
GetMenuState
GetMenuItemCount
AppendMenuA
DrawEdge
GetDC
DrawTextA
GetKeyState
FindWindowA
GetWindowThreadProcessId
IsCharAlphaNumericA
KillTimer
SetTimer
UpdateWindow
IsZoomed
IsIconic
DrawIcon
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
MapDialogRect
SetCursor
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetCursorPos
WindowFromPoint
GetNextDlgGroupItem
DrawIconEx
ReleaseCapture
SetCapture
GetCapture
IsWindowVisible
InvalidateRect
PtInRect
CopyRect
DestroyIcon
ReleaseDC
GetWindowDC
GetClientRect
GetWindowRect
FrameRect
InflateRect
GetSystemMetrics
DrawStateA
LoadImageA
SetForegroundWindow
SetRect
CharUpperA
SendMessageA
EnableWindow
GetParent
PostMessageA
EndPaint
GetDlgCtrlID
RemovePropA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
MoveToEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetTextColor
GetRgnBox
LineTo
SetMapMode
GetViewportExtEx
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
GetTextExtentPoint32A
CreateFontA
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetTextColor
GetClipBox
CopyMetaFileA
SetBkColor
CreateSolidBrush
DeleteObject
EndDoc
EndPage
StartPage
StartDocA
GetDeviceCaps
SelectObject
GetBkColor
CreatePen
SetPixel
BitBlt
RoundRect

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHFileOperationA
SHGetSpecialFolderPathA
SHGetFolderPathA

shlwapi

StrToIntExA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
StgCreateDocfileOnILockBytes
OleCreateStaticFromData
OleSetContainedObject
CoCreateInstance
CoInitialize
CoUninitialize
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
OleIsCurrentClipboard
OleFlushClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString

urlmon

URLDownloadToFileA

wsock32

select
recv
ioctlsocket
closesocket
WSACleanup
htons
getservbyname
shutdown
connect
socket
WSAStartup
gethostbyname
send

psapi

GetModuleFileNameExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 452KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MlogLoader.exe
.exe windows:4 windows x86 arch:x86

679ec3c64ab9eeabb1ef9bf28ccb78d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
OpenMutexA
InterlockedExchange
OpenProcess
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetModuleHandleA
CloseHandle
lstrlenA
LoadResource
GetCurrentProcess
VirtualFreeEx
GetModuleFileNameA
CreateDirectoryA
GetVersionExA
GetLocalTime
CreateFileA
SetFilePointer
GetFileSize
WriteFile
ReadFile
lstrcatA
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FindResourceExA
FindResourceA
SizeofResource
LockResource
LoadLibraryA
RtlUnwind
GetCurrentProcessId
FlushFileBuffers
WriteConsoleW
GetTickCount
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
LCMapStringW
Sleep
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetConsoleOutputCP

user32

wvsprintfA
UnregisterClassA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RichEdMonitor.dll
.dll windows:4 windows x86 arch:x86

774214e60e8c203601692ceded98e95b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

kernel32

CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
GlobalUnlock
GlobalLock
IsBadReadPtr
IsBadCodePtr
lstrcatA
GetLocalTime
WriteFile
CreateFileA
DeleteFileA
ReadFile
GetFileSize
FindClose
FindFirstFileA
CreateDirectoryA
GetVersionExA
GetCurrentProcess
GetTempPathA
GetModuleFileNameA
SetFilePointer
WriteProcessMemory
VirtualProtect
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateThread
Sleep
CreateThread
OpenMutexA
GetProcAddress
GetModuleHandleA
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryA
SetThreadPriority
FileTimeToLocalFileTime
GetTempFileNameA
GetVolumeInformationA
GetSystemInfo
FileTimeToDosDateTime
lstrcmpA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrlenA
lstrcmpiA
CompareStringW
TerminateProcess
CompareStringA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
SetEnvironmentVariableA
InitializeCriticalSection
GetStdHandle
ExitProcess
HeapCreate
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
VirtualFree
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
GetConsoleMode
GetConsoleCP
VirtualAlloc
RaiseException
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

UnregisterClassA
CharNextA
SetTimer
GetWindowLongA
KillTimer
FindWindowExA
FindWindowA
EnumWindows
GetWindow
WindowFromDC
GetParent
IsWindow
DestroyWindow
CreateWindowExA
SendMessageA
GetClassNameA
wvsprintfA
IsIconic
SetRect
FillRect
CharLowerA
GetWindowTextA

gdi32

CreateFontA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
PlayMetaFile
DeleteObject
DeleteDC
SelectObject

advapi32

OpenProcessToken
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoInitialize
ReleaseStgMedium
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
OleCreateStaticFromData
OleDuplicateData

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear

shlwapi

PathFileExistsA

oleacc

AccessibleObjectFromWindow
AccessibleChildren

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
msimg32.dll
.dll windows:4 windows x86 arch:x86

addbfbd28e4941f1f8bb8b9b46d3f9d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcatA
GetLocalTime
CloseHandle
WriteFile
FindResourceExA
ReadFile
GetFileSize
CreateDirectoryA
GetVersionExA
GetCurrentProcess
SetFilePointer
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
InterlockedExchange
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

CharLowerA
UnregisterClassA
wvsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 28KB - Virtual size: 27KB

addbfbd28e4941f1f8bb8b9b46d3f9d4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

version

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

addbfbd28e4941f1f8bb8b9b46d3f9d4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

version

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 192KB - Virtual size: 189KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 452KB - Virtual size: 449KB

.rdata
Size: 128KB - Virtual size: 124KB