250b80d8172eccf6cacb7ce1f3bd95bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

250b80d8172eccf6cacb7ce1f3bd95bf_JaffaCakes118
Size

1.9MB
MD5

250b80d8172eccf6cacb7ce1f3bd95bf
SHA1

db257cdccc1b5540b4726f3721cb51111425aa27
SHA256

ac6d2a3f8e4f2112127f05a68879b034e75d533aaf829de6cc7fd4c6ec237d00
SHA512

1978d0e375aa66d6153c61b2e2a971d8a442487be26bd4d81b16eea3ebc0e00f5f94b4c3bd957cbb70cb5ce6409f7151ecb361e44c88f4f33cb2dfed161cbfc8
SSDEEP

49152:AIEeusc/oouzZkQkOU5hrVBsx5T1uSMiR6TFGmpm:A3sI+khlsx5TbNUFGQm

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/Mp3Cut.exe	aspack_v212_v242

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zidianMP3qj-v11.5I.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/M4.exe
unpack002/Mp3Cut.exe
unpack002/Uninstall.exe
unpack003/$PLUGINSDIR/System.dll
unpack002/help.dll
unpack002/js32.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/zidianMP3qj-v11.5I.exe	nsis_installer_1
static1/unpack001/zidianMP3qj-v11.5I.exe	nsis_installer_2
static1/unpack002/Uninstall.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_2

Files

250b80d8172eccf6cacb7ce1f3bd95bf_JaffaCakes118
.rar
zidianMP3qj-v11.5I.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$DESKTOP/ϵ.url
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
M4.exe
.exe windows:4 windows x86 arch:x86

9c51a81c62b0cd8050e46d4821dd31c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_pctype
__mb_cur_max
_isctype
cos
asin
acos
sin
sqrt
tan
atan2
ceil
exit
calloc
longjmp
_setjmp3
log
tolower
toupper
strtoul
strpbrk
_exit
_XcptFilter
_strdup
fseek
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
abort
_snprintf
_errno
_fdopen
_strupr
_fileno
_strlwr
_strnicmp
_stricmp
fputs
getenv
fscanf
fgets
abs
fgetc
vsprintf
setlocale
_filelengthi64
fsetpos
fgetpos
tmpfile
rand
srand
time
_ftime
memchr
pow
floor
memmove
fputc
fputwc
realloc
memcmp
memcpy
strncpy
remove
rename
vfprintf
fflush
strncmp
atof
sscanf
atoi
gmtime
asctime
strstr
_ftol
strchr
strcmp
strcpy
strcat
__p___initenv
memset
ftell
malloc
fread
strrchr
free
sprintf
fopen
fwrite
fclose
strlen
_iob
__getmainargs
fprintf

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

js32

JS_ObjectIsFunction
JS_GetProperty
JS_GetGlobalObject
JS_GetStringChars
JS_CallFunctionName
JS_CallFunctionValue
JS_NewObject
JS_SetPrivate
JS_GetPrivate
JS_GetStringBytes
JS_GetContextPrivate

kernel32

GetEnvironmentVariableA
FindClose
FindNextFileA
FindFirstFileA
GetCurrentProcessId
LoadLibraryA
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
CloseHandle
UnmapViewOfFile
WaitForSingleObject
GetCurrentThreadId
CreateMutexA
ReleaseMutex
DeleteFileA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mp3Cut.dll
Mp3Cut.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 484KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Mp3Cut.exe.manifest
Uninstall.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmd/ab
cmd/mpg
help.chm
.chm
help.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetNtpTime
HookAPI
HookCode
Inject
RemoteExecute
Uninject

Sections

CODE
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
js32.dll
.dll windows:4 windows x86 arch:x86

8a4081abc2c833f164926e41bfa8b681

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
DebugBreak

msvcrt

free
strlen
strcmp
_errno
_iob
fputc
fprintf
strchr
getenv
setlocale
atoi
ungetc
fgetc
strerror
fopen
strcpy
fgets
fflush
fwrite
fputs
_pctype
_isctype
__mb_cur_max
strncmp
memset
malloc
realloc
memcpy
memmove
_ftol
floor
fmod
fabs
acos
asin
atan
atan2
ceil
cos
exp
log
pow
sin
sqrt
tan
localeconv
_control87
_HUGE
sprintf
fclose
getc
tolower
calloc
exit
memcmp
log10
mktime
localtime
strftime
_initterm
_adjust_fdiv
_strdup
_putenv
_isatty
_fileno

Exports

Exports

@JS_DHashTableOperate@12
JSLL_MaxInt
JSLL_MinInt
JSLL_Zero
JS_AddArgumentFormatter
JS_AddExternalStringFinalizer
JS_AddNamedRoot
JS_AddNamedRootRT
JS_AddRoot
JS_AliasElement
JS_AliasProperty
JS_ArenaAllocate
JS_ArenaFinish
JS_ArenaFreeAllocation
JS_ArenaGrow
JS_ArenaRealloc
JS_ArenaRelease
JS_ArenaShutDown
JS_Assert
JS_BufferIsCompilableUnit
JS_CStringsAreUTF8
JS_CallFunction
JS_CallFunctionName
JS_CallFunctionValue
JS_CeilingLog2
JS_CheckAccess
JS_ClearAllTraps
JS_ClearAllWatchPoints
JS_ClearInterrupt
JS_ClearNewbornRoots
JS_ClearPendingException
JS_ClearRegExpRoots
JS_ClearRegExpStatics
JS_ClearScope
JS_ClearScriptTraps
JS_ClearTrap
JS_ClearWatchPoint
JS_ClearWatchPointsForObject
JS_CloneFunctionObject
JS_CompareStrings
JS_CompareValues
JS_CompileFile
JS_CompileFileHandle
JS_CompileFileHandleForPrincipals
JS_CompileFunction
JS_CompileFunctionForPrincipals
JS_CompileScript
JS_CompileScriptForPrincipals
JS_CompileUCFunction
JS_CompileUCFunctionForPrincipals
JS_CompileUCScript
JS_CompileUCScriptForPrincipals
JS_ConcatStrings
JS_ConstructObject
JS_ConstructObjectWithArguments
JS_ContextIterator
JS_ConvertArguments
JS_ConvertArgumentsVA
JS_ConvertStub
JS_ConvertValue
JS_DHashAllocTable
JS_DHashClearEntryStub
JS_DHashFinalizeStub
JS_DHashFreeStringKey
JS_DHashFreeTable
JS_DHashGetKeyStub
JS_DHashGetStubOps
JS_DHashMatchEntryStub
JS_DHashMatchStringKey
JS_DHashMoveEntryStub
JS_DHashStringKey
JS_DHashTableDestroy
JS_DHashTableEnumerate
JS_DHashTableFinish
JS_DHashTableInit
JS_DHashTableRawRemove
JS_DHashTableSetAlphaBounds
JS_DHashVoidPtrKeyStub
JS_DecodeBytes
JS_DecompileFunction
JS_DecompileFunctionBody
JS_DecompileScript
JS_DefineConstDoubles
JS_DefineElement
JS_DefineFunction
JS_DefineFunctions
JS_DefineObject
JS_DefineProperties
JS_DefineProperty
JS_DefinePropertyWithTinyId
JS_DefineUCFunction
JS_DefineUCProperty
JS_DefineUCPropertyWithTinyId
JS_DeleteElement
JS_DeleteElement2
JS_DeleteProperty
JS_DeleteProperty2
JS_DeleteUCProperty2
JS_DestroyContext
JS_DestroyContextMaybeGC
JS_DestroyContextNoGC
JS_DestroyIdArray
JS_DestroyScript
JS_DropExceptionState
JS_EncodeCharacters
JS_EnterLocalRootScope
JS_Enumerate
JS_EnumerateResolvedStandardClasses
JS_EnumerateStandardClasses
JS_EnumerateStub
JS_ErrorFromException
JS_EvalFramePrincipals
JS_EvaluateInStackFrame
JS_EvaluateScript
JS_EvaluateScriptForPrincipals
JS_EvaluateUCInStackFrame
JS_EvaluateUCScript
JS_EvaluateUCScriptForPrincipals
JS_ExecuteScript
JS_ExecuteScriptPart
JS_FinalizeStub
JS_Finish
JS_FinishArenaPool
JS_FlagScriptFilenamePrefix
JS_FlagSystemObject
JS_FloorLog2
JS_ForgetLocalRoot
JS_FrameIterator
JS_FreeArenaPool
JS_GC
JS_GetArrayLength
JS_GetClass
JS_GetClassObject
JS_GetConstructor
JS_GetContextPrivate
JS_GetElement
JS_GetEmptyStringValue
JS_GetExternalStringGCType
JS_GetFrameAnnotation
JS_GetFrameCallObject
JS_GetFrameCalleeObject
JS_GetFrameFunction
JS_GetFrameFunctionObject
JS_GetFrameObject
JS_GetFramePC
JS_GetFramePrincipalArray
JS_GetFrameReturnValue
JS_GetFrameScopeChain
JS_GetFrameScript
JS_GetFrameThis
JS_GetFunctionArity
JS_GetFunctionFlags
JS_GetFunctionId
JS_GetFunctionName
JS_GetFunctionNative
JS_GetFunctionObject
JS_GetFunctionScript
JS_GetFunctionTotalSize
JS_GetGlobalObject
JS_GetImplementationVersion
JS_GetInstancePrivate
JS_GetLocaleCallbacks
JS_GetMethod
JS_GetMethodById
JS_GetNaNValue
JS_GetNegativeInfinityValue
JS_GetObjectId
JS_GetObjectTotalSize
JS_GetOptions
JS_GetParent
JS_GetPendingException
JS_GetPositiveInfinityValue
JS_GetPrivate
JS_GetProperty
JS_GetPropertyAttributes
JS_GetPropertyAttrsGetterAndSetter
JS_GetPropertyDesc
JS_GetPropertyDescArray
JS_GetPrototype
JS_GetReservedSlot
JS_GetRuntime
JS_GetRuntimePrivate
JS_GetScopeChain
JS_GetScriptBaseLineNumber
JS_GetScriptFilename
JS_GetScriptFilenameFlags
JS_GetScriptLineExtent
JS_GetScriptObject
JS_GetScriptPrincipals
JS_GetScriptTotalSize
JS_GetScriptVersion
JS_GetScriptedCaller
JS_GetStringBytes
JS_GetStringChars
JS_GetStringLength
JS_GetTopScriptFilenameFlags
JS_GetTrapOpcode
JS_GetTypeName
JS_GetUCProperty
JS_GetUCPropertyAttributes
JS_GetUCPropertyAttrsGetterAndSetter
JS_GetVersion
JS_HandleTrap
JS_HasArrayLength
JS_HasElement
JS_HasInstance
JS_HasProperty
JS_HasUCProperty
JS_HashString
JS_HashTableAdd
JS_HashTableDestroy
JS_HashTableDump
JS_HashTableEnumerateEntries
JS_HashTableLookup
JS_HashTableRawAdd
JS_HashTableRawLookup
JS_HashTableRawRemove
JS_HashTableRemove
JS_IdToValue
JS_Init
JS_InitArenaPool
JS_InitClass
JS_InitStandardClasses
JS_InstanceOf
JS_InternString
JS_InternUCString
JS_InternUCStringN
JS_IsAboutToBeFinalized
JS_IsArrayObject
JS_IsAssigning
JS_IsConstructing
JS_IsConstructorFrame
JS_IsDebuggerFrame
JS_IsExceptionPending
JS_IsNativeFrame
JS_IsRunning
JS_IsSystemObject
JS_LeaveLocalRootScope
JS_LeaveLocalRootScopeWithResult
JS_LineNumberToPC
JS_Lock
JS_LockGCThing
JS_LockGCThingRT
JS_LookupElement
JS_LookupProperty
JS_LookupPropertyWithFlags
JS_LookupUCProperty
JS_MakeStringImmutable
JS_MapGCRoots
JS_MarkGCThing
JS_MaybeGC
JS_NewArrayObject
JS_NewContext
JS_NewDHashTable
JS_NewDependentString
JS_NewDouble
JS_NewDoubleValue
JS_NewExternalString
JS_NewFunction
JS_NewGrowableString
JS_NewHashTable
JS_NewNumberValue
JS_NewObject
JS_NewPropertyIterator
JS_NewRegExpObject
JS_NewScriptObject
JS_NewString
JS_NewStringCopyN
JS_NewStringCopyZ
JS_NewUCRegExpObject
JS_NewUCString
JS_NewUCStringCopyN
JS_NewUCStringCopyZ
JS_NextProperty
JS_Now
JS_ObjectIsFunction
JS_PCToLineNumber
JS_PopArguments
JS_PropertyIterator
JS_PropertyStub
JS_PushArguments
JS_PushArgumentsVA
JS_PutPropertyDescArray
JS_RemoveArgumentFormatter
JS_RemoveExternalStringFinalizer
JS_RemoveRoot
JS_RemoveRootRT
JS_ReportError
JS_ReportErrorFlagsAndNumber
JS_ReportErrorFlagsAndNumberUC
JS_ReportErrorNumber
JS_ReportErrorNumberUC
JS_ReportOutOfMemory
JS_ReportPendingException
JS_ReportWarning
JS_ResolveStandardClass
JS_ResolveStub
JS_RestoreExceptionState
JS_RestoreFrameChain
JS_SaveExceptionState
JS_SaveFrameChain
JS_SealObject
JS_SetArrayLength
JS_SetBranchCallback
JS_SetCallHook
JS_SetCallReturnValue2
JS_SetCheckObjectAccessCallback
JS_SetContextCallback
JS_SetContextPrivate
JS_SetDebugErrorHook
JS_SetDebuggerHandler
JS_SetDestroyScriptHookProc
JS_SetElement
JS_SetErrorReporter
JS_SetExecuteHook
JS_SetFrameAnnotation
JS_SetFrameReturnValue
JS_SetGCCallback
JS_SetGCCallbackRT
JS_SetGCParameter
JS_SetGlobalObject
JS_SetInterrupt
JS_SetLocaleCallbacks
JS_SetNewScriptHookProc
JS_SetObjectHook
JS_SetObjectPrincipalsFinder
JS_SetOptions
JS_SetParent
JS_SetPendingException
JS_SetPrincipalsTranscoder
JS_SetPrivate
JS_SetProperty
JS_SetPropertyAttributes
JS_SetPrototype
JS_SetRegExpInput
JS_SetReservedSlot
JS_SetRuntimePrivate
JS_SetSourceHandler
JS_SetThreadStackLimit
JS_SetThrowHook
JS_SetTrap
JS_SetUCProperty
JS_SetUCPropertyAttributes
JS_SetVersion
JS_SetWatchPoint
JS_ShutDown
JS_StackFramePrincipals
JS_StringToVersion
JS_ThrowReportedError
JS_ToggleOptions
JS_TypeOfValue
JS_UndependString
JS_Unlock
JS_UnlockGCThing
JS_UnlockGCThingRT
JS_ValueToBoolean
JS_ValueToConstructor
JS_ValueToECMAInt32
JS_ValueToECMAUint32
JS_ValueToFunction
JS_ValueToId
JS_ValueToInt32
JS_ValueToNumber
JS_ValueToObject
JS_ValueToString
JS_ValueToUint16
JS_VersionToString
JS_XDRBytes
JS_XDRCString
JS_XDRCStringOrNull
JS_XDRDestroy
JS_XDRDouble
JS_XDRFindClassById
JS_XDRFindClassIdByName
JS_XDRInitBase
JS_XDRMemDataLeft
JS_XDRMemGetData
JS_XDRMemResetData
JS_XDRMemSetData
JS_XDRNewMem
JS_XDRRegisterClass
JS_XDRScript
JS_XDRString
JS_XDRStringOrNull
JS_XDRUint16
JS_XDRUint32
JS_XDRUint8
JS_XDRValue
JS_dtobasestr
JS_dtostr
JS_free
JS_malloc
JS_realloc
JS_smprintf
JS_smprintf_free
JS_snprintf
JS_sprintf_append
JS_strdup
JS_strtod
JS_sxprintf
JS_vsmprintf
JS_vsnprintf
JS_vsprintf_append
JS_vsxprintf
js_AllocRawStack
js_AllocStack
js_AnyNameClass
js_AtomToPrintableString
js_Atomize
js_AtomizeChars
js_AttributeNameClass
js_CallDestroyScriptHook
js_CallNewScriptHook
js_CloseTokenStream
js_CompileTokenStream
js_DateGetDate
js_DateGetHours
js_DateGetMinutes
js_DateGetMonth
js_DateGetMsecSinceEpoch
js_DateGetSeconds
js_DateGetYear
js_DateIsValid
js_DateSetDate
js_DateSetHours
js_DateSetMinutes
js_DateSetMonth
js_DateSetSeconds
js_DateSetYear
js_FindProperty
js_FinishCodeGenerator
js_FreeAtomMap
js_FreeRawStack
js_FreeStack
js_FunctionClass
js_GetAtom
js_GetScriptLineExtent
js_GetSrcNoteOffset
js_InitAtomMap
js_InitCodeGenerator
js_Invoke
js_LookupProperty
js_MapKeywords
js_NamespaceClass
js_NewBufferTokenStream
js_NewDateObject
js_NewDateObjectMsec
js_NewFileTokenStream
js_NewScriptFromCG
js_ObjectOps
js_ParseTokenStream
js_ParseXMLTokenStream
js_QNameClass
js_ReportErrorAgain
js_ScriptClass
js_SearchScope
js_SrcNoteLength
js_SrcNoteSpec
js_ValueToPrintable
js_ValueToSource
js_ValueToString
js_WithObjectOps
js_XMLClass
js_XMLObjectOps
js_fgets
resolving_MatchEntry

Sections

.text
Size: 620KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
web.url
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 6KB - Virtual size: 6KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 572B

9c51a81c62b0cd8050e46d4821dd31c0

Headers

File Characteristics

Imports

msvcrt

winmm

js32

kernel32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 168KB - Virtual size: 174KB

.rsrc Size: 4KB - Virtual size: 944B

Headers

File Characteristics

Sections

.text Size: 484KB - Virtual size: 1.3MB

.itext Size: 4KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 40KB

.bss Size: - Virtual size: 2.0MB

.idata Size: 5KB - Virtual size: 20KB

.didata Size: 512B - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 128KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 168KB - Virtual size: 174KB

.rsrc
Size: 4KB - Virtual size: 944B

.text
Size: 484KB - Virtual size: 1.3MB

.itext
Size: 4KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 40KB

.bss
Size: - Virtual size: 2.0MB

.idata
Size: 5KB - Virtual size: 20KB

.didata
Size: 512B - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 128KB

.rsrc
Size: 165KB - Virtual size: 404KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

CODE
Size: 182KB - Virtual size: 181KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 170B

.reloc
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 620KB - Virtual size: 616KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 32KB - Virtual size: 32KB

.reloc
Size: 16KB - Virtual size: 13KB