259c0097328816b607375e3a739642ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

259c0097328816b607375e3a739642ed_JaffaCakes118
Size

4.1MB
MD5

259c0097328816b607375e3a739642ed
SHA1

8636a2d9f9bafb2ae16aa9364c6875bc5c7bb1fa
SHA256

b7f210dbfe383522954656d839e5bea626d20de4a4c2ab8d61976d42a744f094
SHA512

48d81ca4b8c9340491443db0c32ebfa6e51fadac46e0945369f62f00d4ee992d4248f82eb3ba44bd81b253970ef5d2a5b1171470ce534fa19bacf1c5aafd995d
SSDEEP

98304:UUn1BeJrUzLS32qCnt4N3G9LPkCrfVACBPhK6dWyBWoHH1zkUMUMUR:UUToEyTCnqQ979fnBPVWjo2UMUMUR

Score

8^/10

macro macro_on_action upx

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
static1/unpack001/Code/XLTemplatePC.xlt	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/Code/XLTemplatePC.xlt

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Code/winscp382.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
259c0097328816b607375e3a739642ed_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/Code/Execute.exe
unpack001/Code/Start Dashboard.exe
unpack001/Code/Start Session.exe
unpack001/Code/Test Connection.exe
unpack001/Code/sfk.exe
unpack001/Code/sgd.exe
unpack001/Code/winscp382.exe
unpack001/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

259c0097328816b607375e3a739642ed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d17be67c8d0394c5c1b8e725359ed89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
PtInRect
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
OpenClipboard

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PROFILE/Application Data/Sun/Java/Deployment/security/trusted.certs
$PROFILE/Application Data/Sun/Java/Deployment/security/trusted.jssecerts
$PROFILE/Local Settings/Application Data/Sun/SSGD/certstore.pem
$PROFILE/Local Settings/Application Data/Sun/SSGD/hostsvisited
Code/Execute.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Code/Start Dashboard.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Code/Start Session.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Code/Test Connection.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Code/XLTemplatePC.xlt
.xls .xlt windows office2003

Sheet1

ThisWorkbook

Sheet2

mod_AutoOpen
Code/ca.pem
Code/install firefox ssl_cert.cmd
Code/install ie ssl_cert.cmd
Code/pdfviewer.exe
.exe windows:4 windows x86 arch:x86

c659addef37be4de6372fa9719c92a7a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:73:d3:31:3c:f6:51:55:90:7c:a5:70:0f:46:0d:eb
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30/05/2006, 00:00

Not After

29/05/2008, 23:59

Subject

CN=Foxit Software Company,OU=SECURE APPLICATION DEVELOPMENT,O=Foxit Software Company,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a:80:d6:48:75:8a:50:60:82:00:7f:12:78:28:d9:56:39:86:3d:93
Signer

Actual PE Digest

0a:80:d6:48:75:8a:50:60:82:00:7f:12:78:28:d9:56:39:86:3d:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
LCMapStringW
GetSystemTimeAsFileTime
InterlockedExchange
LCMapStringA
CompareStringW
CompareStringA
FatalAppExitA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
HeapSize
GetFileType
SetStdHandle
TerminateProcess
HeapReAlloc
ExitThread
CreateThread
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapAlloc
HeapFree
RtlUnwind
lstrcpyW
GlobalSize
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetProcessVersion
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDiskFreeSpaceA
GetFileTime
SetFileTime
lstrlenW
GetCurrentDirectoryA
GetCurrentThread
GetProfileIntA
SuspendThread
SetThreadPriority
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetLastError
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
GetThreadLocale
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GlobalGetAtomNameA
GlobalAddAtomA
GetVersionExA
lstrlenA
WriteProfileStringA
TerminateThread
GetShortPathNameA
ResumeThread
GetTickCount
GetExitCodeThread
SetEvent
CreateEventA
GetProfileStringA
GetTempFileNameA
Sleep
GetACP
lstrcatA
FormatMessageA
LocalFree
GetSystemDirectoryA
lstrcmpA
lstrcmpiA
CreateProcessA
WaitForSingleObject
lstrcpynA
GetVersion
WriteFile
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetModuleFileNameA
lstrcpyA
CloseHandle
SetCurrentDirectoryA
GetTempPathA
GetWindowsDirectoryA
DeleteFileA
GetFullPathNameA
GetFileAttributesA
CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
MulDiv
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree

user32

ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetWindowTextA
DestroyWindow
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
IsIconic
GetDlgItem
UnpackDDElParam
ReuseDDElParam
WinHelpA
GetClassInfoA
ShowWindow
GetDesktopWindow
IsWindowEnabled
PeekMessageA
GetCapture
LoadAcceleratorsA
AdjustWindowRectEx
RedrawWindow
SetWindowLongA
DefMDIChildProcA
TranslateAcceleratorA
TranslateMDISysAccel
DefFrameProcA
CreateWindowExA
BringWindowToTop
LoadImageA
DrawStateA
FrameRect
DrawFocusRect
TrackPopupMenuEx
WindowFromPoint
GetActiveWindow
GetWindowLongA
DestroyIcon
DestroyCursor
DestroyMenu
GetCaretPos
DrawTextA
SendMessageTimeoutA
IsWindow
SetWindowTextW
GetWindowTextLengthA
EndDeferWindowPos
LoadIconA
ShowScrollBar
GetMessageA
TranslateMessage
DispatchMessageA
GetClipboardData
GetMessagePos
GetCursorPos
OpenClipboard
EmptyClipboard
BeginDeferWindowPos
DeferWindowPos
MapWindowPoints
SendDlgItemMessageA
LoadStringA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
GetTabbedTextExtentA
MessageBeep
GetNextDlgGroupItem
SetMenuItemBitmaps
SetClipboardData
CloseClipboard
RegisterWindowMessageA
GetFocus
SetFocus
SetScrollRange
KillTimer
SetTimer
UpdateWindow
CheckMenuItem
InsertMenuA
LoadMenuA
DeleteMenu
SetMenu
FindWindowA
SetWindowPos
GetSystemMetrics
InsertMenuItemA
DrawMenuBar
GetMenu
CheckDlgButton
CheckRadioButton
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
IsWindowVisible
GetWindowRect
OffsetRect
InflateRect
EqualRect
GetMenuItemID
GetMenuStringA
ModifyMenuA
CreatePopupMenu
PostMessageA
HideCaret
CreateCaret
SetCaretPos
LockWindowUpdate
GetDCEx
GetClassNameA
GetSysColorBrush
GetWindow
SendMessageA
ReleaseDC
FillRect
GetDC
SetActiveWindow
MoveWindow
GetNextDlgTabItem
GetWindowTextW
EnableMenuItem
MessageBoxW
MessageBoxA
CheckMenuRadioItem
AppendMenuA
wsprintfA
ClipCursor
EnumChildWindows
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
GetSubMenu
SetWindowTextA
GetDlgCtrlID
SetRectEmpty
IsRectEmpty
IntersectRect
GetClientRect
PtInRect
SetRect
InvalidateRect
GetParent
GetSysColor
SetCursor
LoadCursorA
LoadBitmapA
CopyRect
WindowFromDC
ClientToScreen
GetKeyState
UnregisterClassA
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
DestroyCaret
TrackMouseEvent
InvalidateRgn
EnumClipboardFormats
GetCursor
DrawFrameControl
FindWindowExA
CreateAcceleratorTableA
LoadMenuIndirectA
LookupIconIdFromDirectory
CreateIconFromResource
IsCharAlphaNumericA
ScrollDC
CopyIcon
MapVirtualKeyA
GetKeyNameTextA
DrawEdge
ReleaseCapture
SetCapture
ScreenToClient
EnableWindow
ShowCaret
CopyAcceleratorTableA
PostThreadMessageA
CreateMenu
GetMenuState
RemoveMenu
GetMenuCheckMarkDimensions
SetCursorPos
InSendMessage
wvsprintfA
RegisterClipboardFormatA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
IsClipboardFormatAvailable
IsZoomed
EndDialog
CreateDialogIndirectParamA
InvertRect
UnionRect
CharNextA
ValidateRect
GetSystemMenu
SetParent

gdi32

GetClipBox
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
PolyBezierTo
GetClipRgn
SelectClipPath
GetObjectType
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
PtVisible
ExtTextOutA
Escape
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
DPtoLP
StretchDIBits
GetCharWidthA
GetTextMetricsA
AbortDoc
SetAbortProc
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
LPtoDP
CopyMetaFileA
Rectangle
GetTextAlign
CreateBitmap
GetStockObject
GetTextColor
GetBkColor
RectVisible
CreateDCA
StartDocA
StartPage
EndPage
EndDoc
TextOutA
BeginPath
PolyBezier
EndPath
StrokeAndFillPath
SetTextColor
SetBkColor
GetTextExtentPoint32A
GetBitmapDimensionEx
GetObjectA
CreateFontIndirectA
CreateRectRgn
SetViewportOrgEx
BitBlt
GetDIBits
SetDIBitsToDevice
CreatePen
CreatePatternBrush
UnrealizeObject
SetBrushOrgEx
GetDeviceCaps
CreateCompatibleDC
Ellipse
RealizePalette
CreatePalette
GetDIBColorTable
CreateHalftonePalette
EnumFontFamiliesA
CreateDIBitmap
EnumFontFamiliesExA
CreateDIBSection
FillPath
StrokePath
SetMiterLimit
CloseFigure
WidenPath
ExtEscape
GetOutlineTextMetricsA
TextOutW
GetRegionData
GetFontData
GetTextFaceA
CreateBrushIndirect
GetROP2
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
DeleteObject
CreateFontA
GetTextExtentPointA
InvertRgn
Polyline
CreatePolygonRgn
Polygon
DeleteDC

comdlg32

GetOpenFileNameA
ReplaceTextA
FindTextA
ChooseFontA
ChooseColorA
PrintDlgA
GetSaveFileNameA
GetFileTitleA
CommDlgExtendedError

winspool.drv

OpenPrinterA
SetPrinterA
EnumPrintersA
GetPrinterA
DocumentPropertiesA
ClosePrinter
EnumMonitorsA
EnumPrinterDriversA

advapi32

RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
FreeSid
GetUserNameA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
SetFileSecurityA
GetFileSecurityA
RegCloseKey

shell32

ExtractIconA
SHGetFileInfoA
DragAcceptFiles
ShellExecuteExA
SHChangeNotify
DragQueryFileA
ShellExecuteA
DragFinish

comctl32

ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIcon

oledlg

ord8

ole32

OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateBindCtx
OleDuplicateData
CoTaskMemAlloc
StgOpenStorageOnILockBytes
CoGetClassObject
CreateDataAdviseHolder
CreateOleAdviseHolder
CreateGenericComposite
OleSaveToStream
WriteClassStm
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
IsAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoGetMalloc
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
OleIsRunning
OleRun
CreateItemMoniker
WriteClassStg
GetRunningObjectTable
CreateFileMoniker
OleRegGetMiscStatus
OleRegEnumVerbs
CoDisconnectObject
StringFromCLSID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CoRegisterClassObject
OleGetClipboard
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CreateStreamOnHGlobal
OleTranslateAccelerator
OleRegGetUserType

olepro32

ord251
ord253

oleaut32

SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime
SysAllocString
VariantClear
VariantChangeType
SysAllocStringLen
SysStringByteLen
SysFreeString
VariantCopy

wininet

InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestExA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectA
FtpSetCurrentDirectoryA
FtpPutFileA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

msimg32

TransparentBlt
AlphaBlend

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 376KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Code/readme.txt
Code/register pdfviewer.cmd
Code/sfk.exe
.exe windows:4 windows x86 arch:x86

def980b65401f7b3f983c63def0c5722

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFileAttributesA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLastError
GetFileAttributesExA
SetFileAttributesA
CloseHandle
SetFileTime
CreateFileA
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryA
CreateProcessA
SetConsoleTextAttribute
GetExitCodeProcess
InterlockedExchange
RtlUnwind
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetLocaleInfoA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
ExitProcess
WaitForSingleObject
Sleep
UnhandledExceptionFilter
GetModuleFileNameA
HeapSize
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
LCMapStringW
MultiByteToWideChar
LCMapStringA
ReadFile
FlushFileBuffers
WriteFile
GetStartupInfoA
GetFileType
SetHandleCount
SetFilePointer
WideCharToMultiByte
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
DeleteFileA
GetTimeFormatA
GetDateFormatA
FindNextFileA
MoveFileA
CreateDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetEndOfFile

user32

DefWindowProcA
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
RegisterClassExA
ShowWindow
UpdateWindow
SetWindowPos
CreateWindowExA
GetWindowRect
GetDesktopWindow
UnregisterClassA
CloseWindow
CloseClipboard
SetClipboardData
EmptyClipboard
MessageBoxA
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard

gdi32

DeleteObject
SetPixel
SetBkMode
SetTextColor
CreateSolidBrush

ws2_32

ioctlsocket
select
recv
send
WSAGetLastError
connect
htons
gethostbyname
socket
WSAStartup
WSACleanup
closesocket
listen
ntohs
getsockname
bind
htonl
accept

Sections

.text
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Code/sgd.exe
.exe windows:4 windows x86 arch:x86

a6b73c78451ce4906e6987d3068e9a2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoCreateInstance

imm32

ImmGetIMEFileNameA
ImmAssociateContext

shell32

Shell_NotifyIconA
ShellExecuteA

user32

PostMessageA
PostQuitMessage
DispatchMessageA
GetMessageA
GetClipboardOwner
UpdateWindow
CloseClipboard
DestroyWindow
DefWindowProcA
LoadCursorA
RegisterClassA
CreateWindowExA
GetClipboardFormatNameA
EnumClipboardFormats
CountClipboardFormats
SendMessageA
ShowWindow
OpenClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetClipboardData
EmptyClipboard
GetClipboardData
GetDC
DialogBoxParamA
SetDlgItemTextA
ScreenToClient
SetWindowPos
GetSystemMetrics
GetDlgItem
wsprintfA
GetWindowRect
ReleaseDC
EndDialog
SetWindowTextA
EnableWindow
CheckDlgButton
GetWindowTextA
SetFocus
IsDlgButtonChecked
GetWindowTextLengthA
GetDesktopWindow
SetWindowLongA
GetDlgItemTextA
CheckRadioButton
GetLastActivePopup
LoadStringA
CreateDialogParamA
MessageBoxA
BringWindowToTop
SetDlgItemInt
LoadIconA
GetClientRect
TranslateMessage
GetDlgItemInt
IsDialogMessageA
CreateCursor
PeekMessageA
MsgWaitForMultipleObjectsEx
HideCaret
CopyIcon
DestroyCursor
DrawTextA
LoadImageA
DrawIconEx
WindowFromPoint
MessageBeep
SetCursor
DestroyCaret
GetCursorPos
CreateCaret
ScrollWindow
SetCaretPos
ShowCaret
SetTimer
KillTimer
IsRectEmpty
GetProcessWindowStation
GetUserObjectInformationW
IsWindowEnabled
EqualRect
SetWindowPlacement
ToAscii
GetKeyboardState
SetKeyboardState
GetKeyboardLayout
GetActiveWindow
PtInRect
GetScrollPos
GetKeyboardLayoutNameA
MapVirtualKeyA
GetKeyState
DrawIcon
AdjustWindowRect
GetScrollInfo
CheckMenuItem
IsIconic
SetScrollInfo
GetWindowPlacement
GetCapture
CreateIconIndirect
ShowScrollBar
SetScrollPos
AdjustWindowRectEx
GetWindow
GetParent
EnableMenuItem
IntersectRect
GetSystemMenu
GetFocus
UnhookWindowsHookEx
SetWindowsHookExA
LoadMenuA
CallNextHookEx
GetMessagePos
InsertMenuItemA
GetMenuItemCount
GetMenuItemInfoA
DestroyIcon
SetActiveWindow
SetForegroundWindow
InsertMenuA
FindWindowExA
SetCursorPos
FillRect
RemoveMenu
GetSubMenu
GetAsyncKeyState
MoveWindow
SetCapture
AppendMenuA
CreatePopupMenu
ClientToScreen
ReleaseCapture
TrackPopupMenu
DestroyMenu
EndPaint
InvertRect
BeginPaint
IsWindowVisible
DrawFocusRect
OffsetRect
CallWindowProcA
IsZoomed
InvalidateRect
GetWindowLongA
GetSysColor
RegisterWindowMessageA

gdi32

RestoreDC
CreateCompatibleBitmap
GetTextExtentPoint32A
BitBlt
DeleteDC
GetDeviceCaps
StretchDIBits
SetStretchBltMode
Escape
GetDIBits
SaveDC
IntersectClipRect
CreateDIBitmap
GetDIBColorTable
GdiFlush
GetPixel
SetBkMode
LineTo
MoveToEx
GetTextExtentPointA
SetWindowOrgEx
UnrealizeObject
RealizePalette
GetClipBox
StretchBlt
CreateBitmap
CreatePatternBrush
SetViewportOrgEx
CreateDIBSection
CreateCompatibleDC
StartDocA
StartPage
EndPage
EndDoc
CreateDCA
SetBkColor
Polygon
PolyPolyline
GetTextMetricsA
CreateFontIndirectA
CreateSolidBrush
CreatePen
ExtTextOutA
TextOutA
SetDIBitsToDevice
Polyline
PatBlt
SetROP2
SelectObject
SelectPalette
CreatePalette
SetTextColor
GetStockObject
DeleteObject
GetSystemPaletteEntries
SetPaletteEntries
SetDIBColorTable
SetMetaFileBitsEx
GetObjectA
GetPaletteEntries
CreateMetaFileA
PlayMetaFile
CloseMetaFile
GetMetaFileBitsEx
DeleteMetaFile

wsock32

WSASetLastError
shutdown
gethostname
gethostbyaddr
WSAAsyncSelect
closesocket
send
recv
gethostbyname
inet_ntoa
bind
htons
connect
WSAGetLastError
socket
setsockopt
getsockopt
WSACleanup
WSAStartup
ioctlsocket

advapi32

DeregisterEventSource
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
ReportEventA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA

comdlg32

PrintDlgA

winspool.drv

StartDocPrinterA
WritePrinter
EndDocPrinter
EnumPrintersA
GetPrinterA
GetPrinterDriverA
OpenPrinterA
ClosePrinter

comctl32

ord6
ord17

winmm

waveOutClose
PlaySoundA
waveOutSetVolume
waveOutPrepareHeader
waveOutWrite
waveOutGetDevCapsA
waveOutOpen
waveOutGetNumDevs
waveOutUnprepareHeader

winscard

SCardAddReaderToGroupA
SCardSetAttrib
SCardGetAttrib
SCardControl
SCardTransmit
SCardStatusW
SCardStatusA
SCardEndTransaction
SCardBeginTransaction
SCardDisconnect
SCardReconnect
SCardConnectW
SCardConnectA
SCardCancel
SCardGetStatusChangeW
SCardGetStatusChangeA
SCardLocateCardsW
SCardLocateCardsA
SCardRemoveReaderFromGroupW
SCardRemoveReaderFromGroupA
SCardAddReaderToGroupW
SCardForgetReaderW
SCardForgetReaderA
SCardIntroduceReaderW
SCardIntroduceReaderA
SCardForgetReaderGroupW
SCardForgetReaderGroupA
SCardIntroduceReaderGroupW
SCardIntroduceReaderGroupA
SCardListReadersW
SCardListReadersA
SCardListReaderGroupsW
SCardListReaderGroupsA
SCardReleaseContext
SCardEstablishContext
SCardFreeMemory

kernel32

GetCurrentProcess
HeapReAlloc
DuplicateHandle
SetupComm
GetCurrentThread
SetCommMask
DeviceIoControl
GetCommMask
GetOverlappedResult
GetTempFileNameA
PurgeComm
WaitForMultipleObjects
SignalObjectAndWait
GetTempPathA
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetModuleHandleA
InitializeCriticalSection
LocalAlloc
LocalLock
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
LocalUnlock
GlobalUnlock
GlobalSize
GlobalLock
CreateThread
SetEvent
CreateEventA
ResetEvent
MultiByteToWideChar
GetTickCount
GetLogicalDriveStringsA
GetDriveTypeA
WideCharToMultiByte
GetFileInformationByHandle
CreateDirectoryA
GetLogicalDrives
SetEndOfFile
WriteFile
RemoveDirectoryA
DeleteFileA
MoveFileA
SetFileAttributesA
SetFileTime
FindClose
SetFilePointer
FindNextFileA
LoadLibraryA
FindFirstFileA
FreeLibrary
GetDiskFreeSpaceA
GetProcAddress
CreateFileA
SetErrorMode
ReadFile
GetLastError
CreateFileMappingA
GetFileAttributesA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateProcessA
CreateMutexA
GetStartupInfoA
GetVersion
GetSystemInfo
WaitForSingleObject
CloseHandle
HeapDestroy
ReleaseMutex
VirtualFree
HeapCreate
GetStringTypeA
VirtualAlloc
TlsAlloc
GetStringTypeW
UnhandledExceptionFilter
RtlUnwind
TlsGetValue
FlushFileBuffers
GetModuleFileNameA
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
LCMapStringW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
SetStdHandle
CompareStringW
CompareStringA
FileTimeToLocalFileTime
ReadConsoleInputA
FileTimeToSystemTime
QueueUserAPC
LockResource
GetCurrentThreadId
FindResourceA
FreeResource
LoadResource
_lclose
_lwrite
FormatMessageA
_lcreat
OpenFile
GetACP
GetTimeFormatA
GetTimeZoneInformation
GetComputerNameA
GetVersionExA
GetThreadLocale
GlobalReAlloc
SetLastError
SetConsoleCtrlHandler
SetConsoleMode
ExitProcess
GetConsoleMode
SetCurrentDirectoryA
GetFileType
GetStdHandle
GetCurrentProcessId
InterlockedIncrement
GlobalMemoryStatus
InterlockedDecrement
GetCommandLineA
GetLocalTime
GetSystemTime
GetFullPathNameA
FlushConsoleInputBuffer
GetCurrentDirectoryA
SetEnvironmentVariableA
ExitThread
TlsSetValue
TerminateProcess
HeapFree
QueryPerformanceCounter
HeapAlloc

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 284KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Code/ssl_cert.cer
Code/stop service.cmd
Code/testpdf.cmd
Code/testpdf.pdf
.pdf
Code/winscp382.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Code/winscp382.ini
app.txt
uninst.exe
.exe windows:4 windows x86 arch:x86

4d17be67c8d0394c5c1b8e725359ed89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d17be67c8d0394c5c1b8e725359ed89

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 152KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 15KB

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 994B

Headers

File Characteristics

Sections

CODE Size: 82KB - Virtual size: 81KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 29KB - Virtual size: 29KB

Headers

File Characteristics

Sections

CODE Size: 82KB - Virtual size: 81KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 29KB - Virtual size: 29KB

Headers

File Characteristics

Sections

CODE Size: 82KB - Virtual size: 81KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 29KB - Virtual size: 29KB

Headers

File Characteristics

Sections

CODE Size: 82KB - Virtual size: 81KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 152KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 994B

CODE
Size: 82KB - Virtual size: 81KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 29KB - Virtual size: 29KB

CODE
Size: 82KB - Virtual size: 81KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 29KB - Virtual size: 29KB

CODE
Size: 82KB - Virtual size: 81KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 29KB - Virtual size: 29KB

CODE
Size: 82KB - Virtual size: 81KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 29KB - Virtual size: 29KB

01
Certificate

0a
Certificate

07:73:d3:31:3c:f6:51:55:90:7c:a5:70:0f:46:0d:eb
Certificate

0a:80:d6:48:75:8a:50:60:82:00:7f:12:78:28:d9:56:39:86:3d:93
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 464KB - Virtual size: 463KB

.data
Size: 376KB - Virtual size: 473KB

.rsrc
Size: 600KB - Virtual size: 596KB

.text
Size: 252KB - Virtual size: 248KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 12KB - Virtual size: 351KB