2762d3fb97688610c0b2d08535c1731c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2762d3fb97688610c0b2d08535c1731c_JaffaCakes118
Size

1.4MB
MD5

2762d3fb97688610c0b2d08535c1731c
SHA1

7f164af694c45061c6f76d3b9f7069b8806e0328
SHA256

3d816e1e737b020dbdb63f5ed9209d3776068fa13f75b367c0e6aa48709181a3
SHA512

c79cacc001202a9d1497a56670e891fb262c69b397153dd617b171cb2707ed441543f64a3c988e694a0eb99dbaaa63dcc1cb16e098eef09cf305cf5f610d5e2e
SSDEEP

24576:GOlwpUpSSI3SoRj+nz9D/juqPhjROFf9bMz1FuFnpc2xnV68yQieisTlLVaauhW:GwaUED3Soj+nDROZ9gxknpc2xnVJieiW

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1_2Ultra Rename/UltraRename28b.exe
unpack001/1_3GreatNews/GreatNews.exe
unpack001/1_3GreatNews/GreatNewsDBMaint.exe
unpack001/1_3GreatNews/GreatNewsUpdater.exe
unpack001/1_3GreatNews/Plugins/LiveWriterPlugin.dll
unpack001/1_3GreatNews/Plugins/wbloggarPlugin.dll

Files

2762d3fb97688610c0b2d08535c1731c_JaffaCakes118
.zip
1_2Ultra Rename/UltraRename28b.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Hello
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Guy !
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1_3GreatNews/Favicons/label.gif
.gif
1_3GreatNews/GreatNews.exe
.exe windows:4 windows x86 arch:x86

09d388cf3e113932cfaa642fecccd860

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetOEMCP
TlsFree
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
CreateFileA
LoadLibraryA
GetFullPathNameA
GetTempPathA
DeleteFileA
GetFileAttributesA
AreFileApisANSI
LockFileEx
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
LockFile
UnlockFile
SetEndOfFile
FlushFileBuffers
GetVersionExA
GetDateFormatW
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
CreateProcessW
GetTempPathW
IsValidCodePage
WriteFile
GetFileSize
SetFilePointer
ReadFile
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
LocalAlloc
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
ResetEvent
LoadLibraryExW
TerminateThread
FreeResource
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetEvent
CreateEventW
GetVersionExW
GetModuleHandleA
GetProcAddress
LoadLibraryW
FreeLibrary
CreateFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileAttributesW
GetFileTime
DeleteFileW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetModuleFileNameW
MulDiv
lstrcmpW
GetLastError
GetModuleHandleW
GetCurrentThreadId
FindFirstFileW
GetFullPathNameW
SetLastError
FormatMessageW
GetProcessHeap
HeapAlloc
FindClose
FindNextFileW
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
lstrcpynW
lstrcpynA
TryEnterCriticalSection
Sleep
CloseHandle
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RaiseException
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
lstrcmpiW
lstrlenW
CompareStringW
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
TerminateProcess
MultiByteToWideChar

user32

CopyRect
SetWindowLongW
GetMenuItemInfoW
GetMenuItemCount
IsDialogMessageW
RegisterClipboardFormatW
TranslateMessage
MsgWaitForMultipleObjects
TrackPopupMenu
IsDlgButtonChecked
DialogBoxParamW
EnableWindow
SetDlgItemTextW
PostThreadMessageW
CheckDlgButton
SetMenuItemInfoW
EnumChildWindows
DeleteMenu
DrawAnimatedRects
FindWindowExW
RemoveMenu
UnregisterClassA
CreateWindowExW
GetWindowLongW
EndDialog
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SendMessageW
GetClientRect
GetParent
GetDlgItem
IsWindow
SetWindowPos
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
IsMenu
UpdateWindow
IsWindowEnabled
GetClipboardData
SetWindowPlacement
IsRectEmpty
BringWindowToTop
SetForegroundWindow
IsIconic
FindWindowW
GetMenu
SetMenu
CreateIconFromResourceEx
LockWindowUpdate
GetWindowPlacement
TranslateAcceleratorW
LoadBitmapW
InsertMenuW
SetRect
DrawIconEx
GetAsyncKeyState
CreateDialogParamW
DrawTextW
CharNextW
GetDC
ReleaseDC
OffsetRect
LoadCursorW
GetClassNameW
CharLowerBuffW
CharUpperBuffW
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
CopyAcceleratorTableW
GetWindowThreadProcessId
ModifyMenuW
UnhookWindowsHookEx
CharLowerW
CallNextHookEx
SetWindowsHookExW
SetMenuDefaultItem
GetMenuItemID
PeekMessageW
GetMessageW
DispatchMessageW
PostQuitMessage
UnregisterClassW
GetSystemMetrics
DrawFrameControl
DrawFocusRect
FrameRect
DestroyIcon
LoadImageW
MessageBeep
SetDlgItemInt
GetDlgItemInt
ShowWindow
GetActiveWindow
GetKeyState
GetMessagePos
WindowFromPoint
GetCursorPos
GetCapture
CreateAcceleratorTableW
DestroyAcceleratorTable
LoadAcceleratorsW
GetFocus
GetDesktopWindow
FillRect
ReleaseCapture
RedrawWindow
InvalidateRgn
ClientToScreen
MoveWindow
InflateRect
EqualRect
GetDoubleClickTime
GetWindowDC
EndPaint
BeginPaint
PtInRect
DrawEdge
GetClassLongW
DestroyCursor
CallWindowProcW
GetSysColorBrush
SetCapture
ScreenToClient
GetSysColor
IntersectRect
RegisterWindowMessageW
RegisterClassExW
GetSubMenu
DefWindowProcW
SetRectEmpty
TrackPopupMenuEx
SetCursor
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
GetClassInfoExW
EnableMenuItem
CheckMenuItem
AppendMenuW
LoadMenuW
CreatePopupMenu
DestroyWindow
LoadStringW
LoadStringA
SetClipboardData
CloseClipboard
OpenClipboard
MessageBoxW
GetDlgCtrlID
SetParent
IsChild
SetFocus
KillTimer
SetTimer
IsWindowVisible
InvalidateRect
PostMessageW

gdi32

RealizePalette
SetPolyFillMode
Rectangle
GetTextExtentPoint32W
CreatePalette
ExcludeClipRect
CreateRectRgnIndirect
SelectPalette
TextOutW
RoundRect
CreatePatternBrush
CreateBitmap
SetBrushOrgEx
CreateDIBSection
CreateRectRgn
GetClipRgn
LPtoDP
DPtoLP
BitBlt
Polygon
LineTo
MoveToEx
GetDeviceCaps
CreatePen
SetTextColor
SetBkMode
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
ExtTextOutW
PatBlt
Polyline
IntersectClipRect
SelectClipRgn
SetViewportOrgEx
RestoreDC
SaveDC
CreateSolidBrush
CreateFontW
DeleteObject
GetObjectW
SelectObject
DeleteDC
CreateFontIndirectW
GetStockObject
GetTextMetricsW
CombineRgn
GetClipBox
SetWindowOrgEx

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
SHAppBarMessage
Shell_NotifyIconW

ole32

CoUninitialize
CoTaskMemRealloc
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
StringFromCLSID
CoTaskMemFree
OleRun
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
DoDragDrop
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
ReleaseStgMedium

oleaut32

GetErrorInfo
SafeArrayCreateVector
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SafeArrayGetLBound
SafeArrayGetUBound
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantCopy

wininet

InternetReadFileExA
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestA
HttpQueryInfoW
InternetCombineUrlW
InternetReadFile
InternetErrorDlg
InternetOpenW
InternetSetStatusCallbackW
InternetCloseHandle

shlwapi

PathRemoveArgsW
StrStrW
PathFindExtensionW
PathFileExistsW
StrStrIW
StrCmpNIW
SHAutoComplete

comctl32

ImageList_EndDrag
ImageList_BeginDrag
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_DragMove
ImageList_SetOverlayImage
_TrackMouseEvent
ImageList_Draw
ImageList_LoadImageW
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragLeave
InitCommonControlsEx
ImageList_GetImageCount
ord8
DestroyPropertySheetPage
PropertySheetW
CreatePropertySheetPageW
ImageList_Create
ImageList_DrawIndirect

urlmon

URLDownloadToCacheFileW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1_3GreatNews/GreatNewsDBMaint.exe
.exe windows:4 windows x86 arch:x86

bebe33b2a13a203f8377d37044d2f1dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
LockResource
FindResourceExW
InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
MultiByteToWideChar
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetOEMCP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
InterlockedIncrement
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapCreate
FreeLibrary
SetLastError
GetConsoleCP
lstrcmpiW
GetLastError
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsFree
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
WaitForSingleObject
IsValidCodePage
GetCommandLineW
RaiseException
CreateFileW
WideCharToMultiByte
GetSystemTime
InterlockedExchange
GetVersionExA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
UnlockFile
LockFile
GetProcAddress
Sleep
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
CloseHandle
LockFileEx
AreFileApisANSI
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetTempPathA
GetTempPathW
GetFullPathNameA
GetFullPathNameW
LoadLibraryA
LoadLibraryW
CreateFileA

user32

UnregisterClassA
EndDialog
GetSystemMetrics
LoadImageW
GetActiveWindow
DialogBoxParamW
LoadCursorW
PostQuitMessage
SetCursor
IsDialogMessageW
SendMessageW
MessageBoxW
GetDlgItem
EnableWindow
UpdateWindow
SetWindowTextW
GetSysColor
CreateDialogParamW
EndPaint
BeginPaint
GetClassNameW
CallWindowProcW
DestroyWindow
CharNextW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
SetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetWindowLongW

gdi32

SetBkColor
ExtTextOutW

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUI4FromStr
VariantClear

shlwapi

StrCmpNIW
PathFileExistsW

comctl32

InitCommonControlsEx

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1_3GreatNews/GreatNewsUpdater.exe
.exe windows:4 windows x86 arch:x86

7de1873d4bdce90ef07d5d2f6d283a1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

kernel32

LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CompareStringW
LocalFree
FormatMessageW
LockResource
FindResourceExW
GetPrivateProfileIntW
WritePrivateProfileStringW
WaitForSingleObjectEx
ResumeThread
WideCharToMultiByte
IsValidCodePage
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
FindResourceW
LCMapStringA
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
lstrlenW
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
CreateThread
ExitThread
RtlUnwind
GetVersionExA
GetThreadLocale
GetLocaleInfoA
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
LCMapStringW
GetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteFile
RaiseException
CloseHandle
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
CreateFileW
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
GetTempPathW
GetFileType
ReadFile
SetFilePointer
GetFileSize
InterlockedCompareExchange

user32

TranslateMessage
GetMessageW
UnregisterClassA
PeekMessageW
SetWindowLongW
DispatchMessageW
ShowWindow
GetSystemMetrics
LoadImageW
FindWindowW
PostQuitMessage
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
IsDialogMessageW
MessageBoxW
GetDlgItem
IsWindowVisible
IsIconic
SetForegroundWindow
BringWindowToTop
wsprintfW
PostMessageW
GetClassNameW
CreateCursor
OffsetRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetSysColor
GetFocus
GetCapture
ReleaseCapture
GetCursorPos
SetCursor
CallWindowProcW
DrawTextW
DrawFocusRect
FillRect
PtInRect
SetWindowPos
IsWindow
GetDlgCtrlID
GetParent
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
GetClientRect
SendMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateWindowExW
GetWindowLongW
CreateDialogParamW
SetRectEmpty
DestroyCursor
DestroyWindow
DefWindowProcW
CharNextW

gdi32

GetStockObject
CreateFontIndirectW
SetTextColor
SetBkMode
SelectObject
GetObjectW
DeleteObject
CreateFontW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

StrFormatByteSizeW

comctl32

_TrackMouseEvent
InitCommonControlsEx

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1_3GreatNews/Language/gn_ara.ini
1_3GreatNews/Language/gn_br.ini
1_3GreatNews/Language/gn_bsq.ini
1_3GreatNews/Language/gn_chs.ini
1_3GreatNews/Language/gn_cht.ini
1_3GreatNews/Language/gn_cz.ini
1_3GreatNews/Language/gn_eng.ini
1_3GreatNews/Language/gn_fr.ini
1_3GreatNews/Language/gn_ger.ini
1_3GreatNews/Language/gn_hu.ini
1_3GreatNews/Language/gn_it.ini
1_3GreatNews/Language/gn_jpn.ini
1_3GreatNews/Language/gn_kor.ini
1_3GreatNews/Language/gn_nld.ini
1_3GreatNews/Language/gn_pl.ini
1_3GreatNews/Language/gn_pt.ini
1_3GreatNews/Language/gn_ro.ini
1_3GreatNews/Language/gn_ru.ini
1_3GreatNews/Language/gn_ser.ini
1_3GreatNews/Language/gn_spa.ini
1_3GreatNews/Language/gn_sw.ini
1_3GreatNews/Language/gn_tr.ini
1_3GreatNews/Language/gn_vi.ini
1_3GreatNews/Media/Activity.html
1_3GreatNews/Media/Add.gif
.gif
1_3GreatNews/Media/Brief.css
1_3GreatNews/Media/Essay.css
1_3GreatNews/Media/Firefox Sage.css
1_3GreatNews/Media/Home.htm
1_3GreatNews/Media/Import.gif
.gif
1_3GreatNews/Media/Newspaper.css
1_3GreatNews/Media/NoItem.htm
1_3GreatNews/Media/Readability.css
1_3GreatNews/Media/Simple.css
1_3GreatNews/Media/Statistics.html
1_3GreatNews/Media/UpdateAll.gif
.gif
1_3GreatNews/Media/View.gif
.gif
1_3GreatNews/Media/buildin_style.tpl
1_3GreatNews/Media/label.gif
.gif
1_3GreatNews/Media/podcast.gif
.gif
1_3GreatNews/Media/read.gif
.gif
1_3GreatNews/Media/unread.gif
.gif
1_3GreatNews/Plugins/LiveWriterPlugin.dll
.dll windows:4 windows x86 arch:x86

e6c55d81d72358520b4e6f6877ff14d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\greatnewsbuild\greatnews\livewriterplugin\unicode release\LiveWriterPlugin.pdb

Imports

kernel32

InterlockedIncrement
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
HeapAlloc
GetProcessHeap
lstrlenW
FormatMessageW
InterlockedDecrement
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
GetLastError
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
WriteFile
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

UnregisterClassA
MessageBoxW

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoCreateInstance

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

Exports

Exports

BlogThis
GetGreatNewsPluginName

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1_3GreatNews/Plugins/wbloggarPlugin.dll
.dll windows:4 windows x86 arch:x86

21336dc81c5220c99fb0983d3fd5f92f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\greatnewsbuild\greatnews\wbloggarplugin\unicode release\wbloggarPlugin.pdb

Imports

kernel32

WriteFile
InterlockedDecrement
CreateProcessW
lstrlenW
CreateFileW
GetTempPathW
CloseHandle
GetLastError
GetTempFileNameW
WideCharToMultiByte
FlushFileBuffers
CreateFileA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

MessageBoxW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoCreateInstance

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

Exports

Exports

BlogThis
GetGreatNewsPluginName

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1_3GreatNews/channels.opml
1_3GreatNews/greatnews_upgrade.ini
1_3GreatNews/license.txt
1_3GreatNews/newsfeed_upgrade.db

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Hello Size: - Virtual size: 392KB

Guy ! Size: 130KB - Virtual size: 132KB

.rsrc Size: 3KB - Virtual size: 4KB

09d388cf3e113932cfaa642fecccd860

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

comctl32

urlmon

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 248KB - Virtual size: 246KB

.data Size: 40KB - Virtual size: 48KB

.rsrc Size: 152KB - Virtual size: 149KB

bebe33b2a13a203f8377d37044d2f1dc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 408KB - Virtual size: 407KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 8KB - Virtual size: 6KB

7de1873d4bdce90ef07d5d2f6d283a1f

Headers

File Characteristics

Imports

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 6KB

e6c55d81d72358520b4e6f6877ff14d5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

Exports

Exports

Hello
Size: - Virtual size: 392KB

Guy !
Size: 130KB - Virtual size: 132KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 248KB - Virtual size: 246KB

.data
Size: 40KB - Virtual size: 48KB

.rsrc
Size: 152KB - Virtual size: 149KB

.text
Size: 408KB - Virtual size: 407KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB