2dfa4f6ebed235eca31550bd3abf2526_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2dfa4f6ebed235eca31550bd3abf2526_JaffaCakes118
Size

2.7MB
MD5

2dfa4f6ebed235eca31550bd3abf2526
SHA1

f43e948c992a87522c2d0a2e2ce335734785bb8a
SHA256

2bd3e5dc91b8c8df46bf481674cc8af135628e8b67fdb74d32886abd2e845625
SHA512

008b11ff50e40838b6797e03ca4c6a51c6fc1a91b7cdd15768811add3c7588f4dc56f0edc8c4032de6f23a227887739605e18bf3ef9404b0738d4a69921e082c
SSDEEP

49152:Pzdwi9LMAZzETym5h2Rd6zpTjVk+66uFgWNE06vXW78yH/EX9:buiZI397juL38yHMN

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FileZilla_3.0.0-beta6_win32-setup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$R0
unpack002/$R2/NSIS.Library.RegTool.v2.$_8_.exe
unpack002/filezilla.exe
unpack002/fzsftp.exe
unpack002/mingwm10.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/FileZilla_3.0.0-beta6_win32-setup.exe	nsis_installer_1

Files

2dfa4f6ebed235eca31550bd3abf2526_JaffaCakes118
.rar
FileZilla_3.0.0-beta6_win32-setup.exe
.exe windows:4 windows x86 arch:x86

425172ce4f6b63657d1f64079cda14ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ExitProcess
lstrcmpiA
CopyFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
RemoveDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
DialogBoxParamA
ScreenToClient
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
CheckDlgButton
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
GetClassInfoA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

65ab8d4596461200c6b8c99b25884bdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
lstrcmpiA
GetModuleHandleA
GetPrivateProfileStringA
lstrcatA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
MultiByteToWideChar
lstrcpynA

user32

GetDlgCtrlID
DestroyIcon
DestroyWindow
MapWindowPoints
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
SetWindowLongA
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
EnableWindow
GetDlgItem
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
wsprintfA
CharNextA
MessageBoxA
GetWindowTextA
SetWindowTextA
SendMessageA
DispatchMessageA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

100e1414da843c46346bba1809f39a45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
FindClose
FindNextFileA
FindFirstFileA
lstrcpynA
MulDiv
GetModuleHandleA
lstrcmpiA
lstrcpyA
lstrcatA
GlobalFree

user32

CallWindowProcA
GetWindowLongA
SendMessageA
CheckDlgButton
PostMessageA
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
IsDlgButtonChecked
GetWindowTextA
GetDlgItem
wsprintfA
CreateDialogParamA
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
SetWindowLongA
ShowWindow

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f3141363ba38e047f1a32f3ace0bb1fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary

user32

wsprintfA

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/reinstall.ini
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

e42eed45055aacc95e3beb0f6eea7b82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

kernel32

AddAtomA
CloseHandle
CreateMutexW
CreateSemaphoreA
FindAtomA
GetAtomNameA
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetSystemTime
GetTickCount
InterlockedDecrement
InterlockedIncrement
MapViewOfFile
OpenFileMappingW
ReleaseMutex
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForSingleObject

msvcrt

_write
__dllonexit
_assert
_errno
_vsnprintf
abort
fflush
fopen
fprintf
free
malloc
memset
setbuf
strcmp
strncpy
wcscmp
wcslen
wcsncmp
wcsncpy
wcsrchr

ole32

StringFromGUID2

shell32

SHChangeNotify

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stab
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_MEM_DISCARDABLE

.stabstr
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_MEM_DISCARDABLE
$R2/NSIS.Library.RegTool.v2.$_8_.exe
.exe windows:4 windows x86 arch:x86

e1036fdebe2d993137b1bdffdd47f9c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
lstrcpyA
FreeLibrary
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
ExitProcess
SetErrorMode
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
CreateProcessA
CloseHandle
MapViewOfFile
WaitForSingleObject

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GPL.html
.html
filezilla.exe
.exe windows:4 windows x86 arch:x86

919db170c57116607afb584ebbede272

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

comctl32

CreateStatusWindowW
CreateUpDownControl
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_Draw
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
InitCommonControls

comdlg32

ChooseColorW
ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PageSetupDlgW
PrintDlgW

gdi32

Arc
BitBlt
CloseEnhMetaFile
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEnhMetaFileW
CreateFontIndirectW
CreateHatchBrush
CreateICW
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EqualRgn
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
GdiFlush
GetBkColor
GetCharABCWidthsW
GetClipBox
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetEnhMetaFileW
GetMetaFileBitsEx
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextColor
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextMetricsW
GetWinMetaFileBits
LineTo
MaskBlt
MoveToEx
OffsetRgn
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyPolygon
Polygon
Polyline
PtInRegion
RealizePalette
RectInRegion
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetMapMode
SetMetaFileBitsEx
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutW

kernel32

AddAtomA
CloseHandle
CopyFileW
CreateDirectoryW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindAtomA
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeLibrary
GetACP
GetAtomNameA
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetProfileStringW
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadTimes
GetTickCount
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByteEx
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResumeThread
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileTime
SetLastError
SetNamedPipeHandleState
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile

mingwm10

__mingwthr_key_dtor

msvcrt

_close
_fdopen
_fstat
_ftime
_getpid
_lseek
_open
_read
_strdup
_stricmp
_timezone
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_close
_commit
_ctype
_endthreadex
_errno
_fdopen
_filbuf
_flsbuf
_get_osfhandle
_getcwd
_iob
_isctype
_lseeki64
_onexit
_open_osfhandle
_pctype
_read
_setjmp
_setmode
_stricmp
_telli64
_vsnprintf
_waccess
_wcsdup
_wcsicmp
_wcsnicmp
_wfopen
_wgetenv
_wmkdir
_wopen
_wremove
_wrename
_write
_wrmdir
_wsetlocale
_wstati64
_wtoi
_wtol
abort
atexit
atof
atoi
bsearch
calloc
ceil
clearerr
clock
cos
ctime
difftime
exit
fclose
fflush
fgets
floor
fopen
fprintf
fputc
fputwc
fputws
fread
free
fseek
ftell
fwrite
getenv
gmtime
isdigit
iswctype
localtime
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
pow
qsort
rand
realloc
setlocale
setvbuf
signal
sin
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtod
strtol
strtoul
strxfrm
swprintf
swscanf
time
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsspn
wcsstr
wcstod
wcstol
wcstoul

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoLockObjectExternal
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

oleaut32

SysAllocString

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
ExtractIconExW
ExtractIconW
SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
ChangeDisplaySettingsW
CheckMenuItem
CheckMenuRadioItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyRect
CreateAcceleratorTableW
CreateDialogIndirectParamW
CreateDialogParamW
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DdeClientTransaction
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleW
DdeDisconnect
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DdeNameService
DdePostAdvise
DdeQueryStringW
DdeUninitialize
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeferWindowPos
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndMenu
EndPaint
EnumClipboardFormats
EnumDisplaySettingsW
EnumWindows
ExitWindowsEx
FillRect
FlashWindow
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardFormatNameW
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetInputState
GetKeyState
GetMenuItemCount
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetMessageTime
GetMessageW
GetOpenClipboardWindow
GetParent
GetProcessWindowStation
GetQueueStatus
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetUpdateRgn
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
MapWindowPoints
MessageBeep
MessageBoxW
ModifyMenuW
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindow
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowCursor
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassW
UpdateWindow
ValidateRect
WaitForInputIdle
WindowFromPoint
keybd_event

ws2_32

WSASetLastError

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fzsftp.exe
.exe windows:4 windows x86 arch:x86

180889b559341ba1c8d4339f4e863221

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateThread
ExitProcess
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetAtomNameA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetOverlappedResult
GetProcAddress
GetProcessTimes
GetStdHandle
GetSystemTime
GetSystemTimeAdjustment
GetThreadTimes
GetTickCount
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
LoadLibraryA
LocalFree
MapViewOfFile
QueryPerformanceCounter
ReadFile
SetConsoleMode
SetCurrentDirectoryA
SetEvent
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
SystemTimeToFileTime
UnmapViewOfFile
WaitForSingleObject
WriteFile

msvcrt

_stricmp
_strnicmp
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
_vsnprintf
abort
atexit
atoi
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fwrite
getenv
malloc
memchr
memcpy
memmove
memset
printf
puts
qsort
realloc
remove
signal
sprintf
sscanf
strchr
strcmp
strcpy
strcspn
strftime
strlen
strncat
strncpy
strrchr
strspn
strtok
strtol
strtoul
system
time
tolower
ungetc

user32

FindWindowA
GetCapture
GetClipboardOwner
GetCursorPos
GetForegroundWindow
GetQueueStatus
MsgWaitForMultipleObjects
SendMessageA

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_MEM_DISCARDABLE

.stabstr
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_MEM_DISCARDABLE
locales/ar/filezilla.mo
locales/bg/filezilla.mo
locales/ca_ES/filezilla.mo
locales/cs/filezilla.mo
locales/da_DK/filezilla.mo
locales/de/filezilla.mo
locales/es/filezilla.mo
locales/et_EE/filezilla.mo
locales/eu/filezilla.mo
locales/fi/filezilla.mo
locales/fr_CA/filezilla.mo
locales/fr_FR/filezilla.mo
locales/gl/filezilla.mo
locales/id_ID/filezilla.mo
locales/it_IT/filezilla.mo
locales/ja_JP/filezilla.mo
locales/ka/filezilla.mo
locales/km/filezilla.mo
locales/ko_KR/filezilla.mo
locales/ku/filezilla.mo
locales/lt/filezilla.mo
locales/mk/filezilla.mo
locales/nb_NO/filezilla.mo
locales/ne/filezilla.mo
locales/nl/filezilla.mo
locales/pl_PL/filezilla.mo
locales/pt_BR/filezilla.mo
locales/pt_PT/filezilla.mo
locales/ro_RO/filezilla.mo
locales/ru/filezilla.mo
locales/sk/filezilla.mo
locales/sl/filezilla.mo
locales/sv_SE/filezilla.mo
locales/tr/filezilla.mo
locales/zh_CN/filezilla.mo
locales/zh_TW/filezilla.mo
mingwm10.dll
.dll windows:4 windows x86 arch:x86

ed28dd2195355a53a72b44c24ba1f6bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_errno
abort
calloc
fflush
free
malloc

kernel32

AddAtomA
DeleteCriticalSection
EnterCriticalSection
FindAtomA
GetAtomNameA
GetLastError
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue

Exports

Exports

__mingwthr_key_dtor
__mingwthr_remove_key_dtor

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/16x16/cancel.png
.png
resources/16x16/disconnect.png
.png
resources/16x16/download.png
.png
resources/16x16/downloadadd.png
.png
resources/16x16/file.png
.png
resources/16x16/filter.png
.png
resources/16x16/folder.png
.png
resources/16x16/folderclosed.png
.png
resources/16x16/localtreeview.png
.png
resources/16x16/logview.png
.png
resources/16x16/processqueue.png
.png
resources/16x16/queueview.png
.png
resources/16x16/reconnect.png
.png
resources/16x16/refresh.png
.png
resources/16x16/remotetreeview.png
.png
resources/16x16/server.png
.png
resources/16x16/sitemanager.png
.png
resources/16x16/unknown.png
.png
resources/16x16/upload.png
.png
resources/16x16/uploadadd.png
.png
resources/32x32/file.png
.png
resources/cyril/16x16/ascii.png
.png
resources/cyril/16x16/auto.png
.png
resources/cyril/16x16/binary.png
.png
resources/cyril/16x16/bookmark.png
.png
resources/cyril/16x16/cancel.png
.png
resources/cyril/16x16/compare.png
.png
resources/cyril/16x16/disconnect.png
.png
resources/cyril/16x16/download.png
.png
resources/cyril/16x16/downloadadd.png
.png
resources/cyril/16x16/file.png
.png
resources/cyril/16x16/folder.png
.png
resources/cyril/16x16/folderback.png
.png
resources/cyril/16x16/folderclosed.png
.png
resources/cyril/16x16/folderup.png
.png
resources/cyril/16x16/help.png
.png
resources/cyril/16x16/localtreeview.png
.png
resources/cyril/16x16/logview.png
.png
resources/cyril/16x16/processqueue.png
.png
resources/cyril/16x16/queueview.png
.png
resources/cyril/16x16/reconnect.png
.png
resources/cyril/16x16/refresh.png
.png
resources/cyril/16x16/remotetreeview.png
.png
resources/cyril/16x16/server.png
.png
resources/cyril/16x16/showhidden.png
.png
resources/cyril/16x16/sitemanager.png
.png
resources/cyril/16x16/speedlimits.png
.png
resources/cyril/16x16/synchronize.png
.png
resources/cyril/16x16/upload.png
.png
resources/cyril/16x16/uploadadd.png
.png
resources/dialogs.xrc
.xml
resources/down.png
.png
resources/dropdown.png
.png
resources/empty.png
.png
resources/filezilla.png
.png
resources/filezilla.xpm
resources/leds.png
.png
resources/menus.xrc
.xml
resources/netconfwizard.xrc
.xml
resources/quickconnectbar.xrc
.xml
resources/themes.xml
.xml
resources/toolbar.xrc
.xml
resources/up.png
.png
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

425172ce4f6b63657d1f64079cda14ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 109KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 9KB - Virtual size: 9KB

65ab8d4596461200c6b8c99b25884bdb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 992B

100e1414da843c46346bba1809f39a45

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 450B

f3141363ba38e047f1a32f3ace0bb1fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 816B

.data Size: - Virtual size: 56B

.reloc Size: 512B - Virtual size: 496B

e42eed45055aacc95e3beb0f6eea7b82

Headers

File Characteristics

Imports

advapi32

kernel32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 109KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 992B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 450B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 816B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 352B

.rdata
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 172B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 1KB - Virtual size: 1KB

.stab
Size: 115KB - Virtual size: 115KB

.stabstr
Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 2KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.data
Size: 53KB - Virtual size: 52KB

.rdata
Size: 714KB - Virtual size: 714KB

.bss
Size: - Virtual size: 204KB

.idata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 248KB - Virtual size: 248KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 64KB - Virtual size: 63KB

.bss
Size: - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB