32779134c3df5c52aea629191cf9065b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

32779134c3df5c52aea629191cf9065b_JaffaCakes118
Size

568KB
MD5

32779134c3df5c52aea629191cf9065b
SHA1

67bc76a1f4ba53b0627c62d4ce37480fa47ef341
SHA256

5777a812e92e510cd2dce482898b1554d86dac56aaf57526f652a0f380de3cd1
SHA512

5e3debe203b20419af180f5f179a1a3a99e6002027634954e13e74459a7167c5c3df1c0e56a393023f63004ba09faa4f7e2264874a79636d069e0b7c0b9b22b6
SSDEEP

12288:o77qJK7MIxpvVBSQk2klFDXMG5ba0CPBBoYGv8oWrCPuIAdr:o77uKoIPSQkPkqAxPvrCPuIAR

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
32779134c3df5c52aea629191cf9065b_JaffaCakes118
unpack001/$PLUGINSDIR/DLLWebCount.dll
unpack001/$PLUGINSDIR/ExistFiles.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/RndAlphabetNum.dll
unpack001/$PLUGINSDIR/SelfDelete.dll
unpack001/$SYSDIR/uninstall.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack001/widlib.dll
unpack001/widmoa.dll
unpack001/widservice.exe
unpack001/withmoa.exe
unpack001/withmoaun.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$SYSDIR/uninstall.exe	nsis_installer_1
static1/unpack001/$SYSDIR/uninstall.exe	nsis_installer_2

Files

32779134c3df5c52aea629191cf9065b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWebCount.dll
.dll windows:4 windows x86 arch:x86

324e87a129b7b2af320238c8ab284874

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord2512
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1199
ord1247
ord690
ord2393
ord800
ord5207
ord860
ord389
ord540
ord1176
ord1243
ord2554
ord4486
ord6375
ord3825
ord4274
ord269
ord826
ord600
ord1578
ord6467

msvcrt

__CxxFrameHandler
_EH_prolog
??1type_info@@UAE@XZ
_onexit
__dllonexit

kernel32

LocalFree
lstrcpyA
GlobalFree
LocalAlloc

user32

wsprintfA
MessageBoxA

Exports

Exports

DLLWebCount
myFunction

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExistFiles.dll
.dll windows:4 windows x86 arch:x86

e11f45bd0e732be36cab1f8a8bb170f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile

kernel32

GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
LoadLibraryA
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
RtlUnwind
GetCommandLineA
GetProcessHeap
RaiseException
HeapSize
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcmpW
GetVersionExA
GetThreadLocale
lstrcmpA
GlobalGetAtomNameA
InterlockedIncrement
GetCurrentProcessId
SetErrorMode
GetModuleFileNameA
GetCurrentThreadId
CloseHandle
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
SetLastError
GetFileAttributesA
lstrlenA
CompareStringA
lstrcpyA
GlobalFree
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
CreateFileA

user32

DrawTextExA
GrayStringA
DestroyMenu
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
DrawTextA
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
SendMessageA
GetKeyState
SetWindowTextA
PeekMessageA
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
TabbedTextOutA
ClientToScreen
AdjustWindowRectEx
RegisterClassA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
DeleteObject
SaveDC
RestoreDC
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
ScaleViewportExtEx
SetMapMode
RectVisible
PtVisible
SetViewportExtEx
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
TextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantChangeType
VariantClear
VariantInit

Exports

Exports

ExistFiles
ExistFiles2

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/RndAlphabetNum.dll
.dll windows:4 windows x86 arch:x86

66f703acb518292cbd5c82a3cb1546dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord5731
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord2512
ord2554
ord4486
ord6375
ord3830
ord4274
ord269
ord826
ord600
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler
atoi
srand
rand

kernel32

LocalFree
lstrcpyA
GlobalFree
GetTickCount
LocalAlloc

Exports

Exports

RndAlphabetNum

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SelfDelete.dll
.dll windows:4 windows x86 arch:x86

1e9621cfcd4ae80e95c364e38bcff5d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
_initterm
free
??2@YAPAXI@Z
__CxxFrameHandler
strrchr

kernel32

GetEnvironmentVariableA
LocalAlloc
LocalFree
GetShortPathNameA
lstrcatA
SetProcessPriorityBoost
CreateFileA
GetModuleFileNameA
lstrcpyA
lstrlenA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread

user32

wsprintfA

shell32

ShellExecuteExA
SHChangeNotify

mfc42

ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6467
ord1578
ord600
ord826
ord269

Exports

Exports

SelfDelete
SelfDelete2

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/withmoaAX.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

65915f56b50d53a0a7623e1057e44531

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:c8:eb:ad:4e:7e:8d:b1:b3:b3:0f:ac:d8:74:c1:67
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/02/2009, 06:54

Not After

18/02/2010, 05:11

Subject

CN=IS MEDIA,OU=Software Development Department,O=IS MEDIA,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

64:35:ab:5b:c3:f7:84:87:9c:2c:b5:62:53:bf:ff:5f:8c:fc:2e:b7
Signer

Actual PE Digest

64:35:ab:5b:c3:f7:84:87:9c:2c:b5:62:53:bf:ff:5f:8c:fc:2e:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\업무_리워드\WithMoa\02_후킹파일재제작\withmoaAX\Release\withmoaAX.pdb

Imports

kernel32

FindResourceExA
GetProfileIntA
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
Sleep
GetFileTime
IsValidCodePage
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileAttributesA
GetOEMCP
GetCPInfo
CreateFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
IsDBCSLeadByte
GetUserDefaultLCID
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
WaitForSingleObject
CloseHandle
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
GetModuleHandleA
SetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
MulDiv
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExA
CompareStringA
lstrlenW
GetVersion
MultiByteToWideChar
lstrlenA
InterlockedExchange
CompareStringW
WideCharToMultiByte
GetACP
GetLastError

user32

GetDCEx
GetDialogBaseUnits
GetTabbedTextExtentA
DestroyIcon
GetSysColorBrush
UnregisterClassA
LockWindowUpdate
EnumChildWindows
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
SetWindowTextA
IsDialogMessageA
SetRectEmpty
LoadCursorA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCapture
ReleaseDC
GetDC
ReleaseCapture
RegisterClipboardFormatA
GetNextDlgTabItem
EndDialog
SetRect
GetDesktopWindow
InvalidateRect
ShowWindow
DrawEdge
SetParent
MoveWindow
SetWindowRgn
InflateRect
IsRectEmpty
CreateMenu
DestroyMenu
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
CharUpperA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
EnableWindow
FillRect
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
PostQuitMessage
PostMessageA
CreateDialogIndirectParamA
CheckMenuItem
EnableMenuItem
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
UnhookWindowsHookEx
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA

gdi32

CreatePen
CreateSolidBrush
CreateFontIndirectA
GetTextAlign
GetTextMetricsA
SetRectRgn
PatBlt
EnumFontFamiliesExA
Rectangle
UnrealizeObject
CreatePatternBrush
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
GetTextExtentPoint32A
SetTextColor
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateRectRgn
SelectClipRgn
DeleteObject
MoveToEx
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CombineRgn
DeleteDC
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
LPtoDP
CreateRectRgnIndirect
GetObjectA
SetBkColor
GetStockObject
Ellipse
GetDeviceCaps
CopyMetaFileA
CreateDCA
CreateBitmap
GetClipBox
SetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

ExtractIconA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

ReadFmtUserTypeStg
StringFromCLSID
ReleaseStgMedium
OleDuplicateData
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataCache
ReadClassStm
OleSaveToStream
CreateDataAdviseHolder
CreateOleAdviseHolder
CoDisconnectObject
CreateStreamOnHGlobal
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString
SysStringByteLen
SysStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
OleCreatePropertyFrame
OleLoadPicture
SysAllocStringByteLen
SysAllocString
VariantCopy
OleCreateFontIndirect
OleCreatePictureIndirect

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IUtil.ini
except.ini
widlib.dll
.dll windows:4 windows x86 arch:x86

107279d5aaaf5562d9d51f6fb4a464cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\업무_리워드\withmoa\04_20101222_백신안걸리게수정(업데이트용_당사모듈삽입)\widlib\release\widlib.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrlenA
GetFileAttributesA
GetVersionExA
GetProcAddress
GetModuleFileNameA
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
FlushFileBuffers
RaiseException
GetConsoleMode
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
RtlUnwind
LoadLibraryA
SetFilePointer
GetConsoleCP

user32

wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA
SendMessageA
FindWindowA
CallNextHookEx
GetFocus
FindWindowExA

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

Exports

Exports

ExecuteHook
InstallHook
PauseHook
UninstallHook

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iedata
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
widmoa.dll
.dll regsvr32 windows:4 windows x86 arch:x86

aa817ad41063fce98874b3201b58799a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\업무_리워드\withmoa\04_20101222_백신안걸리게수정(업데이트용_당사모듈삽입)\widmoa\widmoa\release\widmoa.pdb

Imports

wininet

HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetReadFile

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetModuleFileNameA
IsDBCSLeadByte
InterlockedIncrement
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
GetVersionExA
GetFileAttributesA
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
GetCurrentThreadId
SetLastError
LockResource
Sleep
DebugBreak
OutputDebugStringA
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
WinExec
GetLocalTime
GetPrivateProfileStringA
GetPrivateProfileIntA
CloseHandle
ReadFile
CreateFileA
GlobalFree
GlobalHandle
CreateThread
GetProcAddress
LoadLibraryW
InterlockedExchange
GetACP
GetLocaleInfoA
InterlockedCompareExchange
lstrcmpiA
GetProcessHeap
HeapAlloc
LoadLibraryA
WriteConsoleW
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetCPInfo
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
DeleteCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
InterlockedDecrement
SetStdHandle
WriteConsoleA
HeapFree
GetConsoleOutputCP
SetFilePointer
GetConsoleCP
GetConsoleMode
GetTickCount
GetCurrentProcessId
FlushFileBuffers
LCMapStringW
LCMapStringA
IsProcessorFeaturePresent
GetSystemTimeAsFileTime

user32

GetWindowRect
CreateDialogIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
FindWindowExA
FindWindowA
PostMessageA
RegisterClassExA
GetClassInfoExA
GetDesktopWindow
SetFocus
GetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
UnregisterClassA
ScreenToClient
ClientToScreen
GetSysColor
IsWindow
GetDC
FillRect
LoadBitmapA
LoadCursorA
SetCursor
PtInRect
SendMessageA
SetWindowContextHelpId
GetWindow
SendDlgItemMessageA
SetTimer
GetClientRect
CreateWindowExA
MapDialogRect
EndDialog
DefWindowProcA
GetSystemMetrics
SetWindowPos
ShowWindow
MoveWindow
GetWindowLongA
SetWindowLongA
DestroyWindow
wsprintfA
CharNextA
LoadStringA
ReleaseDC
CallWindowProcA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemAlloc

shell32

ShellExecuteA
SHGetSpecialFolderPathA

oleaut32

VarUI4FromStr
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

gdi32

DeleteObject
BitBlt
CreateFontA
CreateSolidBrush
SelectObject
SetBkMode
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
GetObjectA
GetStockObject
DeleteDC

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
widservice.exe
.exe windows:4 windows x86 arch:x86

97e0d447588b33b14b58d39cff9d2dce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\업무_리워드\withmoa\04_20101222_백신안걸리게수정(업데이트용_당사모듈삽입)\widservice\release\widservice.pdb

Imports

widlib

InstallHook
UninstallHook
PauseHook
ExecuteHook

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetVolumeInformationA
GetFullPathNameA
CreateFileA
FileTimeToSystemTime
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetTickCount
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
FindFirstFileA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
WritePrivateProfileStringA
InterlockedDecrement
GetModuleFileNameW
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetCurrentProcessId
SetLastError
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
GetCurrentThreadId
GetProcAddress
FreeLibrary
GetVersion
CompareStringW
CompareStringA
InterlockedExchange
MultiByteToWideChar
Process32Next
GetPriorityClass
OpenProcess
Sleep
Process32First
CreateToolhelp32Snapshot
GetLastError
CreateMutexA
GetVersionExA
lstrlenA
GetFileAttributesA
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
HeapSize

user32

DestroyMenu
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowContextHelpId
MapDialogRect
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
ReleaseCapture
SetCapture
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
ShowWindow
GetPropA
MoveWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
CharUpperA
KillTimer
SetTimer
EnableWindow
PostMessageA
FindWindowA
SendMessageA
FindWindowExA
LoadIconA
DrawIcon
wsprintfA
GetClientRect
GetSystemMetrics
IsIconic
LoadCursorA

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
PtVisible
GetStockObject
ScaleViewportExtEx
OffsetViewportOrgEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
CLSIDFromProgID

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
withmoa.exe
.exe windows:4 windows x86 arch:x86

ca87b626e560f93d6fc6101aa8a53e13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\업무_리워드\WithMoa\04_20101222_백신안걸리게수정(업데이트용_당사모듈삽입)\withmoa\release\withmoa.pdb

Imports

wininet

InternetCanonicalizeUrlA
InternetQueryOptionA
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetConnectA
InternetOpenA
DeleteUrlCacheEntry
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetOpenUrlA

kernel32

GetFullPathNameA
CreateFileA
GetFileAttributesA
GetFileTime
GetTickCount
SetErrorMode
HeapReAlloc
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
SetStdHandle
GetVolumeInformationA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetModuleFileNameA
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
MulDiv
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
GetVersionExA
Sleep
WaitForSingleObject
CloseHandle
CreateMutexA
CompareStringW
InterlockedExchange
GetVersion
MultiByteToWideChar
lstrlenA
CompareStringA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetFileType

user32

GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharNextA
GetWindowThreadProcessId
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
UnregisterClassA
SystemParametersInfoA
GetWindowPlacement
DestroyMenu
LoadCursorA
GetSysColorBrush
TabbedTextOutA
SetCursor
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
LoadIconA
DrawIcon
GetSystemMetrics
IsIconic
GetWindowLongA
SetClassLongA
CharUpperA
FillRect
LoadBitmapA
SendMessageA
EnableWindow
GetSysColor
GetClientRect
GetForegroundWindow

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
PtVisible
DeleteDC
GetStockObject
ScaleViewportExtEx
OffsetViewportOrgEx
CreateSolidBrush
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetDeviceCaps
SetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetTextExtentPoint32A
CreateFontA
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
RectVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantCopy
OleCreateFontIndirect
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

urlmon

URLDownloadToFileA

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
withmoaun.exe
.exe windows:4 windows x86 arch:x86

96ca2bb162fccb18eab2bfe7fdc37558

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\업무_리워드\withmoa\04_20101222_백신안걸리게수정(업데이트용_당사모듈삽입)\withmoaun\release\withmoaun.pdb

Imports

kernel32

VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
HeapSize
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
VirtualProtect
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalAddAtomA
CloseHandle
FormatMessageA
LocalFree
MulDiv
GetCurrentProcessId
GlobalUnlock
WritePrivateProfileStringA
FreeResource
GlobalFree
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
CompareStringW
InterlockedExchange
GetVersion
CompareStringA
MultiByteToWideChar
GetModuleFileNameA
GetLastError
CreateMutexA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceA
FreeEnvironmentStringsW
lstrlenA

user32

PostThreadMessageA
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
WindowFromPoint
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
GetSystemMetrics
GetClientRect
GetWindowRect
DrawIcon
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
RegisterClipboardFormatA
UnregisterClassA
DestroyMenu
GetMenuItemCount
GetSubMenu
GetSysColorBrush
MessageBeep
LoadIconA
LoadBitmapA
EnableWindow
PtInRect
SendMessageA
IsIconic
CharUpperA
SetCursor
LoadCursorA
RedrawWindow
ReleaseDC
PostQuitMessage
PostMessageA
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
MessageBoxA
GetLastActivePopup
GetWindowThreadProcessId
GetTopWindow

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysFreeString

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 844KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 15KB

324e87a129b7b2af320238c8ab284874

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 474B

e11f45bd0e732be36cab1f8a8bb170f3

Headers

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

shlwapi

oleacc

gdi32

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 20KB - Virtual size: 18KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 474B

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 4KB - Virtual size: 530B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 374B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

01
Certificate

0a
Certificate

4c:c8:eb:ad:4e:7e:8d:b1:b3:b3:0f:ac:d8:74:c1:67
Certificate

64:35:ab:5b:c3:f7:84:87:9c:2c:b5:62:53:bf:ff:5f:8c:fc:2e:b7
Signer