2ec784da32645ada7065957cbcf0c950_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ec784da32645ada7065957cbcf0c950_JaffaCakes118
Size

2.3MB
MD5

2ec784da32645ada7065957cbcf0c950
SHA1

f4e27e3c070a09c56131b51d69fa356eddcb2a37
SHA256

da205f0dff3583626830798e8164420202c2e7451286c7a5039c5bca6d3f231f
SHA512

50e166724126458a6fa358786e4ef591d48fd26cab640bf92ff428da0884ba35a57db737d125a6ca6d32b5833283192333a5c8f4b0a1765be17b6f271944aa53
SSDEEP

49152:dXH8RUHoglOtstVPrRabC+pVzZCmlh42cQ6YFWvYUB1LLOS:NwUIglO69e9l1h42r6YFYHLF

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Capthumb.dll	acprotect
static1/unpack001/Codecs/DVDAudio.ax	acprotect
static1/unpack001/Codecs/DVDVideo.ax	acprotect

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Capthumb.dll	upx
static1/unpack001/Cdvd.exe	upx
static1/unpack001/Codecs/DVDAudio.ax	upx
static1/unpack001/Codecs/DVDVideo.ax	upx
static1/unpack001/Codecs/ffdshow.exe	upx
static1/unpack001/reg.exe	upx

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
2ec784da32645ada7065957cbcf0c950_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Processes.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/actsplash.ocx
unpack001/Capthumb.dll
unpack001/Cdvd.exe
unpack001/Codecs/DVDAudio.ax
unpack004/out.upx
unpack001/Codecs/DVDVideo.ax
unpack005/out.upx
unpack001/Codecs/ac3filter.exe
unpack001/Codecs/ffdshow.exe
unpack006/out.upx
unpack001/Uninstall.exe
unpack007/$PLUGINSDIR/Processes.dll
unpack001/reg.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

2ec784da32645ada7065957cbcf0c950_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ComScore.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/_license_page.ini
$PLUGINSDIR/_survey_page.ini
$PLUGINSDIR/comscore.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/actsplash.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

40ca5d83c2c3ea0c56e8966233c57d46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
CreateFileA
WriteProcessMemory
WriteFile
ReadProcessMemory
SetFilePointer
GetCurrentProcess
Sleep
WaitForSingleObject
UnmapViewOfFile
ReadFile
DeleteFileA
GetCurrentThreadId
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentDirectoryA
DebugBreak
HeapReAlloc
HeapFree
lstrcatA
lstrcpyA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
lstrcmpiA
IsDBCSLeadByte
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
CreateThread
GetVersionExA
TerminateThread
CloseHandle
GetStdHandle
RtlUnwind
TerminateProcess
LCMapStringW
LCMapStringA
ExitProcess
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
lstrlenW
HeapCreate
GetShortPathNameA
MultiByteToWideChar
lstrlenA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo

user32

SetWindowRgn
OffsetRect
EqualRect
GetClientRect
SetWindowPos
UnionRect
PtInRect
CallWindowProcA
GetParent
GetWindowRect
DrawTextA
GetClassInfoExA
LoadCursorA
GetKeyState
InvalidateRect
IsWindow
DestroyWindow
DefWindowProcA
wsprintfA
BeginPaint
GetWindowLongA
IsChild
EndPaint
GetFocus
IntersectRect
CharNextA
SetWindowLongA
RegisterClassExA
ClientToScreen
GetWindowDC
ChildWindowFromPointEx
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
DispatchMessageA
MessageBoxA
GetSystemMetrics
GetWindowRgn
ShowWindow
RedrawWindow
GetSysColor
FillRect
SetActiveWindow
GetWindow
LoadBitmapA
CreateWindowExA
PostMessageA
SetFocus
GetDC
ReleaseDC
SendMessageTimeoutA
SendMessageA

gdi32

SetDIBitsToDevice
GetDeviceCaps
CreateRectRgnIndirect
SelectPalette
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
CreatePalette
DeleteObject
CombineRgn
SetRectRgn
CreateRectRgn
BitBlt
GetObjectA
CreateBitmap
CreateSolidBrush
GetMapMode
SelectClipRgn
SetTextColor
SetBkMode
CreateFontIndirectA
SetMapMode

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

advapi32

RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA

shell32

ShellExecuteExA

ole32

StgCreateDocfile
OleLoadFromStream
CreateStreamOnHGlobal
OleRegGetMiscStatus
OleSaveToStream
WriteClassStm
OleRegEnumVerbs
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorage
CreateOleAdviseHolder
OleRegGetUserType
CoCreateInstance

oleaut32

SysAllocStringLen
OleCreatePictureIndirect
OleCreatePropertyFrame
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
OleCreateFontIndirect
VariantClear
LoadTypeLi
SysAllocString
LoadRegTypeLi
SysStringLen
VarUI4FromStr
RegisterTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/rkinstaller.exe
.exe windows:4 windows x86 arch:x86

1a05f326eaa74878fdf8183271d9c333

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

02:49:15:44:00:0d:8c:9d:63:f0:61:b1:eb:ae:84:66
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/07/2007, 00:00

Not After

27/09/2009, 23:59

Subject

CN=TMRG\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=TMRG\, Inc.,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Client\BundleInstall\SmallStandalone\BundleInstall.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetCloseHandle
InternetReadFile
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetGetConnectedState
HttpQueryInfoA
HttpSendRequestA

comctl32

ord17

wsock32

listen
setsockopt
closesocket
shutdown
bind
gethostbyname
htons
socket
accept
send
WSAGetLastError
__WSAFDIsSet
select
recv
WSASetLastError
WSAStartup
ioctlsocket
connect

kernel32

GetStartupInfoA
GetCurrentProcess
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
GetSystemTimeAsFileTime
Sleep
CreateDirectoryA
RemoveDirectoryA
SetEvent
OpenEventA
GetVolumeInformationA
GetVersionExA
GetUserDefaultLangID
GetWindowsDirectoryA
SetFileAttributesA
GetFileAttributesA
WriteFile
GetTempPathA
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
CreateProcessA
lstrcmpiA
ReadFile
CompareFileTime
GetTimeZoneInformation
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetLastError
FindClose
FindNextFileA
FindFirstFileA
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
CopyFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemInfo
VirtualProtect
VirtualQuery
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
CloseHandle
DeleteFileA
GetTickCount
GetTempFileNameA
GetModuleHandleA
CreateFileA
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
FileTimeToLocalFileTime
GetFileInformationByHandle
MoveFileExA
PeekNamedPipe
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
TerminateProcess
HeapReAlloc
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
SetLastError
FindFirstFileW
DeleteFileW
FindNextFileW
LocalFree
LocalAlloc
OpenProcess
WaitForMultipleObjects
ResetEvent
ReleaseMutex
ReleaseSemaphore
CreateEventA
CreateMutexA
OpenMutexA
CreateSemaphoreA
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetDateFormatA
GetTimeFormatA
UnmapViewOfFile
GetComputerNameA
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
GetVersion
GetShortPathNameA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
FormatMessageA
GetModuleFileNameW
LoadLibraryExA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
InterlockedExchange
MultiByteToWideChar
lstrlenA
ExitProcess
RtlUnwind
RaiseException
FlushFileBuffers
SetFileTime
LocalFileTimeToFileTime
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
TlsAlloc
VirtualFree

user32

DispatchMessageA
GetSystemMetrics
LoadImageA
ExitWindowsEx
SetForegroundWindow
KillTimer
GetClientRect
SetWindowTextA
PostMessageA
SetWindowPos
LoadStringA
PostQuitMessage
GetDesktopWindow
GetWindowRect
MoveWindow
DestroyWindow
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
GetDC
ReleaseDC
LoadMenuA

advapi32

AllocateAndInitializeSid
EqualSid
FreeSid
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
SetSecurityInfo
SetFileSecurityA
IsValidSid
RegEnumKeyA
RegEnumValueA
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
RegEnumKeyExA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegCreateKeyExA
RegDeleteKeyA
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegSetKeySecurity
RegSaveKeyA
RegFlushKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserA
GetTokenInformation

ole32

OleInitialize
CoTaskMemFree
StringFromGUID2
OleRun
CoCreateInstance

oleaut32

CreateErrorInfo
VariantClear
VariantInit
SysFreeString
LoadTypeLi
DispGetIDsOfNames
VariantChangeType
SysAllocString
GetErrorInfo
SetErrorInfo

shlwapi

SHCopyKeyA

gdi32

GetDeviceCaps

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/rkverify.exe
.exe windows:4 windows x86 arch:x86

709b386d1cede87e12c79b0a05780abc

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:22:d8:97:c8:20:00:1a:2c:4c:01:d3:ae:bb:98:e8
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

02/09/2009, 00:00

Not After

27/09/2011, 23:59

Subject

CN=TMRG\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=TMRG\, Inc.,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameA
GetTempPathA
CreateEventA
OpenProcess
GetCurrentProcessId
GetModuleFileNameA
RaiseException
Thread32Next
Thread32First
CreateToolhelp32Snapshot
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
CloseHandle
Sleep
DeleteFileA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedIncrement
InterlockedDecrement
SetEvent
ResetEvent
ReleaseMutex
ReleaseSemaphore
CreateMutexA
CreateSemaphoreA
UnmapViewOfFile
GetComputerNameA
MapViewOfFile
CreateFileMappingA
Process32Next
Process32First
WriteFile
SetFilePointer
CreateFileA
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcess
FormatMessageA
QueryPerformanceCounter
lstrlenA
GetDateFormatA
GetTimeFormatA
WideCharToMultiByte
HeapAlloc
RtlUnwind
HeapFree
GetStartupInfoA
GetCommandLineA
ExitProcess
ExitThread
CreateThread
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
VirtualQuery
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapReAlloc
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FlushFileBuffers
GetOEMCP
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalAlloc
MoveFileExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetLastError
LocalFree
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

wsprintfA
UnhookWindowsHookEx
PostThreadMessageA
SetWindowsHookExA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey
InitializeAcl
SetSecurityInfo
RegQueryValueExA

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Capthumb.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CaptureBitmap

Sections

UPX0
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Cdvd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 868KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Codecs/DVDAudio.ax
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 672KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/DVDVideo.ax
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CPUCAP_T
Size: 4KB - Virtual size: 113B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MC3DNOW_
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MCSSE_TE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/ac3filter.exe
.exe windows:4 windows x86 arch:x86

3d93fff76bb37a145ff30c481dfdbe0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameA
MoveFileA
lstrcatA
lstrlenA
GetShortPathNameA
SearchPathA
lstrcpyA
Sleep
RemoveDirectoryA
CreateFileA
CopyFileA
GetFileSize
GetModuleFileNameA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
GetTickCount
GetDiskFreeSpaceA
GetVersion
CreateThread
CreateProcessA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
CreateDirectoryA
GetSystemDirectoryA
MultiByteToWideChar
GetFileAttributesA
CompareFileTime
SetFileTime
CloseHandle
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
LoadLibraryA
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
lstrcpynA
GetProcAddress
GetCommandLineA
GlobalAlloc
WriteFile
GlobalFree
MulDiv
SetFilePointer
ReadFile
FreeLibrary
GetPrivateProfileStringA
WritePrivateProfileStringA
ExitProcess
GetCurrentProcess

user32

SetWindowPos
ScreenToClient
EnableWindow
GetDlgItem
SetClassLongA
SetFocus
GetWindowRect
CharPrevA
GetParent
SendDlgItemMessageA
LoadBitmapA
IsWindowVisible
IsWindow
GetDlgItemTextA
FindWindowExA
SendMessageA
DefWindowProcA
DialogBoxParamA
EndDialog
FillRect
GetWindowTextA
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassA
SystemParametersInfoA
GetDesktopWindow
CreateWindowExA
SetWindowTextA
SetDlgItemTextA
CharNextA
CreateDialogParamA
DestroyWindow
PostQuitMessage
ShowWindow
SetForegroundWindow
MessageBoxA
wsprintfA
IsWindowEnabled
BeginPaint
SetTimer
SetRect
PeekMessageA
ExitWindowsEx
GetClientRect
DispatchMessageA

gdi32

SetBkMode
SetTextColor
CreateFontA
CreateSolidBrush
DeleteObject
BitBlt
CreateCompatibleDC
GetTextColor
LineTo
MoveToEx
CreatePen
GetStockObject
SetBkColor
GetNearestColor
CreateBrushIndirect
SelectObject

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

shell32

SHGetMalloc
ShellExecuteA
SHGetPathFromIDListA
SHFileOperationA
SHBrowseForFolderA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ord17

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Codecs/ffdshow.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Icons/movie.ico
Icons/skin.ico
Skins/default.csk
Skins/default.jpg
.jpg
Uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Web/error0.htm
.html
Web/error1.htm
.html
Web/error10.htm
.html
Web/error2.htm
.html
Web/error3.htm
.html
Web/error4.htm
.html
Web/error5.htm
.html
Web/error6.htm
.html
Web/error7.htm
.html
Web/error8.htm
.html
Web/error9.htm
.html
Web/index.htm
.html
Web/movies.gif
.gif
Website.url
.url
license.rtf
.rtf
reg.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 30KB - Virtual size: 30KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

40ca5d83c2c3ea0c56e8966233c57d46

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 36KB - Virtual size: 33KB

.reloc
Size: 12KB - Virtual size: 8KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

02:49:15:44:00:0d:8c:9d:63:f0:61:b1:eb:ae:84:66
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 16KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 2KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

0c:22:d8:97:c8:20:00:1a:2c:4c:01:d3:ae:bb:98:e8
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 84KB - Virtual size: 81KB