314477ac48868204e94f5e9e8c5a5cf5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

314477ac48868204e94f5e9e8c5a5cf5_JaffaCakes118
Size

2.6MB
MD5

314477ac48868204e94f5e9e8c5a5cf5
SHA1

a737e801ec85912f38bf5824752fd8257db8ee87
SHA256

172e7938c2eb61e3a9cbd8ee3bf89a6aea93b9988f041a05599e11b39936b001
SHA512

83b603c48659aeb555952c0f8dee412fe61af9bb4ada54fdeae6d99a5a3bb95dd3efb8fb94dfb847cf73f66146f1d45861697d8f17afcd8d8a5afbd9ce7b4869
SSDEEP

49152:80GlGyh1FvUYFHSHMJvbcXscWTz+3GR+a61JnLF/kf05Z0kGoI5a0AqKILLt6fjI:80GQy/FMYFHOMJvq3WTx+a61Jnlkf0vK

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MyVCR.exe
unpack001/Rascal.dll
unpack001/Rascal_Timer.dll
unpack001/Setup.exe
unpack001/lang_936.dll
unpack001/x264vfw.dll

Files

314477ac48868204e94f5e9e8c5a5cf5_JaffaCakes118
.zip
155ɫվ.url
.url
MyVCR.exe
.exe windows:5 windows x86 arch:x86

d3181d0a1a3e3396b9a61112914a92aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\cpp\MyVCR\Release\MyVCR.pdb

Imports

kernel32

WriteConsoleW
LCMapStringW
SetEnvironmentVariableA
GetTimeZoneInformation
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
SizeofResource
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
CreateThread
ExitThread
ExitProcess
RaiseException
HeapReAlloc
HeapFree
HeapAlloc
DecodePointer
EncodePointer
GetLocalTime
GetStartupInfoW
HeapSetInformation
FindResourceExW
VirtualProtect
SearchPathW
Sleep
GetProfileIntW
InitializeCriticalSectionAndSpinCount
GetNumberFormatW
GetWindowsDirectoryW
GetTickCount
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetConsoleMode
RtlUnwind
GetConsoleCP
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
lstrcpyW
GlobalFlags
GetCurrentDirectoryW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetThreadLocale
GlobalGetAtomNameW
lstrlenA
GetCurrentProcessId
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
GlobalFindAtomW
GetVersionExW
CompareStringW
FreeResource
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
ActivateActCtx
DeactivateActCtx
lstrcmpW
GetModuleHandleW
GetProcAddress
InterlockedExchange
GetLastError
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
MulDiv
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
WritePrivateProfileStringW
LoadLibraryW
GetPrivateProfileIntW
GetPrivateProfileStringW
LocalFree
GetCommandLineW
GetModuleFileNameW
FreeLibrary
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
GetSystemTime
FindResourceW
LoadResource
LockResource
GetProcessHeap

user32

PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnionRect
CopyImage
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
GetSystemMenu
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
DestroyAcceleratorTable
SetParent
RedrawWindow
SetWindowRgn
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorW
CharUpperW
DestroyIcon
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
EnumDisplayMonitors
SetRectEmpty
RealChildWindowFromPoint
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorW
GetSysColorBrush
MapVirtualKeyW
GetKeyNameTextW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
SetMenuDefaultItem
GetMenuItemInfoW
InflateRect
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
GetDesktopWindow
GetActiveWindow
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
GetWindowRgn
DestroyCursor
SubtractRect
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
PostMessageW
GetWindowTextLengthW
GetWindowTextW
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
CharUpperBuffW
CopyIcon
DestroyMenu
EmptyClipboard
GetFocus
SetFocus
SetWindowPos
GetParent
IsWindowEnabled
ShowWindow
MoveWindow
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
GetWindow
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
SetLayeredWindowAttributes
KillTimer
SetTimer
GetWindowLongW
SetWindowLongW
LoadBitmapW
GetWindowRect
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadMenuW
SendMessageW
LoadIconW
EnableWindow
InvalidateRect

gdi32

CreateRectRgnIndirect
PatBlt
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
CreateHatchBrush
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
Escape
TextOutW
RectVisible
CreateSolidBrush
PtVisible
CreatePen
GetObjectType
SelectObject
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
StretchBlt
DeleteObject
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
SetViewportOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCloseKey
RegEnumKeyExW
RegEnumValueW

shell32

SHAppBarMessage
ShellExecuteW
SHGetFileInfoW
DragFinish
SHBrowseForFolderW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
DragQueryFileW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleInitialize
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
CoRevokeClassObject

oleaut32

SysFreeString
OleCreateFontIndirect
VarBstrFromDate
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocString
SysAllocStringLen
VariantClear

oledlg

OleUIBusyW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rascal.dll
.dll regsvr32 windows:5 windows x86 arch:x86

3ab775ba0a90b1061d87b16168e3eb42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
RaiseException
Sleep
HeapSize
GetModuleHandleW
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
OutputDebugStringW
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
CreateFileW
SetStdHandle
FlushFileBuffers
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
GetVersionExW
DisableThreadLibraryCalls
InitializeCriticalSection
lstrcmpW
lstrcpynW
lstrlenW
lstrlenA
GetPrivateProfileStringW
GetTickCount
GetModuleFileNameW

user32

wsprintfW

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegSetValueW
RegCreateKeyW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoFreeUnusedLibraries
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rascal_Timer.dll
.dll windows:5 windows x86 arch:x86

c401be2214d273cda8122574d21c8e7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\cpp\MyVCR\Release\Rascal_Timer.pdb

Imports

kernel32

SystemTimeToTzSpecificLocalTime
GetSystemTime
GetTickCount
lstrlenW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapAlloc
HeapReAlloc
LoadLibraryW
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
GetDIBits
ExtTextOutW
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
CreateDIBitmap

Exports

Exports

doProcess

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows:5 windows x86 arch:x86

fa71360a27db5b2631489b13abc8e7fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleFileNameW
CopyFileW
LoadLibraryW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
GetLastError
HeapFree
GetFileAttributesW
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
MultiByteToWideChar
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
RtlUnwind
IsProcessorFeaturePresent
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
CompareStringW
SetEnvironmentVariableW
HeapSize
CreateFileW
FlushFileBuffers

user32

MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
help_zh_CN.rtf
.rtf
lang_936.dll
.dll windows:5 windows x86 arch:x86

2e168f9fee36c65804acc85d4752ed9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\cpp\MyVCR\Release\Lang_936.pdb

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
settings.cfg
x264cfg.dat
x264vfw.dll
.dll windows:4 windows x86 arch:x86

7a75eb4212ca74a8c68a158db49fc087

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

GetStockObject
GetTextExtentPoint32A
SelectObject

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateSemaphoreA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileSize
GetLastError
GetLogicalDriveStringsA
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStdHandle
GetSystemPowerStatus
GetThreadContext
GetThreadPriority
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
Heap32First
Heap32ListFirst
Heap32ListNext
Heap32Next
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MoveFileA
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
ResumeThread
SetConsoleMode
SetConsoleTextAttribute
SetEvent
SetLastError
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fstat
_kbhit
_open
_read
_setmode
_stat
_strdup
_stricmp
_strlwr
_strnicmp
_tempnam
_unlink
_write
__dllonexit
__lc_codepage
__mb_cur_max
_assert
_beginthreadex
_endthreadex
_errno
_filbuf
_filelengthi64
_fstati64
_ftime
_iob
_isctype
_lseeki64
_pctype
_setjmp
_stricmp
_strnicmp
abort
acos
asin
atan
atof
atoi
calloc
ceil
cos
cosh
exit
exp
fclose
fflush
fgetc
fgetpos
floor
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getenv
gmtime
localeconv
localtime
log
longjmp
malloc
memcmp
memcpy
memmove
memset
mktime
pow
qsort
rand
realloc
rename
setlocale
sin
sinh
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strpbrk
strrchr
strspn
strstr
strtok
strtol
tan
tanh
time
tmpfile
toupper
vfprintf
vsprintf
wcscpy
wcslen

shell32

ShellExecuteA

user32

BringWindowToTop
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreateWindowExA
DestroyWindow
DialogBoxParamA
EmptyClipboard
EnableWindow
EndDialog
EnumChildWindows
GetClientRect
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetParent
GetWindowLongA
IsDlgButtonChecked
LoadStringA
MapDialogRect
MessageBoxA
MoveWindow
OpenClipboard
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetClipboardData
SetDlgItemInt
SetDlgItemTextA
SetWindowLongA
SetWindowPos
ShowWindow

winmm

DefDriverProc
timeBeginPeriod
timeEndPeriod
timeGetTime

wsock32

WSAGetLastError
WSASetLastError

Exports

Exports

Configure
DriverProc

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3181d0a1a3e3396b9a61112914a92aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 280KB - Virtual size: 280KB

.data Size: 25KB - Virtual size: 55KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

3ab775ba0a90b1061d87b16168e3eb42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 9KB - Virtual size: 8KB

c401be2214d273cda8122574d21c8e7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 3KB

fa71360a27db5b2631489b13abc8e7fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 13KB

.rsrc Size: 159KB - Virtual size: 159KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 280KB - Virtual size: 280KB

.data
Size: 25KB - Virtual size: 55KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 13KB

.rsrc
Size: 159KB - Virtual size: 159KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 4KB - Virtual size: 3KB

.rdata
Size: 147KB - Virtual size: 147KB

.rodata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 90KB

.edata
Size: 512B - Virtual size: 93B

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 57KB - Virtual size: 57KB