3691ed558b410f33aef65e622b994fd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3691ed558b410f33aef65e622b994fd1_JaffaCakes118
Size

17.3MB
MD5

3691ed558b410f33aef65e622b994fd1
SHA1

2de6179164048ad7b9c50339a7acf0222faf54cf
SHA256

59a48b61b385be9b597d875920e8fd750e943cb7fac6e80106867aafc9fa02b1
SHA512

9dac8e9eb2dba40e5b76db2f0a9ec6940d1955473896185ac1ef23a949086eca5e31d5abb78ffe7cf5f0d914fd8365c2e5be7f10235a780527fc1b56fa7fe0d7
SSDEEP

393216:G3P5Gaa0anatBHt9HjFW3wFoFiHCj2rIouMpzApugaFsTTZoIgI:G3Pa2BHt9HxVocHCjisMpzA06ZJp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/zwgfsrf.exe	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zwgfsrf.exe
unpack002/out.upx
unpack001/中文规范输入法标准版/936.dll
unpack001/中文规范输入法标准版/Bhhzshow.dll
unpack001/中文规范输入法标准版/R936.exe
unpack001/中文规范输入法标准版/SetupCIM.exe
unpack001/中文规范输入法标准版/bhm.ime
unpack001/中文规范输入法标准版/bsreg.exe
unpack001/中文规范输入法标准版/dm.dll

Files

3691ed558b410f33aef65e622b994fd1_JaffaCakes118
.rar
zwgfsrf.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
中文规范输入法标准版/936.dll
.dll windows:4 windows x86 arch:x86

2013be6d8ab57d6abc7d20d2178d81f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
中文规范输入法标准版/BHM.chm
.chm
中文规范输入法标准版/BHZT.FON
中文规范输入法标准版/Bhhzshow.dll
.dll windows:4 windows x86 arch:x86

39cd5b55a8296190e8e65bcb600ee049

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
GetCommandLineA
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
ExitProcess
WideCharToMultiByte
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
UnmapViewOfFile
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetModuleHandleA
GetProcAddress
SetLastError
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
CloseHandle
CreateFileA
InterlockedIncrement
MapViewOfFile
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetModuleFileNameA
GetEnvironmentStringsW
HeapDestroy
GetStartupInfoA
FreeEnvironmentStringsA
CreateFileMappingA

user32

GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
SetForegroundWindow
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
RegisterWindowMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
ClientToScreen
GetWindow
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
MessageBoxA
GetDlgCtrlID
GetWindowRect
SetWindowTextA

gdi32

CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetPixel
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

comctl32

ord17

Exports

Exports

DrawHz
DrawHzEx
DrawHzStrEx
GbkToNo
GetStrokeNum
GetStrokeNumA
GetWordNum
WordToNo

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
中文规范输入法标准版/Bhm.jm
中文规范输入法标准版/Bhm.msm
中文规范输入法标准版/Bhm.zx
中文规范输入法标准版/Bhm.zxb
中文规范输入法标准版/Bhm.zxf
中文规范输入法标准版/Htkai.fda
中文规范输入法标准版/Htkai.fid
中文规范输入法标准版/Htkai.fsk
中文规范输入法标准版/Htsong.fda
中文规范输入法标准版/Htsong.fid
中文规范输入法标准版/Htsong.fsk
中文规范输入法标准版/Icon.ico
中文规范输入法标准版/License.txt
中文规范输入法标准版/R936.exe
.exe windows:4 windows x86 arch:x86

aab6b0599e97d14e578049513f802815

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
LCMapStringA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
GetTempPathA
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetTempFileNameA
CopyFileA
GetCurrentProcessId
OpenProcess
CreateProcessA
GetVersionExA
GetPrivateProfileIntA
GetLastError
FormatMessageA
GetWindowsDirectoryA
lstrcmpA
GetSystemDirectoryA
lstrcatA
GetFileAttributesA
GetACP
GetPrivateProfileStringA
lstrcmpiA
OpenFileMappingA
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
lstrcpyA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
WaitForSingleObject
CloseHandle
DeleteFileA
RemoveDirectoryA
MultiByteToWideChar
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LCMapStringW

user32

SendDlgItemMessageA
UnloadKeyboardLayout
wsprintfA
GetWindowTextA
DrawTextA
BeginPaint
EndPaint
GetDlgItem
MoveWindow
SendMessageA
EndDialog
ShowWindow
EnableWindow
SetDlgItemTextA
LoadBitmapA
LoadIconA
DialogBoxParamA
MessageBoxA
GetClientRect

gdi32

SelectObject
CreateSolidBrush
RemoveFontResourceA
CreateCompatibleDC
SetStretchBltMode
GetObjectA
StretchBlt
DeleteDC
MoveToEx
LineTo
SetBkMode
PatBlt
SetBkColor
DeleteObject
CreatePen

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ord17
InitCommonControlsEx

imm32

ImmInstallIMEA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
中文规范输入法标准版/SetupCIM.exe
.exe windows:4 windows x86 arch:x86

edac2d5015e73bd58f5379829b1717b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetWindowsDirectoryA
SetFileAttributesA
CopyFileA
WritePrivateProfileStringA
GetPrivateProfileIntA
MultiByteToWideChar
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetCPInfo
RtlUnwind
MoveFileA
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
WriteFile
GetLocalTime
GetModuleHandleA
GetProcAddress
lstrcatA
GetPrivateProfileStringA
lstrcmpiA
CreateDirectoryA
GetSystemDirectoryA
CreateThread
GetACP
GetStringTypeW
LoadLibraryA
GetVersion
GetVersionExA
GetModuleFileNameA
GetFileAttributesA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
GetProcessHeap
HeapAlloc
CloseHandle
FreeLibrary
HeapFree
lstrlenA
VirtualFree
lstrcpyA

user32

GetWindow
GetWindowTextA
IsChild
SetWindowTextA
MoveWindow
DrawTextA
SetWindowLongA
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
SetWindowPos
PostMessageA
FindWindowA
AdjustWindowRect
MessageBoxA
DispatchMessageA
TranslateMessage
IsDialogMessageA
BeginPaint
EndPaint
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
GetMessageA
GetClientRect
SetFocus
GetWindowTextLengthA
GetDlgItemTextA
SendMessageA
DestroyWindow
PostQuitMessage
DefWindowProcA
GetWindowLongA
CreateDialogParamA
CreateWindowExA
IsWindow
GetSystemMenu
RemoveMenu
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
wsprintfA
LoadBitmapA
LoadStringA

gdi32

MoveToEx
DeleteDC
StretchBlt
LineTo
SetStretchBltMode
CreateCompatibleDC
AddFontResourceA
CreatePen
CreateSolidBrush
DeleteObject
SetTextColor
SetBkColor
CreateFontA
PatBlt
GetObjectA
SetBkMode
SelectObject

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoCreateInstance

comctl32

InitCommonControlsEx
ord17

imm32

ImmInstallIMEA

dm

dmQueryInterface

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
中文规范输入法标准版/SetupCIM.ini
中文规范输入法标准版/bhm.ime
.dll windows:4 windows x86 arch:x86

c79e61be1ca1a82b7736f55203db3d41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleHandleA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
VirtualAlloc
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
GetCommandLineA
HeapReAlloc
SetStdHandle
RtlUnwind
FlushFileBuffers
SetHandleCount
CopyFileA
SetFileAttributesA
GlobalAlloc
UnmapViewOfFile
SetFilePointer
SetEndOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcmpA
lstrcpyA
CreateFileA
GetFileSize
GetProcessHeap
HeapAlloc
ReadFile
CloseHandle
lstrlenA
HeapFree
GlobalLock
GlobalUnlock
GlobalFree
GetStdHandle

user32

LoadBitmapA
UnregisterClassA
CallWindowProcA
GetWindowTextA
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetDlgItemTextA
GetMenuItemInfoA
GetMenuStringA
FrameRect
DrawTextA
LoadMenuA
CheckMenuItem
SetMenuItemBitmaps
DestroyMenu
GetMenuItemCount
GetMenuState
GetSubMenu
IsMenu
GetMenuItemID
ModifyMenuA
TrackPopupMenu
SetDlgItemTextA
SetFocus
GetCapture
KillTimer
UpdateWindow
SetTimer
PtInRect
GetMessageTime
SetRect
GetCaretPos
ClientToScreen
CheckDlgButton
GetDlgItem
SendDlgItemMessageA
EnableWindow
EndDialog
IsDlgButtonChecked
GetSystemMetrics
GetClientRect
FillRect
CreateWindowExA
GetDC
BeginPaint
EndPaint
GetCursorPos
ScreenToClient
SetCursor
SetCapture
GetWindowRect
ReleaseDC
ReleaseCapture
MoveWindow
keybd_event
DialogBoxParamA
wsprintfA
MessageBoxA
MessageBeep
GetKeyboardState
GetForegroundWindow
SendMessageA
InvalidateRect
PostMessageA
GetWindowLongA
IsWindow
DestroyWindow
SystemParametersInfoA
SetWindowLongA
LoadCursorA
ShowWindow
DefWindowProcA
RegisterClassExA

gdi32

SetBkMode
SetTextColor
TextOutA
GetObjectA
CreateBitmap
CreateCompatibleBitmap
GetTextExtentPointA
SetMapperFlags
CreateFontA
CreateDCA
PatBlt
MoveToEx
LineTo
GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
CreatePen
CreateSolidBrush
DeleteObject
StretchBlt
SetStretchBltMode
SetBkColor
DeleteDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteA

imm32

ImmShowSoftKeyboard
ImmLockIMC
ImmDestroySoftKeyboard
ImmUnlockIMCC
ImmLockIMCC
ImmSetOpenStatus
ImmReSizeIMCC
ImmGetIMCCSize
ImmGenerateMessage
ImmCreateSoftKeyboard
ImmUnlockIMC

comctl32

ord17
_TrackMouseEvent

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
UIWndProc

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ShareDa
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
中文规范输入法标准版/bhm.zk
中文规范输入法标准版/bsreg.exe
.exe windows:4 windows x86 arch:x86

3d1145c0ccfdc02665e98bdb3f78f524

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
FlushViewOfFile
SetStdHandle
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
VirtualFree
HeapFree
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetSystemDirectoryA
GetLocalTime
lstrcatA
lstrcpynA
lstrcmpiA
GetModuleFileNameA
lstrlenA
CreateMutexA
GetLastError
ReleaseMutex
GetFileAttributesA
CreateFileA
lstrcpyA
GetFileSize
SetFilePointer
ReadFile
GetProcessHeap
HeapAlloc
CloseHandle
HeapCreate
FlushFileBuffers

user32

CallWindowProcA
GetWindowTextA
DrawTextA
SetWindowTextA
InvalidateRect
AdjustWindowRect
MoveWindow
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
SetCursor
GetClientRect
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
LoadCursorA
LoadBitmapA
wsprintfA
MessageBoxA
SetForegroundWindow
IsWindow
FindWindowA
LoadStringA
RegisterClassExA
LoadIconA
SetWindowPos
KillTimer
UpdateWindow
ShowWindow
SetTimer
BeginPaint
EndPaint
PostMessageA
GetDlgItem
SetWindowLongA
SetDlgItemTextA
SendDlgItemMessageA
GetWindowTextLengthA
GetDlgItemTextA
SendMessageA
SetFocus
DestroyWindow
PostQuitMessage
DefWindowProcA
GetWindowLongA
CreateDialogParamA
CreateWindowExA
GetSystemMenu
RemoveMenu

gdi32

CreateSolidBrush
SetBkMode
DeleteDC
GetObjectA
CreatePen
CreateCompatibleDC
LineTo
MoveToEx
StretchBlt
SetBkColor
SetTextColor
CreateFontA
PatBlt
SetStretchBltMode
DeleteObject
SelectObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

wsock32

send
WSAStartup
WSAAsyncGetHostByName
WSACleanup
socket
WSAAsyncSelect
getservbyname
htons
connect
WSAGetLastError
shutdown
recv
closesocket

comctl32

_TrackMouseEvent

dm

dmQueryInterface

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
中文规范输入法标准版/bsreg1.txt
中文规范输入法标准版/dm.dll
.dll windows:4 windows x86 arch:x86

99049a9449d7c4168fe4a46183aea8a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
DisableThreadLibraryCalls
DeviceIoControl
CloseHandle
ReadFile
SetFilePointer
WriteFile
CreateFileA
GetCurrentThreadId
TlsSetValue
GetCommandLineA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
TlsFree
SetLastError
TlsGetValue
TlsAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetLocaleInfoA
GetCPInfo
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetACP
GetOEMCP
HeapReAlloc
InitializeCriticalSection
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize

Exports

Exports

dmQueryInterface

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
中文规范输入法标准版/dm.vxd
中文规范输入法标准版/新云软件.url
.url
中文规范输入法标准版/许可号.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 92KB

UPX1 Size: 45KB - Virtual size: 48KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 73KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 23KB

2013be6d8ab57d6abc7d20d2178d81f1

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

39cd5b55a8296190e8e65bcb600ee049

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 201KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 12KB - Virtual size: 11KB

aab6b0599e97d14e578049513f802815

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

imm32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 17KB

edac2d5015e73bd58f5379829b1717b9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

imm32

dm

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 17KB

UPX0
Size: - Virtual size: 92KB

UPX1
Size: 45KB - Virtual size: 48KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 73KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 201KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 17KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 26KB

.ShareDa
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 332KB - Virtual size: 329KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 24KB - Virtual size: 22KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB