32dd1fa0e83ed4f813c07fd8db048dd4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32dd1fa0e83ed4f813c07fd8db048dd4_JaffaCakes118
Size

649KB
MD5

32dd1fa0e83ed4f813c07fd8db048dd4
SHA1

ce23124b6ac481a35ef8dd5ce1205c161f7b3b8b
SHA256

40d882d20afebffe595f30847d436971e5ca1353b79020dca0dd7b827ae0466e
SHA512

3b51274bb671cd4cfc5d1675e80000bd8bc4e4775f18a19acb38aad48b1032773071571972fc75a5bb3a850434e2513ab4d32cb84f686c6705557ae23e7fa848
SSDEEP

12288:5uNRB0GliIIkeaXdQRgc0jyApPLwO87HFrfc2vMQxlX4TR87M305:5uPDIFaXdQmc6jKFrdMQTb7M305

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TMSetup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$TEMP/fzh/1.exe
unpack002/TogUtil.dll
unpack002/ToggleMouse.exe
unpack002/uninst.exe

Files

32dd1fa0e83ed4f813c07fd8db048dd4_JaffaCakes118
.rar
TMSetup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

FOX!
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FOX!
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Lasefox
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/fzh/1.exe
.exe windows:5 windows x86 arch:x86

c56a25fa4336eeb10723b3537ba4876d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
LocalAlloc
GetLastError
GetCurrentProcess
GetPrivateProfileIntA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetPrivateProfileStringA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
GetProcAddress
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
LoadLibraryA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
CloseHandle
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
LocalFree
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BlankCursor.cur
TogUtil.dll
.dll windows:4 windows x86 arch:x86

6c3a318eecd9a8f40f2e477564baf950

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetTickCount
lstrcmpA
Sleep
GetPrivateProfileStringA
WinExec
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
LCMapStringW
MultiByteToWideChar
LCMapStringA
InitializeCriticalSection
HeapReAlloc
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
WriteFile
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
ExitProcess
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte

user32

RegisterWindowMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
KillTimer
GetClientRect
MapWindowPoints
GetWindowTextA
GetDesktopWindow
GetForegroundWindow
GetWindow
IsWindowVisible
mouse_event
GetClassNameA
GetDoubleClickTime
keybd_event
GetSystemMetrics
SetCursorPos
ShowCursor
GetKeyboardState
SetWindowsHookExA
ShowWindow
UnhookWindowsHookEx
CallNextHookEx
GetWindowLongA
GetParent
GetCursorPos
WindowFromPoint
ScreenToClient
ChildWindowFromPoint
ClientToScreen
SendMessageA
SetFocus
GetClassLongA
IsZoomed
SystemParametersInfoA
SetForegroundWindow
PostMessageA
GetAsyncKeyState

Exports

Exports

GetRememberedWindow
GetSettings
GetStatistics
PressAndHoldCallBack
SetStatistics
UpdateSettings
_CallWndProc@12
_DllMain@12
_GetMsgProc@12
_InstallHook@8
_JournalPlaybackFunc@12
_KeyboardProc@12
_LeftStillDown@16
_MouseProc@12
_RemoveHook@0

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ToggleMouse.exe
.exe windows:4 windows x86 arch:x86

d343b73b81a31127fc1551a0e4debb68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

joyGetDevCapsA
joyGetPos

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

togutil

GetRememberedWindow
PressAndHoldCallBack
_InstallHook@8
_RemoveHook@0
SetStatistics
GetStatistics
UpdateSettings
GetSettings

kernel32

GetOEMCP
FindResourceExA
GetCurrentDirectoryA
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
ExitProcess
HeapReAlloc
GetCPInfo
SetStdHandle
GetFileType
TerminateProcess
HeapSize
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetFileTime
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
VirtualProtect
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcatA
lstrcmpW
FreeResource
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThreadId
LoadLibraryA
GetModuleFileNameA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
lstrcpyA
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetModuleHandleA
GetProcAddress
InterlockedDecrement
MulDiv
FormatMessageA
LocalFree
GetWindowsDirectoryA
GetSystemDirectoryA
SetLastError
GetFileAttributesA
lstrcpynA
GetPrivateProfileStringA
WinExec
SetUnhandledExceptionFilter
GetCommandLineA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
DeleteFileA
FindFirstFileA
CreateDirectoryA
Sleep
GetTickCount
FindNextFileA
FindClose
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetTopWindow
GetMessageTime
GetMessagePos
TrackPopupMenu
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
GetWindowPlacement
CopyRect
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
GetFocus
SetWindowPos
SetFocus
MoveWindow
SetWindowLongA
GetDlgCtrlID
IsDialogMessageA
IsDlgButtonChecked
SendDlgItemMessageA
GetDlgItem
CheckDlgButton
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
ValidateRect
ClientToScreen
GrayStringA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
PtInRect
DestroyCursor
IsIconic
SetWindowTextA
EnumWindows
GetWindowTextLengthA
GetClassLongA
InvalidateRect
FrameRect
SetWindowRgn
EndPaint
BeginPaint
LoadBitmapA
UpdateWindow
ShowCursor
DrawIcon
LoadImageA
SetForegroundWindow
SetSystemCursor
ExitWindowsEx
DestroyIcon
LoadIconA
LoadMenuA
GetSubMenu
wsprintfA
MessageBoxA
CharUpperA
OffsetRect
GetKeyState
ScreenToClient
ShowOwnedPopups
GetWindow
ChildWindowFromPoint
EnumChildWindows
IsWindowVisible
GetClientRect
MapWindowPoints
LoadCursorA
SetMenuDefaultItem
GetMenuItemInfoA
GetSysColorBrush
FillRect
GetSysColor
DrawIconEx
GetMenuItemCount
AppendMenuA
CreatePopupMenu
ReleaseCapture
EnableWindow
GetDesktopWindow
SetCapture
PostMessageA
MessageBeep
SystemParametersInfoA
SetDoubleClickTime
PeekMessageA
TranslateMessage
DispatchMessageA
keybd_event
SetCursorPos
mouse_event
FindWindowA
IsWindow
ShowWindow
GetDC
ReleaseDC
GetWindowTextA
GetLastActivePopup
GetAsyncKeyState
GetCursorPos
WindowFromPoint
SetCursor
PostQuitMessage
MapDialogRect
DestroyMenu
RegisterWindowMessageA
WinHelpA
GetWindowLongA
GetParent
GetForegroundWindow
GetClassNameA
GetWindowRect
GetSystemMetrics
SendMessageA
KillTimer
SetTimer
GetCapture
CreateWindowExA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
DrawTextExA

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreatePen
CreateFontIndirectA
SetViewportExtEx
EnumFontFamiliesExA
GetClipBox
SetMapMode
SetROP2
SetBkColor
RestoreDC
SaveDC
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
DeleteObject
DeleteDC
CreateDIBitmap
SelectObject
SelectPalette
BitBlt
DPtoLP
GetMapMode
RealizePalette
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
GetObjectA
CreatePalette
CreateSolidBrush
CreatePolygonRgn
Ellipse
GetTextExtentPoint32A
GetStockObject
SetBkMode
SetTextColor
TextOutA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegOpenKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueExA

shell32

SHGetFileInfoA
SHGetDesktopFolder
Shell_NotifyIconA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_LoadImageA
ImageList_ReplaceIcon

shlwapi

PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA

oleaut32

SystemTimeToVariantTime
VariantInit
VariantChangeType
VariantClear
VarUdateFromDate

Sections

.text
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JGLong
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ToggleMouse.hlp
Trivia.txt
cursor00/Busy.cur
cursor00/Hourglass.cur
cursor00/SizeEW.cur
cursor00/SizeNESW.cur
cursor00/SizeNS.cur
cursor00/SizeNWSE.cur
cursor00/Text.cur
cursor00/arrow.cur
cursor00/descrip.tm
cursor01/Busy.cur
cursor01/Hourglass.cur
cursor01/SizeEW.cur
cursor01/SizeNESW.cur
cursor01/SizeNS.cur
cursor01/SizeNWSE.cur
cursor01/Text.cur
cursor01/arrow.cur
cursor01/descrip.tm
cursor02/Busy.cur
cursor02/Hourglass.cur
cursor02/SizeEW.cur
cursor02/SizeNESW.cur
cursor02/SizeNS.cur
cursor02/SizeNWSE.cur
cursor02/Text.cur
cursor02/arrow.cur
cursor02/descrip.tm
cursor03/Arrow.cur
cursor03/Busy.cur
cursor03/Hourglass.cur
cursor03/SizeEW.cur
cursor03/SizeNESW.cur
cursor03/SizeNS.cur
cursor03/SizeNWSE.cur
cursor03/Text.cur
cursor03/descrip.tm
cursor04/Busy.ani
cursor04/Hourglass.ani
cursor04/SizeEW.cur
cursor04/SizeNESW.cur
cursor04/SizeNS.cur
cursor04/SizeNWSE.cur
cursor04/Text.cur
cursor04/arrow.cur
cursor04/descrip.tm
cursor05/Busy.ani
cursor05/Hourglass.ani
cursor05/SizeEW.ani
cursor05/SizeNESW.ani
cursor05/SizeNS.ani
cursor05/SizeNWSE.ani
cursor05/Text.cur
cursor05/arrow.cur
cursor05/descrip.tm
cursor06/Busy.cur
cursor06/Hourglass.cur
cursor06/SizeEW.cur
cursor06/Text.cur
cursor06/arrow.cur
cursor06/descrip.tm
cursor06/sizenesw.cur
cursor06/sizens.cur
cursor06/sizenwse.cur
cursor07/Busy.cur
cursor07/Hourglass.ani
cursor07/SizeEW.cur
cursor07/SizeNESW.cur
cursor07/SizeNS.cur
cursor07/SizeNWSE.cur
cursor07/Text.cur
cursor07/arrow.cur
cursor07/descrip.tm
cursor08/Busy.ani
cursor08/Hourglass.ani
cursor08/SizeEW.cur
cursor08/SizeNESW.cur
cursor08/SizeNS.cur
cursor08/SizeNWSE.cur
cursor08/Text.cur
cursor08/arrow.cur
cursor08/descrip.tm
cursor09/AIRPLANE.CUR
cursor09/Coffee Pointer.cur
cursor09/Eight Ball.cur
cursor09/Fast Color Cycle.cur
cursor09/Ink Pen.cur
cursor09/Light Bulb Pointer.cur
cursor09/Magic Wand.cur
cursor09/Medium Blinker.cur
cursor09/Pointing Hand.cur
cursor09/Rainbow.cur
cursor09/Red Pointer.cur
cursor09/Rocket Cursor.cur
cursor09/Rocket.cur
cursor09/Shadow Cursor.cur
cursor09/Skull.cur
cursor09/Slow Blinker.cur
cursor09/Slow Color Cycle.cur
cursor09/Standard Cursor.cur
cursor09/Sword.cur
cursor09/Wagger.cur
cursor09/Yellow Pointer.cur
cursor09/descrip.tm
cursor10/Binary.cur
cursor10/Blinking Lights.cur
cursor10/Bubbles.cur
cursor10/Christmas Tree.cur
cursor10/Circling Spheres.cur
cursor10/Coffee Mug.cur
cursor10/Color Wheel.cur
cursor10/Computer Shutdown.cur
cursor10/Counting.cur
cursor10/Desert.cur
cursor10/Eight Ball.cur
cursor10/Flying Saucer.cur
cursor10/Hammering 1.cur
cursor10/Hammering 2.cur
cursor10/Letter Block.cur
cursor10/Light Bulb.cur
cursor10/Light Panel.cur
cursor10/LoopAndBall.cur
cursor10/Magic Square.cur
cursor10/Pirate Swords.cur
cursor10/Pumpkin.cur
cursor10/Shifting Hourglass.cur
cursor10/Show Time.cur
cursor10/Skull Eyes.ani
cursor10/Smiley Face.cur
cursor10/Spinning Heart.cur
cursor10/Spinning X.cur
cursor10/Standard Hourglass.cur
cursor10/Stick Man.cur
cursor10/Stop Watch.cur
cursor10/TV Noise.cur
cursor10/Three Computers.cur
cursor10/Two Computers.cur
cursor10/Two Swords.cur
cursor10/descrip.tm
cursor11/Bubbles.cur
cursor11/BusyBlueSpheres.cur
cursor11/BusyCirclingSpheres.cur
cursor11/Color Bar.cur
cursor11/Counting.cur
cursor11/Oval.ani
cursor11/Rainbow.cur
cursor11/Rocket Cursor.cur
cursor11/Scrolling Numbers.cur
cursor11/Scrolling Spheres.cur
cursor11/Spinning X.cur
cursor11/Standard Busy.cur
cursor11/Timer.cur
cursor11/descrip.tm
cursor12/Black Pointer.cur
cursor12/Extra-Large Black.cur
cursor12/Extra-Large White.cur
cursor12/Large Black.cur
cursor12/Large White.cur
cursor12/Medium Black.cur
cursor12/Medium White.cur
cursor12/Striped Arrow.cur
cursor12/White Pointer.cur
cursor12/descrip.tm
cursor13/Extra-Large Black.cur
cursor13/Extra-Large White.cur
cursor13/Large Black.cur
cursor13/Large White.cur
cursor13/Medium Black.cur
cursor13/Medium White.cur
cursor13/Shadow Cursor.cur
cursor13/Standard Cursor.cur
cursor13/White Pointer.cur
cursor13/descrip.tm
cursor14/Shadowed.cur
cursor14/Square Ended.cur
cursor14/Textsel.ani
cursor14/Textsel1.cur
cursor14/Textsel2.cur
cursor14/Textsel3.cur
cursor14/Three D.cur
cursor14/descrip.tm
cursor15/Busy.cur
cursor15/Busy2.cur
cursor15/Hourglass.cur
cursor15/Hourglass2.cur
cursor15/SizeEW.cur
cursor15/SizeEW2.cur
cursor15/SizeNESW.cur
cursor15/SizeNESW2.cur
cursor15/SizeNS.cur
cursor15/SizeNS2.cur
cursor15/SizeNWSE.cur
cursor15/SizeNWSE2.cur
cursor15/Text.cur
cursor15/arrow.cur
cursor15/descrip.tm
cursor16/Busy.cur
cursor16/SizeEW.cur
cursor16/SizeNESW.cur
cursor16/SizeNS.cur
cursor16/SizeNWSE.cur
cursor16/SizeWE.cur
cursor16/arrow.cur
cursor16/descrip.tm
cursor16/hourglass.cur
cursor16/text.cur
cursor17/Arrow.cur
cursor17/Busy.cur
cursor17/Hourglass.cur
cursor17/SizeEW.cur
cursor17/SizeNESW.cur
cursor17/SizeNS.cur
cursor17/SizeNWSE.cur
cursor17/SizeWE.cur
cursor17/Text.cur
cursor17/descrip.tm
cursor18/Arrow.cur
cursor18/Busy.cur
cursor18/Hourglass.cur
cursor18/SizeEW.cur
cursor18/SizeNESW.cur
cursor18/SizeNS.cur
cursor18/SizeNWSE.cur
cursor18/SizeWE.cur
cursor18/Text.cur
cursor18/descrip.tm
cursor19/Busy.cur
cursor19/Hourglass.cur
cursor19/SizeEW.cur
cursor19/SizeNESW.cur
cursor19/SizeNS.cur
cursor19/SizeNWSE.cur
cursor19/Text.cur
cursor19/arrow.cur
cursor19/descrip.tm
cursor20/Busy.cur
cursor20/Hourglass.cur
cursor20/SizeEW.cur
cursor20/SizeNESW.cur
cursor20/SizeNS.cur
cursor20/SizeNWSE.cur
cursor20/Text.cur
cursor20/arrow.cur
cursor20/descrip.tm
cursor21/Busy.cur
cursor21/Hourglass.cur
cursor21/SizeEW.cur
cursor21/SizeNESW.cur
cursor21/SizeNS.cur
cursor21/SizeNWSE.cur
cursor21/Text.cur
cursor21/arrow.cur
cursor21/descrip.tm
cursor22/Busy.cur
cursor22/Hourglass.cur
cursor22/SizeEW.cur
cursor22/SizeNESW.cur
cursor22/SizeNS.cur
cursor22/SizeNWSE.cur
cursor22/Text.cur
cursor22/arrow.cur
cursor22/descrip.tm
cursor23/Arrow.cur
cursor23/Busy.cur
cursor23/Hourglass.cur
cursor23/SizeEW.cur
cursor23/SizeNESW.cur
cursor23/SizeNS.cur
cursor23/SizeNWSE.cur
cursor23/Text.cur
cursor23/descrip.tm
uninst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

FOX!
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FOX!
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Lasefox
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Blog.url
˵.txt
.rtf
.rtf
snap1.jpg
.jpg
下载说明.htm
.html .js polyglot
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

FOX! Size: - Virtual size: 572KB

FOX! Size: 19KB - Virtual size: 20KB

Lasefox Size: 2KB - Virtual size: 4KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

c56a25fa4336eeb10723b3537ba4876d

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 224KB - Virtual size: 228KB

6c3a318eecd9a8f40f2e477564baf950

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 5KB

.sdata Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

d343b73b81a31127fc1551a0e4debb68

Headers

File Characteristics

Imports

winmm

version

togutil

kernel32

FOX!
Size: - Virtual size: 572KB

FOX!
Size: 19KB - Virtual size: 20KB

Lasefox
Size: 2KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 228KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 5KB

.sdata
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 248KB - Virtual size: 246KB

.rdata
Size: 96KB - Virtual size: 93KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 524KB - Virtual size: 521KB

.JGLong
Size: 1KB - Virtual size: 4KB

FOX!
Size: - Virtual size: 572KB

FOX!
Size: 19KB - Virtual size: 20KB

Lasefox
Size: 2KB - Virtual size: 4KB