376e1b847a614cf46326aae28dc4ce4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

376e1b847a614cf46326aae28dc4ce4d_JaffaCakes118
Size

483KB
MD5

376e1b847a614cf46326aae28dc4ce4d
SHA1

d68a486dd5b090ee4b218da252b41c63ff013b84
SHA256

a8927d9956c9ed1f6d639fb494d0d6748055e51078e01d10bc24935a45212597
SHA512

8d581ac130105ce0e0e85a0b28da279654f9be961fc38ae55fe5d1f17d40f5a759188ee3be86687a323568ec4f9d89cccfc579fed09a33c1ee768b472370fc0e
SSDEEP

12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2g:yCjeTZa7BTsxewXZUTP2HU2g

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
376e1b847a614cf46326aae28dc4ce4d_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$_5_
unpack001/shfolder.dll
unpack001/wdsr0405.dll
unpack001/wdsr0407.dll
unpack001/windirstat.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

376e1b847a614cf46326aae28dc4ce4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

97318da386948415d08cef4a9006d669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$_5_
.exe windows:4 windows x86 arch:x86

b3e2efb711bd309a22addde2f35c372c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projekte\!cvs\WinDirStat\windirstat\make\windirstat\Release\windirstat.pdb

Imports

kernel32

GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
ExitThread
CreateThread
HeapReAlloc
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
VirtualAlloc
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
LocalFree
HeapAlloc
ExitProcess
HeapFree
RtlUnwind
GetCurrentDirectoryA
FindResourceExA
LocalFileTimeToFileTime
GetShortPathNameA
CreateFileA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
SystemTimeToFileTime
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
VirtualProtect
FindFirstFileA
FileTimeToLocalFileTime
FindNextFileA
FindClose
InterlockedDecrement
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
lstrcmpA
SetLastError
MulDiv
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
SetThreadPriority
GlobalFree
GetFullPathNameA
GetModuleFileNameA
ResumeThread
GetUserDefaultLangID
GetCurrentProcess
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenW
lstrcmpiA
GetVersion
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SearchPathA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetUserDefaultLCID
GetWindowsDirectoryA
GetFileAttributesA
GetProfileIntA
GlobalAlloc
GlobalLock
lstrcpyA
GlobalUnlock
GetDriveTypeA
GetTickCount
GetCurrentThreadId
GetSystemDirectoryA
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetEnvironmentVariableA
GetLogicalDrives
SetErrorMode
GetVolumeInformationA
GetDiskFreeSpaceExA
lstrlenA
CreateProcessA
CloseHandle
FreeResource
GetLastError
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LCMapStringA

user32

GetNextDlgGroupItem
SetWindowContextHelpId
ShowOwnedPopups
GetSystemMenu
IsRectEmpty
SetParent
IsZoomed
MapDialogRect
GetAsyncKeyState
DestroyCursor
SetCursorPos
GetMenuItemInfoA
DestroyMenu
UnpackDDElParam
ReuseDDElParam
SetCursor
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
SetMenu
TranslateAcceleratorA
wsprintfA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuStringA
InsertMenuA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxA
TrackPopupMenuEx
TrackPopupMenu
SetScrollPos
GetScrollPos
GetMenu
PostMessageA
GetMenuItemID
InvalidateRgn
EqualRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
IsWindowVisible
GetKeyState
ValidateRect
SendMessageA
GetWindowRect
GetClientRect
HideCaret
EnableWindow
IsWindow
InflateRect
DrawEdge
ClientToScreen
ScreenToClient
InvalidateRect
GetParent
GetSysColor
OffsetRect
CreateWindowExA
ReleaseDC
GetDC
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMessageA
ReleaseCapture
SetCapture
CopyAcceleratorTableA
CharNextA
DestroyIcon
GetDCEx
WindowFromPoint
FindWindowA
SetRect
GetCapture
LoadStringA
LockWindowUpdate
UnregisterClassA
CharUpperA
RegisterWindowMessageA
SetForegroundWindow
UpdateWindow
BringWindowToTop
DrawFocusRect
GetFocus
LoadBitmapA
CopyRect
SetClipboardData
EmptyClipboard
OpenClipboard
RemoveMenu
GetMenuItemCount
EnableMenuItem
MessageBeep
GetSysColorBrush
AdjustWindowRectEx
RegisterClipboardFormatA
DeleteMenu
SetMenuDefaultItem
GetSubMenu
ModifyMenuA
LoadMenuA
RedrawWindow
GetDesktopWindow
PostQuitMessage
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
PtInRect
SetTimer
KillTimer
RegisterClassA
GetClassInfoA
GetCursorPos
PostThreadMessageA
LoadCursorA
LoadIconA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CloseClipboard
AppendMenuA

gdi32

CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
GetTextExtentPoint32A
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
CreateSolidBrush
CreatePen
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
GetWindowExtEx
GetViewportExtEx
CreateCompatibleBitmap
SelectClipRgn
DeleteObject
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PatBlt
CreateRectRgnIndirect
Ellipse
GetDeviceCaps
Pie
GetPixel
GetObjectA
SetPixel
BitBlt
Rectangle
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseColorA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegOpenKeyA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyA
RegCloseKey

shell32

DragFinish
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHFileOperationA
ExtractIconA
DragQueryFileA
ShellExecuteA
SHBrowseForFolderA
SHGetFileInfoA

comctl32

ImageList_Draw
ImageList_GetIcon
ImageList_SetBkColor
ImageList_AddMasked
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Duplicate
ord8
ord17
ImageList_Destroy
PropertySheetA
DestroyPropertySheetPage
ImageList_ReplaceIcon
CreatePropertySheetPageA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect

Sections

.text
Size: 440KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
shfolder.dll
.dll windows:5 windows x86 arch:x86

a8568b57714f17bea2cb443650a1c951

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDefaultLangID
EnumResourceNamesW
lstrcatA
lstrcpyA
CompareStringW
CreateDirectoryA
CreateDirectoryW
GetLastError
ExpandEnvironmentStringsA
EnumResourceLanguagesW
DisableThreadLibraryCalls
GlobalAlloc
GlobalFree
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
IsBadWritePtr
FindResourceExW
LoadResource
LockResource
GetWindowsDirectoryW
GetWindowsDirectoryA
ExpandEnvironmentStringsW
lstrlenA
lstrlenW
MultiByteToWideChar
GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
lstrcpynW
WideCharToMultiByte

advapi32

SetSecurityDescriptorDacl
SetFileSecurityW
InitializeAcl
GetAce
LookupAccountSidW
AddAccessAllowedAce
RegSetValueExA
RegSetValueExW
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

Exports

Exports

SHGetFolderPathA
SHGetFolderPathW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wdsh0407.chm
.chm
wdsr0405.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wdsr0407.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
windirstat.chm
.chm
windirstat.exe
.exe windows:4 windows x86 arch:x86

7c6d8e50d7c0e8326fce0f8eecb79276

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projekte\!cvs\WinDirStat\windirstat\make\windirstat\UnicodeRelease\windirstat.pdb

Imports

kernel32

GetSystemInfo
VirtualQuery
TerminateProcess
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
VirtualAlloc
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
HeapAlloc
CreateThread
ExitThread
ExitProcess
HeapFree
RtlUnwind
GetStartupInfoW
GetCurrentDirectoryW
FindResourceExW
LocalFileTimeToFileTime
GetShortPathNameW
CreateFileW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetStringTypeExW
DeleteFileW
MoveFileW
SystemTimeToFileTime
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
lstrcmpiW
GetCurrentThread
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
VirtualProtect
FindFirstFileW
FileTimeToLocalFileTime
FindNextFileW
FindClose
GetVersion
GlobalGetAtomNameW
InterlockedDecrement
GetDiskFreeSpaceW
GetTempFileNameW
GetFileTime
SetFileTime
lstrcmpA
SetLastError
MulDiv
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
lstrcatW
lstrcmpW
GetVersionExA
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
SetThreadPriority
GlobalFree
LoadLibraryA
GetFullPathNameW
GetModuleFileNameW
ResumeThread
GetUserDefaultLangID
GetCurrentProcess
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SearchPathW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetUserDefaultLCID
GetWindowsDirectoryW
GetFileAttributesW
WideCharToMultiByte
GetProfileIntW
GlobalAlloc
GlobalLock
lstrcpyW
GlobalUnlock
GetDriveTypeW
GetTickCount
GetCurrentThreadId
GetSystemDirectoryW
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetEnvironmentVariableW
GetLogicalDrives
SetErrorMode
GetVolumeInformationW
GetLocaleInfoW
GetDiskFreeSpaceExW
lstrlenW
CreateProcessW
CloseHandle
FreeResource
GetLastError
lstrcpynW
lstrlenA
FormatMessageW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
LocalFree

user32

GetSysColorBrush
RegisterClipboardFormatW
SetWindowContextHelpId
ShowOwnedPopups
GetSystemMenu
IsRectEmpty
SetParent
IsZoomed
MapDialogRect
GetAsyncKeyState
DestroyCursor
SetCursorPos
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
UnpackDDElParam
ReuseDDElParam
SetCursor
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
SetMenu
TranslateAcceleratorW
wsprintfW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetMenuStringW
InsertMenuW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
WinHelpW
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxW
TrackPopupMenuEx
TrackPopupMenu
SetScrollPos
GetMenu
PostMessageW
GetMenuItemID
AdjustWindowRectEx
EqualRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
IsWindowVisible
GetKeyState
ValidateRect
ReleaseDC
GetDC
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMessageW
ReleaseCapture
SetCapture
GetCapture
LoadStringW
LockWindowUpdate
UnregisterClassW
RegisterWindowMessageW
SetForegroundWindow
UpdateWindow
BringWindowToTop
DrawFocusRect
GetFocus
LoadBitmapW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
DestroyIcon
GetDCEx
WindowFromPoint
FindWindowW
CopyRect
SetClipboardData
EmptyClipboard
OpenClipboard
RemoveMenu
GetMenuItemCount
EnableMenuItem
AppendMenuW
CloseClipboard
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
LoadIconW
LoadCursorW
PostThreadMessageW
GetCursorPos
GetClassInfoW
RegisterClassW
KillTimer
SetTimer
PtInRect
MsgWaitForMultipleObjects
CharUpperW
SetRect
MessageBeep
PeekMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
GetDesktopWindow
RedrawWindow
LoadMenuW
ModifyMenuW
GetSubMenu
SetMenuDefaultItem
DeleteMenu
OffsetRect
GetSysColor
GetParent
InvalidateRect
ScreenToClient
ClientToScreen
DrawEdge
InflateRect
IsWindow
EnableWindow
HideCaret
GetClientRect
GetWindowRect
SendMessageW
GetScrollPos

gdi32

GetMapMode
GetTextExtentPoint32W
StretchDIBits
GetCharWidthW
CreateFontW
GetTextMetricsW
EnumFontFamiliesExW
GetBkColor
GetTextColor
GetRgnBox
CombineRgn
CreateRectRgn
SelectClipRgn
DeleteObject
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetRectRgn
CreateFontIndirectW
CreateSolidBrush
CreatePen
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
CreateCompatibleBitmap
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PatBlt
CreateRectRgnIndirect
Ellipse
GetDeviceCaps
Pie
GetPixel
GetObjectW
SetPixel
BitBlt
Rectangle
CreateCompatibleDC
GetViewportExtEx

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW
ChooseColorW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegSetValueW
RegOpenKeyW
SetFileSecurityW
GetFileSecurityW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyW
RegCloseKey

shell32

DragFinish
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHFileOperationW
ExtractIconW
DragQueryFileW
ShellExecuteW
SHBrowseForFolderW
SHGetFileInfoW

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Draw
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_Duplicate
ord8
ord17
ImageList_Destroy
PropertySheetW
DestroyPropertySheetPage
ImageList_AddMasked
CreatePropertySheetPageW

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97318da386948415d08cef4a9006d669

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 10KB - Virtual size: 9KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

b3e2efb711bd309a22addde2f35c372c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 440KB - Virtual size: 437KB

.rdata Size: 108KB - Virtual size: 104KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 68KB - Virtual size: 65KB

a8568b57714f17bea2cb443650a1c951

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 94B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 344B

Headers

DLL Characteristics

File Characteristics

Sections

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 10KB - Virtual size: 9KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 440KB - Virtual size: 437KB

.rdata
Size: 108KB - Virtual size: 104KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 68KB - Virtual size: 65KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 94B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 344B

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 4KB - Virtual size: 8B

.rsrc
Size: 52KB - Virtual size: 49KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 68KB - Virtual size: 65KB