39dbbd0b4316a54e5e62ea0543432be9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39dbbd0b4316a54e5e62ea0543432be9_JaffaCakes118
Size

744KB
MD5

39dbbd0b4316a54e5e62ea0543432be9
SHA1

538f8b77a814d42f7d6ef5ac2bdb68bd5c52ed50
SHA256

975303e3c22f4c7f02ce6320e3df30e4496967489c7dd37ed5796b33e946c95c
SHA512

102bf4d322baecfdec0c5e613a93dcc6e78114e5faa6a166b1aa42fa36557c06116620a633392a75af896c97181421785efc702cf484113762287d616236558e
SSDEEP

12288:Sy4thqyJ3beXkdVWkW6i5oi+r2x26Ng7x+iEUJinBKyceohxeFOMHU5xeV:5uEyJLeXkHWToBrSTNg7siT8nBRcJhxi

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
39dbbd0b4316a54e5e62ea0543432be9_JaffaCakes118
unpack001/$PLUGINSDIR/DLLWebCount.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Ischeck.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/SelfDelete.dll
unpack001/$PLUGINSDIR/SetHoldData.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/processes_second.dll
unpack001/DBGOWebtoon.exe
unpack001/DBGOWebtoon_Update.exe
unpack001/uninstall.exe

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_2

Files

39dbbd0b4316a54e5e62ea0543432be9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWebCount.dll
.dll windows:4 windows x86 arch:x86

d01bef609870d68108539ca1b2908320

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord5199
ord561
ord825
ord815
ord1199
ord1247
ord690
ord1988
ord2393
ord800
ord5207
ord860
ord6059
ord389
ord540
ord941
ord823
ord858
ord922
ord6112
ord1176
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord3738
ord4274
ord1243
ord6467
ord1578
ord600
ord826
ord269

msvcrt

_EH_prolog
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CxxFrameHandler

kernel32

LocalFree
lstrcpynA
lstrcpyA
GlobalFree
GlobalAlloc
LocalAlloc

user32

MessageBoxA
wsprintfA

wsock32

WSAStartup
WSACleanup

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetGetConnectedState

Exports

Exports

DLLInstallCheck
DLLWebCount
SocketCount
WebCount
myFunction

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Ischeck.dll
.dll windows:4 windows x86 arch:x86

63a85c96a1f6cd86193f3bc49bfc37dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
RtlUnwind
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
RaiseException
HeapFree
HeapSize
HeapReAlloc
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
GetOEMCP
GetCPInfo
GlobalFlags
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
lstrcmpA
GetVersion
GetModuleFileNameA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
GlobalLock
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThreadId
CloseHandle
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
GetPrivateProfileStringA
GetTempPathA
HeapAlloc
DeleteFileA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

comctl32

ord17

urlmon

URLDownloadToFileA

user32

EnableWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
IsIconic

gdi32

SaveDC
RestoreDC
GetClipBox
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
SetTextColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteObject
GetDeviceCaps
GetObjectA
CreateBitmap
SetBkColor

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

Exports

Exports

ISCHECK
ISCHECK2

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

6a31b40eb314bd7c730293b0af66a1a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
GetOEMCP
GetACP
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA

user32

GetWindow
GetClassNameA
PostMessageA
GetDesktopWindow
FindWindowA

shell32

ShellExecuteA

Exports

Exports

ExPloreCabin
KillExplorer
KillExplorer1
KillIExplorer
KillProc

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SelfDelete.dll
.dll windows:4 windows x86 arch:x86

3d91458bc90a151726bcfdaeff902d08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
free
_onexit
__dllonexit
??1type_info@@UAE@XZ
strrchr
_adjust_fdiv
malloc
_initterm

kernel32

LocalFree
LocalAlloc
CreateFileA
GetModuleFileNameA
lstrcpyA
lstrlenA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
ResumeThread
SetPriorityClass

user32

wsprintfA

shell32

SHChangeNotify

mfc42

ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord1253
ord1255
ord6467
ord1578
ord600
ord269
ord826

Exports

Exports

SelfDelete

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetHoldData.dll
.dll windows:4 windows x86 arch:x86

fac65ab409ffe9f980eec807ae412dc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
RaiseException
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetOEMCP
GetCPInfo
GlobalFlags
GetProcessVersion
GetLastError
SetLastError
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
lstrcmpA
GetVersion
GetModuleFileNameA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
GlobalLock
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetCurrentThreadId
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
lstrcpynA
lstrcpyA
ExitProcess
GlobalFree

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
EnableWindow
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
MessageBoxA
wsprintfA
SetWindowsHookExA
CallNextHookEx
PeekMessageA
RegisterWindowMessageA

comctl32

ord17

gdi32

SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetTextColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
CreateBitmap
SetBkColor

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

SetHoldData
myFunction

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

868edf13b90a019bf9f2593fe0e78d98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiA
lstrlenA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GlobalAlloc
CreateProcessA
GetLastError
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
SetLastError
GetModuleFileNameA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpyA
GetModuleHandleA

user32

SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
CharNextA
DialogBoxParamA
SendMessageW
MessageBoxA
EndDialog
SetWindowLongA
LoadBitmapA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
LoadImageA

gdi32

SetBkMode
GetObjectA
CreateSolidBrush
SetBkColor
SelectObject
SetTextColor
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
TEST
Unload

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/processes_second.dll
.dll windows:4 windows x86 arch:x86

522ca24d77f428ea710f83ca6b5d4867

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Nsis\플러그인\processes\setup-processes\src\Debug\processes.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
OpenProcess
TerminateProcess
GlobalFree
lstrcpyA
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DebugBreak
RaiseException
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
GetCurrentProcess
ExitProcess
GetModuleHandleA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLastError
GetLastError
GetCurrentThread
IsBadWritePtr
IsBadReadPtr
HeapValidate
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
UnhandledExceptionFilter
RtlUnwind
HeapAlloc
GetProcessHeap
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
VirtualQuery
InterlockedExchange
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
FlushFileBuffers
GetTimeZoneInformation
SetEnvironmentVariableA

user32

FindWindowA
UpdateWindow
GetDesktopWindow
wsprintfA

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DBGOWebtoon.exe
.exe windows:4 windows x86 arch:x86

7ecbb964b5a998da78c792dbb8a91c63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3573
ord3626
ord795
ord616
ord656
ord818
ord2414
ord686
ord800
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3721
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord2124
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord5277
ord3402
ord4627
ord860
ord1146
ord1168
ord540
ord384
ord567
ord2135
ord2302
ord2688
ord4284
ord6199
ord2379
ord755
ord470
ord5943
ord3089
ord4476
ord6215
ord2086
ord823
ord1200
ord2642
ord537
ord1641
ord4299
ord6880
ord6907
ord2862
ord2096
ord1979
ord665
ord5186
ord354
ord6385
ord2614
ord2818
ord2393
ord690
ord1988
ord535
ord2764
ord858
ord5572
ord2915
ord5207
ord389
ord6282
ord5710
ord4129
ord2763
ord4277
ord5651
ord3127
ord3616
ord1997
ord2985
ord798
ord5194
ord350
ord533
ord801
ord6883
ord3301
ord541
ord3873
ord5280
ord3874
ord3571
ord3092
ord3693
ord816
ord4133
ord4297
ord5788
ord562
ord2408
ord640
ord2405
ord5785
ord1640
ord323
ord641
ord609
ord5981
ord2574
ord3572
ord2575
ord4396
ord3574
ord556
ord809
ord1793
ord4275
ord6358
ord1088
ord2122
ord2859
ord6197
ord324
ord4234
ord4710
ord6453
ord2864
ord2452
ord3370
ord2582
ord4402
ord3640
ord693
ord559
ord812
ord4243
ord6320
ord6905
ord2639
ord6007
ord5216
ord936
ord932
ord6242
ord6696
ord3293
ord955
ord4400
ord3630
ord682
ord3706
ord2450
ord5678
ord472
ord283
ord5786
ord5736
ord1949
ord4034
ord3797
ord3138
ord2863
ord5440
ord6383
ord5450
ord6394
ord2919
ord3754
ord3753
ord5782
ord6403
ord3870
ord3711
ord783
ord6377
ord2112
ord3663
ord1205
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord1134
ord2621
ord2514
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3302
ord3081
ord4274
ord5465
ord4673
ord1576

msvcrt

_setmbcp
atoi
__CxxFrameHandler
_mbscmp
_mbsstr
_mbschr
strtod
_purecall
memmove
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_CxxThrowException

kernel32

GetModuleHandleA
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedDecrement
GetCommandLineA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
DeleteFileA
CreateMutexA
GetLastError
GetModuleFileNameA
LocalFree
GetStartupInfoA

user32

IsZoomed
SetPropA
SetWindowRgn
CallWindowProcA
GetParent
GetPropA
SystemParametersInfoA
SetTimer
LoadIconA
GetWindowLongA
SetWindowLongA
SetWindowPos
LoadImageA
EnableWindow
IsWindow
EqualRect
CopyRect
OffsetRect
WindowFromPoint
MonitorFromWindow
IsWindowVisible
GetFocus
GetAsyncKeyState
GetKeyState
SetFocus
GetCursorPos
PtInRect
SetCursor
GetWindowRgn
BeginDeferWindowPos
PostMessageA
GetDlgItem
GetWindowRect
LoadBitmapA
LoadCursorA
DeferWindowPos
GetClassNameA
GetMenu
IsMenu
AdjustWindowRectEx
GetWindowTextA
SetClassLongA
GetWindowDC
GetSysColor
GetMonitorInfoA
EndDeferWindowPos
FillRect
KillTimer
DrawTextA
wsprintfA
InvalidateRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
RemovePropA
SendMessageA

gdi32

CreateRectRgn
OffsetRgn
CombineRgn
SetRectRgn
CreateSolidBrush
CreateRectRgnIndirect
CreateFontA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DPtoLP
GetObjectA
CreatePen

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_AddMasked

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
SysAllocStringLen
SysFreeString

urlmon

URLDownloadToFileA

shlwapi

PathRemoveFileSpecA

wininet

InternetCheckConnectionA

msimg32

TransparentBlt

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 496KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DBGOWebtoon_Update.exe
.exe windows:4 windows x86 arch:x86

56017ce1dd10bb52353f552af66d6720

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3626
ord3663
ord641
ord795
ord2414
ord686
ord765
ord609
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3571
ord3619
ord1146
ord1168
ord384
ord567
ord2302
ord1768
ord5943
ord6199
ord858
ord6215
ord4299
ord4160
ord2863
ord2379
ord755
ord470
ord2820
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord926
ord537
ord356
ord535
ord941
ord2642
ord2862
ord2096
ord6805
ord2123
ord6442
ord2116
ord1641
ord4080
ord1988
ord2393
ord5207
ord389
ord1105
ord3089
ord4476
ord860
ord939
ord922
ord924
ord4129
ord2764
ord2818
ord920
ord5933
ord4278
ord3610
ord656
ord4275
ord3398
ord3733
ord810
ord4271
ord2864
ord3303
ord3914
ord6008
ord4000
ord3297
ord3290
ord823
ord1929
ord3573
ord3797
ord1200
ord923
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord6614
ord6691
ord4432
ord6478
ord6514
ord6800
ord4284
ord2233
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord800
ord540
ord3811
ord861
ord690
ord2614
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_setmbcp
_ftol
__CxxFrameHandler
sprintf
atoi
fclose
fopen
_mbscmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
_controlfp

kernel32

ResumeThread
ExpandEnvironmentStringsA
WaitForSingleObject
CreateProcessA
GetCurrentProcessId
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetLastError
CreateMutexA
CreateDirectoryA
GetCommandLineA
Sleep
GetModuleFileNameA
DeleteFileA
OpenMutexA
GetPrivateProfileStringA
lstrlenA
RemoveDirectoryA
Process32Next
GetTempPathA
CreateToolhelp32Snapshot
Process32First

user32

MessageBeep
IsWindowVisible
SetCursor
LoadCursorA
EnableWindow
SetTimer
KillTimer
LoadBitmapA
SetFocus
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
FindWindowA
GetSysColor
GetMessagePos
InvalidateRect
LoadIconA
wsprintfA
ScreenToClient
IsIconic
GetParent
SetWindowLongA

gdi32

CreateSolidBrush
CreateFontA

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

comctl32

ImageList_AddMasked

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

shlwapi

StrFormatByteSizeA
PathRemoveFileSpecA

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/BITMAP/110.bmp
.rsrc/DIALOG/103
.rsrc/DIALOG/104
.rsrc/DIALOG/105
.rsrc/DIALOG/106
.rsrc/DIALOG/111
.rsrc/GROUP_ICON/103
.rsrc/ICON/1.ico
.rsrc/ICON/2.ico
.rsrc/ICON/3.ico
.rsrc/MANIFEST/1
.xml
.text

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 12KB - Virtual size: 11KB

d01bef609870d68108539ca1b2908320

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

wsock32

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 590B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

63a85c96a1f6cd86193f3bc49bfc37dc

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

urlmon

user32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 19KB

.reloc Size: 12KB - Virtual size: 9KB

6a31b40eb314bd7c730293b0af66a1a0

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 590B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 19KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 318B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 18KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 828B

.rsrc
Size: 438KB - Virtual size: 437KB

.reloc
Size: 2KB - Virtual size: 2KB