3c078e3c3cbf809b35df990193e93cab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c078e3c3cbf809b35df990193e93cab_JaffaCakes118
Size

1.1MB
MD5

3c078e3c3cbf809b35df990193e93cab
SHA1

90b95ef2adf1210e3ac92b735688399e1ab91930
SHA256

545d8048d51dc399611295fa842c8b0695eee9cd213e9b523a3c654b2f7651be
SHA512

e80a3bb2cc4d63e80c2918a3f73a24b2e2bf4bf41e6462100b53cc143105e7b0534f47f7acd31510b650d34d20ce6798665eaca8cec55bb29b5de2a8bf5c0255
SSDEEP

24576:bDNnuB4rghdgXqUBeHSx85qsnCppF6jFwEC:bcB4rKO/2Se5qsYP66EC

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/DWLib.dll	aspack_v212_v242

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
3c078e3c3cbf809b35df990193e93cab_JaffaCakes118
unpack001/$PLUGINSDIR/DLLWaitForKillProgram.dll
unpack001/$PLUGINSDIR/DLLWebCount.dll
unpack001/$PLUGINSDIR/IPCheckMfc.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/DWLib.dll
unpack001/bass.dll
unpack001/onmuz.exe
unpack001/onmuzupdate.exe
unpack001/uninstall.exe
unpack002/$PLUGINSDIR/DLLWebCount.dll
unpack002/$PLUGINSDIR/FRNDelete.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_1

Files

3c078e3c3cbf809b35df990193e93cab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWaitForKillProgram.dll
.dll windows:4 windows x86 arch:x86

2e92645153848ef99816d61ac6e2a921

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalFree
lstrcpyA
LocalFree
LocalAlloc

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord6375
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1243
ord6467
ord4274
ord2982
ord269
ord826
ord600
ord1578

msvcrt

_strupr
toupper
??1type_info@@UAE@XZ
_onexit
__dllonexit
_EH_prolog
__CxxFrameHandler

user32

wsprintfA
MessageBoxA

Exports

Exports

DLLWaitForKillProcess
myFunction

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWebCount.dll
.dll windows:4 windows x86 arch:x86

324e87a129b7b2af320238c8ab284874

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord2512
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1199
ord1247
ord690
ord2393
ord800
ord5207
ord860
ord389
ord540
ord1176
ord1243
ord2554
ord4486
ord6375
ord3825
ord4274
ord269
ord826
ord600
ord1578
ord6467

msvcrt

__CxxFrameHandler
_EH_prolog
??1type_info@@UAE@XZ
_onexit
__dllonexit

kernel32

LocalFree
lstrcpyA
GlobalFree
LocalAlloc

user32

wsprintfA
MessageBoxA

Exports

Exports

DLLWebCount
myFunction

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IPCheckMfc.dll
.dll windows:4 windows x86 arch:x86

21a57532e154ea21f11850b4480a4b88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

mfc42

ord1577
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord1168
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord1116
ord815
ord3953
ord800
ord4129
ord5683
ord2818
ord540
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord1575
ord1176
ord2976
ord825
ord269

msvcrt

__dllonexit
__CxxFrameHandler
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
??2@YAPAXI@Z
_mbscmp

kernel32

LocalFree
lstrcpyA
LocalAlloc

user32

wsprintfA

Exports

Exports

IPCheck

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
MapWindowPoints
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
CreateWindowExA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
DWLib.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllClose
DllInit
IsDoing
SearchDataClear
SearchInfo
SearchList

Sections

Size: 176KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 19KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetEAXMix
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelPreBuf
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetFlags
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetAttribute
BASS_MusicGetName
BASS_MusicGetOrderPosition
BASS_MusicGetOrders
BASS_MusicLoad
BASS_MusicSetAttribute
BASS_Pause
BASS_PluginFree
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetTags
BASS_Update
_

Sections

Size: 85KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
image/Thumbs.db
image/btn_ question_default.bmp
image/btn_ question_down.bmp
image/btn_ question_over.bmp
image/btn_blog_default.bmp
image/btn_blog_down.bmp
image/btn_blog_over.bmp
image/btn_list_allcancel.bmp
image/btn_list_allcancel_down.bmp
image/btn_list_allcancel_over.bmp
image/btn_list_allcheck_default.bmp
image/btn_list_allcheck_down.bmp
image/btn_list_allcheck_over.bmp
image/btn_list_down_default.bmp
image/btn_list_down_down.bmp
image/btn_list_down_over.bmp
image/btn_list_minus.bmp
image/btn_list_minus_down.bmp
image/btn_list_minus_over.bmp
image/btn_list_plus.bmp
image/btn_list_plus_down.bmp
image/btn_list_plus_over.bmp
image/btn_list_up_default.bmp
image/btn_list_up_down.bmp
image/btn_list_up_over.bmp
image/btn_searchresult_default.bmp
image/btn_searchresult_down.bmp
image/btn_searchresult_over.bmp
image/btn_words_default.bmp
image/btn_words_down.bmp
image/btn_words_over.bmp
image/button_search_default.bmp
image/button_search_down.bmp
image/button_search_over.bmp
image/lcd_big_number_0.bmp
image/lcd_big_number_1.bmp
image/lcd_big_number_2.bmp
image/lcd_big_number_3.bmp
image/lcd_big_number_4.bmp
image/lcd_big_number_5.bmp
image/lcd_big_number_6.bmp
image/lcd_big_number_7.bmp
image/lcd_big_number_8.bmp
image/lcd_big_number_9.bmp
image/lcd_big_number_small_0.bmp
image/lcd_big_number_small_1.bmp
image/lcd_big_number_small_2.bmp
image/lcd_big_number_small_3.bmp
image/lcd_big_number_small_4.bmp
image/lcd_big_number_small_5.bmp
image/lcd_big_number_small_6.bmp
image/lcd_big_number_small_7.bmp
image/lcd_big_number_small_8.bmp
image/lcd_big_number_small_9.bmp
image/lcd_btn_1repet_default.bmp
image/lcd_btn_1repet_down.bmp
image/lcd_btn_1repet_over.bmp
image/lcd_btn_repeat_default.bmp
image/lcd_btn_repeat_down.bmp
image/lcd_btn_repeat_over.bmp
image/lcd_btn_shuffle_off_default.bmp
image/lcd_btn_shuffle_off_down.bmp
image/lcd_btn_shuffle_off_over.bmp
image/lcd_btn_shuffle_on_default.bmp
image/lcd_btn_shuffle_on_down.bmp
image/lcd_btn_shuffle_on_over.bmp
image/lcd_btn_unlimit_default.bmp
image/lcd_btn_unlimit_down.bmp
image/lcd_btn_unlimit_over.bmp
image/lcd_icon_spec.bmp
image/lcd_spec_ground.bmp
image/line01_center_dot.bmp
image/line01_left.bmp
image/line01_right.bmp
image/line02_center_dot.bmp
image/line02_left.bmp
image/line02_right.bmp
image/line03_center_dot.bmp
image/line03_left.bmp
image/line03_right.bmp
image/line04_center_dot.bmp
image/line04_left.bmp
image/line04_right.bmp
image/line05_center_dot.bmp
image/line05_centerlist_dot.bmp
image/line05_left.bmp
image/line05_left_dot.bmp
image/line05_right.bmp
image/line05_right_dot.bmp
image/list_btn_next_default.bmp
image/list_btn_next_down.bmp
image/list_btn_next_unable.bmp
image/list_btn_prev_default.bmp
image/list_btn_prev_down.bmp
image/list_btn_prev_unable.bmp
image/list_subject_bar_girth.bmp
image/list_subject_dot.bmp
image/list_subject_dot_over.bmp
image/list_tap_bg_dot.bmp
image/list_tap_btn_close.bmp
image/list_tap_btn_close_dow.bmp
image/list_tap_btn_close_over.bmp
image/list_tap_btn_next_default.bmp
image/list_tap_btn_next_down.bmp
image/list_tap_btn_next_over.bmp
image/list_tap_btn_next_unable.bmp
image/list_tap_btn_prev_default.bmp
image/list_tap_btn_prev_over.bmp
image/list_tap_btn_prev_unable.bmp
image/list_tap_btn_priv_down.bmp
image/list_tap_center_dot.bmp
image/list_tap_down_center_dot.bmp
image/list_tap_down_left.bmp
image/list_tap_down_right.bmp
image/list_tap_left.bmp
image/list_tap_over_center_dot.bmp
image/list_tap_over_left.bmp
image/list_tap_over_right.bmp
image/list_tap_right.bmp
image/listskin/Thumbs.db
image/listskin/list_bg_hor.bmp
image/listskin/list_bg_ver.bmp
image/listskin/list_btbottom.bmp
image/listskin/list_btbottom_center.bmp
image/listskin/list_btbottom_center_left.bmp
image/listskin/list_btbottom_center_pixel.bmp
image/listskin/list_btbottom_center_right.bmp
image/listskin/list_btbottom_left.bmp
image/listskin/list_btbottom_right.bmp
image/listskin/list_btcenter.bmp
image/listskin/list_btcenter_bottom.bmp
image/listskin/list_btcenter_pixel.bmp
image/listskin/list_btcenter_top.bmp
image/listskin/list_bttop.bmp
image/listskin/list_checkbox_allcancel.bmp
image/listskin/list_checkbox_allcheck.bmp
image/listskin/list_checkbox_allcheck_mymusic.bmp
image/listskin/list_checkbox_no.bmp
image/listskin/list_checkbox_title_allcancel.bmp
image/listskin/list_checkbox_title_allcheck.bmp
image/listskin/list_subject_bg.bmp
image/listskin/list_subject_bg2.bmp
image/listskin/list_subject_bg_over.bmp
image/logo_default.bmp
image/logo_over.bmp
image/player_bt_volumeLine_minus.bmp
image/player_bt_volumeLine_minus_down.bmp
image/player_bt_volumeLine_minus_over.bmp
image/player_bt_volumeLine_plus.bmp
image/player_bt_volumeLine_plus_down.bmp
image/player_bt_volumeLine_plus_over.bmp
image/player_btback_default.bmp
image/player_btback_down.bmp
image/player_btback_over.bmp
image/player_btclose_default.bmp
image/player_btclose_down.bmp
image/player_btclose_over.bmp
image/player_btff_default.bmp
image/player_btff_down.bmp
image/player_btff_over.bmp
image/player_btmini_default.bmp
image/player_btmini_down.bmp
image/player_btmini_over.bmp
image/player_btopen_default.bmp
image/player_btopen_down.bmp
image/player_btopen_over.bmp
image/player_btplay_default.bmp
image/player_btplay_down.bmp
image/player_btplay_over.bmp
image/player_btreduction_default.bmp
image/player_btreduction_down.bmp
image/player_btreduction_over.bmp
image/player_btsound_Off_default.bmp
image/player_btsound_Off_down.bmp
image/player_btsound_Off_over.bmp
image/player_btsound_On_default.bmp
image/player_btsound_On_down.bmp
image/player_btsound_On_over.bmp
image/player_btstop_default.bmp
image/player_btstop_down.bmp
image/player_btstop_over.bmp
image/player_btwait_default.bmp
image/player_btwait_down.bmp
image/player_btwait_over.bmp
image/player_image_timeLine_botton.bmp
image/player_image_timeLine_empty.bmp
image/player_image_timeLine_full.bmp
image/player_image_timeLine_left.bmp
image/player_image_timeLine_right.bmp
image/player_image_volumeLine.bmp
image/player_image_volumeLine_full.BMP
image/player_image_volumeLine_left.bmp
image/player_image_volumeLine_right.BMP
onmuz.exe
.exe windows:4 windows x86 arch:x86

1985a1900211cc54dd3dc3855430ab12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA

bass

BASS_RecordStart
BASS_ChannelGetData
BASS_RecordInit

mfc42

ord2648
ord2055
ord6376
ord3748
ord5065
ord1725
ord2446
ord6614
ord5277
ord2982
ord3147
ord3259
ord4465
ord6691
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4432
ord6478
ord825
ord6514
ord6800
ord800
ord858
ord6710
ord5260
ord1233
ord755
ord470
ord5281
ord6858
ord860
ord540
ord4284
ord2233
ord2818
ord2864
ord4299
ord6671
ord2411
ord2023
ord4218
ord2578
ord6055
ord4398
ord5241
ord3749
ord1727
ord5261
ord2124
ord3136
ord4424
ord6740
ord567
ord6502
ord4275
ord6784
ord5290
ord3317
ord6649
ord926
ord4129
ord537
ord3402
ord3721
ord6197
ord6379
ord2116
ord1168
ord2379
ord795
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord324
ord2370
ord2302
ord4234
ord4710
ord3571
ord3619
ord3573
ord3693
ord640
ord801
ord2847
ord323
ord541
ord3626
ord3663
ord2405
ord2414
ord2093
ord535
ord1641
ord4133
ord4297
ord5788
ord5787
ord5875
ord5785
ord1640
ord6880
ord2859
ord3988
ord6781
ord1146
ord924
ord6215
ord2453
ord4720
ord5608
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord613
ord2096
ord384
ord2753
ord289
ord4400
ord3630
ord682
ord2971
ord5759
ord6192
ord4441
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6172
ord2380
ord5789
ord2754
ord1768
ord2086
ord6453
ord941
ord940
ord2614
ord2546
ord291
ord6612
ord6805
ord816
ord6119
ord6605
ord562
ord3874
ord6199
ord5683
ord1576
ord2575
ord4396
ord3574
ord809
ord609
ord656
ord556
ord2122
ord2915
ord1088
ord5981
ord6334
ord922
ord6663
ord2764
ord861
ord6699
ord5575
ord4033
ord433
ord1572
ord2065
ord668
ord3178
ord4058
ord2781
ord2770
ord5710
ord356
ord5440
ord6383
ord5450
ord6394
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord1199
ord1247
ord4160
ord690
ord1988
ord2393
ord5207
ord389
ord2820
ord3811
ord2301
ord4476
ord1200
ord1871
ord3089
ord4347
ord4340
ord5076
ord6817
ord4892
ord4370
ord4899
ord4588
ord4589
ord6835
ord6808
ord6856
ord6845
ord6812
ord6815
ord6816
ord6846
ord6839
ord6814
ord6847
ord6867
ord6859
ord6832
ord6855
ord6823
ord6857
ord6807
ord6591
ord6650
ord6597
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5240
ord4407
ord1776
ord4078
ord6054
ord4108
ord4960
ord4963
ord4524
ord4529
ord4526
ord4543
ord4545
ord4531
ord823
ord5756
ord4889
ord6143
ord3610

msvcrt

srand
_setmbcp
_itoa
_CxxThrowException
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
__CxxFrameHandler
_mbscmp
sprintf
_mbsicmp
_ftol
atoi
exit
_XcptFilter
_exit
rand
_controlfp
time
_CIpow
memmove
getchar
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ

kernel32

LocalFree
GetStartupInfoA
GetModuleHandleA
GetVersion
FreeLibrary
LoadLibraryA
GetProcAddress
Sleep
MultiByteToWideChar
CreateMutexA
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetPrivateProfileStringA
DeleteFileA
GetModuleFileNameA
lstrlenA

user32

EnumWindows
EnumDisplayMonitors
GetSystemMetrics
SetWindowRgn
SetForegroundWindow
GetSystemMenu
TrackPopupMenu
SetMenuDefaultItem
GetParent
GetKeyState
EnableWindow
SendMessageA
PostMessageA
AppendMenuA
GetMonitorInfoA
GetWindowTextA
GetClassNameA
GetMessageA
TranslateMessage
DispatchMessageA
GetDlgItem
LoadBitmapA
GetMenuItemCount
GetMenuItemID
CopyRect
GrayStringA
DrawTextA
TabbedTextOutA
GetAsyncKeyState
LoadMenuA
GetSubMenu
ClientToScreen
SetCursor
ScreenToClient
InvalidateRect
ReleaseCapture
WindowFromPoint
SetTimer
PtInRect
GetCursorPos
GetDesktopWindow
SetCapture
TranslateAcceleratorA
LoadCursorA
GetDC
GetWindowRect
FillRect
ReleaseDC
LoadImageA
GetClientRect
SetWindowPos
SystemParametersInfoA
GetWindowLongA
SetWindowLongA
LoadAcceleratorsA
KillTimer
SetRect
IsWindow
LoadIconA

gdi32

GetStockObject
GetDIBits
GetDeviceCaps
CreateRoundRectRgn
DeleteDC
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
CreateFontA
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
BitBlt
Rectangle
SelectObject
CreatePen

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragMove
ImageList_DragLeave

ole32

CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
onmuzupdate.exe
.exe windows:4 windows x86 arch:x86

5fc8abba415b24db671c7abe88f672b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrFormatByteSizeA
PathRemoveFileSpecA

mfc42

ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3698
ord3571
ord765
ord860
ord567
ord825
ord3663
ord3626
ord2414
ord4275
ord4284
ord941
ord2818
ord3573
ord3693
ord755
ord640
ord2405
ord5678
ord6172
ord5875
ord5788
ord2380
ord5787
ord5785
ord1641
ord5736
ord1640
ord323
ord470
ord1146
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord2982
ord641
ord609
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord4234
ord2575
ord4396
ord3574
ord1168
ord2302
ord1768
ord1576
ord4287
ord6215
ord4299
ord6241
ord2096
ord384
ord823
ord6199
ord4160
ord2863
ord537
ord2820
ord535
ord2379
ord2408
ord6453
ord4476
ord2862
ord3301
ord6907
ord858
ord3619
ord5789
ord922
ord924
ord926
ord668
ord4129
ord5683
ord3181
ord1980
ord4058
ord2781
ord2770
ord5710
ord356
ord6663
ord690
ord1988
ord2393
ord5207
ord389
ord2582
ord4402
ord3640
ord693
ord4243
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord800
ord540
ord3811
ord861
ord2614
ord815
ord1105

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_setmbcp
_itoa
_ftol
__CxxFrameHandler
atoi
sprintf
_mbscmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

kernel32

GetStartupInfoA
GetModuleHandleA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
ResumeThread
GetLastError
CreateMutexA
Sleep
lstrlenA
GetModuleFileNameA
GetTempPathA
GetPrivateProfileStringA

user32

InvalidateRect
IsIconic
GetSystemMetrics
DrawIcon
GetWindowRect
AppendMenuA
LoadIconA
EnableWindow
LoadBitmapA
GetClientRect
PtInRect
SetTimer
KillTimer
GetSystemMenu
wsprintfA
SendMessageA

gdi32

SelectObject
PatBlt
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
CreatePen
BitBlt
Rectangle

advapi32

RegCloseKey
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ImageList_ReplaceIcon

urlmon

URLDownloadToFileA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWebCount.dll
.dll windows:4 windows x86 arch:x86

324e87a129b7b2af320238c8ab284874

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord2512
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1199
ord1247
ord690
ord2393
ord800
ord5207
ord860
ord389
ord540
ord1176
ord1243
ord2554
ord4486
ord6375
ord3825
ord4274
ord269
ord826
ord600
ord1578
ord6467

msvcrt

__CxxFrameHandler
_EH_prolog
??1type_info@@UAE@XZ
_onexit
__dllonexit

kernel32

LocalFree
lstrcpyA
GlobalFree
LocalAlloc

user32

wsprintfA
MessageBoxA

Exports

Exports

DLLWebCount
myFunction

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FRNDelete.dll
.dll windows:4 windows x86 arch:x86

eacc283400b4c9fd7e2c19bddba71711

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1243
ord1197
ord1570
ord342
ord1255
ord6467
ord1182
ord1577
ord1168
ord1575
ord1176
ord800
ord540
ord860
ord5710
ord858
ord4129
ord537
ord1253
ord1578
ord600
ord269
ord826
ord1116

msvcrt

_mbscmp
_onexit
__dllonexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
_initterm
free
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalAlloc
LocalFree
GlobalFree
FindFirstFileA
DeleteFileA
MoveFileExA
FindNextFileA
FindClose
lstrcpyA

advapi32

RegCreateKeyA
RegQueryValueExA
RegCloseKey

shell32

SHFileOperationA

Exports

Exports

FRNDelete
FRNDeleteDir
GetRegStringValueMachine

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
MapWindowPoints
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
CreateWindowExA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 153KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 10KB - Virtual size: 10KB

2e92645153848ef99816d61ac6e2a921

Headers

File Characteristics

Imports

kernel32

mfc42

msvcrt

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 4KB - Virtual size: 544B

324e87a129b7b2af320238c8ab284874

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 474B

21a57532e154ea21f11850b4480a4b88

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 864B

.reloc Size: 4KB - Virtual size: 474B

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

Imports

kernel32

user32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 153KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 4KB - Virtual size: 544B

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 474B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 474B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 32KB

.data
Size: 135KB - Virtual size: 136KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 568B - Virtual size: 4KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB