406b64b5f132aa0597832dd8e0f445d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

406b64b5f132aa0597832dd8e0f445d6_JaffaCakes118
Size

989KB
MD5

406b64b5f132aa0597832dd8e0f445d6
SHA1

dcadde8df68219dfe248256afca7c458cfe46ab5
SHA256

ff8413d1a0ac6b7433661a5ca717fb3d4b89080656fdbfcab992bfc49d28437e
SHA512

78088059ccf98d63f5746c49b330244683a2772fb80cbeb38d9435cf0e9dd963dbbec056625a51a5a75d076d9b93b8b4d5da4081bded2f4f9ce7544d7e9e515d
SSDEEP

24576:6Ui4jEwDZBil4zxKClbLfUKq9joc64g3qhseNbwJrETSvYaEkUqfIV:Y4BZoezxK6Vqp3jwJYazUqfG

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/G-IE浏览器/G-IE浏览器.exe
unpack001/G-IE浏览器/exec/cw.exe
unpack001/G-IE浏览器/exec/iemanager.exe
unpack001/G-IE浏览器/newexe/haoting/setuphaoting.exe
unpack001/G-IE浏览器/newexe/newexe.exe
unpack001/G-IE浏览器/np.exe
unpack001/G-IE浏览器/np2.exe

Files

406b64b5f132aa0597832dd8e0f445d6_JaffaCakes118
.rar
G-IE浏览器/G-IE浏览器.exe
.exe windows:4 windows x86 arch:x86

81af78aed9565eedf4603108ec069aab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord535
ord800
ord858
ord4129
ord5683
ord860
ord540
ord668
ord1200
ord2554
ord356
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1168
ord2379
ord755
ord470
ord4486
ord6375
ord4274
ord2770
ord4673
ord1576

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
exit

kernel32

SetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetClientRect
IsIconic
EnableWindow
GetSystemMetrics
DrawIcon
SendMessageA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
G-IE浏览器/data/Thumbs.db
G-IE浏览器/data/filter.dat
G-IE浏览器/data/first.dat
G-IE浏览器/data/go.avi
G-IE浏览器/data/html.dat
.html .js polyglot
G-IE浏览器/data/htmldescription.htm
G-IE浏览器/data/htmldescription2.htm
G-IE浏览器/data/localrss.rd
G-IE浏览器/data/main.htm
G-IE浏览器/data/main2.htm
G-IE浏览器/data/mp3list.dat
G-IE浏览器/data/ms.dat
G-IE浏览器/data/readme.txt
G-IE浏览器/data/result.htm
.html .js polyglot
G-IE浏览器/data/search.htm
.html
G-IE浏览器/data/searchin.dat
G-IE浏览器/data/skin.ini
G-IE浏览器/data/skin/0-轻爽搭配.ini
G-IE浏览器/data/skin/1-白蓝搭配.ini
G-IE浏览器/data/skin/2-系统默认.ini
G-IE浏览器/data/skin/3-纯洁的白.ini
G-IE浏览器/data/skin/4-淡淡的蓝.ini
G-IE浏览器/data/skin/5-浅浅的绿.ini
G-IE浏览器/data/skin/6-微微的红.ini
G-IE浏览器/data/skin_back.ini
G-IE浏览器/data/status.htm
G-IE浏览器/data/web.dat
G-IE浏览器/data/yhk.dat
G-IE浏览器/exec/char.txt
G-IE浏览器/exec/cw.exe
.exe windows:4 windows x86 arch:x86

f39b34db9020aaf8e844dac238ec3305

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord765
ord656
ord818
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord3346
ord4627
ord4425
ord3597
ord324
ord4234
ord3610
ord3698
ord6055
ord1776
ord5290
ord3402
ord1146
ord1168
ord567
ord2135
ord2302
ord3619
ord3626
ord3663
ord613
ord2414
ord537
ord6199
ord1641
ord289
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord2516
ord361
ord2860
ord4476
ord924
ord922
ord860
ord535
ord858
ord5710
ord4129
ord2764
ord3874
ord1200
ord5683
ord3571
ord640
ord2405
ord5875
ord6172
ord5873
ord5785
ord283
ord5789
ord1640
ord323
ord823
ord1949
ord4034
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5277
ord4673
ord1576

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_setmbcp
__CxxFrameHandler
_mbscmp
__dllonexit
__p__commode
_onexit
_exit
_XcptFilter

kernel32

GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
CopyFileA
SetCurrentDirectoryA

user32

IsIconic
GetSystemMetrics
EnableWindow
GetSystemMenu
AppendMenuA
SendMessageA
GetClientRect
FillRect
LoadIconA
DrawIcon

gdi32

CreateFontIndirectA
CreateCompatibleDC
GetTextExtentPoint32A
CreateCompatibleBitmap
GetPixel

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
G-IE浏览器/exec/data/filetype.dat
G-IE浏览器/exec/iemanager.exe
.exe windows:4 windows x86 arch:x86

ef2ec817df5fe1dd02e234377d901226

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord665
ord5186
ord354
ord6283
ord6282
ord4278
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3610
ord656
ord641
ord567
ord324
ord2302
ord4234
ord5280
ord1105
ord6199
ord926
ord4710
ord2818
ord3286
ord924
ord1200
ord2575
ord4396
ord3574
ord609
ord2642
ord1771
ord6366
ord3318
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord3803
ord4202
ord3874
ord4402
ord3640
ord693
ord4243
ord3626
ord3663
ord3571
ord3573
ord2450
ord640
ord2414
ord2405
ord5785
ord1146
ord3301
ord1576
ord4133
ord4297
ord5788
ord472
ord6172
ord1641
ord5875
ord1640
ord323
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord1168
ord686
ord4299
ord2862
ord2096
ord384
ord537
ord4160
ord2863
ord2379
ord755
ord470
ord3337
ord6907
ord6007
ord3998
ord823
ord3790
ord6880
ord6453
ord3092
ord2614
ord5442
ord941
ord825
ord6876
ord6877
ord540
ord860
ord5683
ord535
ord2764
ord6663
ord4129
ord858
ord5710
ord922
ord356
ord2770
ord2781
ord4058
ord3181
ord800
ord668
ord2413
ord3754

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_setmbcp
__CxxFrameHandler
_mbscmp
_mbsicmp
fclose
fread
fopen
fwrite
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln

kernel32

GetStartupInfoA
GetModuleHandleA
CopyFileA
CreateDirectoryA
GetModuleFileNameA
DeleteFileA
SetCurrentDirectoryA

user32

GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
IsIconic
CopyRect
FillRect
LoadBitmapA
EnableWindow
SendMessageA
GetWindowRect
ScreenToClient
GetMessagePos
LoadIconA

gdi32

BitBlt
CreateSolidBrush
CreateCompatibleDC

advapi32

RegFlushKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

comctl32

ImageList_ReplaceIcon

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
G-IE浏览器/newexe/haoting.ini
G-IE浏览器/newexe/haoting/data.dat
G-IE浏览器/newexe/haoting/setuphaoting.exe
.exe windows:4 windows x86 arch:x86

31d7084c5aea7abe81e34503d7e03d52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_setmbcp
??3@YAXPAX@Z
__CxxFrameHandler
_mbscmp
??2@YAPAXI@Z
exit
_XcptFilter
_exit
_onexit
__dllonexit
sprintf

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord6375
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord800
ord1576
ord540
ord2863
ord2379
ord755
ord470
ord765
ord795
ord609
ord656
ord6197
ord6379
ord2614
ord858
ord535
ord537
ord3610
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord567
ord2302
ord6199
ord1768
ord2864
ord2642
ord3721
ord668
ord2770
ord356
ord924
ord860
ord1200
ord2818
ord3874
ord3698
ord1105
ord1979
ord6385
ord5442
ord665
ord5186
ord354
ord4129
ord6662
ord6215
ord5683
ord4274
ord4673
ord5163
ord4160

kernel32

GetStartupInfoA
SetCurrentDirectoryA
MultiByteToWideChar
CreateDirectoryA
GetEnvironmentVariableA
GetModuleHandleA
GetModuleFileNameA

user32

GetSystemMenu
AppendMenuA
SendMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
GetDesktopWindow
LoadIconA

advapi32

RegOpenKeyA
RegSetValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
G-IE浏览器/newexe/haoting_main.htm
G-IE浏览器/newexe/newexe.exe
.exe windows:4 windows x86 arch:x86

d24b7dd9638dd0f126838af079f417c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
closesocket
shutdown
recv
send
connect
htons
inet_addr
setsockopt
socket
inet_ntoa

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

mfc42

ord825
ord823
ord800
ord922
ord2818
ord858
ord923
ord1228
ord540
ord924
ord860
ord6215
ord2764
ord941
ord5710
ord537
ord4202
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord656
ord765
ord795
ord2514
ord2621
ord617
ord4129
ord535
ord5214
ord296
ord1200
ord413
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord1576
ord6055
ord1776
ord5290
ord3402
ord3721
ord1146
ord1168
ord567
ord2302
ord1105
ord6199
ord4299
ord6197
ord6379
ord4160
ord2863
ord2379
ord755
ord470
ord668
ord2770
ord356
ord6877
ord6663
ord6876
ord5683
ord665
ord6153
ord3790
ord6385
ord3180
ord353
ord2915
ord354
ord550
ord5651
ord3127
ord3616
ord2393
ord350
ord3811
ord3663
ord1832
ord3126
ord349
ord501
ord773
ord1083
ord5607
ord2762
ord3610

msvcrt

fclose
fopen
fwrite
sscanf
sprintf
fread
_mbsicmp
_mbscmp
_splitpath
_CxxThrowException
calloc
free
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__CxxFrameHandler
_strnicmp
_stricmp
_setmbcp

kernel32

ReadFile
GetStartupInfoA
GetModuleHandleA
SetFileAttributesA
GetModuleFileNameA
SetCurrentDirectoryA
CreateDirectoryA
CopyFileA
DeleteFileA
GetLastError
Sleep
CreateFileA
GetFileSize
CloseHandle

user32

SendMessageA
GetSystemMenu
LoadIconA
GetClientRect
EnableWindow
AppendMenuA
IsIconic
GetSystemMetrics
DrawIcon

shell32

ShellExecuteA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
G-IE浏览器/np.exe
.exe windows:4 windows x86 arch:x86

eb4742e5eb4ec7733dfe01f07cd4f94a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord617
ord800
ord535
ord5214
ord296
ord1134
ord1200
ord668
ord2770
ord356
ord858
ord4129
ord3922
ord860
ord540
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1168
ord2379
ord755
ord470
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5683
ord4673
ord1576

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_mbsicmp
_setmbcp
__getmainargs

kernel32

CopyFileA
Sleep
SetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
DeleteFileA

user32

GetClientRect
IsIconic
EnableWindow
GetSystemMetrics
DrawIcon
SendMessageA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
G-IE浏览器/np2.exe
.exe windows:4 windows x86 arch:x86

76de000efbff61da92f2930b1a7692e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord617
ord800
ord535
ord5214
ord296
ord1134
ord668
ord2770
ord356
ord858
ord4129
ord5683
ord3922
ord540
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1168
ord2379
ord755
ord470
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord860
ord4673
ord1576

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_mbsicmp
_setmbcp
__getmainargs

kernel32

CopyFileA
Sleep
SetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
DeleteFileA

user32

DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
SendMessageA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
G-IE浏览器/readme.txt
G-IE浏览器/rssdata/1.txt
G-IE浏览器/tmphtml/1.txt
G-IE浏览器/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

81af78aed9565eedf4603108ec069aab

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 376B

.rsrc Size: 8KB - Virtual size: 5KB

f39b34db9020aaf8e844dac238ec3305

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 584B

.rsrc Size: 4KB - Virtual size: 3KB

ef2ec817df5fe1dd02e234377d901226

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 7KB

31d7084c5aea7abe81e34503d7e03d52

Headers

File Characteristics

Imports

msvcrt

mfc42

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 240KB - Virtual size: 236KB

d24b7dd9638dd0f126838af079f417c4

Headers

File Characteristics

Imports

ws2_32

wininet

mfc42

msvcrt

kernel32

user32

shell32

Sections

.text Size: 44KB - Virtual size: 41KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 376B

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 584B

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 240KB - Virtual size: 236KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 124KB - Virtual size: 121KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 360B

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 312B

.rsrc
Size: 8KB - Virtual size: 4KB