4103f3ac4d5bc3546475e3d681665a48_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4103f3ac4d5bc3546475e3d681665a48_JaffaCakes118
Size

1.4MB
MD5

4103f3ac4d5bc3546475e3d681665a48
SHA1

1ca6c69a4437b7ac6d1528a627263ab94aaa538b
SHA256

3c72f2851f20fee1e57a73226a2d4a54d88f55fbcaa817bac22eaf01cb79c8de
SHA512

74ecac7b514cb8c85ce99a69d52ce6365ddfa9dc557b21742a2e4e621ecff02048ff67679b20a6915cb86e0b7d9475eb871ee9424636e9d377eca254a0566ed0
SSDEEP

24576:Yk2nx/H2D3SrB0f1N93/FMEnh45Pr3HisdUXGN4r4ac13ehxqmQsTk01H4UTV+0O:YZBH2rKB6N9lePr33N4nhxqmQU464

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
4103f3ac4d5bc3546475e3d681665a48_JaffaCakes118
unpack001/$PLUGINSDIR/Dialer.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$WINDIR/System32/MP3IFilter.dll
unpack001/Cleaner.exe
unpack001/Firewall.exe
unpack001/Sweeper.exe
unpack001/Uninstaller.exe
unpack001/firewall.sys
unpack001/foxiecoreu.dll
unpack001/foxietoolbaru.dll
unpack001/uninst.exe
unpack001/update.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

4103f3ac4d5bc3546475e3d681665a48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e993db4f819ff0a3121bf9c6b6c636cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
SetFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
CreateWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
EmptyClipboard
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
GetDlgItem

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Dialer.dll
.dll windows:4 windows x86 arch:x86

b34e411b555c469d4deeeb6647de46ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
FreeLibrary
lstrcpynA
GlobalAlloc
GetProcAddress

Exports

Exports

AttemptConnect
AutodialHangup
AutodialOnline
AutodialUnattended
GetConnectedState

Sections

.text
Size: 1024B - Virtual size: 570B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 359B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
MapWindowPoints
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadImageA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
lstrcpyA
GetTickCount
DeleteFileA
WriteFile
Sleep
CreateFileA
CreateThread
WaitForSingleObject
MulDiv
CloseHandle

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$WINDIR/System32/MP3IFilter.dll
.dll regsvr32 windows:4 windows x86 arch:x86

dfa7cff6e823476172313d0a524655c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
DebugBreak
lstrlenW
GetShortPathNameW
GetModuleFileNameW
FreeLibrary
SizeofResource
GetVersionExW
InitializeCriticalSection
GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
GetFileSize
GetLocaleInfoW
GetSystemDefaultLCID
LocalFree
FormatMessageW
HeapDestroy
DisableThreadLibraryCalls
SetFilePointer
ReadFile
CloseHandle
CreateFileW
OutputDebugStringW
lstrlenA
FindResourceW
LoadResource
RtlUnwind
HeapSize
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetStringTypeW
GetCurrentProcess
LCMapStringW
TerminateProcess
GetStringTypeA
SetStdHandle
GetProcAddress
GetOEMCP
GetACP
MultiByteToWideChar
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
LCMapStringA
FreeEnvironmentStringsA
LoadLibraryA
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
IsBadCodePtr
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr

user32

wsprintfW
CharNextW

advapi32

RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree

oleaut32

VarUI4FromStr

wsock32

ntohl

shlwapi

PathIsURLW
PathCreateFromUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cleaner.exe
.exe windows:4 windows x86 arch:x86

c3427a1e15be9b1ee21b9356e39136ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Storm\Work\FoxieCleaner\Release\FoxeCleaner.pdb

Imports

winmm

timeGetTime

kernel32

TerminateProcess
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitThread
CreateThread
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
GetTimeZoneInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualFree
IsBadWritePtr
GetStdHandle
ExitProcess
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalFree
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryA
GetFullPathNameA
FindClose
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
WritePrivateProfileStringA
FreeResource
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
MultiByteToWideChar
HeapDestroy
HeapCreate
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CreateEventA
ResumeThread
GlobalAlloc
SetEvent
WaitForSingleObject
CloseHandle
ResetEvent
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
GetPrivateProfileStringA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
GetWindowsDirectoryA
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadLibraryA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetDriveTypeA
FreeEnvironmentStringsA

user32

DestroyMenu
GetSysColorBrush
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowPos
SetFocus
ShowWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
wsprintfA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
PostMessageA
SetRect
GetDC
ReleaseDC
FillRect
OpenClipboard
EmptyClipboard
CloseClipboard
RedrawWindow
GetDlgItem
GetParent
SetPropA
GetWindowLongA
GetCapture
InvalidateRect
SetCapture
GetWindowRect
ClientToScreen
PtInRect
ReleaseCapture
LoadCursorA
SetCursor
GetPropA
CallWindowProcA
SetWindowLongA
RemovePropA
GetSysColor
GetSystemMetrics
LoadIconA
EnableWindow
SetParent
GetClientRect
IsIconic
SendMessageA
DrawIcon
CopyRect

gdi32

GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
CreateFontA
GetClipBox
SetMapMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
BitBlt
GetObjectA
CreateFontIndirectA
DeleteObject
SetTextColor
PtVisible

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegCloseKey
RegSetValueExA
RegQueryValueA
RegOpenKeyA
GetUserNameA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

comctl32

ImageList_Destroy
ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathFileExistsA

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Firewall.exe
.exe windows:4 windows x86 arch:x86

39363a90f70480c381842f22282dd0cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
GetPrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
OpenMutexW
CreateMutexW
Sleep
InterlockedExchange
DeviceIoControl
CloseHandle
CreateFileW
SearchPathW
GetLastError
WideCharToMultiByte
CompareStringW
TerminateProcess
CompareStringA
GetLocaleInfoW
SetConsoleCtrlHandler
SetEndOfFile
CreateFileA
LoadLibraryA
ReadFile
IsBadCodePtr
IsBadReadPtr
SetStdHandle
GetStringTypeW
GetStringTypeA
GetProcAddress
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetCPInfo
GetModuleFileNameW
SetEnvironmentVariableA
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
FormatMessageW
MultiByteToWideChar
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoW
GetVersion
ExitProcess
HeapReAlloc
FatalAppExitA
LCMapStringA
LCMapStringW
IsBadWritePtr
GetEnvironmentStrings
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetCurrentProcess
HeapSize
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetLastError
TlsGetValue
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
FlushFileBuffers
GetCurrentThread
WriteFile
SetFilePointer
UnhandledExceptionFilter

user32

LoadMenuW
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
MessageBoxW
LoadStringW
RegisterClassW
LoadCursorW
PostMessageW
GetWindow
FindWindowExW
DefWindowProcW
DestroyWindow
RegisterWindowMessageW
LoadImageW
PostQuitMessage
DestroyMenu
TrackPopupMenu
SetForegroundWindow
SetMenuItemInfoW
GetCursorPos
GetMenuItemInfoW
GetSubMenu

advapi32

RegDeleteValueW
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
DeleteService
StartServiceW
ControlService
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
QueryServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

CLSIDFromProgID
CoCreateInstance

shlwapi

SHDeleteKeyW

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Resources/AdBlock/adblock.dat
Resources/Firewall/spamservers.dat
Resources/Firewall/spyservers.dat
Resources/Firewall/wormservers.dat
Resources/HTML/Desktop.htm
.html
Resources/HTML/Infinity.htm
.html
Resources/HTML/Query.htm
.html .vbs polyglot
Resources/HTML/index.gif
.gif
Resources/Icons/Cleaner.ico
Resources/Icons/Desktop.ico
Resources/Icons/Infinity.ico
Resources/Icons/Sweeper.ico
Resources/Sweeper/pests.dtx
Sweeper.exe
.exe windows:4 windows x86 arch:x86

7c4127fa341057be609672d8f98d71d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

winmm

timeGetTime

dbghelp

MakeSureDirectoryPathExists

kernel32

GetLongPathNameA
OpenProcess
TerminateProcess
CreateDirectoryA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CreateEventA
ResumeThread
GlobalAlloc
SetEvent
FreeResource
GetProcAddress
GetModuleHandleA
lstrcpynA
lstrcmpW
lstrcatA
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GetCurrentThread
SetLastError
WritePrivateProfileStringA
LocalFree
FormatMessageA
InterlockedDecrement
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
CreateFileA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GlobalFlags
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
ExitProcess
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
WaitForSingleObject
CloseHandle
ResetEvent
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
wsprintfA
PostQuitMessage
ValidateRect
GetCursorPos
TranslateMessage
GetMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
BeginPaint
EndPaint
GetSysColorBrush
DestroyMenu
GetClassLongA
GetClassInfoExA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
ShowWindow
SetWindowTextA
IsDialogMessageA
GetClassNameA
SendMessageA
EnableWindow
CopyRect
RegisterWindowMessageA
DrawIcon
IsIconic
GetClientRect
SetParent
LoadIconA
GetSystemMetrics
RemovePropA
SetWindowLongA
CallWindowProcA
GetPropA
SetCursor
LoadCursorA
ReleaseCapture
PtInRect
WinHelpA
MessageBoxA
RedrawWindow
CharUpperA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
ClientToScreen
GetWindowRect
SetCapture
InvalidateRect
GetCapture
GetWindowLongA
SetPropA
GetParent
GetDlgItem
FillRect
GetSysColor
ReleaseDC
GetDC
SetRect
GetWindow

gdi32

ScaleWindowExtEx
SetWindowExtEx
SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetStockObject
CreateFontA
SetTextColor
DeleteObject
CreateFontIndirectA
GetObjectA
BitBlt
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetDeviceCaps
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegConnectRegistryA
RegQueryValueA
RegEnumValueA
RegOpenKeyA

shell32

ShellExecuteA
SHFileOperationA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit

comctl32

ord17
ImageList_Destroy

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
SHDeleteKeyA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstaller.exe
.exe windows:4 windows x86 arch:x86

021da08a07fcf2dd324621ca70558988

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarDup
__vbaStrToAnsi
ord616
_CIatan
__vbaStrMove
ord618
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
firewall.sys
.sys windows:5 windows x86 arch:x86

055fba7960e2e230066bcd8246ad7519

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
ExAllocatePoolWithTag
ExFreePool
ObfDereferenceObject
IoCreateSymbolicLink
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
IoDeleteDevice
IoDeleteSymbolicLink

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 426B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foxiecoreu.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c0627660005467aa289882361cab88e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenMutexW
CloseHandle
IsBadWritePtr
GetCurrentProcessId
FindResourceW
LoadResource
LockResource
WideCharToMultiByte
lstrcpynW
GetVersionExW
lstrlenA
CreateProcessW
GetPrivateProfileStringW
lstrcmpW
FlushInstructionCache
GetCurrentProcess
MultiByteToWideChar
InterlockedIncrement
GlobalAlloc
InterlockedDecrement
GlobalUnlock
LoadLibraryW
GlobalLock
FreeLibrary
lstrcatW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
GetModuleFileNameA
DisableThreadLibraryCalls
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetShortPathNameW
HeapDestroy

user32

LoadStringW
GetDC
DestroyIcon
DrawStateW
CopyRect
GetWindowRect
OffsetRect
UnionRect
GetAsyncKeyState
CharUpperW
MoveWindow
ShowWindow
SetTimer
GetKeyState
DialogBoxParamW
CreatePopupMenu
AppendMenuW
FindWindowExW
MessageBoxW
DestroyWindow
CharNextW
ReleaseDC
GetFocus
UnregisterClassW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
GetWindowLongW
GetWindow
SetWindowLongW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetSysColor
SetFocus
IsChild
GetMenuItemCount
GetMenuItemInfoW
EndPaint
FillRect
CallWindowProcW
GetClientRect
IsWindow
BeginPaint
RedrawWindow
DrawTextW
TrackPopupMenuEx
GetWindowDC
IsWindowEnabled
GetActiveWindow
GetWindowThreadProcessId
ClientToScreen
GetSystemMetrics
SystemParametersInfoW
LoadBitmapW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PostMessageW
ScreenToClient
LoadMenuW
GetSubMenu
SetMenuItemInfoW
GetClassNameW
SetWindowPos
InsertMenuW
TrackPopupMenu
GetAncestor
DestroyMenu
EnableMenuItem
EndDialog
CreateWindowExW
wsprintfW
GetDlgItem
SendMessageW
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetDesktopWindow
GetParent

gdi32

CreatePen
LineTo
MoveToEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetStockObject
GetCurrentObject
DeleteDC
DeleteObject
GetObjectW
CreateSolidBrush
ExtTextOutW
Rectangle
CreateFontIndirectW
SetBkMode
SetBkColor
SetTextColor
GetDeviceCaps

advapi32

RegDeleteValueW
OpenSCManagerW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
QueryServiceStatus
OpenServiceW
CloseServiceHandle
StartServiceW

ole32

CLSIDFromProgID
CoCreateInstance
OleUninitialize
StringFromCLSID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
OleInitialize

oleaut32

RegisterTypeLi
LoadTypeLi
SysStringLen
VariantClear
SysAllocString
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
VariantChangeType
SysAllocStringLen
SysFreeString

shlwapi

SHDeleteKeyW

msvcrt

_strlwr
memcmp
free
__dllonexit
?terminate@@YAXXZ
_wtol
wcsrchr
wcscpy
wcschr
memmove
realloc
strncpy
memset
wcscmp
wcscat
time
srand
rand
swscanf
_onexit
_wcsicmp
memcpy
strstr
swprintf
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_chkesp
_ftol
_adjust_fdiv
_except_handler3
_purecall
_wtoi
_initterm
malloc

comctl32

ord17
ImageList_Draw
ImageList_GetIcon
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_GetImageCount

msvcp60

?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?good@ios_base@std@@QBE_NXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Nstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Pstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBEHXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?eof@ios_base@std@@QBE_NXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
foxietoolbaru.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b84d76b700212b1af91f965824331492

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetShortPathNameW
DisableThreadLibraryCalls
DeleteCriticalSection
CreateProcessW
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
InterlockedIncrement
lstrcmpiW
GetCurrentThreadId
GetVersion
InterlockedDecrement
LoadLibraryA
GetModuleHandleW
GetFileAttributesW
GetProcAddress
lstrcatW
HeapDestroy
GetModuleFileNameW
GetCurrentProcess
GetVersionExW
lstrcpyW
GetOEMCP
GetACP
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
HeapSize
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
GetCommandLineA
RaiseException
lstrcpynW
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
MultiByteToWideChar
LoadLibraryW
GetModuleHandleA
InterlockedExchange
Sleep
GetLastError
lstrlenW
SetLastError
LockResource
LoadResource
FindResourceW
FlushInstructionCache
OutputDebugStringA
WideCharToMultiByte
lstrcmpW
GetCurrentProcessId

user32

SetWindowLongW
LoadBitmapW
SystemParametersInfoW
GetSystemMetrics
DefWindowProcW
SendMessageW
GetWindowLongW
ClientToScreen
GetParent
IsWindow
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
GetWindowDC
ReleaseDC
CallWindowProcW
LoadMenuW
GetSubMenu
TrackPopupMenuEx
GetMenuItemInfoW
IntersectRect
OffsetRect
SetCapture
ScreenToClient
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetMessagePos
WindowFromPoint
GetMessageTime
GetDesktopWindow
InvalidateRect
RemoveMenu
EnableMenuItem
CharNextW
PostMessageW
GetDlgCtrlID
RedrawWindow
LoadImageW
GetFocus
CallNextHookEx
GetClassInfoExW
RegisterClassExW
LoadCursorW
SetFocus
ShowWindow
GetClientRect
SetWindowPos
MoveWindow
GetWindowTextLengthW
GetWindowTextW
CreateWindowExW
wsprintfW
UnhookWindowsHookEx
SetWindowsHookExW
DestroyWindow
FindWindowExW
GetWindow
GetKeyState
GetWindowRect
IsRectEmpty
LoadStringW
CopyRect
DrawStateW
SetMenuItemInfoW
DestroyMenu
GetSysColor
DestroyIcon
DrawTextW
GetMenuItemCount

gdi32

DeleteObject
SetBkColor
MoveToEx
CreateFontIndirectW
SelectObject
DeleteDC
SetBkMode
SetTextColor
GetObjectW
Rectangle
ExtTextOutW
LineTo
CreateCompatibleDC
CreateSolidBrush
BitBlt
GetStockObject
GetCurrentObject
CreatePen

advapi32

RegEnumKeyExW
RegCloseKey
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW

ole32

CLSIDFromProgID
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi

shlwapi

SHDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

e993db4f819ff0a3121bf9c6b6c636cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
SetFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
CreateWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
EmptyClipboard
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
GetDlgItem

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
update.exe
.exe windows:4 windows x86 arch:x86

2384322fefff03863661d42796fb6a08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
GetTempPathW
MultiByteToWideChar
Sleep
lstrlenA
ResumeThread
lstrlenW
WideCharToMultiByte
WaitForSingleObject
CreateThread
CreateProcessW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
SuspendThread
DeleteFileW
OpenMutexW
HeapDestroy
GetVersion
ExitProcess
GetStartupInfoA
GetCommandLineA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetProcAddress
SetUnhandledExceptionFilter
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
LoadLibraryA
GetOEMCP
CreateFileA
GetACP
LeaveCriticalSection
ReadFile
SetStdHandle
LCMapStringW
WriteFile
CloseHandle
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
GetModuleHandleA
SetFilePointer
FlushFileBuffers
HeapSize
TerminateProcess
LCMapStringA
VirtualFree
GetCPInfo
CompareStringA
CompareStringW
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
TlsAlloc
VirtualAlloc
IsBadWritePtr
TlsSetValue
SetLastError
TlsGetValue
GetLastError

user32

FindWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CreateDialogParamW
SetTimer
GetDlgItem
SendMessageW
LoadImageW
SetWindowLongW
SetWindowTextW
ShowWindow
PostQuitMessage
DestroyWindow
MessageBoxW
EndPaint
DrawIconEx
BeginPaint
ScreenToClient
GetWindowRect
PostMessageW
GetWindow
wsprintfW

gdi32

CreateFontIndirectW
DeleteDC
GetStockObject
GetObjectW
DeleteObject

advapi32

RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW
InternetReadFile

shlwapi

SHDeleteKeyW

comctl32

ord17

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e993db4f819ff0a3121bf9c6b6c636cd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 109KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 28KB

b34e411b555c469d4deeeb6647de46ee

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 570B

.rdata Size: 512B - Virtual size: 359B

.data Size: 512B - Virtual size: 156B

.reloc Size: 512B - Virtual size: 128B

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 930B

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 21KB

.reloc Size: 1024B - Virtual size: 730B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 1024B - Virtual size: 570B

.rdata
Size: 512B - Virtual size: 359B

.data
Size: 512B - Virtual size: 156B

.reloc
Size: 512B - Virtual size: 128B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 21KB

.reloc
Size: 1024B - Virtual size: 730B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 53KB - Virtual size: 52KB

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 20KB - Virtual size: 545KB

.rsrc
Size: 40KB - Virtual size: 56KB