42f4638fa35d7e085bcc732e199f7806_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42f4638fa35d7e085bcc732e199f7806_JaffaCakes118
Size

2.5MB
MD5

42f4638fa35d7e085bcc732e199f7806
SHA1

1adbc0f800c69b6df604c7ff6b4221cfaf89b2b2
SHA256

e299113c5252828ac21bf3759a76abba118712d2573250b443db8b118ce0d294
SHA512

5a9a04cd5a403207bc3f698ccf15cdbda00d1302a9eace86d1ae9554eeabddb4a877f238481349a8de0818d19e788f148dab56975c798d6c4789cbbe3d1fe4e9
SSDEEP

49152:quJnCFDA+WvoWuzSYs4ql2QbK3acq2dY4duT/k964nc8C2TjHS9IZ4/+Cn:TN9+WAPSb4ql2QMq2dY4sdjAymZ4GCn

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42f4638fa35d7e085bcc732e199f7806_JaffaCakes118

Files

42f4638fa35d7e085bcc732e199f7806_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$13Wsocket@TBind
@$xp$13Wsocket@TRecv
@$xp$13Wsocket@TSend
@$xp$14Wsocket@Thtonl
@$xp$14Wsocket@Thtons
@$xp$14Wsocket@Tntohl
@$xp$14Wsocket@Tntohs
@$xp$15Winconvert@TLZH
@$xp$15Wsocket@TAccept
@$xp$15Wsocket@TListen
@$xp$15Wsocket@TSendTo
@$xp$16Wsockbuf@TBuffer
@$xp$16Wsocket@TConnect
@$xp$16Wsocket@TWSocket
@$xp$17Smtpprot@TSmtpCli
@$xp$17Smtpprot@TSmtpFct
@$xp$17Wsocket@TDataSent
@$xp$17Wsocket@TRecvFrom
@$xp$17Wsocket@TSendData
@$xp$17Wsocket@TShutdown
@$xp$18Winskindlg@TSBAPI1
@$xp$18Winskindlg@TSBAPI2
@$xp$18Wsocket@TInet_addr
@$xp$18Wsocket@TInet_ntoa
@$xp$19Smtpprot@TSmtpState
@$xp$19Wsocket@TGetSockOpt
@$xp$19Wsocket@TOpenSocket
@$xp$19Wsocket@TSetSockOpt
@$xp$19Wsocket@TSocksState
@$xp$19Wsocket@TWSACleanup
@$xp$19Wsocket@TWSAStartup
@$xp$20Skinread@TSkinReader
@$xp$20Smtpprot@TSmtpFctSet
@$xp$20Winconvert@TReadProc
@$xp$20Winskinform@TMenuBtn
@$xp$20Winskinini@TQuickIni
@$xp$20Winsubclass@TSkinBox
@$xp$20Winsubclass@TSkinTab
@$xp$20Wsocket@TChangeState
@$xp$20Wsocket@TCloseSocket
@$xp$20Wsocket@TGetHostName
@$xp$20Wsocket@TGetPeerName
@$xp$20Wsocket@TGetSockName
@$xp$20Wsocket@TIoctlSocket
@$xp$20Wsocket@TSocketState
@$xp$21Smtpprot@TSmtpDisplay
@$xp$21Smtpprot@TSmtpRequest
@$xp$21Smtpprot@TSyncSmtpCli
@$xp$21Winconvert@TWriteProc
@$xp$21Winskindata@TSkinData
@$xp$21Winskinform@TNCObject
@$xp$21Winsubclass@TSkinEdit
@$xp$21Wsocket@TDebugDisplay
@$xp$21Wsocket@TSocksWSocket
@$xp$22Smtpprot@SmtpException
@$xp$22Smtpprot@TSmtpNextProc
@$xp$22Winskindata@TOnNewForm
@$xp$22Winskindlg@TSkinManage
@$xp$22Winskindlg@TSkinThread
@$xp$22Winsubclass@TAcControl
@$xp$22Winsubclass@TSkinSizer
@$xp$22Winsubclass@TSkinTab31
@$xp$22Wsocket@TCustomWSocket
@$xp$22Wsocket@TDataAvailable
@$xp$22Wsocket@TDnsLookupDone
@$xp$22Wsocket@TGetHostByAddr
@$xp$22Wsocket@TGetHostByName
@$xp$22Wsocket@TGetServByName
@$xp$22Wsocket@TSessionClosed
@$xp$22Wsocket@TWSocketOption
@$xp$23Winskindata@TOnFormSkin
@$xp$23Winskindata@TShemeColor
@$xp$23Winskinform@TWinSkinSpy
@$xp$23Winskinstore@TSkinStore
@$xp$23Winsubclass@TSkinButton
@$xp$23Winsubclass@TSkinComBox
@$xp$23Winsubclass@TSkinHeader
@$xp$23Winsubclass@TSkinScroll
@$xp$23Winsubclass@TSkinUpDown
@$xp$23Wsocket@TGetProtoByName
@$xp$23Wsocket@TSocksAuthState
@$xp$23Wsocket@TWSAAsyncSelect
@$xp$23Wsocket@TWSocketOptions
@$xp$24Winconvert@ElzhException
@$xp$24Winskindata@TShemeColors
@$xp$24Winskinform@TWinSkinForm
@$xp$24Winskinform@TWinSkinMenu
@$xp$24Winsubclass@TSkinControl
@$xp$24Wsocket@ESocketException
@$xp$24Wsocket@TSocketSendFlags
@$xp$24Wsocket@TSocksErrorEvent
@$xp$24Wsocket@TWSAGetLastError
@$xp$24Wsocket@TWSASetLastError
@$xp$25Smtpprot@TSmtpContentType
@$xp$25Smtpprot@TSmtpRequestDone
@$xp$25Winskindata@TSkinFormType
@$xp$25Winskindata@TWinContainer
@$xp$25Winskinform@TSkinFormIcon
@$xp$25Winskinform@TWinSysButton
@$xp$25Winsubclass@TScrollBarPos
@$xp$25Winsubclass@TSkinCheckBox
@$xp$25Winsubclass@TSkinGroupBox
@$xp$25Winsubclass@TSkinListView
@$xp$25Winsubclass@TSkinProgress
@$xp$25Winsubclass@TSkinTrackBar
@$xp$25Winsubclass@TSkinTransObj
@$xp$25Wsocket@TBgExceptionEvent
@$xp$25Wsocket@TSessionAvailable
@$xp$25Wsocket@TSessionConnected
@$xp$26Smtpprot@TCustomSmtpClient
@$xp$26Smtpprot@TSmtpAttachHeader
@$xp$26Smtpprot@TSmtpGetDataEvent
@$xp$26Winskindata@TDataSkinTitle
@$xp$26Winskindata@TOnSkinControl
@$xp$26Winskindata@TWinContainers
@$xp$26Winskindata@WinSkinData__9
@$xp$26Winskinform@TSkinFormIcons
@$xp$26Winskinform@TSkinFormStyle
@$xp$26Winskinform@WinSkinForm__5
@$xp$26Winskinform@WinSkinForm__7
@$xp$26Winsubclass@TSkinBitButton
@$xp$26Winsubclass@TSkinScControl
@$xp$26Winsubclass@TSkinScrollbar
@$xp$26Winsubclass@TSkinStatusBar
@$xp$26Wsocket@TCustomLineWSocket
@$xp$26Wsocket@TCustomSyncWSocket
@$xp$26Wsocket@TSocketLingerOnOff
@$xp$27Winskindata@TDataSkinBorder
@$xp$27Winskindata@TDataSkinButton
@$xp$27Winskindata@TDataSkinObject
@$xp$27Winskindata@WinSkinData__01
@$xp$27Winskinform@TSkinFormBorder
@$xp$27Winskinmenu@TWinSkinPopMenu
@$xp$27Winsubclass@TSkinAcListView
@$xp$27Wsocket@TCustomSocksWSocket
@$xp$28Winskindata@TSkinControlList
@$xp$28Winskindata@TSkinControlType
@$xp$28Winskinform@TSkinWindowState
@$xp$28Winskinstore@TSkinCollection
@$xp$28Winsubclass@TSkinRadioButton
@$xp$28Winsubclass@TSkinSpeedButton
@$xp$28Winsubclass@TSkinTabPosition
@$xp$28Wsocket@TSocksAuthStateEvent
@$xp$28Wsocket@TSocksAuthentication
@$xp$28Wsocket@TWSocketSyncNextProc
@$xp$29Smtpprot@TSmtpHeaderLineEvent
@$xp$29Winskindata@TDataSkinBoxLabel
@$xp$29Winskindata@TSkinControlTypes
@$xp$29Winsubclass@TAcGraphicControl
@$xp$29Winsubclass@TSkinControlState
@$xp$30Winskindata@TDataSkinSysButton
@$xp$30Wsocket@TWSAAsyncGetHostByAddr
@$xp$30Wsocket@TWSAAsyncGetHostByName
@$xp$30Wsocket@TWSACancelAsyncRequest
@$xp$32Smtpprot@TSmtpProcessHeaderEvent
@$xp$32Winskinstore@TSkinCollectionItem
@$xp$35Smtpprot@TSmtpAttachmentContentType
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit4@Finalize
@@Unit4@Initialize
@Imgutil@ConvertBitmapToGrayscale$qqrpx16Graphics@TBitmap
@Imgutil@Drehen180Grad$qqrp16Graphics@TBitmap
@Imgutil@Drehen270Grad$qqrp16Graphics@TBitmap
@Imgutil@Drehen90Grad$qqrp16Graphics@TBitmap
@Imgutil@Finalization$qqrv
@Imgutil@Rotate90$qqrp16Graphics@TBitmap
@Imgutil@SpiegelnHorizontal$qqrp16Graphics@TBitmap
@Imgutil@SpiegelnVertikal$qqrp16Graphics@TBitmap
@Imgutil@initialization$qqrv
@Skinread@Finalization$qqrv
@Skinread@TSkinReader@
@Skinread@TSkinReader@$bctr$qqrv
@Skinread@TSkinReader@$bdtr$qqrv
@Skinread@TSkinReader@Decompress$qqrp15Classes@TStreamt1
@Skinread@TSkinReader@Loadfromstream$qqrp21Classes@TMemoryStream
@Skinread@TSkinReader@loadfromfile$qqrx17System@AnsiString
@Skinread@TSkinReader@readIni$qqrx17System@AnsiStringp21Classes@TMemoryStreamr17System@AnsiString
@Skinread@TSkinReader@readfile$qqr17System@AnsiStringp21Classes@TMemoryStream
@Skinread@initialization$qqrv
@Smtpprot@CopyRight
@Smtpprot@Finalization$qqrv
@Smtpprot@Register$qqrv
@Smtpprot@Rfc822DateTime$qqr16System@TDateTime
@Smtpprot@SmtpException@
@Smtpprot@TCustomSmtpClient@
@Smtpprot@TCustomSmtpClient@$bctr$qqrp18Classes@TComponent
@Smtpprot@TCustomSmtpClient@$bdtr$qqrv
@Smtpprot@TCustomSmtpClient@Abort$qqrv
@Smtpprot@TCustomSmtpClient@CheckReady$qqrv
@Smtpprot@TCustomSmtpClient@ClearErrorMessage$qqrv
@Smtpprot@TCustomSmtpClient@Connect$qqrv
@Smtpprot@TCustomSmtpClient@Data$qqrv
@Smtpprot@TCustomSmtpClient@DataNext$qqrv
@Smtpprot@TCustomSmtpClient@DisplayLastResponse$qqrv
@Smtpprot@TCustomSmtpClient@DoHighLevelAsync$qqrv
@Smtpprot@TCustomSmtpClient@DoUUEncode$qqrrpvr17System@AnsiStringro
@Smtpprot@TCustomSmtpClient@EndUUEncode$qqrrpv
@Smtpprot@TCustomSmtpClient@ExecAsync$qqr21Smtpprot@TSmtpRequest17System@AnsiStringpxusxiynpqqrv$v
@Smtpprot@TCustomSmtpClient@Helo$qqrv
@Smtpprot@TCustomSmtpClient@HighLevelAsync$qqr21Smtpprot@TSmtpRequest45System@%Set$t17Smtpprot@TSmtpFct$iuc$0$iuc$8%
@Smtpprot@TCustomSmtpClient@InitUUEncode$qqrrpv17System@AnsiString
@Smtpprot@TCustomSmtpClient@Mail$qqrv
@Smtpprot@TCustomSmtpClient@MailFrom$qqrv
@Smtpprot@TCustomSmtpClient@NextExecAsync$qqrv
@Smtpprot@TCustomSmtpClient@Open$qqrv
@Smtpprot@TCustomSmtpClient@Quit$qqrv
@Smtpprot@TCustomSmtpClient@RcptTo$qqrv
@Smtpprot@TCustomSmtpClient@RcptToDone$qqrv
@Smtpprot@TCustomSmtpClient@RcptToNext$qqrv
@Smtpprot@TCustomSmtpClient@Rset$qqrv
@Smtpprot@TCustomSmtpClient@SendCommand$qqr17System@AnsiString
@Smtpprot@TCustomSmtpClient@SetContentType$qqr25Smtpprot@TSmtpContentType
@Smtpprot@TCustomSmtpClient@SetErrorMessage$qqrv
@Smtpprot@TCustomSmtpClient@SetMailMessage$qqrp16Classes@TStrings
@Smtpprot@TCustomSmtpClient@SetRcptName$qqrp16Classes@TStrings
@Smtpprot@TCustomSmtpClient@StateChange$qqr19Smtpprot@TSmtpState
@Smtpprot@TCustomSmtpClient@TriggerCommand$qqr17System@AnsiString
@Smtpprot@TCustomSmtpClient@TriggerDisplay$qqr17System@AnsiString
@Smtpprot@TCustomSmtpClient@TriggerGetData$qqripciro
@Smtpprot@TCustomSmtpClient@TriggerHeaderLine$qqrpci
@Smtpprot@TCustomSmtpClient@TriggerProcessHeader$qqrp16Classes@TStrings
@Smtpprot@TCustomSmtpClient@TriggerRequestDone$qqrus
@Smtpprot@TCustomSmtpClient@TriggerResponse$qqr17System@AnsiString
@Smtpprot@TCustomSmtpClient@TriggerSessionClosed$qqrus
@Smtpprot@TCustomSmtpClient@TriggerSessionConnected$qqrus
@Smtpprot@TCustomSmtpClient@TriggerStateChange$qqrv
@Smtpprot@TCustomSmtpClient@Vrfy$qqrv
@Smtpprot@TCustomSmtpClient@WMSmtpRequestDone$qqrr17Messages@TMessage
@Smtpprot@TCustomSmtpClient@WSocketDataAvailable$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WSocketDataSent$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WSocketDnsLookupDone$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WSocketSessionClosed$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WSocketSessionConnected$qqrp14System@TObjectus
@Smtpprot@TCustomSmtpClient@WndProc$qqrr17Messages@TMessage
@Smtpprot@TSmtpCli@
@Smtpprot@TSmtpCli@$bctr$qqrp18Classes@TComponent
@Smtpprot@TSmtpCli@$bdtr$qqrv
@Smtpprot@TSmtpCli@Data$qqrv
@Smtpprot@TSmtpCli@PrepareEMail$qqrv
@Smtpprot@TSmtpCli@SetEMailFiles$qqrp16Classes@TStrings
@Smtpprot@TSmtpCli@TriggerAttachContentType$qqrir17System@AnsiStringt2
@Smtpprot@TSmtpCli@TriggerAttachHeader$qqri17System@AnsiStringp16Classes@TStrings
@Smtpprot@TSmtpCli@TriggerGetData$qqripciro
@Smtpprot@TSmtpCli@TriggerHeaderLine$qqrpci
@Smtpprot@TSyncSmtpCli@
@Smtpprot@TSyncSmtpCli@$bctr$qqrp18Classes@TComponent
@Smtpprot@TSyncSmtpCli@AbortSync$qqrv
@Smtpprot@TSyncSmtpCli@ConnectSync$qqrv
@Smtpprot@TSyncSmtpCli@DataSync$qqrv
@Smtpprot@TSyncSmtpCli@HeloSync$qqrv
@Smtpprot@TSyncSmtpCli@MailFromSync$qqrv
@Smtpprot@TSyncSmtpCli@MailSync$qqrv
@Smtpprot@TSyncSmtpCli@OpenSync$qqrv
@Smtpprot@TSyncSmtpCli@QuitSync$qqrv
@Smtpprot@TSyncSmtpCli@RcptToSync$qqrv
@Smtpprot@TSyncSmtpCli@RsetSync$qqrv
@Smtpprot@TSyncSmtpCli@Synchronize$qqrynpqqrv$v
@Smtpprot@TSyncSmtpCli@VrfySync$qqrv
@Smtpprot@TSyncSmtpCli@WaitUntilReady$qqrv
@Smtpprot@initialization$qqrv
@Winconvert@ElzhException@
@Winconvert@Finalization$qqrv
@Winconvert@TLZH@
@Winconvert@TLZH@DecodeChar$qqrynpqqrpvusrus$v
@Winconvert@TLZH@DecodePosition$qqrynpqqrpvusrus$v
@Winconvert@TLZH@DeleteNode$qqrs
@Winconvert@TLZH@EncodeChar$qqrusynpqqrpvusrus$v
@Winconvert@TLZH@EncodeEnd$qqrynpqqrpvusrus$v
@Winconvert@TLZH@EncodePosition$qqrusynpqqrpvusrus$v
@Winconvert@TLZH@EndLZH$qqrv
@Winconvert@TLZH@GetBit$qqrynpqqrpvusrus$v
@Winconvert@TLZH@GetBlockStream$qqrpvusrus
@Winconvert@TLZH@GetByte$qqrynpqqrpvusrus$v
@Winconvert@TLZH@InitLZH$qqrv
@Winconvert@TLZH@InitTree$qqrv
@Winconvert@TLZH@InsertNode$qqrs
@Winconvert@TLZH@LZHPack$qqrriynpqqrpvusrus$vt2
@Winconvert@TLZH@LZHUnpack$qqriynpqqrpvusrus$vt2
@Winconvert@TLZH@PutBlockStream$qqrpvusrus
@Winconvert@TLZH@Putcode$qqrsusynpqqrpvusrus$v
@Winconvert@TLZH@StartHuff$qqrv
@Winconvert@TLZH@reconst$qqrv
@Winconvert@TLZH@update$qqrs
@Winconvert@d_code
@Winconvert@d_len
@Winconvert@initialization$qqrv
@Winconvert@p_code
@Winconvert@p_len
@Winskindata@Finalization$qqrv
@Winskindata@GSkinData
@Winskindata@RGBToColor$qqrucucuc
@Winskindata@StrToWideStr$qqrx17System@AnsiString
@Winskindata@TDataSkinBorder@
@Winskindata@TDataSkinBorder@$bctr$qqr17System@AnsiString
@Winskindata@TDataSkinBorder@$bdtr$qqrv
@Winskindata@TDataSkinBoxLabel@
@Winskindata@TDataSkinButton@
@Winskindata@TDataSkinButton@$bctr$qqr17System@AnsiString
@Winskindata@TDataSkinButton@$bdtr$qqrv
@Winskindata@TDataSkinObject@
@Winskindata@TDataSkinObject@$bctr$qqr17System@AnsiString
@Winskindata@TDataSkinObject@$bdtr$qqrv
@Winskindata@TDataSkinSysButton@
@Winskindata@TDataSkinTitle@
@Winskindata@TSkinControlList@
@Winskindata@TSkinControlList@$bctr$qqrv
@Winskindata@TSkinControlList@$bdtr$qqrv
@Winskindata@TSkinControlList@SetCheckbox$qqrp16Classes@TStrings
@Winskindata@TSkinControlList@SetEdit$qqrp16Classes@TStrings
@Winskindata@TSkinControlList@SetRadiobutton$qqrp16Classes@TStrings
@Winskindata@TSkinControlList@Setcombobox$qqrp16Classes@TStrings
@Winskindata@TSkinData@
@Winskindata@TSkinData@$bctr$qqrp18Classes@TComponent
@Winskindata@TSkinData@$bdtr$qqrv
@Winskindata@TSkinData@AddNestForm$qqrp20Controls@TWinControlt1
@Winskindata@TSkinData@ChangeProperty$qqrp14System@TObject17System@AnsiStringt2
@Winskindata@TSkinData@CreateMdibtn$qqri
@Winskindata@TSkinData@DefineProperties$qqrp14Classes@TFiler
@Winskindata@TSkinData@DeleteGraphicControl$qqrp11Forms@TFormp24Controls@TGraphicControl
@Winskindata@TSkinData@DoFormSkin$qqr17System@AnsiStringro
@Winskindata@TSkinData@DoSkinChanged$qqrv
@Winskindata@TSkinData@GetColor$qqrx17System@AnsiString15Graphics@TColor
@Winskindata@TSkinData@GetFileName$qqr17System@AnsiString
@Winskindata@TSkinData@GetPrecolor$qqrr15Graphics@TColori
@Winskindata@TSkinData@GetSectionNum$qqr17System@AnsiStringt1
@Winskindata@TSkinData@GetSkinStore$qqrv
@Winskindata@TSkinData@InitControlList$qqrv
@Winskindata@TSkinData@Install$qqrv
@Winskindata@TSkinData@InstallThread$qqri
@Winskindata@TSkinData@LoadFromCollection$qqrp23Winskinstore@TSkinStorei
@Winskindata@TSkinData@LoadFromFile$qqr17System@AnsiString
@Winskindata@TSkinData@LoadFromIni$qqr17System@AnsiString
@Winskindata@TSkinData@LoadFromStream$qqrp15Classes@TStream
@Winskindata@TSkinData@LoadSkin$qqrv
@Winskindata@TSkinData@Loaded$qqrv
@Winskindata@TSkinData@ReadBord$qqrv
@Winskindata@TSkinData@ReadBoxLabel$qqrrp29Winskindata@TDataSkinBoxLabel17System@AnsiString
@Winskindata@TSkinData@ReadButton$qqrv
@Winskindata@TSkinData@ReadColor$qqrv
@Winskindata@TSkinData@ReadData$qqrp15Classes@TStream
@Winskindata@TSkinData@ReadMenuBar$qqrrp27Winskindata@TDataSkinObject17System@AnsiString
@Winskindata@TSkinData@ReadObject$qqrrp27Winskindata@TDataSkinObject17System@AnsiString
@Winskindata@TSkinData@ReadObject2$qqrrp27Winskindata@TDataSkinBorder17System@AnsiStringt2
@Winskindata@TSkinData@ReadProgress$qqrrp27Winskindata@TDataSkinBorder17System@AnsiString
@Winskindata@TSkinData@ReadRGB$qqr17System@AnsiStringt1r15Graphics@TColor
@Winskindata@TSkinData@ReadSysButton$qqrv
@Winskindata@TSkinData@ReadTitle$qqrp27Winskindata@TDataSkinObject17System@AnsiString
@Winskindata@TSkinData@Readbmp$qqrp16Graphics@TBitmap17System@AnsiString
@Winskindata@TSkinData@SetActive$qqro
@Winskindata@TSkinData@SetControlList$qqrp16Classes@TStrings
@Winskindata@TSkinData@SetFrame$qqrv
@Winskindata@TSkinData@SetSkinStore$qqrx17System@AnsiString
@Winskindata@TSkinData@SetVersion$qqr17System@AnsiString
@Winskindata@TSkinData@SkinForm$qqrui
@Winskindata@TSkinData@UnInstallThread$qqri
@Winskindata@TSkinData@Uninstall$qqrv
@Winskindata@TSkinData@UpdateMainMenu$qqro
@Winskindata@TSkinData@UpdateMenu$qqrp11Forms@TForm
@Winskindata@TSkinData@UpdateSkin$qqrv
@Winskindata@TSkinData@UpdateSkinControl$qqrp11Forms@TFormp20Controls@TWinControl
@Winskindata@TSkinData@WriteData$qqrp15Classes@TStream
@Winskindata@Tnt_DrawTextW$qqrui17System@WideStringr13Windows@TRectui
@Winskindata@Win32PlatformIsUnicode
@Winskindata@_WStr$qqrpbi
@Winskindata@initialization$qqrv
@Winskindata@strcolor$qqr17System@AnsiString
@Winskindlg@Finalization$qqrv
@Winskindlg@SkinHookCBT$qqsiii
@Winskindlg@SkinHookCBT2$qqsiii
@Winskindlg@SkinHookCallRet$qqsiii
@Winskindlg@SkinHookCallback$qqsiii
@Winskindlg@SkinManager
@Winskindlg@TSkinManage@
@Winskindlg@TSkinManage@$bctr$qqrv
@Winskindlg@TSkinManage@$bdtr$qqrv
@Winskindlg@TSkinManage@ActiveForm$qqrp11Forms@TForm
@Winskindlg@TSkinManage@AddForm$qqrui
@Winskindlg@TSkinManage@AddMenu$qqrui
@Winskindlg@TSkinManage@AddSkinData$qqrpv
@Winskindlg@TSkinManage@DeleteAllForms$qqrv
@Winskindlg@TSkinManage@DeleteAllMenus$qqrv
@Winskindlg@TSkinManage@DeleteAllThreads$qqrv
@Winskindlg@TSkinManage@DeleteDeleted$qqrv
@Winskindlg@TSkinManage@DeleteForm$qqrui
@Winskindlg@TSkinManage@DeleteForm2$qqrui
@Winskindlg@TSkinManage@DeleteForm3$qqrv
@Winskindlg@TSkinManage@DeleteMenu$qqrui
@Winskindlg@TSkinManage@DeleteSysbtn$qqrv
@Winskindlg@TSkinManage@FindPopupMenu$qqrui
@Winskindlg@TSkinManage@FindSkinForm$qqrui
@Winskindlg@TSkinManage@FindSkinMenu$qqrui
@Winskindlg@TSkinManage@FindSkindata$qqrrpvui
@Winskindlg@TSkinManage@FindTForm$qqrui
@Winskindlg@TSkinManage@GetMDIChildNum$qqrv
@Winskindlg@TSkinManage@GetMenuBg$qqrui
@Winskindlg@TSkinManage@InstallHook$qqrv
@Winskindlg@TSkinManage@InstallThread$qqri
@Winskindlg@TSkinManage@NestedForm$qqrui
@Winskindlg@TSkinManage@OnBeforeSkin$qqr17System@AnsiString
@Winskindlg@TSkinManage@OnTimer$qqrp14System@TObject
@Winskindlg@TSkinManage@RemoveSkinData$qqrpv
@Winskindlg@TSkinManage@SetAction$qqrii
@Winskindlg@TSkinManage@SetCaption$qqro
@Winskindlg@TSkinManage@SetMDIMax$qqro
@Winskindlg@TSkinManage@SetMDIMax2$qqro
@Winskindlg@TSkinManage@SetPopMenu$qqrv
@Winskindlg@TSkinManage@UnInstallThread$qqri
@Winskindlg@TSkinManage@Uninitsb$qqrui
@Winskindlg@TSkinManage@UpdateSkinMenu$qqrui
@Winskindlg@TSkinManage@initsb$qqrui
@Winskindlg@TSkinThread@
@Winskindlg@initialization$qqrv
@Winskinform@BG
@Winskinform@BitmapToRegion$qqrp16Graphics@TBitmapii15Graphics@TColorucucuc
@Winskinform@Bitmapdraw$qqruirx13Windows@TRectp16Graphics@TBitmap
@Winskinform@CopyHMenu$qqrui
@Winskinform@DeleteHMenu$qqrui
@Winskinform@DrawBGbmp$qqrp16Graphics@TCanvasrx13Windows@TRectp16Graphics@TBitmapt2
@Winskinform@DrawBorder$qqruirx13Windows@TRectp16Graphics@TBitmapt2iiii
@Winskinform@DrawRect1$qqruirx13Windows@TRectp16Graphics@TBitmapiii
@Winskinform@DrawRect2$qqruirx13Windows@TRectp16Graphics@TBitmapt2iiiii
@Winskinform@DrawRect3$qqruirx13Windows@TRectp16Graphics@TBitmapiii
@Winskinform@DrawRectTile$qqrp16Graphics@TCanvasrx13Windows@TRectp16Graphics@TBitmapt2iiii
@Winskinform@DrawTranmap$qqruirx13Windows@TRectp16Graphics@TBitmap15Graphics@TColor
@Winskinform@EnumControl$qqsuii
@Winskinform@Finalization$qqrv
@Winskinform@GetFormCaption$qqrui
@Winskinform@GetHMap$qqrrx13Windows@TRectp16Graphics@TBitmapt1iiii
@Winskinform@GetThumbMap$qqrrx13Windows@TRectp16Graphics@TBitmapt1iiii
@Winskinform@GetWindowClassname$qqrui
@Winskinform@Logstring
@Winskinform@Max$qqrxixi
@Winskinform@Min$qqrxixi
@Winskinform@MsgtoStr$qqrrx17Messages@TMessage
@Winskinform@SBCustomDraw$qqrp26Winsubclass@TSkinScrollbarp27Winskinform@NMCSBCUSTOMDRAW
@Winskinform@SetProperty$qqrp14System@TObject17System@AnsiStringt2
@Winskinform@SkinAddLog$qqr17System@AnsiString
@Winskinform@SkinCanLog
@Winskinform@TMenuBtn@
@Winskinform@TMenuBtn@draw$qqrv
@Winskinform@TNCObject@
@Winskinform@TNCObject@Draw$qqrv
@Winskinform@TNCObject@MouseDown$qqrv
@Winskinform@TNCObject@MouseEnter$qqrv
@Winskinform@TNCObject@MouseLeave$qqrv
@Winskinform@TNCObject@MouseUp$qqrv
@Winskinform@TWinSkinForm@
@Winskinform@TWinSkinForm@$bctr$qqrp18Classes@TComponent
@Winskinform@TWinSkinForm@$bdtr$qqrv
@Winskinform@TWinSkinForm@AddComp$qqrp18Classes@TComponentp20Controls@TWinControl
@Winskinform@TWinSkinForm@AddControl$qqrui
@Winskinform@TWinSkinForm@AddControlList$qqrp24Winsubclass@TSkinControl
@Winskinform@TWinSkinForm@AddSysMenuitem$qqr17System@AnsiStringi
@Winskinform@TWinSkinForm@CMDialogChar$qqrr17Messages@TMessage
@Winskinform@TWinSkinForm@CancelMenu$qqrv
@Winskinform@TWinSkinForm@ChangeMDIStyle$qqrv
@Winskinform@TWinSkinForm@CheckMenu$qqrp20Winskinform@TMenuBtn
@Winskinform@TWinSkinForm@Checkvisible$qqri
@Winskinform@TWinSkinForm@ClickButton$qqrp20Winskinform@TMenuBtn
@Winskinform@TWinSkinForm@CreateCaptionFont$qqrv
@Winskinform@TWinSkinForm@CreateMenuItem$qqruii
@Winskinform@TWinSkinForm@CreateSysmenu$qqrv
@Winskinform@TWinSkinForm@Cropwindow$qqrv
@Winskinform@TWinSkinForm@Default$qqrr17Messages@TMessage
@Winskinform@TWinSkinForm@DefaultMDI$qqrr17Messages@TMessage
@Winskinform@TWinSkinForm@DefaultMenuItem$qqrp14System@TObjectp16Graphics@TCanvasrx13Windows@TRecto
@Winskinform@TWinSkinForm@DeleteControl$qqrp24Winsubclass@TSkinControl
@Winskinform@TWinSkinForm@DeleteControls$qqrv
@Winskinform@TWinSkinForm@DeleteSkinDeleted$qqrv
@Winskinform@TWinSkinForm@DeleteSysbtn$qqrv
@Winskinform@TWinSkinForm@DoDrawText$qqrp15Menus@TMenuItemp16Graphics@TCanvasx17System@WideStringr13Windows@TRectoi
@Winskinform@TWinSkinForm@DoSysMenu$qqrp14System@TObject
@Winskinform@TWinSkinForm@DrawAllSysbtn$qqrp16Graphics@TCanvasrx13Windows@TRect
@Winskinform@TWinSkinForm@DrawFLine$qqrui
@Winskinform@TWinSkinForm@DrawHMenuItem2$qqruip14System@TObjectp16Graphics@TCanvasrx13Windows@TRecto
@Winskinform@TWinSkinForm@DrawIcon$qqruiii
@Winskinform@TWinSkinForm@DrawItemText$qqrp15Menus@TMenuItemp16Graphics@TCanvasrx13Windows@TRecto
@Winskinform@TWinSkinForm@DrawLine$qqrp16Graphics@TCanvasrx13Windows@TRect
@Winskinform@TWinSkinForm@DrawMenuCaption$qqrp16Graphics@TCanvasrx13Windows@TRect
@Winskinform@TWinSkinForm@DrawMenuItem$qqrp14System@TObjectp16Graphics@TCanvasrx13Windows@TRecto
@Winskinform@TWinSkinForm@DrawSysbtn$qqrp25Winskinform@TWinSysButtoni
@Winskinform@TWinSkinForm@Drawborder$qqrirx13Windows@TRectui
@Winskinform@TWinSkinForm@EnableSysbtn$qqro
@Winskinform@TWinSkinForm@Find3rdControl$qqr17System@AnsiStringp20Controls@TWinControl
@Winskinform@TWinSkinForm@FindBtn$qqrrx14Windows@TPoint
@Winskinform@TWinSkinForm@FindButtonFromAccel$qqrus
@Winskinform@TWinSkinForm@FindSkinComp$qqrp18Classes@TComponent
@Winskinform@TWinSkinForm@GetFormstyle$qqrv
@Winskinform@TWinSkinForm@GetIcon$qqrp16Graphics@TBitmap
@Winskinform@TWinSkinForm@GetMenuBG$qqrv
@Winskinform@TWinSkinForm@GetWinXY$qqrss
@Winskinform@TWinSkinForm@GetWindowstate$qqrv
@Winskinform@TWinSkinForm@InitControls$qqrp20Controls@TWinControl
@Winskinform@TWinSkinForm@InitHwndControls$qqrv
@Winskinform@TWinSkinForm@InitMenu$qqrp20Controls@TWinControloo

Sections

Size: 342KB - Virtual size: 932KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 884KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 342KB - Virtual size: 932KB

.rsrc Size: 884KB - Virtual size: 1.3MB

.reloc Size: - Virtual size: 52KB

.aspack Size: 27KB - Virtual size: 28KB

.adata Size: - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 884KB - Virtual size: 1.3MB

.reloc
Size: - Virtual size: 52KB

.aspack
Size: 27KB - Virtual size: 28KB

.adata
Size: - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 1.3MB - Virtual size: 1.3MB