4486e6da833dca3069748c7f1a0c6f44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4486e6da833dca3069748c7f1a0c6f44_JaffaCakes118
Size

1.8MB
MD5

4486e6da833dca3069748c7f1a0c6f44
SHA1

8afddbc804afb44dabccd45163e2cf3e5f20298f
SHA256

94bd7bd2916e33aefadc94ccf601a0628f277ffcbd7da7696fc10cc9e2b6f16b
SHA512

f8c03d5fb8f48f8187462513f1273f3978615e43a213109681acb56600ad59a11b4609c5c909c4b7c6c52d055e0f40d51d354635c33d11dd4f7d7a91b57575a9
SSDEEP

49152:mOVqt+6KNtGxTR2muSY/xYjgKH5F3pMTdn19IX9P2zw6iut+6I:nqQ1GxTs5xYEIUn1yA8TuQf

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
4486e6da833dca3069748c7f1a0c6f44_JaffaCakes118
unpack001/$PLUGINSDIR/Processes.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack003/out.upx
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsisos.dll
unpack001/$TEMP/scs.exe
unpack001/RewardsArcade.dll
unpack001/RewardsArcade.exe
unpack001/Uninstall.exe
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/inetc.dll
unpack004/$PLUGINSDIR/nsExec.dll
unpack004/$PLUGINSDIR/nsisos.dll
unpack004/$TEMP/scs.exe
unpack001/UserConfirmation.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

4486e6da833dca3069748c7f1a0c6f44_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$LOCALAPPDATA/RewardsArcade/498/Chrome/rewardsarcade.crx
.zip
background.html
.html
background.js
extension.js
.js
icons/actions/icon1.png
.png
icons/icon128.png
.png
icons/icon16.png
.png
icons/icon48.png
.png
icons/notifications/icon1.png
.png
js/api/analytics.js
.js
js/api/chrome.js
.js
js/api/cookie.js
.js
js/api/debug.js
.js
js/api/dom.js
.js
js/api/fb_api.js
.js
js/api/installer.js
.js
js/api/message.js
.js
js/api/push.js
.js
js/api/request.js
.js
js/api/time.js
.js
js/background.js
.js
js/lib/app_api.js
.js
js/lib/async_api.js
.js
js/lib/bg_app_api.js
.js
js/lib/cookie_store.js
.js
js/lib/data_store.js
.js
js/lib/faye-browser-min.js
.js
js/lib/fb_bridge.js
.js
js/lib/jquery-1.4.2.js
.js
js/lib/jquery_later.js
.js
js/lib/util.js
.js
manifest.json
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome.manifest
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/background.html
.html .js polyglot
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/browser.xul
.xml
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/crossrider.js
.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/crossriderapi.js
.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/Images/b.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/Images/bl.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/Images/br.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/Images/closelabel.gif
.gif
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/Images/loading.gif
.gif
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/Images/tl.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/Images/tr.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/facebox.css
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/facebox/facebox.js
.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/faye-browser-min.js
.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/lib/jquery-1.4.2.js
.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/manage-apps-style.css
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/manage-apps.html
.html .js polyglot
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/messaging.js
.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/options.xul
.xml
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/push.html
.html
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/socialapi.js
.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/update.html
.html .js polyglot
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/utilityapi.js
.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/chrome/content/workers_chain.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/defaults/preferences/prefs.js
$LOCALAPPDATA/RewardsArcade/498/Firefox/install.rdf
.xml
$LOCALAPPDATA/RewardsArcade/498/Firefox/locale/en-US/translations.dtd
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/button1.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/button2.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/button3.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/button4.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/button5.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/crossrider_statusbar.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/icon24.png
.png
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/skin.css
$LOCALAPPDATA/RewardsArcade/498/Firefox/skin/update.css
$LOCALAPPDATA/RewardsArcade/498/uninstall.ico
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

38e5d87efd24fb4005f186879a64501c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
LoadLibraryA
MultiByteToWideChar
VirtualAlloc
VirtualProtect
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_errno
fflush
free
malloc

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 284B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

06e07a9e2c8ec78ec44f1a538a1bd2a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
DeleteFileA
ExitProcess
GetCommandLineA
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTempFileNameA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
MapViewOfFile
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

user32

CharNextA
CharPrevA
FindWindowExA
OemToCharBuffA
SendMessageA
wsprintfA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisos.dll
.dll windows:1 windows x86 arch:x86

a70233c77fd258ec47709388c2338273

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetVersionExA
RtlUnwind
RtlZeroMemory
lstrcpyA

crtdll

_fdopen
_open_osfhandle
_ultoa
fclose
_cexit
malloc
printf
raise
setbuf
strcpy

Exports

Exports

osplatform
osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 588B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
$TEMP/scs.exe
.exe windows:4 windows x86 arch:x86

a4f7472959bb80652b46ef53fc672202

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TlsGetValue
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_assert
_cexit
_flsbuf
_iob
_isatty
_isctype
_onexit
_pctype
_setmode
_winmajor
abort
atexit
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
free
fwrite
getenv
localtime
malloc
memcmp
memmove
memset
printf
putchar
puts
qsort
realloc
signal
strcmp
strncmp
strncpy
strtol
tolower
vfprintf

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RewardsArcade.dll
.dll regsvr32 windows:5 windows x86 arch:x86

49dde9b8aa67158ba54c1f34b0eb4e01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToCacheFileA
URLOpenPullStreamA

wininet

InternetGetCookieA
InternetSetCookieA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA

ws2_32

inet_ntoa
gethostbyname
WSAStartup
WSACleanup

kernel32

GetUserDefaultLCID
GetConsoleMode
InterlockedDecrement
lstrlenA
InterlockedIncrement
DebugBreak
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleHandleA
lstrcmpiA
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
InitializeCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
LocalFree
SetStdHandle
WriteConsoleW
CreateThread
GetVersion
GetConsoleCP
LoadLibraryW
InterlockedExchange
LCMapStringW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
ReadFile
GetStartupInfoW
GetFileType
SetHandleCount
GetTimeZoneInformation
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
HeapSize
Sleep
GetStringTypeW
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
CloseHandle
CreateFileA
SetEndOfFile
CreateFileW
CompareStringW
SetEnvironmentVariableA
GetStringTypeExA
LCMapStringA
RtlUnwind
InterlockedPopEntrySList
GetSystemTimeAsFileTime
WaitForSingleObject
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
DecodePointer
EncodePointer
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetLocalTime

user32

LoadStringA
UnregisterClassA
CharNextW
CallWindowProcA
SetWindowLongA
CharNextA
wvsprintfA
LoadCursorA
EnumWindows
GetClassNameA
PostMessageA
SendMessageA
DestroyWindow
FindWindowExA
GetParent
IsWindowEnabled
CharLowerA
RegisterClassExA
CreateWindowExA
GetWindowLongA
GetClassInfoExA
KillTimer
SetTimer
MessageBoxA
DefWindowProcA

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CLSIDFromProgID
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr
LoadRegTypeLi
SysAllocStringLen
VariantCopy
VariantChangeType
UnRegisterTypeLi
LoadTypeLi
DispCallFunc
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocString
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RewardsArcade.exe
.exe windows:5 windows x86 arch:x86

5f64095e645118b560362876efa3f919

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileA

wininet

InternetGetCookieA
InternetSetCookieA

kernel32

InitializeCriticalSectionAndSpinCount
CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
FreeLibrary
GetCurrentProcessId
SetLastError
WideCharToMultiByte
GetModuleHandleA
GetCurrentThreadId
TerminateProcess
WaitForSingleObject
MultiByteToWideChar
lstrlenW
lstrcmpiA
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
LocalFree
RaiseException
GetCurrentProcess
GetExitCodeProcess
GetVersion
CreateFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
LoadLibraryW
LCMapStringW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
ReadFile
HeapReAlloc
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
LoadLibraryA
GetProcAddress
OutputDebugStringA
DebugBreak
InterlockedIncrement
lstrlenA
InterlockedDecrement
LocalAlloc
GetModuleFileNameW
WriteFile
CreateFileW
SetEndOfFile
WriteConsoleW
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapSize
Sleep
GetStringTypeW
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTimeAsFileTime
GetLocalTime
EncodePointer
DecodePointer
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

FindWindowExA
MessageBoxA
DestroyWindow
EnumWindows
PostMessageA
GetWindowThreadProcessId
CharNextA
LoadStringA
wvsprintfA
GetClassNameA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VarUI4FromStr
SysFreeString
SysAllocString

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

38e5d87efd24fb4005f186879a64501c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
LoadLibraryA
MultiByteToWideChar
VirtualAlloc
VirtualProtect
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_errno
fflush
free
malloc

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 284B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

06e07a9e2c8ec78ec44f1a538a1bd2a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
DeleteFileA
ExitProcess
GetCommandLineA
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTempFileNameA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
MapViewOfFile
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

user32

CharNextA
CharPrevA
FindWindowExA
OemToCharBuffA
SendMessageA
wsprintfA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisos.dll
.dll windows:1 windows x86 arch:x86

a70233c77fd258ec47709388c2338273

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetVersionExA
RtlUnwind
RtlZeroMemory
lstrcpyA

crtdll

_fdopen
_open_osfhandle
_ultoa
fclose
_cexit
malloc
printf
raise
setbuf
strcpy

Exports

Exports

osplatform
osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 588B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
$TEMP/scs.exe
.exe windows:4 windows x86 arch:x86

a4f7472959bb80652b46ef53fc672202

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TlsGetValue
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_assert
_cexit
_flsbuf
_iob
_isatty
_isctype
_onexit
_pctype
_setmode
_winmajor
abort
atexit
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
free
fwrite
getenv
localtime
malloc
memcmp
memmove
memset
printf
putchar
puts
qsort
realloc
signal
strcmp
strncmp
strncpy
strtol
tolower
vfprintf

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UserConfirmation.exe
.exe windows:5 windows x86 arch:x86

22dec91ce69e1513e7070bc9391af63e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Shai\Documents\Visual Studio 2010\Projects\UserConfirmation\Release\UserConfirmation.pdb

Imports

kernel32

SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
FindResourceW
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
CreateThread
ExitThread
WriteConsoleW
RaiseException
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
Sleep
GetProfileIntW
GetTickCount
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
SetErrorMode
GetNumberFormatW
GetWindowsDirectoryW
HeapReAlloc
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
lstrcpyW
GetSystemDirectoryW
DeleteFileW
GetCurrentDirectoryW
FileTimeToSystemTime
lstrlenA
GlobalGetAtomNameW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalFlags
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
GetModuleHandleW
FreeLibrary
GetProcAddress
CompareStringW
LoadLibraryW
lstrcmpW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
GlobalSize
GlobalAlloc
FormatMessageW
LocalFree
lstrlenW
GetCurrentProcessId
GetModuleFileNameW
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
LockResource
SizeofResource
LoadResource

user32

GetKeyNameTextW
PostThreadMessageW
CharUpperBuffW
CopyIcon
FrameRect
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LockWindowUpdate
SetCursorPos
SetRect
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
SetClassLongW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
DrawIconEx
GetNextDlgGroupItem
LoadImageW
CopyImage
GetIconInfo
HideCaret
DrawFocusRect
InvertRect
MapVirtualKeyW
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
RedrawWindow
SetWindowRgn
OffsetRect
CharUpperW
DestroyIcon
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
KillTimer
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
UnregisterClassW
LoadCursorW
GetSysColorBrush
IntersectRect
RealChildWindowFromPoint
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
InvalidateRect
DrawStateW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
IsCharLowerW
LoadMenuW
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetWindowRect
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
MapVirtualKeyExW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
GetWindowRgn
MapDialogRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindow
GetMenuState
DestroyCursor
SubtractRect
GetDoubleClickTime
GetUpdateRect
ValidateRect
IsClipboardFormatAvailable
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
SendMessageW
LoadIconW
EnableWindow
LoadBitmapW
GetClientRect
SetTimer

gdi32

CreateDCW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
OffsetRgn
GetRgnBox
CopyMetaFileW
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
GetTextFaceW
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateSolidBrush
CreateHatchBrush
SelectObject
CreatePen
GetDeviceCaps
ScaleViewportExtEx
GetObjectType
SelectPalette
GetStockObject
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetDIBColorTable
CreateCompatibleDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
StretchBlt
BitBlt
GetObjectW
SetWindowOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegCloseKey
RegEnumValueW
RegQueryValueW

shell32

SHAppBarMessage
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
DragQueryFileW
DragFinish
ShellExecuteW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

SysFreeString
VarBstrFromDate
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 882KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appAPIinternalWrapper.js
.js
fb.js
.js
jquery.js
.js
json.js
.js

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 136B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 107KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 64KB

.rsrc Size: 87KB - Virtual size: 86KB

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

38e5d87efd24fb4005f186879a64501c

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 16B

.rdata Size: 1024B - Virtual size: 540B

.bss Size: - Virtual size: 284B

.edata Size: 512B - Virtual size: 160B

.idata Size: 1024B - Virtual size: 856B

.reloc Size: 1024B - Virtual size: 624B

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 136B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 107KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 64KB

.rsrc
Size: 87KB - Virtual size: 86KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 16B

.rdata
Size: 1024B - Virtual size: 540B

.bss
Size: - Virtual size: 284B

.edata
Size: 512B - Virtual size: 160B

.idata
Size: 1024B - Virtual size: 856B

.reloc
Size: 1024B - Virtual size: 624B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 144B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 100B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 108B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 236B

.text
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 16B

.data
Size: 80B - Virtual size: 80B

.idata
Size: 588B - Virtual size: 588B

.reloc
Size: 156B - Virtual size: 156B

.edata
Size: 96B - Virtual size: 96B

.text
Size: 387KB - Virtual size: 387KB

.data
Size: 5KB - Virtual size: 5KB

.rdata
Size: 46KB - Virtual size: 45KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B