4c2cde88c060481d8ea601c89c3aaed9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c2cde88c060481d8ea601c89c3aaed9_JaffaCakes118
Size

1.6MB
MD5

4c2cde88c060481d8ea601c89c3aaed9
SHA1

5a10eada28bb05b91f2face8f93daf9741c9203f
SHA256

f41cfec2de71d86b8ab0d30b9716666165da7190a94f4bea13c4146789672ff5
SHA512

a0699354595bbd8ad70bafb44ae81b35b2f3a6c5df77c0683d2534a10d17e44462ce99fb19f527598c17a089cc3fe4dbe54940d1c7b0ccd32d2dd082475fdcd3
SSDEEP

24576:27V/p9oMLXuSS8J3uhK9L/6FlU+bQTGpegnEfD4fQqPXf7hRsii+Mny91ZAWjz47:SpDr9u6L+NESPv7HsLxmzBlH3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ImageX_Onekey_101120/DLL file for WinPE/oledlg.dll
unpack001/ImageX_Onekey_101120/DLL file for WinPE/olepro32.dll
unpack001/ImageX_Onekey_101120/DLL file for WinPE/urlmon.dll
unpack001/ImageX_Onekey_101120/ImageX_Onekey_101120.exe

Files

4c2cde88c060481d8ea601c89c3aaed9_JaffaCakes118
.rar
ImageX_Onekey_101120/DLL file for WinPE/dll for pe.txt
ImageX_Onekey_101120/DLL file for WinPE/oledlg.dll
.dll windows:5 windows x86 arch:x86

bad3bfc063a266365b4ee4a6b547ba7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

oledlg.pdb

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
??2@YAPAXI@Z
??3@YAXPAX@Z
iswalpha
_except_handler3
wcschr
malloc
free
_vsnwprintf
memmove
_resetstkoflw

kernel32

GetProcAddress
LoadLibraryW
lstrcmpW
lstrcmpiA
MultiByteToWideChar
SearchPathW
FindClose
FindFirstFileW
GetShortPathNameW
GetCurrentDirectoryW
GetFileAttributesW
TlsGetValue
GetVersion
TlsAlloc
TlsFree
LocalFree
TlsSetValue
LocalAlloc
GlobalSize
ResetEvent
WaitForSingleObject
CreateEventW
CloseHandle
MulDiv
FindNextFileW
DisableThreadLibraryCalls
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcmpiW
lstrlenW
GetFullPathNameW
IsBadStringPtrW
IsBadCodePtr
IsBadWritePtr
CompareFileTime
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTimeFormatW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
IsBadReadPtr
GetNumberFormatW
GetLocaleInfoW
LockResource
LoadResource
FindResourceW
GlobalLock
FreeLibrary
GlobalAlloc
GlobalFree
GlobalUnlock

user32

GetLastActivePopup
IsIconic
LoadIconW
IsWindow
GetDesktopWindow
DialogBoxIndirectParamW
GetWindowLongW
SetPropW
RemovePropW
EnableWindow
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
WinHelpW
GetDlgCtrlID
SetForegroundWindow
ScreenToClient
GetCursorPos
GetPropW
MapWindowPoints
GetClipboardFormatNameW
CharPrevW
GetDialogBaseUnits
GetClientRect
DestroyWindow
UpdateWindow
InvalidateRect
IsDlgButtonChecked
CreateIcon
GetSystemMetrics
DrawFocusRect
DrawIcon
GetSysColor
RegisterWindowMessageW
GetFocus
EndPaint
GetWindowWord
BeginPaint
FillRect
SetWindowWord
DefWindowProcW
RegisterClassW
LoadCursorW
CheckDlgButton
CharNextW
DialogBoxParamW
SetTimer
KillTimer
InflateRect
PeekMessageW
DispatchMessageW
TranslateMessage
IsDialogMessageW
DrawMenuBar
GetMenu
GetActiveWindow
DestroyMenu
InsertMenuW
CreatePopupMenu
DeleteMenu
RegisterClipboardFormatW
GetForegroundWindow
SetClipboardViewer
ChangeClipboardChain
LoadBitmapW
ShowCursor
SetCursor
CharLowerW
GetWindow
GetWindowThreadProcessId
GetWindowTextW
IsWindowEnabled
GetDlgItemInt
MessageBoxW
DestroyIcon
GetParent
GetWindowTextLengthW
SetFocus
CheckRadioButton
SetDlgItemInt
CreateWindowExW
GetDlgItem
ShowWindow
LoadStringW
SendMessageW
PostMessageW
EndDialog
GetDlgItemTextW
SetWindowLongW
SetDlgItemTextW
SendDlgItemMessageW
SetWindowTextW
IsWindowVisible
ChildWindowFromPointEx

gdi32

CreateICW
GetMetaFileBitsEx
GetTextExtentPointW
CreateCompatibleDC
BitBlt
GetBkColor
DeleteDC
CreateSolidBrush
SetBkMode
UnrealizeObject
SetBrushOrgEx
SetBkColor
ExtTextOutW
SaveDC
SetMapMode
SetViewportOrgEx
SetViewportExtEx
EnumMetaFile
PlayMetaFile
RestoreDC
CreateCompatibleBitmap
CreateBitmap
SetDIBits
GetBitmapBits
PlayMetaFileRecord
GetStockObject
SelectObject
GetTextMetricsW
DeleteObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetTextColor

advapi32

RegNotifyChangeKeyValue
RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegCloseKey

ole32

OleDuplicateData
ReleaseStgMedium
OleMetafilePictFromIconAndLabel
GetClassFile
CLSIDFromProgID
OleGetIconOfFile
OleCreateLinkToFile
OleCreateFromFile
OleRegGetUserType
CoGetMalloc
OleQueryCreateFromData
OleQueryLinkFromData
OleGetClipboard
CoTaskMemRealloc
CoTaskMemFree
IsValidInterface
StringFromCLSID
CLSIDFromString
OleCreate
OleGetIconOfClass

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlImageNtHeader

Exports

Exports

OleUIAddVerbMenuA
OleUIAddVerbMenuW
OleUIBusyA
OleUIBusyW
OleUICanConvertOrActivateAs
OleUIChangeIconA
OleUIChangeIconW
OleUIChangeSourceA
OleUIChangeSourceW
OleUIConvertA
OleUIConvertW
OleUIEditLinksA
OleUIEditLinksW
OleUIInsertObjectA
OleUIInsertObjectW
OleUIObjectPropertiesA
OleUIObjectPropertiesW
OleUIPasteSpecialA
OleUIPasteSpecialW
OleUIPromptUserA
OleUIPromptUserW
OleUIUpdateLinksA
OleUIUpdateLinksW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImageX_Onekey_101120/DLL file for WinPE/olepro32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

bfbea1910cdffc9fc4cb569cbd816073

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olepro32.pdb

Imports

user32

CreateIcon
GetSysColor
WinHelpW
IsWindow
EnableWindow
GetMessageA
GetMessageW
TranslateMessage
DispatchMessageW
DispatchMessageA
PostMessageW
PostQuitMessage
GetActiveWindow
SetActiveWindow
SetFocus
DestroyWindow
CreateCursor
wsprintfA
GetTopWindow
IsWindowUnicode
GetClientRect
GetDialogBaseUnits
GetDC
ReleaseDC
GetKeyState
GetWindowLongW
CharNextA
GetWindowTextA
CharLowerA
GetParent
SendMessageW
GetFocus
GetDlgItem
DrawIcon
GetSystemMetrics
SetWindowLongW
GetIconInfo
CopyIcon
CopyImage
DestroyIcon
RegisterClipboardFormatA
wsprintfW

gdi32

GetWindowOrgEx
IntersectClipRect
SaveDC
EnumFontFamiliesExW
GetTextFaceW
CreateHalftonePalette
Escape
CreateDIBSection
CreateDIBitmap
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
DeleteEnhMetaFile
DeleteMetaFile
PlayMetaFileRecord
SetBitmapBits
SetDIBits
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
GetBitmapBits
SetEnhMetaFileBits
SetStretchBltMode
SetBkColor
SetTextColor
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
CreateFontIndirectW
CreateFontIndirectA
GetDeviceCaps
DeleteObject
GetTextExtentPointA
GetTextMetricsW
SelectObject
GetPaletteEntries
PatBlt
CreateBitmap
SetMetaFileBitsEx
GetBitmapDimensionEx
GetObjectW
GetEnhMetaFileHeader
StretchDIBits
GetDIBits
StretchBlt
RealizePalette
SelectPalette
GetStockObject
GetObjectType
GetCurrentObject
GetWinMetaFileBits
SetViewportExtEx

kernel32

MultiByteToWideChar
IsDBCSLeadByte
FreeLibrary
MulDiv
LockResource
LoadResource
FindResourceW
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalDeleteAtom
GlobalAddAtomW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetVersion
GetSystemDirectoryA
GetLastError
LoadLibraryA

advapi32

RegOpenKeyA
RegOpenKeyW
RegCreateKeyA
RegSetValueA
RegQueryValueW
RegFlushKey
RegCloseKey

msvcrt

free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
?terminate@@YAXXZ
wcslen
wcscpy
wcsrchr
??3@YAXPAX@Z
wcsncat
??2@YAPAXI@Z
__CxxFrameHandler
_except_handler3
_CIfmod
calloc
_CxxThrowException
_wcslwr
wcscmp
_wcsicmp
_ftol
wcsncpy

ole32

StgCreateDocfile
StringFromGUID2
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
ReleaseStgMedium
CoCreateInstance
CoGetMalloc

oleaut32

LoadTypeLi
VariantInit
VariantClear
SysFreeString
SysAllocString
VariantChangeType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImageX_Onekey_101120/DLL file for WinPE/urlmon.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d0904ddabefcaf10c945811fa50fa42e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

urlmon.pdb

Imports

advapi32

RegOpenKeyExA
GetUserNameA
OpenProcessToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA

gdi32

GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetObjectType
CreatePalette
GetPaletteEntries
SetEnhMetaFileBits
GetEnhMetaFileBits
CreateBitmap
GetBitmapBits
SetMetaFileBitsEx
GetMetaFileBitsEx
DeleteObject
CreateFontIndirectA
GetObjectA

kernel32

FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetDriveTypeA
CreateMutexA
GetDriveTypeW
RtlMoveMemory
ReleaseMutex
GetTimeFormatA
GetLocaleInfoA
FileTimeToSystemTime
GetCurrentProcess
LocalAlloc
GetLocalTime
RemoveDirectoryA
FindNextFileA
CompareFileTime
SearchPathA
SystemTimeToFileTime
FormatMessageA
DeleteAtom
GetPrivateProfileIntA
GetPrivateProfileStringA
GetSystemTime
CreateThread
TerminateThread
TerminateProcess
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
ExitThread
GetSystemTimeAsFileTime
CopyFileA
GetSystemDirectoryA
GetUserDefaultLCID
GetSystemDefaultLCID
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
FindFirstFileA
GetFullPathNameA
SetLastError
CompareStringA
GetShortPathNameA
GetThreadLocale
lstrcatA
GetFileAttributesA
GetEnvironmentStrings
WriteFile
DeleteFileA
GetTempPathA
GlobalLock
GlobalSize
GlobalUnlock
CreateFileA
GetFileSize
GetFileTime
SetFilePointer
ReadFile
FindClose
QueryDosDeviceW
GetACP
FindAtomA
AddAtomA
CloseHandle
GetLastError
GetCurrentProcessId
LocalFree
GlobalAlloc
GlobalFree
LoadLibraryExA
GetProcessHeap
TlsAlloc
TlsFree
TlsGetValue
HeapAlloc
HeapFree
GetCurrentThreadId
lstrcpyA
lstrlenA
GetModuleFileNameA
lstrcmpA
lstrcmpiA
lstrcpynA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetSystemInfo
TlsSetValue
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
IsBadWritePtr
IsBadReadPtr
lstrlenW
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
HeapSize
RtlUnwind
InterlockedExchange
VirtualQuery
GetTickCount
InitializeCriticalSectionAndSpinCount
lstrcpynW
LoadLibraryW
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
VirtualAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FlushFileBuffers
VirtualProtect
SetStdHandle
QueryPerformanceCounter
SetUnhandledExceptionFilter
CreateDirectoryA
RaiseException

ole32

CLSIDFromProgID
HWND_UserMarshal
HWND_UserUnmarshal
CoFreeUnusedLibraries
StringFromGUID2
HWND_UserSize
CLSIDFromString
HWND_UserFree
CoRegisterMessageFilter
StgOpenStorage
CoUnmarshalInterface
CoMarshalInterface
CoGetMarshalSizeMax
OleGetAutoConvert
ReleaseStgMedium
MonikerRelativePathTo
CreateGenericComposite
CoCreateInstance
CoGetClassObject
StringFromCLSID
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
GetClassFile
CoTaskMemFree
CoTaskMemAlloc
CreateBindCtx
MkParseDisplayName

rpcrt4

NdrCStdStubBuffer_Release
RpcRaiseException
NdrClientCall2
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrDllRegisterProxy

shlwapi

PathRemoveFileSpecW
PathIsUNCServerShareW
SHStrDupW
StrTrimW
ord216
UrlCanonicalizeA
ord218
ord97
ord435
StrCpyW
StrCmpNIW
ord215
StrCpyNW
ord431
ord378
ord107
ord395
SHRegGetValueW
ord125
ord158
PathFindFileNameW
ord80
wnsprintfA
PathCombineA
SHGetValueW
ord24
ord507
ord57
ord508
ord361
SHRegQueryInfoUSKeyW
SHRegEnumUSValueW
SHRegEnumUSKeyW
SHRegQueryUSValueW
SHRegOpenUSKeyW
SHRegCreateUSKeyW
SHRegCloseUSKey
ord457
PathIsPrefixW
ord309
ord472
ord219
SHRegGetUSValueW
ord83
UrlIsW
PathIsUNCW
PathStripToRootW
SHRegSetUSValueW
PathIsRootW
ord446
StrRChrW
ord398
ord94
ord141
ord143
StrDupW
ord29
SHRegDeleteEmptyUSKeyW
SHRegDeleteUSValueW
SHRegWriteUSValueW
ord335
ord558
ord120
ord130
ord559
StrCmpNA
PathFindExtensionA
ord441
StrCatBuffW
SHQueryValueExA
StrCatBuffA
PathFileExistsA
StrToIntW
PathRenameExtensionA
PathUndecorateA
SHRegGetBoolUSValueA
ord52
ord75
ord65
PathIsUNCServerA
ord76
UrlGetPartA
StrToIntA
UrlCombineA
UrlGetLocationA
PathCreateFromUrlA
StrDupA
UrlUnescapeA
ord1
StrStrA
ord154
StrStrW
ord155
ord153
ord151
PathFindExtensionW
StrCmpIW
wnsprintfW
ord564
StrChrW
StrCmpNIA
ord124
ord128
ord59
ord220
ord138
UrlCanonicalizeW
UrlUnescapeW
UrlEscapeW
PathCreateFromUrlW
UrlCreateFromPathW
UrlGetLocationW
StrChrA
UrlCompareW
UrlCombineW
StrCmpW
UrlGetPartW
SHRegGetUSValueA
ord2
ord436
StrNCatA
StrCatW
StrStrIA

user32

RegisterClipboardFormatA
LoadStringA
wsprintfA
CharNextA
CharPrevA
DestroyWindow
PostMessageA
SetWindowLongA
DefWindowProcA
SendMessageA
SetForegroundWindow
GetDlgItem
EndDialog
GetWindowLongA
PostQuitMessage
PeekMessageA
DispatchMessageA
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjects
UnregisterClassA
RegisterClassA
CreateWindowExA
GetClipboardFormatNameA
GetDoubleClickTime
MapWindowPoints
SetWindowTextW
GetClientRect
GetWindowDC
SendMessageW
DrawTextExW
CharLowerA
IsDlgButtonChecked
CheckDlgButton
SendDlgItemMessageA
SetFocus
EnableWindow
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
ShowWindow
MessageBoxW
FindWindowA
GetAsyncKeyState
CharUpperBuffA
SetTimer
KillTimer
OemToCharBuffA
SendNotifyMessageA
GetParent
GetLastActivePopup
GetActiveWindow
DialogBoxParamA
SetDlgItemTextA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

AsyncGetClassBits
AsyncInstallDistributionUnit
BindAsyncMoniker
CDLGetLongPathNameA
CDLGetLongPathNameW
CoGetClassObjectFromURL
CoInstall
CoInternetCombineUrl
CoInternetCompareUrl
CoInternetCreateSecurityManager
CoInternetCreateZoneManager
CoInternetFeatureSettingsChanged
CoInternetGetProtocolFlags
CoInternetGetSecurityUrl
CoInternetGetSession
CoInternetIsFeatureEnabled
CoInternetIsFeatureEnabledForUrl
CoInternetIsFeatureZoneElevationEnabled
CoInternetParseUrl
CoInternetQueryInfo
CoInternetSetFeatureEnabled
CompareSecurityIds
CompatFlagsFromClsid
CopyBindInfo
CopyStgMedium
CreateAsyncBindCtx
CreateAsyncBindCtxEx
CreateFormatEnumerator
CreateURLMoniker
CreateURLMonikerEx
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Extract
FaultInIEFeature
FindMediaType
FindMediaTypeClass
FindMimeFromData
GetClassFileOrMime
GetClassURL
GetComponentIDFromCLSSPEC
GetMarkOfTheWeb
GetSoftwareUpdateInfo
HlinkGoBack
HlinkGoForward
HlinkNavigateMoniker
HlinkNavigateString
HlinkSimpleNavigateToMoniker
HlinkSimpleNavigateToString
InstallFlash
IsAsyncMoniker
IsJITInProgress
IsLoggingEnabledA
IsLoggingEnabledW
IsValidURL
MkParseDisplayNameEx
ObtainUserAgentString
PrivateCoInstall
RegisterBindStatusCallback
RegisterFormatEnumerator
RegisterMediaTypeClass
RegisterMediaTypes
ReleaseBindInfo
RevokeBindStatusCallback
RevokeFormatEnumerator
SetSoftwareUpdateAdvertisementState
URLDownloadA
URLDownloadToCacheFileA
URLDownloadToCacheFileW
URLDownloadToFileA
URLDownloadToFileW
URLDownloadW
URLOpenBlockingStreamA
URLOpenBlockingStreamW
URLOpenPullStreamA
URLOpenPullStreamW
URLOpenStreamA
URLOpenStreamW
UrlMkBuildVersion
UrlMkGetSessionOption
UrlMkSetSessionOption
WriteHitLogging
ZonesReInit

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImageX_Onekey_101120/ImageX.jpg
.jpg
ImageX_Onekey_101120/ImageX_Onekey_101120.exe
.exe windows:4 windows x86 arch:x86

8f252d622858e6b45e6c847617db8770

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
lstrcmpiA
lstrcpyA
lstrlenA
_lclose
GetModuleFileNameA
_lread
_llseek
_lopen
_lwrite
_lcreat
CreateDirectoryA
SetCurrentDirectoryA
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
GetDiskFreeSpaceA
UnhandledExceptionFilter
RemoveDirectoryA
DeleteFileA
GetTempPathA
GetCurrentDirectoryA
CloseHandle
GetExitCodeProcess
LocalFree
Sleep
HeapSize
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetCurrentProcess
GetFileAttributesA
TerminateProcess
MultiByteToWideChar
GetStringTypeA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
ExitProcess
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
WriteFile
GetStdHandle
InitializeCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA

user32

TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
LoadCursorA
SetCursor
MessageBoxA
MsgWaitForMultipleObjects

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ImageX_Onekey_101120/readme.txt

Sharing

General

Malware Config

Signatures

Files

bad3bfc063a266365b4ee4a6b547ba7b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

ntdll

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 4KB - Virtual size: 3KB

bfbea1910cdffc9fc4cb569cbd816073

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

advapi32

msvcrt

ole32

oleaut32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.data Size: 512B - Virtual size: 952B

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 3KB

d0904ddabefcaf10c945811fa50fa42e

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

ole32

rpcrt4

shlwapi

user32

version

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 447KB

.orpc Size: 4KB - Virtual size: 3KB

.data Size: 23KB - Virtual size: 55KB

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 19KB - Virtual size: 19KB

8f252d622858e6b45e6c847617db8770

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 74KB - Virtual size: 73KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 62KB - Virtual size: 62KB

.data
Size: 512B - Virtual size: 952B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 448KB - Virtual size: 447KB

.orpc
Size: 4KB - Virtual size: 3KB

.data
Size: 23KB - Virtual size: 55KB

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 28KB - Virtual size: 27KB