59982fbcc3d88c52bb81f7ba4d690682_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

59982fbcc3d88c52bb81f7ba4d690682_JaffaCakes118
Size

1.4MB
MD5

59982fbcc3d88c52bb81f7ba4d690682
SHA1

48f49b551c70bfa78c64b5bae101f68f60a1e3b9
SHA256

356514e10cce866e2dbb3515f222562ae26ba4d4f07c36f5616bcdd6ddba7f38
SHA512

b8b650b25b32bd003abd2cb1e105966964cc41bf35bc746dc909a228c177e64581cabce1a19b27f04fce4b19de0f6fe9f34f27d44d202be398b8979abdd91c20
SSDEEP

24576:AXDCFsEwM28C8Cun8zzPMWBV4/zpsKvqJ0X05Pc:AXDCFnCsCun83BrIzpS/Fc

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/汪来电脑用时记录电表仪/WinCtrls.u32	aspack_v212_v242

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/汪来电脑用时记录电表仪/Budapi312.u32
unpack001/汪来电脑用时记录电表仪/WinCtrls.u32
unpack001/汪来电脑用时记录电表仪/XTRAS/BMPVIEW.X32
unpack001/汪来电脑用时记录电表仪/XTRAS/DMPACK1.X32
unpack001/汪来电脑用时记录电表仪/XTRAS/JPEGIMP.X32
unpack001/汪来电脑用时记录电表仪/XTRAS/MIX32.X32
unpack001/汪来电脑用时记录电表仪/XTRAS/MIXVIEW.X32
unpack001/汪来电脑用时记录电表仪/XTRAS/VIEWSVC.X32
unpack001/汪来电脑用时记录电表仪/XTRAS/WMFVIEW.X32
unpack001/汪来电脑用时记录电表仪/altools.u32
unpack001/汪来电脑用时记录电表仪/binapi.u32
unpack001/汪来电脑用时记录电表仪/汪来电脑用时记录电表仪.exe
unpack001/汪来电脑用时记录电表仪/附件.dll

Files

59982fbcc3d88c52bb81f7ba4d690682_JaffaCakes118
.rar
汪来电脑用时记录电表仪/Budapi312.u32
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DdeCallback
KeysMsgProc
MouseMsgProc
PlayProc
SysKeyMsgProc
baAbout
baActivateWindow
baActiveWindow
baAddSysItems
baAw2Window
baCloseApp
baCloseWindow
baCommandArgs
baCopyFile
baCopyText
baCopyXFiles
baCreateFolder
baCreatePMGroup
baCreatePMIcon
baDecryptText
baDeleteFile
baDeleteFolder
baDeletePMGroup
baDeletePMIcon
baDeleteReg
baDeleteXFiles
baDisableDiskErrors
baDisableKeys
baDisableMouse
baDisableScreenSaver
baDisableSwitching
baDiskInfo
baEncryptFile
baEncryptText
baExitWindows
baFileAge
baFileAttributes
baFileDate
baFileExists
baFileList
baFileSize
baFileVersion
baFindApp
baFindClose
baFindDrive
baFindFirstFile
baFindNextFile
baFindWindow
baFolderExists
baFolderList
baFontInstalled
baFreeCursor
baGetVolume
baGetWindow
baHideTaskBar
baInstallFont
baKeyBeenPressed
baKeyIsDown
baMakeShortcut
baMemoryInfo
baMoveWindow
baMsgBox
baNextActiveWindow
baOpenFile
baOpenURL
baPMGroupList
baPMIconList
baPMSubGroupList
baPasteText
baPlaceCursor
baPrevious
baPrintFile
baReadIni
baReadRegNumber
baReadRegString
baRecycleFile
baRemoveSysItems
baRenameFile
baRestrictCursor
baRunProgram
baScreenInfo
baScreenSaverTime
baSendKeys
baSendMsg
baSetCurrentDir
baSetDisplay
baSetFileAttributes
baSetPattern
baSetScreenSaver
baSetVolume
baSetWallpaper
baSetWindowDepth
baSetWindowState
baSetWindowTitle
baShortFileName
baSoundCard
baSysFolder
baTempFileName
baVersion
baWaitForWindow
baWaitTillActive
baWinHandle
baWinHelp
baWindowDepth
baWindowExists
baWindowInfo
baWindowList
baWindowToBack
baWindowToFront
baWriteIni
baWriteRegNumber
baWriteRegString
baXCopy
baXDelete
cbSetWinDepthProc
cbWinDepthProc
cbWinListProc

Sections

CODE
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/WinCtrls.u32
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DispBmpResProc
wcColorToRGB
wcDisplayControl
wcEraseControl
wcGetControlBitmap
wcGetControlDesc
wcGetControlList
wcGetControlsByProperty
wcGetFocusedControl
wcGetPropertiesByControl
wcGetPropertyDefault
wcGetPropertyDesc
wcGetPropertyList
wcGetPropertyType
wcGetPropertyValue
wcNotifications
wcPreventAutomaticErase
wcRGBToColor
wcSetPropertyValue

Sections

CODE
Size: 195KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
汪来电脑用时记录电表仪/XTRAS/BMPVIEW.X32
.dll windows:4 windows x86 arch:x86

2fdd25610daa7981c6253ae5474bf538

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetHandleCount
VirtualFree
SetFilePointer
RtlUnwind
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
CloseHandle
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
VirtualAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
LoadLibraryA
FlushFileBuffers
HeapReAlloc
HeapSize

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/XTRAS/DMPACK1.X32
.dll windows:4 windows x86 arch:x86

80626e7c8f961407b2d794b2fbad65b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceA
SizeofResource
LoadResource
LockResource
GetModuleHandleA
GetStartupInfoA
HeapDestroy
FlushFileBuffers
SetStdHandle
CloseHandle
SetFilePointer
GetLastError
LoadLibraryA
GetStringTypeA
VirtualAlloc
GetStringTypeW
GetCommandLineA
GetProcAddress
FreeResource
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetOEMCP
FreeEnvironmentStringsA
HeapCreate
VirtualFree
GetModuleFileNameA
GetCPInfo
GetACP
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile

user32

CheckRadioButton
MoveWindow
IsDlgButtonChecked
GetParent
GetWindowRect
EndDialog
LoadBitmapA
ShowWindow
GetDlgItem

gdi32

DeleteDC
CreateCompatibleBitmap
StretchBlt
GetObjectA
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
GetStockObject

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/XTRAS/JPEGIMP.X32
.dll windows:4 windows x86 arch:x86

3416d78532757e3047fe9b8c19675b74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
GetFileType
LCMapStringW
HeapFree
HeapAlloc
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStringTypeW
LCMapStringA
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
LoadLibraryA
GetStringTypeA

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/XTRAS/MIX32.X32
.dll windows:1 windows x86 arch:x86

516d96cfdc44d9e18781bf957dcfee80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
CloseHandle
GetCurrentDirectoryA
MultiByteToWideChar
CreateFileA
SetEndOfFile
SetFilePointer
OpenFile
_lclose
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
MoveFileA
GlobalFree
GetTickCount
CreateProcessA
GetCurrentThreadId
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameA
DeleteFileA
GetFileAttributesA
GetLastError
GlobalSize
GlobalAlloc
FindNextFileA
FindClose
_hwrite
GetUserDefaultLangID
_hread
_llseek
GlobalUnlock
GetStdHandle
TlsAlloc
GetFileType
GetLogicalDrives
GetFullPathNameA
GetCPInfo
GetOEMCP
GetACP
GetProcAddress
ExitProcess
LeaveCriticalSection
GlobalLock
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
GetCommandLineA
FileTimeToLocalFileTime
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
WriteFile
GetStartupInfoA
TlsSetValue
GetEnvironmentStrings
TlsGetValue
TlsFree
GetDriveTypeA
VirtualAlloc
VirtualFree
FileTimeToSystemTime

user32

GetDesktopWindow
GetActiveWindow
ReleaseDC
wsprintfA
GetClipboardFormatNameA
SetForegroundWindow
GetWindowThreadProcessId
EnumWindows
RegisterClipboardFormatA
CharLowerA
IsWindowVisible
GetParent
EnumThreadWindows

gdi32

SelectPalette
RealizePalette
GetStockObject
CreateCompatibleDC
GetDIBits
GetObjectA

advapi32

RegCloseKey
RegEnumKeyA
RegQueryValueA
RegSetValueA
RegCreateKeyA

shell32

FindExecutableA
DragQueryFileA

ole32

OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
ReleaseStgMedium
CoGetMalloc
OleGetClipboard
DoDragDrop
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoCreateInstance

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/XTRAS/MIXVIEW.X32
.dll windows:4 windows x86 arch:x86

8053b170264ea63c73bea4ae025ac8a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
GetFileType
SetFilePointer
RtlUnwind
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
CloseHandle
SetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
VirtualAlloc
LoadLibraryA
FlushFileBuffers
HeapReAlloc
HeapSize

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/XTRAS/VIEWSVC.X32
.dll windows:4 windows x86 arch:x86

314d2eacc5d3a48f48d46ce982a61ce0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LoadLibraryA
GetProcAddress
GlobalAlloc
lstrcpynA
lstrlenA
GlobalLock
GlobalSize
GlobalReAlloc
GetLastError
GlobalUnlock
SetLastError
LeaveCriticalSection
GetACP
GetOEMCP
GetLocaleInfoW
RtlUnwind
GetCommandLineA
GetModuleHandleA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GlobalFree
ExitProcess
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetLocaleInfoA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
VirtualAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FlushFileBuffers
HeapReAlloc
HeapSize
CloseHandle
SetStdHandle
SetFilePointer

user32

CharNextA
IntersectRect

gdi32

DeleteObject
CreateFontIndirectA
SelectObject
SetTextColor
SetTextAlign
GetTextMetricsA
GetTextExtentPoint32A
RectVisible
GetCharABCWidthsA
StretchBlt
SetBkColor
ExtTextOutA
GetPixel
SetStretchBltMode
GetClipBox
GetBitmapBits
GetTextFaceA
StretchDIBits
DeleteDC
GetTextColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
GetObjectA
CreateBitmap

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/XTRAS/WMFVIEW.X32
.dll windows:4 windows x86 arch:x86

feea7adb85e6d7e6ac76fe0ae17c4ab7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
HeapDestroy
HeapCreate
SetStdHandle
CloseHandle
SetFilePointer
LoadLibraryA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
VirtualAlloc
FlushFileBuffers
VirtualFree
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
HeapFree
HeapAlloc

user32

ReleaseDC
GetDC

gdi32

SelectObject
DeleteMetaFile
OffsetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
CreateCompatibleBitmap
CreateCompatibleDC
PatBlt
IntersectClipRect
GetObjectType
DeleteDC
DeleteObject
SetViewportExtEx
SetWindowExtEx
SetMetaFileBitsEx
RestoreDC
LPtoDP
SetMapMode
SaveDC
PlayMetaFile
SetViewportOrgEx
SetWindowOrgEx

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/altools.u32
.dll windows:4 windows x86 arch:x86

759a803fc5765c19365fdd8f688cd6d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
GetFileSize
SetLastError
FindNextFileA
GetFileInformationByHandle
lstrlenA
FindFirstFileA
ReadFile
SetFilePointer
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetVolumeInformationA
GetVersionExA
lstrcmpiA
GlobalFree
lstrcpyA
lstrcatA
GlobalReAlloc
GetLogicalDrives
GetDriveTypeA
GetComputerNameA
GetProfileStringA
GlobalAlloc
GlobalLock
GetProcAddress
FreeLibrary
TlsGetValue
GetCurrentProcess
LCMapStringA
GetCommandLineA
HeapReAlloc
MultiByteToWideChar
GetOEMCP
GetACP
VirtualAlloc
HeapAlloc
GetCPInfo
TerminateProcess
HeapFree
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GlobalUnlock
GetStringTypeA
LCMapStringW
GetModuleHandleW
GetModuleFileNameA
LocalFree
LocalUnlock
LocalLock
LocalAlloc
MoveFileExA
RtlUnwind
ExitProcess
HeapCreate
LeaveCriticalSection
WriteFile
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
VirtualFree
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy

user32

ChangeDisplaySettingsA
SetWindowTextA
MessageBoxA
SetWindowPos
EnumDisplaySettingsA
wsprintfA
GetWindowTextLengthA
FindWindowA
GetWindowTextA
GetActiveWindow
GetParent
GetWindow

gdi32

CreateDCA
DeleteDC
EndDoc
EndPage
TextOutA
StartPage
StartDocA
GetDeviceCaps
GetTextMetricsA

advapi32

GetUserNameA

netapi32

Netbios

ws2_32

inet_addr
gethostbyaddr
WSAStartup
gethostbyname
inet_ntoa
WSACleanup

winmm

midiOutGetDevCapsA
midiOutGetNumDevs
midiInGetNumDevs
midiInGetDevCapsA

iphlpapi

GetNetworkParams

Exports

Exports

alAbout
alAddDSN
alChangeRes
alGetActiveProcess
alGetCDRomDrive
alGetComputerName
alGetCurrentDispSet
alGetDispSet
alGetHostName
alGetIPAddr
alGetInstalledODBCDrivers
alGetMidiInDevName
alGetMidiOutDevName
alGetNetworkDrive
alGetSerialNumber
alGetSysPath
alGetUserName
alGetWinPath
alHideTaskBar
alInternetDial
alInternetHangup
alLockWorkStation
alPrintTxtFile
alRemoveDSN
alSetWindowTitle
alShowMAC
alShowNetConfig
alShowOS
alShowTaskBar

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/binapi.u32
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BNA_AddToRecentDocs
BNA_AlwaysTop
BNA_CopyToClipboard
BNA_CreateShortcut
BNA_CursorIn
BNA_DialogGetColor
BNA_DialogOpenFile
BNA_DialogSaveFile
BNA_DialogSelectDir
BNA_DisableSwitch
BNA_EmptyClipboard
BNA_Execute
BNA_GetALLCD
BNA_GetDblClickTime
BNA_GetFromClipboard
BNA_GetMute
BNA_GetSysDir
BNA_GetVolume
BNA_GetWinDir
BNA_MagicWin
BNA_Mailto
BNA_MaxWindow
BNA_MessageBox
BNA_MinWindow
BNA_OpenURL
BNA_RGB2Blue
BNA_RGB2Green
BNA_RGB2Red
BNA_ScreenToWinX
BNA_ScreenToWinY
BNA_SetCursorPos
BNA_SetDate
BNA_SetDblClickTime
BNA_SetDisplay
BNA_SetMouseTrail
BNA_SetMute
BNA_SetTime
BNA_SetVolume
BNA_ShowCursor
BNA_ShowCursorFile
BNA_ShowTB
BNA_SwapMouseButton
BNA_WinToScreenX
BNA_WinToScreenY
BNA_hAlwaysTop

Sections

.text
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
汪来电脑用时记录电表仪/下载说明.htm
.html .js polyglot
汪来电脑用时记录电表仪/汪来电脑用时记录电表仪.exe
.exe windows:4 windows x86 arch:x86

57bc51db4053803328e9623bbe8ea4c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
GetOEMCP
LCMapStringA
LCMapStringW
HeapReAlloc
HeapSize
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
RaiseException
ExitProcess
GetFileType
HeapFree
TerminateProcess
GlobalHandle
VirtualFree
VirtualAlloc
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
WideCharToMultiByte
lstrcpyA
MultiByteToWideChar
LockResource
FreeResource
lstrlenA
GetTickCount
GetStartupInfoA
HeapAlloc
GetCommandLineA
GetTimeZoneInformation
GetLocalTime
GetSystemTime
SetEnvironmentVariableA
GetFullPathNameA
GetCurrentDirectoryA
GetVersionExA
SetupComm
_llseek
_lopen
_lcreat
DebugBreak
_lwrite
_lclose
Beep
GetACP
GetCPInfo
GlobalMemoryStatus
GlobalSize
GlobalFlags
WinExec
GlobalGetAtomNameA
GetModuleHandleA
GetWindowsDirectoryA
GetProfileIntA
GetProfileStringA
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
_hwrite
_hread
GetDiskFreeSpaceA
GetVolumeInformationA
GetSystemDirectoryA
GetDriveTypeA
GetTempPathA
GetModuleFileNameA
SetFileTime
GetFileTime
SetCurrentDirectoryA
GlobalAddAtomA
GlobalDeleteAtom
DeleteFileA
CreateDirectoryA
FindNextFileA
FlushFileBuffers
RemoveDirectoryA
MoveFileA
SetEndOfFile
WriteFile
ReadFile
FindClose
SetFilePointer
FindFirstFileA
GetTempFileNameA
GetFileAttributesA
CreateFileA
SetLastError
CloseHandle
GetFileSize
GetStdHandle
GetCurrentProcess
lstrcatA
lstrcmpA
OpenFile
SetErrorMode
GetLastError
GetSystemInfo
GlobalReAlloc
GlobalAlloc
GlobalFree
GetCurrentProcessId
FindResourceA
LoadResource
GetVersion
lstrcmpiA
lstrcpynA
LoadLibraryA
GlobalUnlock
GetProcAddress
GlobalLock
FreeLibrary
IsBadStringPtrA
IsBadReadPtr
HeapDestroy
HeapCreate
GetEnvironmentStringsW
SetHandleCount
OutputDebugStringA

user32

SetForegroundWindow
TranslateMessage
GetAsyncKeyState
ToAscii
GetMessageA
IsDialogMessageA
PostQuitMessage
DispatchMessageA
IsIconic
SetActiveWindow
GetLastActivePopup
DeleteMenu
GetSystemMenu
GetDialogBaseUnits
BringWindowToTop
AppendMenuA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
DestroyMenu
DrawMenuBar
RemoveMenu
GetMenu
ModifyMenuA
EnableMenuItem
IsZoomed
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
DdeFreeDataHandle
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeInitializeA
GetMenuState
GetSubMenu
SetMenu
CreateMenu
LoadAcceleratorsA
TranslateAcceleratorA
SetMessageQueue
GetUpdateRect
MessageBoxA
MessageBeep
ScrollDC
LoadStringA
SendMessageTimeoutA
SetPropA
RemovePropA
GetPropA
GetWindowDC
AdjustWindowRect
GetTopWindow
CreateWindowExA
IsCharLowerA
GetKeyState
SetWindowTextA
wsprintfA
EqualRect
ValidateRect
ExitWindowsEx
CharLowerA
HideCaret
InvertRect
DestroyCaret
CharPrevA
CreateDialogParamA
SystemParametersInfoA
SendDlgItemMessageA
ReleaseCapture
SetCapture
GetDlgItem
SetFocus
ShowWindow
DrawFocusRect
DrawIcon
LoadBitmapA
LoadIconA
CreateCursor
SetCursor
DestroyCursor
ClientToScreen
SetCursorPos
SetSysColors
GetFocus
GetWindowThreadProcessId
GetClipboardData
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetDlgItemTextA
SetDlgItemTextA
CreateCaret
SetCaretPos
ShowCaret
UnionRect
CharNextA
InflateRect
GetClassLongA
SetWindowLongA
SetWindowPos
GetWindowLongA
OffsetRect
GetWindowTextA
GetSysColor
FrameRect
IsWindowEnabled
DestroyWindow
GetNextDlgGroupItem
SendMessageA
GetWindowWord
GetDlgCtrlID
PostMessageA
GetCapture
SetWindowWord
InvalidateRect
UpdateWindow
DefWindowProcA
PeekMessageA
PtInRect
CharUpperA
DefDlgProcA
GetDC
ReleaseDC
GetSystemMetrics
MoveWindow
SetTimer
KillTimer
BeginPaint
SetRect
DrawTextA
EndPaint
GetClientRect
FillRect
EndDialog
GetClassInfoA
LoadCursorA
RegisterClassA
DialogBoxParamA
GetClassNameA
EnumWindows
GetParent
GetWindowRect
GetWindow
ScreenToClient
EnumChildWindows
IntersectRect
IsWindow
IsWindowVisible
GetWindowPlacement
EnableWindow
GetActiveWindow
GetCursorPos

gdi32

TextOutA
SetTextAlign
CreatePen
SetBkMode
DeleteObject
SelectPalette
StretchDIBits
RealizePalette
LPtoDP
SetViewportExtEx
SetWindowExtEx
SetMapMode
DeleteDC
SelectObject
BitBlt
CreateCompatibleDC
StretchBlt
UnrealizeObject
CreatePatternBrush
CreateBitmap
CreateSolidBrush
LineTo
MoveToEx
GetSystemPaletteUse
GetTextColor
GetBkColor
RestoreDC
SetBkColor
SaveDC
Rectangle
SetROP2
GetBitmapBits
GetSystemPaletteEntries
GetObjectA
SetSystemPaletteUse
CreatePalette
GetDeviceCaps
GetNearestPaletteIndex
GetDIBits
GetPaletteEntries
CreateCompatibleBitmap
GetPixel
RectVisible
ExtFloodFill
GetNearestColor
SetPixel
CreateDIBitmap
SelectClipRgn
SetStretchBltMode
CreateFontIndirectA
PatBlt
ExcludeClipRect
CreateRectRgn
GetClipBox
ExtTextOutA
SetTextCharacterExtra
Ellipse
IntersectClipRect
SetViewportOrgEx
GetViewportOrgEx
Pie
SetDIBits
GetTextMetricsA
GetRgnBox
CreateICA
GetOutlineTextMetricsA
EnumFontsA
RoundRect
Arc
GetTextExtentPoint32A
Polyline
SetWindowOrgEx
Polygon
OffsetWindowOrgEx
GetViewportExtEx
GetWindowOrgEx
CloseMetaFile
DeleteMetaFile
CreateMetaFileA
CreateDiscardableBitmap
StartPage
StartDocA
Escape
AbortDoc
SetAbortProc
EndPage
CreateDCA
EndDoc
SetRectRgn
CreateRectRgnIndirect
CombineRgn
GetDCOrgEx
OffsetRgn
GetStockObject
SetTextColor

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

shell32

SHAppBarMessage
ShellExecuteA

winspool.drv

ClosePrinter
OpenPrinterA
GetPrinterA
DocumentPropertiesA

winmm

waveOutGetNumDevs

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
RegQueryValueA
RegOpenKeyExA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

ole32

CreateBindCtx
OleLoad
CoCreateInstance
OleInitialize
CreateGenericComposite
CreateItemMoniker
CreateFileMoniker
MkParseDisplayName
OleSetMenuDescriptor
CLSIDFromString
OleUninitialize
OleSetContainedObject
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleSave
OleCreateStaticFromData
OleDraw
StgCreateDocfileOnILockBytes
CoUninitialize
CoInitialize

Sections

.text
Size: 1013KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
汪来电脑用时记录电表仪/汪来电脑用时记录电表仪简介.txt
汪来电脑用时记录电表仪/附件.dll
.exe windows:4 windows x86 arch:x86

57bc51db4053803328e9623bbe8ea4c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
GetOEMCP
LCMapStringA
LCMapStringW
HeapReAlloc
HeapSize
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
RaiseException
ExitProcess
GetFileType
HeapFree
TerminateProcess
GlobalHandle
VirtualFree
VirtualAlloc
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
WideCharToMultiByte
lstrcpyA
MultiByteToWideChar
LockResource
FreeResource
lstrlenA
GetTickCount
GetStartupInfoA
HeapAlloc
GetCommandLineA
GetTimeZoneInformation
GetLocalTime
GetSystemTime
SetEnvironmentVariableA
GetFullPathNameA
GetCurrentDirectoryA
GetVersionExA
SetupComm
_llseek
_lopen
_lcreat
DebugBreak
_lwrite
_lclose
Beep
GetACP
GetCPInfo
GlobalMemoryStatus
GlobalSize
GlobalFlags
WinExec
GlobalGetAtomNameA
GetModuleHandleA
GetWindowsDirectoryA
GetProfileIntA
GetProfileStringA
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
_hwrite
_hread
GetDiskFreeSpaceA
GetVolumeInformationA
GetSystemDirectoryA
GetDriveTypeA
GetTempPathA
GetModuleFileNameA
SetFileTime
GetFileTime
SetCurrentDirectoryA
GlobalAddAtomA
GlobalDeleteAtom
DeleteFileA
CreateDirectoryA
FindNextFileA
FlushFileBuffers
RemoveDirectoryA
MoveFileA
SetEndOfFile
WriteFile
ReadFile
FindClose
SetFilePointer
FindFirstFileA
GetTempFileNameA
GetFileAttributesA
CreateFileA
SetLastError
CloseHandle
GetFileSize
GetStdHandle
GetCurrentProcess
lstrcatA
lstrcmpA
OpenFile
SetErrorMode
GetLastError
GetSystemInfo
GlobalReAlloc
GlobalAlloc
GlobalFree
GetCurrentProcessId
FindResourceA
LoadResource
GetVersion
lstrcmpiA
lstrcpynA
LoadLibraryA
GlobalUnlock
GetProcAddress
GlobalLock
FreeLibrary
IsBadStringPtrA
IsBadReadPtr
HeapDestroy
HeapCreate
GetEnvironmentStringsW
SetHandleCount
OutputDebugStringA

user32

SetForegroundWindow
TranslateMessage
GetAsyncKeyState
ToAscii
GetMessageA
IsDialogMessageA
PostQuitMessage
DispatchMessageA
IsIconic
SetActiveWindow
GetLastActivePopup
DeleteMenu
GetSystemMenu
GetDialogBaseUnits
BringWindowToTop
AppendMenuA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
DestroyMenu
DrawMenuBar
RemoveMenu
GetMenu
ModifyMenuA
EnableMenuItem
IsZoomed
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
DdeFreeDataHandle
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeInitializeA
GetMenuState
GetSubMenu
SetMenu
CreateMenu
LoadAcceleratorsA
TranslateAcceleratorA
SetMessageQueue
GetUpdateRect
MessageBoxA
MessageBeep
ScrollDC
LoadStringA
SendMessageTimeoutA
SetPropA
RemovePropA
GetPropA
GetWindowDC
AdjustWindowRect
GetTopWindow
CreateWindowExA
IsCharLowerA
GetKeyState
SetWindowTextA
wsprintfA
EqualRect
ValidateRect
ExitWindowsEx
CharLowerA
HideCaret
InvertRect
DestroyCaret
CharPrevA
CreateDialogParamA
SystemParametersInfoA
SendDlgItemMessageA
ReleaseCapture
SetCapture
GetDlgItem
SetFocus
ShowWindow
DrawFocusRect
DrawIcon
LoadBitmapA
LoadIconA
CreateCursor
SetCursor
DestroyCursor
ClientToScreen
SetCursorPos
SetSysColors
GetFocus
GetWindowThreadProcessId
GetClipboardData
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetDlgItemTextA
SetDlgItemTextA
CreateCaret
SetCaretPos
ShowCaret
UnionRect
CharNextA
InflateRect
GetClassLongA
SetWindowLongA
SetWindowPos
GetWindowLongA
OffsetRect
GetWindowTextA
GetSysColor
FrameRect
IsWindowEnabled
DestroyWindow
GetNextDlgGroupItem
SendMessageA
GetWindowWord
GetDlgCtrlID
PostMessageA
GetCapture
SetWindowWord
InvalidateRect
UpdateWindow
DefWindowProcA
PeekMessageA
PtInRect
CharUpperA
DefDlgProcA
GetDC
ReleaseDC
GetSystemMetrics
MoveWindow
SetTimer
KillTimer
BeginPaint
SetRect
DrawTextA
EndPaint
GetClientRect
FillRect
EndDialog
GetClassInfoA
LoadCursorA
RegisterClassA
DialogBoxParamA
GetClassNameA
EnumWindows
GetParent
GetWindowRect
GetWindow
ScreenToClient
EnumChildWindows
IntersectRect
IsWindow
IsWindowVisible
GetWindowPlacement
EnableWindow
GetActiveWindow
GetCursorPos

gdi32

TextOutA
SetTextAlign
CreatePen
SetBkMode
DeleteObject
SelectPalette
StretchDIBits
RealizePalette
LPtoDP
SetViewportExtEx
SetWindowExtEx
SetMapMode
DeleteDC
SelectObject
BitBlt
CreateCompatibleDC
StretchBlt
UnrealizeObject
CreatePatternBrush
CreateBitmap
CreateSolidBrush
LineTo
MoveToEx
GetSystemPaletteUse
GetTextColor
GetBkColor
RestoreDC
SetBkColor
SaveDC
Rectangle
SetROP2
GetBitmapBits
GetSystemPaletteEntries
GetObjectA
SetSystemPaletteUse
CreatePalette
GetDeviceCaps
GetNearestPaletteIndex
GetDIBits
GetPaletteEntries
CreateCompatibleBitmap
GetPixel
RectVisible
ExtFloodFill
GetNearestColor
SetPixel
CreateDIBitmap
SelectClipRgn
SetStretchBltMode
CreateFontIndirectA
PatBlt
ExcludeClipRect
CreateRectRgn
GetClipBox
ExtTextOutA
SetTextCharacterExtra
Ellipse
IntersectClipRect
SetViewportOrgEx
GetViewportOrgEx
Pie
SetDIBits
GetTextMetricsA
GetRgnBox
CreateICA
GetOutlineTextMetricsA
EnumFontsA
RoundRect
Arc
GetTextExtentPoint32A
Polyline
SetWindowOrgEx
Polygon
OffsetWindowOrgEx
GetViewportExtEx
GetWindowOrgEx
CloseMetaFile
DeleteMetaFile
CreateMetaFileA
CreateDiscardableBitmap
StartPage
StartDocA
Escape
AbortDoc
SetAbortProc
EndPage
CreateDCA
EndDoc
SetRectRgn
CreateRectRgnIndirect
CombineRgn
GetDCOrgEx
OffsetRgn
GetStockObject
SetTextColor

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

shell32

SHAppBarMessage
ShellExecuteA

winspool.drv

ClosePrinter
OpenPrinterA
GetPrinterA
DocumentPropertiesA

winmm

waveOutGetNumDevs

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
RegQueryValueA
RegOpenKeyExA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

ole32

CreateBindCtx
OleLoad
CoCreateInstance
OleInitialize
CreateGenericComposite
CreateItemMoniker
CreateFileMoniker
MkParseDisplayName
OleSetMenuDescriptor
CLSIDFromString
OleUninitialize
OleSetContainedObject
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleSave
OleCreateStaticFromData
OleDraw
StgCreateDocfileOnILockBytes
CoUninitialize
CoInitialize

Sections

.text
Size: 1013KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 80KB - Virtual size: 79KB

DATA Size: 1024B - Virtual size: 876B

BSS Size: - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 4KB

.edata Size: 3KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 41KB - Virtual size: 41KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 195KB - Virtual size: 524KB

DATA Size: 2KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.edata Size: 1024B - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 36KB

.rsrc Size: 19KB - Virtual size: 128KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

2fdd25610daa7981c6253ae5474bf538

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 9KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

80626e7c8f961407b2d794b2fbad65b5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 11KB - Virtual size: 15KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 2KB - Virtual size: 2KB

3416d78532757e3047fe9b8c19675b74

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 9KB - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 956B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

516d96cfdc44d9e18781bf957dcfee80

Headers

File Characteristics

Imports

kernel32

user32

CODE
Size: 80KB - Virtual size: 79KB

DATA
Size: 1024B - Virtual size: 876B

BSS
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

.edata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 41KB - Virtual size: 41KB

CODE
Size: 195KB - Virtual size: 524KB

DATA
Size: 2KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.edata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 19KB - Virtual size: 128KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 9KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 11KB - Virtual size: 15KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 9KB - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 956B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 93KB - Virtual size: 92KB

.bss
Size: - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 9KB - Virtual size: 9KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 182B

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 9KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 9KB - Virtual size: 14KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 9KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB