5e02d1c4567dfdfb094d90c73c742f48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e02d1c4567dfdfb094d90c73c742f48_JaffaCakes118
Size

885KB
MD5

5e02d1c4567dfdfb094d90c73c742f48
SHA1

4d7e05e4b6d5b2683ecf1d71662a515136ed2590
SHA256

4fc33cf1b352c4f1b3e334bf4349e413965e0e86f9bb71683ea1019947d7da01
SHA512

412d8132e712544cd614e9f2af17089d519d86a329326b94af75913488e09a06c3b607c63488d05cd46986defe0aff90cd826981245c4a65e5772bd10797ac01
SSDEEP

24576:susFp+K7me4hNTiNiZBLbSxT88Nmfhnlno5kZ0OB:s3Fv6eCV/L+xz6okN

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sSetup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/nsWeb.dll
unpack002/$TEMP/fzhs/db.exe
unpack002/$TEMP/fzhs/qqbq.exe
unpack002/Clock.dll
unpack002/ClockTraySkins.exe
unpack002/uninst.exe

Files

5e02d1c4567dfdfb094d90c73c742f48_JaffaCakes118
.rar
sSetup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

FOX!
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FOX!
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Lasefox
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/fzhs/db.exe
.exe windows:5 windows x86 arch:x86

c56a25fa4336eeb10723b3537ba4876d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
LocalAlloc
GetLastError
GetCurrentProcess
GetPrivateProfileIntA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetPrivateProfileStringA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
GetProcAddress
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
LoadLibraryA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
CloseHandle
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
LocalFree
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/fzhs/qqbq.exe
.exe windows:4 windows x86 arch:x86

1bed3305885b0ca596d9cbba22baf78a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
CreateWindowExA
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
GetDlgItem
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
SetClipboardData
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Clock.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

KillHooks
RepainClock
SetClockTray285

Sections

CODE
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ClockTraySkins.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 2.2MB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
License.txt
Readme.txt
Skins/7Seg/numbers.bmp
Skins/7Seg/text.bmp
Skins/ARUAMP/numbers.bmp
Skins/ARUAMP/text.bmp
Skins/AS/numbers.bmp
Skins/AS/text.bmp
Skins/Ainv/numbers.bmp
Skins/Ainv/text.bmp
Skins/Autofont/numbers.BMP
Skins/Autofont/text.bmp
Skins/Autumn/numbers.bmp
Skins/Autumn/text.bmp
Skins/Avg/numbers.bmp
Skins/Avg/text.bmp
Skins/BUFTOM/numbers.bmp
Skins/BUFTOM/text.BMP
Skins/BambooAmp/numbers.BMP
Skins/BambooAmp/text.bmp
Skins/Bangko/numbers.bmp
Skins/Bangko/text.bmp
Skins/Binary/numbers.bmp
Skins/Binary/text.bmp
Skins/Binary2/numbers.bmp
Skins/Binary2/text.bmp
Skins/Black-White/numbers.BMP
Skins/Black-White/text.BMP
Skins/Black-White3D/numbers.BMP
Skins/Black-White3D/text.BMP
Skins/Blue/numbers.bmp
Skins/Blue/text.bmp
Skins/Blue2/NUMBERS.bmp
Skins/Blue2/TEXT.bmp
Skins/BlueGrad/numbers.bmp
Skins/BlueGrad/text.bmp
Skins/BlueWaveXP/numbers.bmp
Skins/BlueWaveXP/text.BMP
Skins/Break2/numbers.bmp
Skins/Break2/text.bmp
Skins/BritneyParadise/numbers.bmp
Skins/BritneyParadise/text.bmp
Skins/BryceAmp/numbers.bmp
Skins/BryceAmp/text.bmp
Skins/CRT/numbers.bmp
Skins/CRT/text.bmp
Skins/Clnind/numbers.bmp
Skins/Clnind/text.bmp
Skins/Codo/numbers.bmp
Skins/Codo/text.bmp
Skins/Cold/numbers.bmp
Skins/Cold/text.bmp
Skins/Colored/numbers.bmp
Skins/Colored/text.bmp
Skins/Counter2/numbers.bmp
Skins/Counter2/text.bmp
Skins/CounterStrike/Numbers.bmp
Skins/CounterStrike/Text.bmp
Skins/CounterStrike2/numbers.bmp
Skins/CounterStrike2/text.bmp
Skins/CounterStrike3/Numbers.bmp
Skins/CounterStrike3/Text.bmp
Skins/DefaultBlueXP/numbers.bmp
Skins/DefaultBlueXP/text.BMP
Skins/DefaultBlueXP3/numbers.bmp
Skins/DefaultBlueXP3/text.BMP
Skins/DefaultBlueXp2/numbers.bmp
Skins/DefaultBlueXp2/text.BMP
Skins/DigiAmp/numbers.bmp
Skins/DigiAmp/text.bmp
Skins/Domino/numbers.bmp
Skins/Domino/text.bmp
Skins/Electro/numbers.bmp
Skins/Electro/text.bmp
Skins/ElectroMix/numbers.bmp
Skins/ElectroMix/text.bmp
Skins/Electronik/NUMBERS.bmp
Skins/Electronik/TEXT.bmp
Skins/Epicen/numbers.bmp
Skins/Epicen/text.bmp
Skins/FUNFACT/numbers.bmp
Skins/FUNFACT/text.bmp
Skins/Fire/Text.bmp
Skins/Fire/numbers.bmp
Skins/Goblin/numbers.bmp
Skins/Goblin/text.bmp
Skins/Gold/numbers.bmp
Skins/Gold/text.bmp
Skins/Goldodo/numbers.bmp
Skins/Goldodo/text.bmp
Skins/Good/numbers.bmp
Skins/Good/text.bmp
Skins/Graph/numbers.bmp
Skins/Graph/text.bmp
Skins/Grem/numbers.bmp
Skins/Grem/text.bmp
Skins/HerbMix/numbers.bmp
Skins/HerbMix/text.bmp
Skins/HerbRemix/numbers.bmp
Skins/HerbRemix/text.bmp
Skins/Heroes3/numbers.bmp
Skins/Heroes3/text.bmp
Skins/Honey/numbers.bmp
Skins/Honey/text.bmp
Skins/Honey2/numbers.bmp
Skins/Honey2/text.BMP
Skins/Japan/numbers.bmp
Skins/Japan/text.bmp
Skins/Links/numbers.bmp
Skins/Links/text.bmp
Skins/LoungeRed/numbers.bmp
Skins/LoungeRed/text.bmp
Skins/Lynz/numbers.bmp
Skins/Lynz/text.BMP
Skins/Marble/numbers.bmp
Skins/Marble/text.BMP
Skins/Marbles/numbers.bmp
Skins/Marbles/text.bmp
Skins/Milla/Numbers.bmp
Skins/Milla/Text.bmp
Skins/Miniscu/numbers.bmp
Skins/Miniscu/text.bmp
Skins/Nucleo_AlienMind/Numbers.bmp
Skins/Nucleo_AlienMind/Text.bmp
Skins/ODW/numbers.bmp
Skins/ODW/text.bmp
Skins/Oups/numbers.bmp
Skins/Oups/text.bmp
Skins/PDG/numbers.bmp
Skins/PDG/text.bmp
Skins/Painter/numbers.bmp
Skins/Painter/text.bmp
Skins/Proto/numbers.bmp
Skins/Proto/text.bmp
Skins/Q3arenaskin/Numbers.bmp
Skins/Q3arenaskin/Text.bmp
Skins/Quake_II/numbers.bmp
Skins/Quake_II/text.bmp
Skins/REFLECT/numbers.bmp
Skins/REFLECT/numbers_lite.bmp
Skins/REFLECT/text.bmp
Skins/Rainbow/numbers.bmp
Skins/Rainbow/text.bmp
Skins/RajIOamp2k/numbers.bmp
Skins/RajIOamp2k/text.bmp
Skins/Reaper/numbers.bmp
Skins/Reaper/text.bmp
Skins/RedCalc/Text.bmp
Skins/RedCalc/numbers.bmp
Skins/ReflectLite/numbers.bmp
Skins/ReflectLite/text.bmp
Skins/SBGS/numbers.bmp
Skins/SBGS/text.bmp
Skins/SBWM/numbers.bmp
Skins/SBWM/text.bmp
Skins/SC-Prot/Numbers.bmp
Skins/SC-Prot/Text.bmp
Skins/SC-Zerg/Numbers.bmp
Skins/SC-Zerg/Text.bmp
Skins/SHPANK1/numbers.bmp
Skins/SHPANK1/text.bmp
Skins/SMPAINT/numbers.bmp
Skins/SMPAINT/text.bmp
Skins/Serif/numbers.bmp
Skins/Serif/text.bmp
Skins/Setting.ini
Skins/Sferfont/numbers.BMP
Skins/Sferfont/text.bmp
Skins/Shadow/Numbers.bmp
Skins/Shadow/text.bmp
Skins/Silver/numbers.bmp
Skins/Silver/text.bmp
Skins/SimpleGold/numbers.bmp
Skins/SimpleGold/text.bmp
Skins/Sketch/NUMBERS.BMP
Skins/Sketch/TEXT.BMP
Skins/Smplst/numbers.bmp
Skins/Smplst/text.bmp
Skins/Sonic Vibe Gen2/numbers.bmp
Skins/Sonic Vibe Gen2/text.bmp
Skins/Spyamppro/Numbers.bmp
Skins/Spyamppro/Text.bmp
Skins/Stealth/numbers.bmp
Skins/Stealth/text.bmp
Skins/Steel/Numbers.bmp
Skins/Steel/Text.bmp
Skins/Supra-Freaka/numbers.bmp
Skins/Supra-Freaka/text.bmp
Skins/TRiNiTY/numbers.bmp
Skins/TRiNiTY/text.bmp
Skins/Target/numbers.bmp
Skins/Target/text.bmp
Skins/Technics/numbers.bmp
Skins/Technics/text.bmp
Skins/Tokyo/numbers.bmp
Skins/Tokyo/text.bmp
Skins/TransparentBlack/numbers.bmp
Skins/TransparentBlack/text.bmp
Skins/TransparentWhite/numbers.bmp
Skins/TransparentWhite/text.bmp
Skins/Whisper/numbers.bmp
Skins/Whisper/text.bmp
Skins/White on Blue/numbers.bmp
Skins/White on Blue/text.bmp
Skins/Wind/numbers.bmp
Skins/Wind/text.bmp
Skins/Wood/NUMBERS.BMP
Skins/Wood/TEXT.BMP
file_id.txt
timezones.ini
uninst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

FOX!
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FOX!
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Lasefox
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/modern-header.bmp
˵.txt
.url
.rtf
.rtf
下载说明.htm
.html .js polyglot
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

FOX! Size: - Virtual size: 576KB

FOX! Size: 19KB - Virtual size: 20KB

Lasefox Size: 6KB - Virtual size: 8KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 644B

c56a25fa4336eeb10723b3537ba4876d

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 224KB - Virtual size: 228KB

1bed3305885b0ca596d9cbba22baf78a

Headers

File Characteristics

Imports

FOX!
Size: - Virtual size: 576KB

FOX!
Size: 19KB - Virtual size: 20KB

Lasefox
Size: 6KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 228KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 240KB

.rsrc
Size: 2KB - Virtual size: 4KB

CODE
Size: 55KB - Virtual size: 54KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 118B

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 4KB

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

FOX!
Size: - Virtual size: 576KB

FOX!
Size: 19KB - Virtual size: 20KB

Lasefox
Size: 6KB - Virtual size: 8KB