59ad0bf1ba041aad8f36912edec48c6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

59ad0bf1ba041aad8f36912edec48c6c_JaffaCakes118
Size

1.3MB
MD5

59ad0bf1ba041aad8f36912edec48c6c
SHA1

56332b7e6722b0ab2860edc6982230b0e43f6c74
SHA256

339d9dff288d3cff542b4d4a50aceb6106fe5087c065f69f96a9c491f9e97a05
SHA512

978e34f4bfe477e157592582f77ec32b9fb9686e6b7933671612bbca542c0a7e643b484985c7f6d68bc7f5512c73ae5fd3a5691bd91a4c19baa171fd544f3c6b
SSDEEP

24576:IV0/0VInmBHpXh1513tCyFzlr8GkeTt/8S:INImB551Yyj8beTR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59ad0bf1ba041aad8f36912edec48c6c_JaffaCakes118

Files

59ad0bf1ba041aad8f36912edec48c6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e69cb183c86679523238f639bf398ea8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_VSS\Products\DriveCleanerInc\DriveCleaner2006Scanner\_Release\UDC2006.pdb

Imports

shell32

ord18
ord21
ord25
SHGetMalloc
SHGetSpecialFolderPathA
SHAppBarMessage
ord155
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
SHGetSpecialFolderPathW
SHLoadInProc
SHGetDesktopFolder
Shell_NotifyIconA

wininet

HttpQueryInfoA
InternetSetOptionA
InternetQueryOptionA
InternetOpenUrlA
InternetReadFile
InternetSetFilePointer
FindFirstUrlCacheEntryExA
FindNextUrlCacheEntryA
InternetCloseHandle
InternetCrackUrlA
InternetGetCookieA
InternetConnectA
InternetCanonicalizeUrlA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
FindCloseUrlCache
InternetSetCookieA
InternetGetConnectedState

advapi32

RegEnumValueA
RegEnumKeyA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA
EqualSid
RegOpenKeyA
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegFlushKey
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
FreeSid

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

shfolder

SHGetFolderPathA

ws2_32

connect
closesocket
WSACleanup
socket
gethostbyname
inet_addr
htons
WSACreateEvent
WSAStartup
setsockopt
WSAGetLastError
WSASocketA
inet_ntoa
WSASendTo
WSARecvFrom
WSACloseEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent
shutdown

mfc71

ord6090
ord4125
ord6065
ord4115
ord501
ord709
ord4118
ord2164
ord1283
ord5833
ord3989
ord1025
ord2321
ord3210
ord3161
ord1934
ord1063
ord1280
ord4232
ord1545
ord6282
ord2368
ord5731
ord907
ord3761
ord2367
ord6172
ord6178
ord5710
ord865
ord3583
ord2983
ord3324
ord748
ord3204
ord1594
ord6120
ord3676
ord1425
ord3401
ord416
ord651
ord6020
ord1564
ord4243
ord1650
ord2098
ord6168
ord1554
ord5613
ord2160
ord1377
ord2801
ord1084
ord3875
ord3879
ord5746
ord2495
ord2882
ord5969
ord3881
ord5866
ord2866
ord2899
ord2095
ord1591
ord4240
ord3317
ord741
ord5869
ord5871
ord5491
ord1262
ord2657
ord5419
ord1614
ord3596
ord559
ord747
ord3174
ord1024
ord1091
ord3908
ord3605
ord3641
ord3441
ord4648
ord4394
ord4692
ord2719
ord5203
ord2020
ord605
ord356
ord354
ord4580
ord1968
ord1279
ord347
ord3835
ord3182
ord3684
ord589
ord4078
ord6037
ord330
ord577
ord5637
ord2131
ord774
ord602
ord1930
ord280
ord287
ord783
ord2130
ord300
ord6018
ord293
ord2654
ord3952
ord3635
ord3595
ord5227
ord4569
ord5567
ord570
ord759
ord2249
ord1716
ord3423
ord2086
ord3164
ord587
ord2264
ord2346
ord3287
ord3163
ord4100
ord2094
ord3244
ord1955
ord758
ord567
ord5640
ord5641
ord2075
ord2234
ord1580
ord1929
ord2233
ord643
ord5727
ord5331
ord6297
ord5320
ord6286
ord6283
ord326
ord2263
ord3454
ord3195
ord620
ord3348
ord2074
ord3651
ord1979
ord3302
ord2092
ord1641
ord1571
ord4238
ord2958
ord3230
ord658
ord2370
ord5634
ord2873
ord2794
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord591
ord657
ord1966
ord5647
ord1397
ord6266
ord1933
ord1570
ord4237
ord4001
ord4123
ord4104
ord3563
ord1645
ord1586
ord3304
ord730
ord5991
ord4761
ord5994
ord1031
ord6236
ord5529
ord6040
ord6041
ord2306
ord3551
ord1643
ord715
ord1581
ord3139
ord3292
ord1484
ord4099
ord2091
ord3229
ord1587
ord3307
ord731
ord1550
ord3178
ord599
ord1576
ord1575
ord3249
ord671
ord1652
ord1596
ord2985
ord3326
ord752
ord2097
ord1649
ord1593
ord4242
ord3319
ord743
ord1654
ord1598
ord2987
ord3328
ord754
ord1647
ord1589
ord3315
ord739
ord1646
ord1588
ord3312
ord736
ord2090
ord1637
ord1558
ord4236
ord3214
ord642
ord1635
ord1543
ord3157
ord583
ord1644
ord1584
ord3298
ord1636
ord1548
ord3172
ord592
ord1639
ord1568
ord3227
ord656
ord1640
ord1569
ord3228
ord2328
ord1265
ord777
ord2327
ord4032
ord282
ord2932
ord1264
ord4036
ord4037
ord4033
ord4034
ord2319
ord1260
ord760
ord259
ord2271
ord2371
ord6017
ord1971
ord2938
ord1092
ord3233
ord423
ord660
ord4063
ord866
ord5466
ord3473
ord3799
ord3883
ord2876
ord4350
ord2867
ord3997
ord3430
ord3488
ord502
ord5059
ord3474
ord2802
ord3406
ord3571
ord3680
ord3587
ord3574
ord3437
ord1161
ord3215
ord2991
ord5214
ord6275
ord5073
ord1402
ord5915
ord1559
ord1638
ord1248
ord2469
ord1486
ord1916
ord4081
ord6167
ord2322
ord2933
ord1489
ord299
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord272
ord6182
ord6021
ord2475
ord1258
ord1263
ord2292
ord1917
ord4108
ord2467
ord5490
ord3850
ord3849
ord305
ord910
ord2838
ord4481
ord4261
ord3333
ord3255
ord6118
ord2248
ord572
ord1101
ord1054
ord3830
ord1126
ord5658
ord2372
ord5119
ord593
ord334
ord757
ord566
ord3683
ord2451
ord3934
ord911
ord6138
ord2272
ord4085
ord6179
ord6173
ord4109
ord5563
ord2594
ord1482
ord781
ord297
ord3397
ord2902
ord304
ord5403
ord2468
ord908
ord265
ord762
ord784
ord1247
ord5182
ord4212
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord4185
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644

msvcr71

atoi
_mbsnbcpy
sprintf
strtol
_vscwprintf
vswprintf
_vscprintf
vsprintf
_mbschr
_ismbcspace
_mbsicmp
_mbsnbcat
_beginthreadex
fgets
_mbsinc
_mbsstr
_mbsupr
fputs
fwrite
fflush
_vsnprintf
_unlink
ctime
time
localtime
_mbslwr
realloc
strftime
strncmp
strchr
floor
_mbsspn
_mbscspn
memchr
_snprintf
memset
strrchr
_endthreadex
_beginthread
_mbstok
_mbsnbcmp
_mbslen
asctime
_itoa
rand
srand
isdigit
fread
_ultoa
_errno
fputc
ftell
fprintf
_fdopen
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
strtoul
wcslen
_CxxThrowException
_except_handler3
__CxxFrameHandler
_mbscmp
fclose
fscanf
fopen
_mbsrchr
_mktime64
memmove
_purecall
exit
_localtime64
_time64
_strdup
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
__RTDynamicCast
free
malloc
_resetstkoflw
_mbsnbicmp
_wcsdup
_fstat
_fileno
_setmbcp
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp

kernel32

TerminateThread
SetEvent
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
GlobalAlloc
CreateThread
GlobalFree
GlobalUnlock
GlobalLock
CreateEventA
InterlockedDecrement
InterlockedIncrement
GetTimeFormatA
GetDateFormatA
GetDriveTypeA
GetLogicalDriveStringsA
lstrcpynA
MulDiv
lstrcpyA
DeleteCriticalSection
RaiseException
InitializeCriticalSection
ResumeThread
CreateProcessA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTickCount
CreateMutexA
WaitForSingleObject
ResetEvent
CloseHandle
WriteFile
CreateFileA
GetPrivateProfileStringA
GetModuleFileNameA
WideCharToMultiByte
GetLastError
lstrlenA
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
MultiByteToWideChar
GetThreadLocale
lstrlenW
lstrcmpiA
GetEnvironmentVariableA
GetFileAttributesA
lstrcatA
FindClose
FindFirstFileA
GetCommandLineA
CreateDirectoryA
LocalFree
OutputDebugStringA
ExpandEnvironmentStringsA
GetSystemInfo
ReadFile
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
SuspendThread
SetThreadPriority
GetPrivateProfileSectionA
FormatMessageA
SetFilePointer
SetFileAttributesA
GetCurrentProcessId
FlushFileBuffers
GetSystemTime
SetErrorMode
SetUnhandledExceptionFilter
GetExitCodeThread
FindNextFileA
RemoveDirectoryA
DeleteFileA
GetCurrentDirectoryA
OpenEventA
GetDiskFreeSpaceExA
SetEndOfFile
CopyFileA
WaitForMultipleObjectsEx
GetVolumeInformationA
EnterCriticalSection
GetWindowsDirectoryA
GetStartupInfoA
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
DebugBreak
HeapAlloc
HeapFree
GetProcessHeap
Sleep
SetCurrentDirectoryA
LeaveCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
GetFileSize
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
GetCurrentThreadId
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
lstrcmpA
FindResourceExA
WriteProcessMemory
GetCurrentProcess
VirtualProtect
SetLastError
FindResourceW
FindResourceExW
HeapDestroy
HeapReAlloc
HeapSize
FlushInstructionCache
GetUserDefaultLCID
SetPriorityClass
OpenProcess
GetFileAttributesExA
GlobalSize
GetModuleHandleA
LocalFileTimeToFileTime
CancelWaitableTimer
OpenMutexA

user32

CloseClipboard
DefWindowProcA
MoveWindow
SetWindowTextA
GetWindowTextLengthA
wsprintfA
DestroyWindow
GetAsyncKeyState
GetCapture
LoadMenuA
MapWindowPoints
CallWindowProcA
DestroyMenu
IsRectEmpty
IsZoomed
GetMenuItemID
AppendMenuA
GetSubMenu
WindowFromPoint
UnhookWindowsHookEx
LoadImageW
LoadImageA
LoadCursorW
LoadIconW
LoadBitmapW
LoadStringW
DestroyCursor
keybd_event
GetComboBoxInfo
EnableScrollBar
SetScrollPos
SetRect
SystemParametersInfoA
SetRectEmpty
GetMenuItemRect
UnionRect
TrackPopupMenuEx
FrameRect
SetMenuItemBitmaps
GetMenuItemInfoA
GetMenuDefaultItem
OffsetRect
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
PostThreadMessageA
MsgWaitForMultipleObjects
GetWindowTextA
SetWindowsHookExA
GetKeyboardState
SetKeyboardState
CallNextHookEx
GetDlgCtrlID
OpenClipboard
GetActiveWindow
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
DestroyIcon
GetWindow
GetClassNameA
SetWindowRgn
DrawStateA
PostQuitMessage
ShowWindow
IsDialogMessageA
RegisterClassExA
SetWindowPos
GetSysColor
SetFocus
GetFocus
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageA
SetMenuItemInfoA
TrackMouseEvent
FillRect
SetWindowLongA
CreateWindowExA
RegisterClassA
LoadStringA
EndPaint
BeginPaint
ReleaseCapture
SetCapture
SetCursor
LoadCursorA
GetKeyState
GetDC
GetWindowLongA
PtInRect
ValidateRect
LoadIconA
CopyRect
ReleaseDC
DrawFocusRect
DrawTextA
RedrawWindow
GetWindowDC
GetWindowRect
GetParent
UnregisterClassA
UpdateWindow
AnimateWindow
LoadBitmapA
CountClipboardFormats
EnumClipboardFormats
GetClipboardData
GetClipboardFormatNameA
GetWindowThreadProcessId
UnregisterHotKey
RegisterHotKey
GetClassInfoExA
GetSystemMenu
TrackPopupMenu
EnableWindow
SendMessageA
FindWindowA
FindWindowExA
SetParent
PostMessageA
BringWindowToTop
SetForegroundWindow
IsWindowEnabled
ScreenToClient
IsWindowVisible
SetMenuDefaultItem
EnableMenuItem
GetCursorPos
ClientToScreen
CreatePopupMenu
CloseWindow
IsWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
InvalidateRect
GetDesktopWindow
RegisterWindowMessageA
KillTimer
SetTimer
MessageBoxA

gdi32

TextOutA
SetBkColor
GetBkMode
GetBkColor
CreateDIBitmap
CreateBrushIndirect
Rectangle
GetPixel
DPtoLP
CreateEllipticRgn
CreateRectRgn
CombineRgn
LineTo
MoveToEx
CreateSolidBrush
CreatePen
SetPixel
GetDeviceCaps
GetStockObject
CreateBitmap
GetMapMode
SetStretchBltMode
SetMapMode
GetTextColor
CreateFontIndirectA
GetTextExtentPoint32A
SetTextColor
SetBkMode
StretchBlt
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
CreateRectRgnIndirect
ExtCreatePen
CreateFontA
GetTextMetricsA
PatBlt
SetBitmapBits
GetDIBits
GetBitmapBits

msimg32

AlphaBlend

comdlg32

ChooseFontA
ChooseColorA

comctl32

ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_DrawEx
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw
ord17
ImageList_AddMasked

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
PathQuoteSpacesA
StrRetToStrA
PathAppendA
PathMatchSpecA
StrStrIA
PathIsDirectoryEmptyA
PathFileExistsA
PathIsDirectoryA
PathStripPathA
PathRenameExtensionA
PathCombineA
PathRemoveFileSpecA
PathAddBackslashA

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CoTaskMemFree
StringFromGUID2
CoCreateGuid
OleRun

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantCopy
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
OleLoadPicture
SysFreeString
SafeArrayDestroy
SystemTimeToVariantTime

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@Viterator@12@0ABV12@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@Vconst_iterator@01@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??Bios_base@std@@QBEPAXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?eof@ios_base@std@@QBE_NXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

imagehlp

ImageDirectoryEntryToData

setupapi

SetupInstallFileA

Sections

.text
Size: 891KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 541B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e69cb183c86679523238f639bf398ea8

Headers

File Characteristics

PDB Paths

Imports

shell32

wininet

advapi32

rpcrt4

shfolder

ws2_32

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

comdlg32

comctl32

shlwapi

ole32

oleaut32

msvcp71

imagehlp

setupapi

Sections

.text Size: 891KB - Virtual size: 890KB

.rdata Size: 210KB - Virtual size: 210KB

.data Size: 14KB - Virtual size: 19KB

.tls Size: 1024B - Virtual size: 541B

.rsrc Size: 173KB - Virtual size: 173KB

.text
Size: 891KB - Virtual size: 890KB

.rdata
Size: 210KB - Virtual size: 210KB

.data
Size: 14KB - Virtual size: 19KB

.tls
Size: 1024B - Virtual size: 541B

.rsrc
Size: 173KB - Virtual size: 173KB