5b36a809f5540c7ae63b24307e2f5f8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b36a809f5540c7ae63b24307e2f5f8c_JaffaCakes118
Size

400KB
MD5

5b36a809f5540c7ae63b24307e2f5f8c
SHA1

3ab10179ad96c377063e0f4e884922359e7a6aeb
SHA256

d83c0c1d705680e7cbc222b0aedec2b9601d0f575b70d6a7ffc9d68de9237da8
SHA512

90ec2c96d83dee39df9514441ab3b6ec9d866dc7d8e821b3a477a8a2bc656c16000f634c3868940d81c413b25b85c79953d9842a992d595a2ba379354702eb55
SSDEEP

6144:ECP0r7k3nVHJlbD0hN2Px592nbFheTYkXELuSI/OdGiYWabf3y7IJGhCo4X0zrE/:dk43ntLPMGmbFhq+yakghKEPE9kA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/NeoTheme.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
5b36a809f5540c7ae63b24307e2f5f8c_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/NeoTheme.exe
unpack001/system/replacer/.ReplacerTemp/Zap.exe
unpack003/Zap.exe
unpack001/system/uxtheme/nosp/uxtheme.dll
unpack001/system/uxtheme/sp1/uxtheme.dll
unpack001/system/uxtheme/sp2/uxtheme.dll
unpack001/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

5b36a809f5540c7ae63b24307e2f5f8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
MapWindowPoints
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
CreateWindowExA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

aebc3107701149edfc563b8db7a789fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetDlgItem
PostMessageA
CallWindowProcA
CreateDialogParamA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
SetWindowLongA
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Select

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Changelog.txt
License.txt
NeoTheme.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Readme.txt
system/001.gif
.gif
system/002.gif
.gif
system/Thumbs.db
system/neowin_icon.ico
system/replacer/.ReplacerTemp/Clear_WFP_Message.vbs
.vbs
system/replacer/.ReplacerTemp/Messages.txt
system/replacer/.ReplacerTemp/Special.cmd
.cmd .vbs
system/replacer/.ReplacerTemp/Zap.exe
.exe windows:1 windows x86 arch:x86

685f13adf8c237dbc6d064cafff5d908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt20

__getmainargs
_adjust_fdiv
__p__commode
_initterm
exit
__p___initenv
_controlfp
_XcptFilter
_exit
strstr
printf
sprintf
__p__fmode
_except_handler3

kernel32

GetLastError
GetModuleFileNameA
GetTempFileNameA
MoveFileExA

Sections

.text
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
system/replacer/Replacer.cmd
.cmd .vbs
system/replacer/data
.cab
Clear_WFP_Message.vbs
.vbs
Messages.txt
Special.cmd
.cmd .vbs
Zap.exe
.exe windows:1 windows x86 arch:x86

685f13adf8c237dbc6d064cafff5d908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt20

__getmainargs
_adjust_fdiv
__p__commode
_initterm
exit
__p___initenv
_controlfp
_XcptFilter
_exit
strstr
printf
sprintf
__p__fmode
_except_handler3

kernel32

GetLastError
GetModuleFileNameA
GetTempFileNameA
MoveFileExA

Sections

.text
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
system/replacer/readme.txt
system/uxtheme/nosp/uxtheme.dll
.dll windows:5 windows x86 arch:x86

b4b28d10a600e958ea46ec9ce2c6dbc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcsstr
swscanf
wcschr
memmove
free
??2@YAPAXI@Z
realloc
_wsplitpath
_ftol
floor
??3@YAXPAX@Z
_except_handler3

ntdll

RtlInitializeCriticalSection
RtlInitUnicodeString
NtRequestWaitReplyPort
RtlDeleteCriticalSection
RtlUnhandledExceptionFilter
RtlCreateUserThread
NtQueryInformationProcess
NtConnectPort

kernel32

CompareStringW
DeleteAtom
AddAtomW
FindResourceW
SizeofResource
LoadResource
LockResource
GetFileAttributesW
GetFileSize
ExpandEnvironmentStringsW
LoadLibraryExW
GetStringTypeW
lstrcpynW
SetFilePointer
lstrlenA
IsBadCodePtr
FindFirstFileW
FindNextFileW
FindClose
IsBadStringPtrW
IsBadWritePtr
WaitForSingleObject
GetExitCodeThread
CreateFileMappingW
ExitThread
IsDebuggerPresent
GetACP
GetSystemDirectoryW
MapViewOfFile
GetCurrentProcess
DuplicateHandle
CreateSemaphoreW
UnmapViewOfFile
GetProcAddress
GetFullPathNameW
InterlockedExchange
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
InterlockedCompareExchange
Sleep
InterlockedDecrement
IsBadReadPtr
InterlockedIncrement
lstrcmpW
GetSystemInfo
VirtualFree
GetUserDefaultUILanguage
GetFileTime
LoadLibraryW
GetCurrentThread
CreateThread
FreeLibrary
FreeLibraryAndExitThread
VirtualAlloc
SetLastError
GetAtomNameW
lstrcpyW
GetLastError
MulDiv
GetCurrentThreadId
LocalAlloc
LocalFree
CreateActCtxW
GetCurrentProcessId
GetModuleFileNameW
CreateFileW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
lstrcmpiW
lstrcatW
lstrlenW
WriteFile
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
MultiByteToWideChar

user32

GetDoubleClickTime
GetMessagePos
DispatchMessageW
TranslateMessage
CallMsgFilterW
GetMessageW
ShowCaret
KillTimer
GetKeyState
EnableWindow
GetScrollInfo
DestroyMenu
TrackPopupMenuEx
SystemParametersInfoA
SystemParametersInfoW
AdjustWindowRectEx
RegisterUserApiHook
UnregisterUserApiHook
SetTimer
DrawFrameControl
InvertRect
LoadMenuW
GetSubMenu
GetScrollBarInfo
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
DestroyWindow
IsServerSideWindow
LoadStringW
PaintMenuBar
SetWindowPos
GetMenuBarInfo
GetMenuItemCount
DrawMenuBar
TrackMouseEvent
DrawIconEx
IsWindowVisible
DrawEdge
PeekMessageW
ReleaseCapture
GetCapture
LoadIconW
InflateRect
CalcMenuBar
IsIconic
GetForegroundWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
GetSysColorBrush
InvalidateRect
WindowFromDC
GetParent
DrawTextW
GetWindowInfo
SetMenuItemInfoW
DefWindowProcW
DefFrameProcW
OffsetRect
GetWindowRect
InternalGetWindowText
GetWindowTextW
SetRectEmpty
GetSysColor
IsWindowInDestroy
SetWindowRgn
GetWindowRgnBox
GetClassLongW
GetTitleBarInfo
GetSystemMenu
GetMenuItemInfoW
SendMessageW
GetDCEx
IsRectEmpty
GetAncestor
GetClientRect
MapWindowPoints
GetDesktopWindow
PostMessageW
SetSysColors
GetDC
GetClassNameW
EnumDesktopsW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetWindow
EnumChildWindows
GetWindowLongW
SetWindowLongW
RemovePropW
SetPropW
CharNextW
GetPropW
GetWindowThreadProcessId
DrawTextExW
ReleaseDC
GetWindowDC
GetGUIThreadInfo
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
CopyRect
PtInRect
IntersectRect
FillRect
SetRect
wvsprintfW
IsWindow
IsChild
wsprintfW
SendMessageTimeoutW
GetThreadDesktop
EnumDisplaySettingsW
EnumDisplayDevicesW
LoadImageW
IsCharAlphaNumericW
SetCapture

gdi32

GetStockObject
CreateSolidBrush
CreatePen
IntersectClipRect
GetBkColor
ExtTextOutW
SetBkColor
PathToRegion
CreateFontIndirectW
PtInRegion
Arc
GetObjectW
DeleteDC
StretchBlt
SetStretchBltMode
SetLayout
CreateCompatibleDC
GetDeviceCaps
GetLayout
SetTextColor
Rectangle
GetRegionData
GetDIBits
GetRgnBox
CreateCompatibleBitmap
CreateRectRgnIndirect
CreatePatternBrush
GetTextExtentPoint32W
SetBrushOrgEx
GetClipBox
ExcludeClipRect
SetTextAlign
GetTextAlign
RectVisible
CreateFontW
CreateDIBSection
SetDIBits
ExtCreateRegion
CombineRgn
OffsetRgn
CreateBitmap
GetTextColor
StrokeAndFillPath
AbortPath
GetTextMetricsW
SetViewportOrgEx
GetViewportOrgEx
GdiGradientFill
GdiDrawStream
ClearBitmapAttributes
RoundRect
BeginPath
Ellipse
EndPath
SelectClipPath
BitBlt
SelectClipRgn
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBitmap
SetBkMode
DeleteObject

advapi32

CryptVerifySignatureW
CryptHashData
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
RegQueryValueExW
RegOpenCurrentUser
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
OpenThreadToken
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

CloseThemeData
DrawThemeBackground
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeText
EnableThemeDialogTexture
EnableTheming
GetCurrentThemeName
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
SetThemeAppProperties
SetWindowTheme

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
system/uxtheme/sp1/uxtheme.dll
.dll windows:5 windows x86 arch:x86

f01fd9772195faafb57dcadf07c223c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcsstr
swscanf
wcschr
memmove
free
??2@YAPAXI@Z
realloc
_wsplitpath
_ftol
floor
??3@YAXPAX@Z
_except_handler3

ntdll

RtlInitializeCriticalSection
RtlInitUnicodeString
NtRequestWaitReplyPort
RtlDeleteCriticalSection
RtlUnhandledExceptionFilter
RtlCreateUserThread
NtQueryInformationProcess
NtConnectPort

kernel32

MultiByteToWideChar
CompareStringW
AddAtomW
FindResourceW
SizeofResource
LoadResource
LockResource
GetFileAttributesW
GetFileSize
ExpandEnvironmentStringsW
LoadLibraryExW
GetStringTypeW
lstrcpynW
SetFilePointer
lstrlenA
IsBadCodePtr
FindFirstFileW
FindNextFileW
FindClose
IsBadStringPtrW
IsBadWritePtr
WaitForSingleObject
GetExitCodeThread
CreateFileMappingW
ExitThread
IsDebuggerPresent
GetACP
GetSystemDirectoryW
MapViewOfFile
GetCurrentProcess
DuplicateHandle
CreateSemaphoreW
UnmapViewOfFile
GetProcAddress
GetFullPathNameW
InterlockedExchange
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
InterlockedCompareExchange
InterlockedDecrement
IsBadReadPtr
InterlockedIncrement
lstrcmpW
GetSystemInfo
VirtualFree
GetUserDefaultUILanguage
GetFileTime
LoadLibraryW
GetCurrentThread
CreateThread
FreeLibrary
FreeLibraryAndExitThread
VirtualAlloc
SetLastError
GetAtomNameW
lstrcpyW
GetLastError
MulDiv
GetCurrentThreadId
LocalAlloc
LocalFree
GetCurrentProcessId
CreateActCtxW
GetModuleFileNameW
CreateFileW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
lstrcmpiW
lstrcatW
lstrlenW
WriteFile
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
DeleteAtom

user32

DrawFrameControl
SetTimer
GetDoubleClickTime
GetMessagePos
DispatchMessageW
TranslateMessage
CallMsgFilterW
GetMessageW
ShowCaret
KillTimer
GetKeyState
EnableWindow
GetScrollInfo
DestroyMenu
TrackPopupMenuEx
SystemParametersInfoA
SystemParametersInfoW
AdjustWindowRectEx
RegisterUserApiHook
UnregisterUserApiHook
InvertRect
NotifyWinEvent
LoadMenuW
GetSubMenu
GetScrollBarInfo
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
DestroyWindow
IsServerSideWindow
LoadStringW
PaintMenuBar
SetWindowPos
GetMenuBarInfo
GetMenuItemCount
DrawMenuBar
TrackMouseEvent
DrawIconEx
IsWindowVisible
DrawEdge
MsgWaitForMultipleObjectsEx
PeekMessageW
ReleaseCapture
GetCapture
LoadIconW
InflateRect
CalcMenuBar
IsIconic
GetForegroundWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
GetSysColorBrush
InvalidateRect
WindowFromDC
GetParent
DrawTextW
GetWindowInfo
SetMenuItemInfoW
DefWindowProcW
DefFrameProcW
OffsetRect
GetWindowRect
InternalGetWindowText
GetWindowTextW
SetRectEmpty
GetSysColor
IsWindowInDestroy
SetWindowRgn
GetWindowRgnBox
GetClassLongW
GetTitleBarInfo
GetSystemMenu
GetMenuItemInfoW
SendMessageW
GetDCEx
IsRectEmpty
GetAncestor
GetClientRect
MapWindowPoints
GetDesktopWindow
PostMessageW
SetSysColors
GetDC
GetClassNameW
EnumDesktopsW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetWindow
EnumChildWindows
GetWindowLongW
SetWindowLongW
RemovePropW
SetPropW
CharNextW
GetPropW
GetWindowThreadProcessId
DrawTextExW
ReleaseDC
GetWindowDC
GetGUIThreadInfo
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
CopyRect
PtInRect
IntersectRect
FillRect
SetRect
wvsprintfW
IsWindow
IsChild
wsprintfW
SendMessageTimeoutW
GetThreadDesktop
EnumDisplaySettingsW
EnumDisplayDevicesW
LoadImageW
IsCharAlphaNumericW
SetCapture

gdi32

GetStockObject
CreateSolidBrush
CreatePen
IntersectClipRect
GetBkColor
ExtTextOutW
SetBkColor
PathToRegion
CreateFontIndirectW
PtInRegion
Arc
GetObjectW
DeleteDC
StretchBlt
SetStretchBltMode
SetLayout
CreateCompatibleDC
GetDeviceCaps
GetLayout
SetTextColor
Rectangle
GetRegionData
GetDIBits
GetRgnBox
CreateCompatibleBitmap
CreateRectRgnIndirect
CreatePatternBrush
GetTextExtentPoint32W
SetBrushOrgEx
GetClipBox
ExcludeClipRect
SetTextAlign
GetTextAlign
RectVisible
CreateFontW
CreateDIBSection
SetDIBits
ExtCreateRegion
CombineRgn
OffsetRgn
CreateBitmap
GetTextColor
StrokeAndFillPath
AbortPath
GetTextMetricsW
SetViewportOrgEx
GetViewportOrgEx
GdiGradientFill
GdiDrawStream
ClearBitmapAttributes
RoundRect
BeginPath
Ellipse
EndPath
SelectClipPath
BitBlt
SelectClipRgn
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBitmap
SetBkMode
DeleteObject

advapi32

CryptVerifySignatureW
CryptHashData
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
RegQueryValueExW
RegOpenCurrentUser
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
OpenThreadToken
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

CloseThemeData
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeText
EnableThemeDialogTexture
EnableTheming
GetCurrentThemeName
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
SetThemeAppProperties
SetWindowTheme

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
system/uxtheme/sp1/vorte[x].nfo
system/uxtheme/sp2/uxtheme.dll
.dll windows:5 windows x86 arch:x86

a7749dbee9f6101268b6fc01b6b578dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

uxtheme.pdb

Imports

msvcrt

wcsstr
swscanf
wcschr
_vsnwprintf
memmove
free
??2@YAPAXI@Z
realloc
_wsplitpath
_ftol
floor
_adjust_fdiv
malloc
_initterm
_except_handler3
??3@YAXPAX@Z

ntdll

NtConnectPort
RtlInitUnicodeString
NtRequestWaitReplyPort
RtlUnhandledExceptionFilter
RtlCreateUserThread
NtQueryInformationProcess
RtlInitializeCriticalSection

kernel32

QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
IsBadCodePtr
SetUnhandledExceptionFilter
SizeofResource
LoadResource
LockResource
GetFileAttributesW
ReadFile
GetFileSize
ExpandEnvironmentStringsW
GetProcAddress
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
FindFirstFileW
FindNextFileW
FindClose
IsBadStringPtrW
IsBadWritePtr
WaitForSingleObject
GetExitCodeThread
CreateFileMappingW
ExitThread
IsDebuggerPresent
GetACP
MapViewOfFile
GetCurrentProcess
DuplicateHandle
CreateSemaphoreW
UnmapViewOfFile
GetSystemDirectoryW
GetFullPathNameW
InterlockedExchange
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
InterlockedCompareExchange
InterlockedDecrement
IsBadReadPtr
InterlockedIncrement
lstrcmpW
GetSystemInfo
VirtualFree
GetUserDefaultUILanguage
GetFileTime
LoadLibraryW
LocalAlloc
GetCurrentThread
CreateThread
FreeLibrary
LocalFree
FreeLibraryAndExitThread
lstrcpynW
VirtualAlloc
SetLastError
GetAtomNameW
GetLastError
MulDiv
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
CreateFileW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
lstrcmpiW
lstrlenW
WriteFile
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateActCtxW
LoadLibraryExW
GetStringTypeW
SetFilePointer
FindResourceW
AddAtomW
DeleteAtom
MultiByteToWideChar
CompareStringW
UnhandledExceptionFilter

user32

GetSubMenu
LoadMenuW
NotifyWinEvent
InvertRect
DrawFrameControl
SetTimer
GetDoubleClickTime
GetMessagePos
DispatchMessageW
TranslateMessage
CallMsgFilterW
GetMessageW
ShowCaret
KillTimer
GetKeyState
EnableWindow
GetScrollInfo
DestroyMenu
TrackPopupMenuEx
SystemParametersInfoA
SystemParametersInfoW
AdjustWindowRectEx
RegisterUserApiHook
UnregisterUserApiHook
GetScrollBarInfo
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
DestroyWindow
IsServerSideWindow
LoadStringW
PaintMenuBar
SetWindowPos
GetMenuBarInfo
GetMenuItemCount
DrawMenuBar
TrackMouseEvent
DrawIconEx
IsWindowVisible
DrawEdge
SetCapture
MsgWaitForMultipleObjectsEx
PeekMessageW
ReleaseCapture
GetCapture
LoadIconW
InflateRect
CalcMenuBar
GetForegroundWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
InvalidateRect
DrawTextW
GetClientRect
GetSysColorBrush
IsWindowInDestroy
SetWindowRgn
WindowFromDC
GetParent
GetWindowInfo
SetMenuItemInfoW
DefWindowProcW
DefFrameProcW
OffsetRect
GetWindowRect
InternalGetWindowText
GetWindowTextW
SetRectEmpty
GetSysColor
GetWindowRgnBox
GetClassLongW
GetTitleBarInfo
GetSystemMenu
GetMenuItemInfoW
SendMessageW
GetDCEx
IsRectEmpty
GetAncestor
MapWindowPoints
GetDesktopWindow
PostMessageW
SetSysColors
GetDC
GetClassNameW
EnumDesktopsW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetWindow
EnumChildWindows
GetWindowLongW
SetWindowLongW
RemovePropW
SetPropW
GetPropW
GetWindowThreadProcessId
DrawTextExW
GetWindowDC
ReleaseDC
GetGUIThreadInfo
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
CopyRect
PtInRect
IntersectRect
FillRect
SetRect
IsWindow
IsChild
CharNextW
SendMessageTimeoutW
GetThreadDesktop
EnumDisplaySettingsW
EnumDisplayDevicesW
LoadImageW
IsCharAlphaNumericW
IsIconic

gdi32

Rectangle
GetStockObject
CreateSolidBrush
CreatePen
IntersectClipRect
GetBkColor
ExtTextOutW
SetBkColor
PathToRegion
CreateFontIndirectW
PtInRegion
Arc
GetObjectW
DeleteDC
StretchBlt
SetStretchBltMode
SetLayout
CreateCompatibleDC
GetDeviceCaps
GetLayout
RoundRect
SetTextColor
SetBkMode
GetRgnBox
CreateRectRgnIndirect
CreatePatternBrush
GetTextExtentPoint32W
SetBrushOrgEx
GetClipBox
ExcludeClipRect
SetTextAlign
GetTextAlign
CreateCompatibleBitmap
RectVisible
CreateFontW
SetDIBits
CreateDIBSection
ExtCreateRegion
CombineRgn
OffsetRgn
CreateBitmap
GetTextColor
StrokeAndFillPath
AbortPath
GetTextMetricsW
SetViewportOrgEx
GetViewportOrgEx
GdiGradientFill
GdiDrawStream
ClearBitmapAttributes
BeginPath
Ellipse
EndPath
SelectClipPath
BitBlt
SelectClipRgn
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBitmap
GetDIBits
GetRegionData
DeleteObject

advapi32

CryptVerifySignatureW
CryptHashData
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
RegQueryValueExW
RegOpenCurrentUser
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
OpenThreadToken
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

CloseThemeData
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeText
EnableThemeDialogTexture
EnableTheming
GetCurrentThemeName
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
SetThemeAppProperties
SetWindowTheme

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 20KB

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 930B

aebc3107701149edfc563b8db7a789fd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 444B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 236KB

UPX1 Size: 109KB - Virtual size: 112KB

.rsrc Size: 22KB - Virtual size: 24KB

685f13adf8c237dbc6d064cafff5d908

Headers

File Characteristics

Imports

msvcrt20

kernel32

Sections

.text Size: 1024B - Virtual size: 584B

.bss Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 156B

.data Size: 512B - Virtual size: 140B

.idata Size: 1024B - Virtual size: 524B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 210B

685f13adf8c237dbc6d064cafff5d908

Headers

File Characteristics

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 20KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 444B

UPX0
Size: - Virtual size: 236KB

UPX1
Size: 109KB - Virtual size: 112KB

.rsrc
Size: 22KB - Virtual size: 24KB

.text
Size: 1024B - Virtual size: 584B

.bss
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 156B

.data
Size: 512B - Virtual size: 140B

.idata
Size: 1024B - Virtual size: 524B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 210B

.text
Size: 1024B - Virtual size: 584B

.bss
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 156B

.data
Size: 512B - Virtual size: 140B

.idata
Size: 1024B - Virtual size: 524B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 210B

.text
Size: 173KB - Virtual size: 172KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 173KB - Virtual size: 173KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 188KB - Virtual size: 188KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 6KB - Virtual size: 6KB