5d2a4c63b59d80f99183208efd34b1f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d2a4c63b59d80f99183208efd34b1f4_JaffaCakes118
Size

4.2MB
MD5

5d2a4c63b59d80f99183208efd34b1f4
SHA1

60ea95d15089ec2e1ca0d0a42a34ba88e84d3c0a
SHA256

d50c70f2366b12654de7984a3216f0fc94a3f3b97a7733b7f4091237536cfd2c
SHA512

11f01802d2c7fa6b7041685c4f112bda80ce538e7e5b29cc009c773c74926995e8aec31a5461a8b23ad4388812b7d6f43ca222c18fafdaa51988732bfe48e6a3
SSDEEP

98304:VvECF59qSqlLA5M0VXwrwqhsSvzZRXk33W0GSAkP3QV:dpW/cXwrtsSbPXk3mqNfQV

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
5d2a4c63b59d80f99183208efd34b1f4_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/fileserve-tb-setup.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/FileServeSvc.exe
unpack002/FileServeVideoToMp3.exe
unpack002/ShowMsg.exe
unpack002/ffmpeg.exe
unpack002/fileservetb.dll
unpack002/uninstall.exe
unpack003/$PLUGINSDIR/System.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/$TEMP/fileserve-tb-setup.exe	nsis_installer_1
static1/unpack002/uninstall.exe	nsis_installer_1

Files

5d2a4c63b59d80f99183208efd34b1f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a9446e5cc2412c6405cea69dddb93be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
CopyFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b3d296ff6f7abb1319ee006fcc6c4d98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
OpenClipboard

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/fileserve-tb-setup.exe
.exe windows:4 windows x86 arch:x86

4a9446e5cc2412c6405cea69dddb93be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
CopyFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileServeSvc.exe
.exe windows:5 windows x86 arch:x86

502bddc94a64f4cb0a885132160f6576

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\ToolbarDev\tbsvc_VidtoMp3\Release\tbsvc.FileServe\FileServeSvc.pdb

Imports

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

kernel32

FindNextFileA
FindClose
CreateDirectoryA
MoveFileA
CreateFileA
GetFileSize
ReadFile
CloseHandle
lstrcatA
DeleteFileA
WriteFile
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WaitForSingleObject
FormatMessageA
CreateToolhelp32Snapshot
Process32First
FindFirstFileA
OpenProcess
TerminateProcess
RaiseException
GetVersionExA
SetFilePointer
SystemTimeToFileTime
SetFileTime
GetFileAttributesA
GetCurrentDirectoryA
LocalFileTimeToFileTime
UnmapViewOfFile
GetTickCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetUserDefaultLangID
DeleteCriticalSection
GetLastError
Sleep
InitializeCriticalSection
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
lstrlenA
GetProcAddress
FreeLibrary
LoadLibraryA
SetEndOfFile
Process32Next
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitThread
ResumeThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

wsprintfA
MessageBoxA

advapi32

CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptAcquireContextA
CreateProcessAsUserA
DuplicateTokenEx
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceA
ControlService
DeleteService
OpenServiceA
CloseServiceHandle
ChangeServiceConfig2A
CreateServiceA
OpenSCManagerA

shell32

SHGetFolderPathA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileServeVideoToMp3.exe
.exe windows:5 windows x86 arch:x86

0dcc6d43c328d2bf11c1424f47556e1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Vid2Mp3\Release\vid2mp3.FileServe\FileServeVideoToMp3.pdb

Imports

kernel32

FindFirstFileA
FindClose
GetLastError
CreateProcessA
WaitForSingleObject
TerminateProcess
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
InitializeCriticalSection
DeleteCriticalSection
GetLocalTime
CreateThread
CreateDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetEndOfFile
GetModuleHandleA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CloseHandle
WriteFile
CreateFileA
DeleteFileA
LocalFree
WideCharToMultiByte
lstrlenW
GetCommandLineW
Sleep
lstrlenA
GetModuleFileNameA
GetVersionExA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
ReadFile
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer

user32

TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
GetMessageA
RegisterClassExA
CreateWindowExA
DefWindowProcA
BeginPaint
LoadAcceleratorsA
LoadCursorA
MessageBoxA
EndPaint
PostQuitMessage
LoadStringA

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetFolderPathA
CommandLineToArgvW

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetGetConnectedState
InternetSetCookieA
HttpQueryInfoA
InternetOpenUrlA

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShowMsg.exe
.exe windows:5 windows x86 arch:x86

1a04cb78d9ec6c0a9729da14fafcfa78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Vid2Mp3\Release\showmsg.FileServe\ShowMsg.pdb

Imports

comctl32

ord17

kernel32

LeaveCriticalSection
GetModuleFileNameA
DeleteCriticalSection
GlobalLock
GlobalUnlock
GetModuleHandleA
lstrcmpiA
IsDBCSLeadByte
RaiseException
LoadLibraryExA
InitializeCriticalSection
GetCurrentThreadId
SetLastError
GlobalFree
GlobalHandle
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
Sleep
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
VirtualFree
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
MulDiv
MultiByteToWideChar
lstrcmpA
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
FindResourceExA
SizeofResource
LockResource
WideCharToMultiByte
LoadResource
FindResourceA
lstrlenA
GetProcAddress
FreeLibrary
LoadLibraryA
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

MapWindowPoints
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextA
CheckRadioButton
IsDlgButtonChecked
SendDlgItemMessageA
GetWindow
GetParent
MonitorFromWindow
GetWindowLongA
DestroyAcceleratorTable
MapDialogRect
CallWindowProcA
DialogBoxParamA
GetActiveWindow
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RegisterWindowMessageA
DialogBoxIndirectParamA
DefWindowProcA
ReleaseCapture
CreateAcceleratorTableA
FillRect
GetFocus
UnregisterClassA
GetSysColor
CharNextA
LoadStringA
RegisterClassExA
LoadCursorA
GetClassInfoExA
GetClassNameA
IsWindow
SetWindowContextHelpId
GetDlgItem
IsChild
SetFocus
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
MoveWindow
GetWindowTextLengthA
GetWindowTextA
SendMessageA
DestroyWindow
CreateWindowExA
SetWindowLongA
EndDialog
PostQuitMessage
GetDesktopWindow
GetMonitorInfoA

gdi32

GetObjectA
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemRealloc
OleUninitialize
OleInitialize
OleLockRunning
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

VariantClear
LoadTypeLi
VarUI4FromStr
OleCreateFontIndirect
VariantInit
LoadRegTypeLi
SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ffmpeg.exe
.exe windows:4 windows x86 arch:x86

214547f7da9d4459a4c6e05886f2663a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

avicap32

capCreateCaptureWindowA

avifil32

AVIFileExit
AVIFileGetStream
AVIFileInfoA
AVIFileInit
AVIFileOpenA
AVIFileRelease
AVIStreamInfoA
AVIStreamRead
AVIStreamReadFormat
AVIStreamRelease

kernel32

CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeLibrary
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetConsoleTextAttribute
SetEvent
SetLastError
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fdopen
_fstat
_getch
_isatty
_kbhit
_open
_read
_setmode
_strdup
_tempnam
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_atoi64
_beginthreadex
_cexit
_endthreadex
_errno
_filelengthi64
_fstati64
_ftime
_iob
_isctype
_lseeki64
_onexit
_pctype
_setjmp
_setmode
_stricmp
_strnicmp
abort
acos
asin
atan
atexit
atof
atoi
bsearch
calloc
ceil
clock
cos
cosh
exit
exp
fclose
fflush
fgetc
fgetpos
fgets
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
fsetpos
ftell
fwrite
getchar
getenv
gmtime
isalpha
isprint
isspace
ldexp
localeconv
localtime
log
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
perror
pow
printf
putc
putchar
puts
qsort
rand
realloc
rename
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tan
tanh
time
tolower
toupper
ungetc
vfprintf
vsprintf
wcslen

psapi

GetProcessMemoryInfo

user32

DestroyWindow
GetWindowLongA
SendMessageA
SetWindowLongA

winmm

timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fileservetb.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8aba1d494953869872ecd25b1ed9baea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\ToolbarDev\Toolbar_VidtoMp3\Release\toolbar.FileServe\fileservetb.pdb

Imports

shlwapi

SHDeleteValueA
StrTrimA
StrChrA
SHDeleteKeyA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetGetConnectedState
InternetCrackUrlA
InternetOpenUrlA
InternetOpenA
InternetReadFile

ws2_32

WSAStartup
gethostbyname
WSACleanup
inet_ntoa

kernel32

GetCurrentProcessId
GetCurrentThreadId
ReleaseSemaphore
CreateEventA
SetEvent
GetSystemTimeAsFileTime
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindResourceExA
HeapFree
GetProcessHeap
GetTickCount
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
SetLastError
GetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
DisableThreadLibraryCalls
GetLocalTime
GetModuleFileNameA
RaiseException
lstrlenA
MultiByteToWideChar
lstrlenW
FreeLibrary
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
IsBadWritePtr
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
MulDiv
FlushInstructionCache
lstrcpynA
lstrcpyA
CreateThread
Sleep
GlobalFree
LoadLibraryA
GetFileSize
CreateFileA
WriteFile
MoveFileA
lstrcatA
DeleteFileA
CreateDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetVersionExA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ReleaseMutex
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
ReadFile
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
HeapCreate
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
ExitThread
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
VirtualQuery
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
LocalFree
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
ResumeThread
TlsSetValue
ResetEvent
GetSystemInfo
TlsGetValue
TlsFree
TlsAlloc
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetStringTypeExA
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetStringTypeA
IsValidLocale
CreateMutexA
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WaitForSingleObject

user32

LoadStringA
UnregisterClassA
GetMenuItemCount
InsertMenuItemA
IsWindow
PostMessageA
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
CallNextHookEx
GetKeyState
GetFocus
GetWindowTextA
FindWindowExA
EndDialog
KillTimer
SetTimer
RegisterClassA
GetClassInfoA
MessageBoxA
GetWindowDC
OffsetRect
FrameRect
PtInRect
SetCursor
SetParent
CreatePopupMenu
MapWindowPoints
TrackPopupMenuEx
DestroyMenu
CallWindowProcA
InvalidateRgn
SendMessageA
ShowWindow
GetDlgItem
DialogBoxParamA
CharNextA
DestroyWindow
SetForegroundWindow
EnableWindow
IsWindowEnabled
GetCursorPos
GetWindowRect
GetDesktopWindow
MoveWindow
GetParent
SetWindowTextA
SetLayeredWindowAttributes
GetWindowLongA
SetWindowLongA
DispatchMessageA
TranslateMessage
IsChild
GetActiveWindow
GetMessageA
GetClientRect
SetFocus
SetWindowRgn
LoadCursorA
RegisterWindowMessageA
RegisterClassExA
GetClassInfoExA
DefWindowProcA
GetWindowTextLengthA
CreateWindowExA
DestroyAcceleratorTable
GetSysColor
GetWindow
EndPaint
InvalidateRect
SetCapture
ReleaseCapture
ScreenToClient
ClientToScreen
CreateAcceleratorTableA
GetDC
ReleaseDC
GetClassNameA
SetWindowPos
RedrawWindow
BeginPaint
FillRect

gdi32

GetStockObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
CreateRectRgn
DeleteObject
CreateFontIndirectA
GetObjectA
SelectObject

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFolderPathA
SHGetMalloc

ole32

CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
OleLockRunning
CoUninitialize
CoInitialize
CoCreateGuid
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleRun
OleInitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantClear
VarUI4FromStr
SysAllocString
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VariantChangeType
VariantInit
VariantCopy
SysStringLen
SysAllocStringLen
VarBstrCat
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
GetErrorInfo
SysFreeString

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

gdiplus

GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipCloneImage
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateBitmapFromStream
GdipDeleteFont
GdipCreateBitmapFromStreamICM
GdipSetSolidFillColor
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipDrawLineI
GdipDrawRectangleI
GdipDrawString
GdipMeasureString
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipFillRectangleI

Exports

Exports

DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 805KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

4a9446e5cc2412c6405cea69dddb93be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
CopyFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xpi/chrome.manifest
xpi/chrome/content/constants.js
.js
xpi/chrome/content/convertvideo.js
.js
xpi/chrome/content/convertvideodlg.js
.js
xpi/chrome/content/convertvideodlg.xul
.xml
xpi/chrome/content/events.js
.js
xpi/chrome/content/savetomp3popup.js
.js
xpi/chrome/content/savetomp3popup.xul
.xml
xpi/chrome/content/tbcore.js
.js
xpi/chrome/content/toolbar.xul
.xml
xpi/chrome/skin/SaveMp3_bg_disabled.png
.png
xpi/chrome/skin/SaveMp3_bg_hover.png
.png
xpi/chrome/skin/SaveMp3_bg_normal.png
.png
xpi/chrome/skin/arrow_partner.png
.png
xpi/chrome/skin/arrow_small.png
.png
xpi/chrome/skin/bg.png
.png
xpi/chrome/skin/btn_68x30_hover.png
.png
xpi/chrome/skin/btn_68x30_normal.png
.png
xpi/chrome/skin/btn_82x30_hover.png
.png
xpi/chrome/skin/btn_82x30_normal.png
.png
xpi/chrome/skin/btn_94x30_hover.png
.png
xpi/chrome/skin/btn_94x30_normal.png
.png
xpi/chrome/skin/buttons/SaveMp3_arrow_disabled.png
.png
xpi/chrome/skin/buttons/SaveMp3_arrow_normal.png
.png
xpi/chrome/skin/buttons/SaveMp3_bigarrow.png
.png
xpi/chrome/skin/buttons/arrow.png
.png
xpi/chrome/skin/buttons/arrow_bg_hot.png
.png
xpi/chrome/skin/buttons/arrow_bg_normal.png
.png
xpi/chrome/skin/buttons/highlight.png
.png
xpi/chrome/skin/buttons/icon-RSS.png
.png
xpi/chrome/skin/buttons/icon-convert.png
.png
xpi/chrome/skin/buttons/icon-facebook.png
.png
xpi/chrome/skin/buttons/icon-games.png
.png
xpi/chrome/skin/buttons/icon-highlighter.png
.png
xpi/chrome/skin/buttons/icon-music.png
.png
xpi/chrome/skin/buttons/icon-news.png
.png
xpi/chrome/skin/buttons/icon-radio.png
.png
xpi/chrome/skin/buttons/icon-shopping.png
.png
xpi/chrome/skin/buttons/icon-song-lyrics.png
.png
xpi/chrome/skin/buttons/icon-tv.png
.png
xpi/chrome/skin/buttons/icon-twitter.png
.png
xpi/chrome/skin/buttons/news.png
.png
xpi/chrome/skin/buttons/savemp3button.png
.png
xpi/chrome/skin/buttons/savemp3popup-musicicon.png
.png
xpi/chrome/skin/buttons/savemp3popup.png
.png
xpi/chrome/skin/buttons/searchbar-grey-250.png
.png
xpi/chrome/skin/buttons/searchbar-lightblue-150.png
.png
xpi/chrome/skin/buttons/separator_line.png
.png
xpi/chrome/skin/buttons/shopping.png
.png
xpi/chrome/skin/buttons/stocks.png
.png
xpi/chrome/skin/buttons/submit-blue.png
.png
xpi/chrome/skin/combined.png
.png
xpi/chrome/skin/feeditem.png
.png
xpi/chrome/skin/full_bg.png
.png
xpi/chrome/skin/gripper.png
.png
xpi/chrome/skin/images.png
.png
xpi/chrome/skin/left_bg.png
.png
xpi/chrome/skin/logo.png
.png
xpi/chrome/skin/news_refresh.png
.png
xpi/chrome/skin/popupSearchMp3.css
xpi/chrome/skin/popupWindow.css
xpi/chrome/skin/savetomp3PopUp.css
xpi/chrome/skin/searchbar_bg_blue.png
.png
xpi/chrome/skin/toolbar.css
xpi/chrome/skin/watermark.png
.png
xpi/chrome/skin/web.png
.png
xpi/install.rdf
.xml

Sharing

General

Malware Config

Signatures

Files

4a9446e5cc2412c6405cea69dddb93be

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 110KB

.ndata Size: - Virtual size: 132KB

.rsrc Size: 16KB - Virtual size: 15KB

b3d296ff6f7abb1319ee006fcc6c4d98

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 990B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

4a9446e5cc2412c6405cea69dddb93be

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 110KB

.ndata Size: - Virtual size: 156KB

.rsrc Size: 16KB - Virtual size: 16KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 110KB

.ndata
Size: - Virtual size: 132KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 990B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 110KB

.ndata
Size: - Virtual size: 156KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 11KB - Virtual size: 10KB