5fd20558cfaf74699409a55c56dd5d07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5fd20558cfaf74699409a55c56dd5d07_JaffaCakes118
Size

869KB
MD5

5fd20558cfaf74699409a55c56dd5d07
SHA1

89b0c8cceead078934e0390ac5e31a25023a055f
SHA256

5ab29f7c771e3e202f22b4f852b54a26ef4deea7f322038547d366ea750b3bb0
SHA512

49668391587321c5baa9250ed72c25e49e684406ceb9efdb0fa02474507eb06fbdbf4dcc2e2dba047acaab62d31492ec2a2ab87a7edcded073afcd17edae0c02
SSDEEP

24576:/2f0MDrehZ5BMXSdqJ6yR8TTLNcAeYJ0fOpDn:Of0MyJM5GT3NkYOfMDn

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
5fd20558cfaf74699409a55c56dd5d07_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/IEDriver.dll
unpack001/IEManager.dll
unpack001/IEMate.dll
unpack001/IEPromotion.dll
unpack001/IEProtect.dll
unpack001/IERepair.exe
unpack001/NsPlugin.dll
unpack001/cab.dll
unpack001/fixhomepage.exe
unpack001/plugins/imFilter.dll
unpack001/regedit.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

5fd20558cfaf74699409a55c56dd5d07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

97318da386948415d08cef4a9006d669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEDriver.dll
.dll windows:4 windows x86 arch:x86

5e9948431e6e4d64378961345d139c23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
CreateFileA
SizeofResource
LockResource
LoadResource
WriteFile
Sleep
GetLastError
GetVersion
MultiByteToWideChar
SetEndOfFile
CloseHandle
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
FindResourceA
DeviceIoControl

user32

wsprintfA

advapi32

OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenSCManagerA
StartServiceA

msvcrt

wcslen
strcpy
strrchr
strcat
strlen
memset
printf
sprintf
fclose
fread
fopen
??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
_purecall
_stat
ftell
fseek
fwrite
fflush
malloc
free
realloc
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

GetClassObject

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEManager.dll
.dll windows:4 windows x86 arch:x86

2f0ee47156e789331ac200edc241cf7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LoadLibraryA
SetEndOfFile
GetProcAddress
MultiByteToWideChar
GetVersion
CreateFileA
GetLastError
DisableThreadLibraryCalls
WideCharToMultiByte
GetWindowsDirectoryA
lstrlenA
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetSystemDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleFileNameA
DeviceIoControl
IsBadCodePtr
SetUnhandledExceptionFilter
GetLocalTime
GetTimeZoneInformation
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
TerminateProcess
GetCurrentProcess
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetFullPathNameA
GetCurrentDirectoryA
WriteFile
FlushFileBuffers
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetStdHandle

user32

wsprintfA
LoadStringA

advapi32

RegEnumKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegEnumValueA
RegOpenKeyA

oleaut32

SysFreeString
SysAllocStringLen

atl

ord21
ord16

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

GetClassObject

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEMate.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f39816f281ba79f21cb4b0c2d85527f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetNumberFormatW
GetWindowsDirectoryW
GetCommandLineW
DeviceIoControl
LocalAlloc
CompareStringW
UnmapViewOfFile
GetExitCodeThread
CreateThread
SetCurrentDirectoryW
LocalFree
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentDirectoryW
GetComputerNameW
GetProfileIntW
SetErrorMode
ResumeThread
MulDiv
FreeResource
GetWindowsDirectoryA
CopyFileA
GetShortPathNameA
OpenMutexW
GetSystemTimeAsFileTime
SetThreadPriority
ReleaseMutex
IsBadStringPtrW
GetCommandLineA
SetWaitableTimer
SuspendThread
SetEndOfFile
GetTempFileNameW
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
CreateWaitableTimerW
lstrcpyA
FormatMessageW
FlushViewOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
IsBadReadPtr
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadCodePtr
ReadProcessMemory
GetCurrentThread
GetModuleFileNameA
CreateFileA
ReadFile
SetFilePointer
SystemTimeToFileTime
FindNextFileW
GetCurrentProcessId
GlobalAddAtomW
GlobalFindAtomW
SetEnvironmentVariableA
CompareStringA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetOEMCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapCreate
QueryPerformanceCounter
GetCPInfo
LCMapStringW
LCMapStringA
ExitThread
GetSystemInfo
RtlUnwind
ExitProcess
VirtualFree
VirtualAlloc
CreateEventA
GetCurrentDirectoryA
TerminateThread
GetLocalTime
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindFirstFileA
CreateDirectoryA
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GlobalDeleteAtom
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringW
GetFileSize
VirtualQuery
VirtualProtect
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
LoadLibraryExW
CreateMutexW
GetTempPathW
lstrcatW
FreeLibrary
CopyFileW
DeleteFileW
CreateDirectoryW
WideCharToMultiByte
FindFirstFileW
FindClose
CreateFileW
WriteFile
CreateEventW
WaitForMultipleObjects
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
IsBadStringPtrA
GetCurrentThreadId
lstrlenA
Sleep
InterlockedDecrement
lstrcmpW
lstrlenW
lstrcmpiW
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
InterlockedIncrement
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
LoadLibraryA

user32

LoadStringW
LoadAcceleratorsW
GetIconInfo
InsertMenuItemW
InsertMenuW
IsMenu
GetAsyncKeyState
mouse_event
InvalidateRgn
GetUpdateRect
GetMessageW
GetDCEx
EqualRect
SetRect
DialogBoxParamW
SetMenu
GetScrollPos
IsWindowEnabled
DrawFocusRect
FillRect
DestroyCursor
OffsetRect
IsRectEmpty
MoveWindow
GetLastActivePopup
EnumChildWindows
GetWindowTextA
GetClassNameA
OpenClipboard
CloseClipboard
GetWindowPlacement
RegisterWindowMessageW
GetCapture
RegisterHotKey
ModifyMenuW
UnregisterHotKey
keybd_event
CharUpperBuffW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
RegisterWindowMessageA
IsWindowVisible
SetForegroundWindow
SetClipboardData
ReleaseCapture
SetCapture
GetDoubleClickTime
EndPaint
BeginPaint
GetDlgCtrlID
GetComboBoxInfo
EmptyClipboard
FindWindowW
FrameRect
SetWindowPlacement
EndDialog
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetTimer
GetParent
WindowFromPoint
GetCursorPos
GetKeyState
SendMessageW
CreatePopupMenu
PeekMessageA
MsgWaitForMultipleObjects
PostThreadMessageA
wsprintfA
wvsprintfA
DestroyMenu
AppendMenuW
GetMenuItemInfoW
SetCursor
UnionRect
GetDesktopWindow
PostQuitMessage
SetParent
GetSubMenu
AdjustWindowRectEx
LoadMenuW
SetMenuDefaultItem
CheckMenuRadioItem
GetMenuItemID
EnableMenuItem
DeleteMenu
GetMenuItemCount
RedrawWindow
ShowWindow
InvalidateRect
UpdateWindow
ClientToScreen
wvsprintfW
GetDC
TrackPopupMenu
GetClassInfoExW
KillTimer
ScrollWindowEx
SetScrollPos
ShowScrollBar
GetScrollInfo
SetScrollInfo
IsDlgButtonChecked
SetLastErrorEx
IsIconic
RegisterClassExW
LoadCursorW
wsprintfW
SetFocus
SetMenuItemInfoW
GetMonitorInfoW
MonitorFromPoint
GetMenuStringW
PtInRect
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowTextW
IsWindow
CallWindowProcW
DrawTextW
DefWindowProcW
UnregisterClassW
CreateWindowExW
GetWindowRect
SetWindowPos
GetClientRect
PostThreadMessageW
TrackPopupMenuEx
GetWindowDC
ReleaseDC
SetRectEmpty
SystemParametersInfoW
DestroyIcon
LoadBitmapW
WaitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
PostMessageW
GetActiveWindow
GetSystemMetrics
DrawStateW
DrawEdge
CopyRect
GetSysColor
MapWindowPoints
InflateRect
LoadImageW
MessageBoxW
CheckMenuItem
FindWindowExW
SetWindowTextA
GetDlgItem
GetWindowTextLengthW
CharNextW
DestroyWindow
GetClassNameW
GetForegroundWindow
GetFocus
GetWindow
GetWindowThreadProcessId
GetCursor
ScreenToClient
GetWindowLongA

gdi32

TextOutW
MoveToEx
LineTo
CreateDCW
GetTextExtentPoint32W
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
CreateBitmap
Polyline
GetCurrentObject
CreateDIBSection
GetTextAlign
SetTextAlign
GetBkColor
StretchBlt
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreatePen
Polygon
SelectPalette
RealizePalette
GetDIBits
GetDeviceCaps
CreateCompatibleDC
GetTextMetricsW
ExtTextOutW
Rectangle
SetTextColor
SetBkMode
CreateSolidBrush
SetBkColor
CreateFontIndirectW
DeleteDC
SelectObject
CreatePatternBrush
SetROP2
RestoreDC
GetStockObject
DeleteObject
GetObjectW
SaveDC

advapi32

CryptCreateHash
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegEnumKeyW
CryptAcquireContextW
RegCreateKeyExA
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
GetUserNameW
RegQueryValueW
RegSetValueW
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ord195
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteW
SHFileOperationW
SHGetMalloc

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
OleInitialize
CoTaskMemRealloc
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
RegisterDragDrop
ReleaseStgMedium

oleaut32

SysAllocStringLen
VariantClear
SysStringByteLen
VariantInit
VariantCopy
VariantChangeType
SafeArrayDestroy
VarBstrCmp
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
UnRegisterTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
SysStringLen
SafeArrayPutElement
GetErrorInfo
SysAllocString

shlwapi

UrlCreateFromPathW
SHRegGetBoolUSValueW
StrCmpIW
SHGetValueW
PathRemoveFileSpecW
PathFileExistsW
StrCmpNIW
StrCpyNW
StrCpyW
PathFindExtensionW
PathIsDirectoryW
ord16
PathFindFileNameW
SHSetValueW
UrlIsW

msimg32

TransparentBlt

urlmon

CoInternetParseUrl
URLDownloadToFileW
CoInternetGetSession

dbghelp

SymGetModuleBase64
StackWalk64
SymSetOptions
SymGetOptions
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetSymFromAddr64
SymCleanup
SymInitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetSetOptionW
InternetSetStatusCallbackW
InternetOpenUrlW
HttpQueryInfoW
InternetOpenW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
GetUrlCacheEntryInfoExW
InternetCanonicalizeUrlW

iphlpapi

GetAdaptersInfo

oleacc

AccessibleChildren
AccessibleObjectFromPoint

Exports

Exports

??0CScErrLog@@QAE@ABV0@@Z
??0CScErrLog@@QAE@PBD0H@Z
??1CScErrLog@@UAE@XZ
??4CScErrLog@@QAEAAV0@ABV0@@Z
??_7CScErrLog@@6B@
?ThreadProxy@CScErrLog@@KGIPAX@Z
?ThreadWork@CScErrLog@@IAEXXZ
?_createDirectory@CScErrLog@@IAEHPAD@Z
?_idebug1@@YAXPADZZ
?_idebug2@@YAXPADZZ
?_idebug3@@YAXPADZZ
?_idebug4@@YAXPADZZ
?_idebug5@@YAXPADZZ
?_idebug@@YAXPADZZ
?_readRegistoryFilePath@CScErrLog@@IAEHPAD@Z
?_readRegistoryLoglevel@CScErrLog@@IAEHPADPAH@Z
?_readRegistoryOutputFlag@CScErrLog@@IAE_NXZ
?_tidebug1@@YAXPAGZZ
?_tidebug2@@YAXPAGZZ
?_tidebug3@@YAXPAGZZ
?_tidebug4@@YAXPAGZZ
?_tidebug5@@YAXPAGZZ
?_tidebug@@YAXPAGZZ
?dump_binary@CScErrLog@@QAEXPADPAEH@Z
?flushlogbuff@CScErrLog@@IAEHH@Z
?g_pScErrLog@@3PAVCScErrLog@@A
?get_lastlogindex@CScErrLog@@IAEHXZ
?get_logfile_info@CScErrLog@@QAEABUSXLOGPARAM@@XZ
?geterror@CScErrLog@@QAEHXZ
?getlogLevel@CScErrLog@@QAEHXZ
?idebug1@@YAXPADZZ
?idebug2@@YAXPADZZ
?idebug3@@YAXPADZZ
?idebug4@@YAXPADZZ
?idebug5@@YAXPADZZ
?idebug@@YAXPADZZ
?is_output_debug@CScErrLog@@QBE_NXZ
?logfilebackup@CScErrLog@@IAEXH@Z
?logtype_string@CScErrLog@@2PAPBDA
?logwrite@CScErrLog@@IAEHPADH@Z
?makelogfile@CScErrLog@@IAEHXZ
?put@CScErrLog@@QAEXHPAD@Z
?put@CScErrLog@@QAEXHW4tagKind@1@W4tagType@1@PBD22@Z
?put@CScErrLog@@QAEXHW4tagKind@1@W4tagType@1@PBG22@Z
?putf@CScErrLog@@QAAXHPADZZ
?putf_nh@CScErrLog@@QAAXPADZZ
?rm_directory@CScErrLog@@IAEXPAD@Z
?rm_oldlog@CScErrLog@@IAEXXZ
?setlogLevel@CScErrLog@@QAEXH@Z
?setlogMaxDay@CScErrLog@@QAEXH@Z
?writefile@CScErrLog@@QAEXPADH@Z
?writefile_nh@CScErrLog@@QAEXPAEH@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEMateLib.DLL
IEMateLib2.DLL
IEMateLib3.DLL
IEPromotion.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3fb5060e40d215cda723abee35ee649e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord3953
ord5307
ord2396
ord6467
ord860
ord800
ord858
ord924
ord537
ord540
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord4698
ord4079
ord5302
ord5300
ord2725
ord3346
ord5199
ord1089
ord3922
ord5731
ord2512
ord600
ord826
ord269
ord2554
ord4486
ord6375
ord815
ord1131
ord4274

msvcrt

_initterm
__CxxFrameHandler
??2@YAPAXI@Z
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
memcpy
free
_onexit

kernel32

LocalFree
WritePrivateProfileStringA
CreateDirectoryA
lstrlenA
LocalAlloc

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

atl

ord16
ord21
ord15
ord57
ord18

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProtect.dll
.dll windows:4 windows x86 arch:x86

2116dd0b957022e6dc2bb13ac56d05b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
GetVersion
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
LoadLibraryA
SetLastError
GetLongPathNameA
VirtualProtect
GetModuleHandleA
CreateThread
MultiByteToWideChar
FreeLibrary
OutputDebugStringA
WideCharToMultiByte
GetSystemDirectoryA
GetModuleFileNameA
DeviceIoControl
GetWindowsDirectoryA
GetCurrentProcess
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
FindFirstFileA
GetFileAttributesA
GetProcAddress
VirtualAlloc
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
UnmapViewOfFile
FindNextFileA
FindClose
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
LocalFree

user32

MessageBoxA
EndDialog
wsprintfA
GetDlgItemTextA
KillTimer
SendMessageA
CheckDlgButton
IsDlgButtonChecked
SetTimer
SetWindowTextA
GetDlgItem
DialogBoxParamA

gdi32

DeleteObject
CreateFontA

advapi32

OpenProcessToken
FreeSid
RegOpenKeyExA
RegGetKeySecurity
RegCloseKey
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
GetLengthSid
CopySid
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

CoCreateInstance

msvcrt

_wcsicmp
strlen
memcpy
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_adjust_fdiv
_initterm
_onexit
__dllonexit
realloc
free
malloc
fflush
fwrite
_stat
_purecall
strncpy
_mbsicmp
_mbscmp
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
strrchr
printf
fclose
fread
fopen
__CxxFrameHandler
wcscpy
??1type_info@@UAE@XZ
memmove
strstr
_stricmp
_strlwr
_except_handler3
strchr
ftell
fseek

shlwapi

SHDeleteKeyA

Exports

Exports

GetClassObject

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IERepair.exe
.exe windows:4 windows x86 arch:x86

12c24df415051c4d6738b4ddd6b34ff8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
lstrlenW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetLastError
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcpyW
GetModuleHandleW
FreeLibrary
LoadLibraryExW
lstrcmpiW
lstrcpynW
CreateDirectoryW
WritePrivateProfileStringW
FlushFileBuffers
SetStdHandle
SizeofResource
IsBadReadPtr
LoadLibraryA
SetFilePointer
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
TerminateProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
InterlockedExchange
GetThreadLocale
GetLocaleInfoA
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
LCMapStringW
LCMapStringA
VirtualQuery
GetACP
IsBadCodePtr
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
RtlUnwind
GetModuleHandleA
GetStartupInfoW
VirtualProtect
VirtualAlloc
GetSystemInfo

user32

GetMessageW
DispatchMessageW
ShowWindow
UnregisterClassW
SendMessageW
SetWindowLongW
TranslateMessage
LoadStringW
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
SetDlgItemTextW
MessageBeep
SetFocus
GetWindowLongW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageW
GetDlgItem
EnableWindow
PostQuitMessage
CharNextW
DefWindowProcW
CreateDialogParamW
IsDialogMessageW
DestroyWindow
PeekMessageW

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
UrlCreateFromPathW

comctl32

InitCommonControlsEx

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NsPlugin.dll
.dll windows:4 windows x86 arch:x86

03a6a7a20fcbf4d48d73a69b61a44175

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
CloseHandle
WaitForSingleObject
CreateProcessA
GlobalFree
lstrcpyA
FreeLibrary

msvcrt

strcat
strcpy
strrchr
atoi
__dllonexit
_onexit
memset

Exports

Exports

Install
Investigate
Uninstall

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 577B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cab.dll
.dll windows:4 windows x86 arch:x86

42febd0d194e323cddcc94850154f2e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\steupIemate\cabinet\Release\cabinet.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
SetFileAttributesW
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileW
GetLastError
CreateDirectoryW
GetTempPathW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
FreeLibrary
DeleteFileW
GetProcAddress
LoadLibraryW
FindNextFileW
FindClose
FindFirstFileW
lstrcatW
lstrcpyW
RaiseException
RtlUnwind
ExitProcess
GetFileType
ReadFile
WriteFile
SetFilePointer
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
HeapAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetEndOfFile
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
InterlockedExchange
VirtualQuery
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
FlushFileBuffers
VirtualProtect
GetSystemInfo

Exports

Exports

CompressFile
CompressFolder
DeCompressFolder
Test

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fixhomepage.exe
.exe windows:4 windows x86 arch:x86

0d70b79980388be619f220795c6ca142

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCurrentProcess
TerminateProcess
OpenProcess
GetEnvironmentVariableA
InterlockedDecrement
lstrcpynA
lstrlenA
InterlockedIncrement
MultiByteToWideChar
GetPrivateProfileStringA
GetProcAddress
OutputDebugStringA
FindNextFileA
SetLastError
GetFullPathNameA
lstrcpyA
WritePrivateProfileStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
FlushFileBuffers
SetFileAttributesA
DeleteFileA
SearchPathA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
ExpandEnvironmentStringsA
VirtualQuery
GetModuleFileNameA
GetCurrentDirectoryA
GetLongPathNameA
GetShortPathNameA
FindFirstFileA
FindClose
GetFileAttributesA
GetVersionExA
GetLastError
DebugBreak
LocalFree
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsGetValue
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

LoadStringA
CharLowerA
CharNextA
wvsprintfA

advapi32

OpenServiceA
CloseServiceHandle
DeleteService
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
GetExplicitEntriesFromAclA
DeleteAce
OpenSCManagerA

shell32

SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderPathA
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoInitialize
CoUninitialize

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

SHSetValueA
SHDeleteValueA
StrNCatA
PathCombineA
SHGetValueA
SHDeleteKeyA

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
navagation.ini
option.ini
page/ieprotect.htm
page/img/1.gif
.gif
page/img/bg.jpg
.jpg
page/img/ie.gif
.gif
page/main.htm
.js
page/recover.htm
.html .js polyglot
page/saveimage.htm
.html
page/start.htm
.html .js polyglot
page/stockData.htm
.html .js polyglot
page/uninstall.htm
.html .js polyglot
page/wizard.htm
.html .js polyglot
plugins/imFilter.dll
.dll regsvr32 windows:4 windows x86 arch:x86

745ceb2e4fd1cc75db2946d09dce203e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
lstrcmpA
GetCurrentThreadId
HeapSize
GlobalUnlock
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
lstrcmpiW
GetProcessHeap
HeapFree
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapReAlloc

user32

CreateWindowExA
SendMessageA
GetWindowLongA
InvalidateRect
SetWindowLongA
CharNextA
GetFocus
IsChild
SetFocus
GetDlgItem
IsWindow
DestroyAcceleratorTable
RedrawWindow
PtInRect
DefWindowProcA
DestroyWindow
GetSysColor
ReleaseCapture
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
UnregisterClassA
GetWindow
SetWindowPos
GetClassNameA
GetParent
UnionRect
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
GetKeyState
ShowWindow
wsprintfA
CreateAcceleratorTableA
RegisterClassExA
LoadCursorA
GetClassInfoExA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA

gdi32

CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
SetTextAlign
DeleteMetaFile
SetBkMode
SetTextColor
CreateFontIndirectA
LineTo
MoveToEx
CreatePen
FillRgn
SelectClipRgn
CreateRectRgn
GetClipRgn
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
TextOutA
CreateRectRgnIndirect
DeleteObject

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

ole32

OleLoadFromStream
OleSaveToStream
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleInitialize
CreateDataAdviseHolder
WriteClassStm
OleRegEnumVerbs
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize

oleaut32

VariantChangeType
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
OleCreatePropertyFrame

msvcr71

__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
??2@YAPAXI@Z
_purecall
??_U@YAPAXI@Z
realloc
wcsncpy
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_CxxThrowException
_except_handler3
_resetstkoflw
free
malloc
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
_onexit
memset

shlwapi

PathFindExtensionA
UrlCombineW
StrCpyNW

wininet

InternetCreateUrlW
InternetCrackUrlW

comctl32

_TrackMouseEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/inlinesearch.dll
plugins/suggest.dll
regedit.dll
.dll windows:4 windows x86 arch:x86

580179c74542b6ee64e3f37abcf77d44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\iemate2\regedit\Release\regedit.pdb

Imports

kernel32

HeapReAlloc
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
InitializeCriticalSection
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetVersionExA
GetCommandLineA
GetCurrentThreadId
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SearchPathW
GetFileSize
GetLastError
OutputDebugStringW
CreateFileW
CloseHandle
WideCharToMultiByte
WriteFile
ReadFile
MultiByteToWideChar
lstrcmpW
ExitProcess
lstrlenW
lstrcpyW
GetFileType

user32

CharNextW
IsCharAlphaNumericW
CharUpperW
IsDialogMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfW
SendDlgItemMessageW

advapi32

RegSetValueExW
RegEnumValueW
RegCreateKeyW
RegOpenKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegSetValueExA
RegFlushKey
RegDeleteValueW

shlwapi

StrChrW
StrToIntW

Exports

Exports

ExportWinNT50RegFile
ImportRegFile

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
search.ini
stock.dll
update.ini

Sharing

General

Malware Config

Signatures

Files

97318da386948415d08cef4a9006d669

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 28KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 534B

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 146B

5e9948431e6e4d64378961345d139c23

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 4KB - Virtual size: 1KB

2f0ee47156e789331ac200edc241cf7c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

atl

version

Exports

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 534B

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 728KB - Virtual size: 727KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 8KB - Virtual size: 22KB

.SHARED
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 68KB - Virtual size: 65KB

.reloc
Size: 64KB - Virtual size: 60KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 744B

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 4KB