602b24dceb704704e8fba3bde7758cbd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

602b24dceb704704e8fba3bde7758cbd_JaffaCakes118
Size

2.5MB
MD5

602b24dceb704704e8fba3bde7758cbd
SHA1

6ee50f43ea19b7ddd629e8f359888e52ec8378d3
SHA256

71ed04b2e293cfb8cad329a0971b96f205232e7b3ffcea472d0e9ed3940342af
SHA512

141294c52874660ce9e6b532502d811508a329ba84a8733ae0fa52ed7ea3e1b6c74fae5b1ae7e3a500d86e9ad193396e1cb38d0a35028bd501c675a3e284e47b
SSDEEP

49152:Ox2ydCC/oqJ73aWBhCCK3r4hf37eHbZrYNNWuws63h0yZq7ojtklNee0Js:3hsqccr4xqxotxL4see0Js

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
602b24dceb704704e8fba3bde7758cbd_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$SYSDIR/SPORDER.DLL
unpack001/$SYSDIR/iPYSvc.exe
unpack001/$SYSDIR/iPYSvr.exe
unpack001/$SYSDIR/ipycp.exe
unpack001/$SYSDIR/ipynotify.exe
unpack001/$SYSDIR/ipysp.dll
unpack001/$SYSDIR/ipyun.exe
unpack001/$SYSDIR/msxml3.dll
unpack001/$SYSDIR/msxml3a.dll
unpack001/$SYSDIR/msxml3r.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/$SYSDIR/ipyun.exe	nsis_installer_1

Files

602b24dceb704704e8fba3bde7758cbd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
MapWindowPoints
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
CreateWindowExA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/scriptmessages.ini
$PLUGINSDIR/selnetver.ini
$PLUGINSDIR/selver.ini
$PLUGINSDIR/setupreadyinstall.ini
$SYSDIR/MSCHRT20.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

a0a3b80e18d8fb6ca27a1f8612e03304

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

19/03/1999, 00:00

Not After

16/04/2000, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetFileSize
ReadFile
MulDiv
GetSystemTime
GetLocalTime
CompareStringW
CompareStringA
GetVersionExA
IsDBCSLeadByte
GlobalSize
GlobalAlloc
lstrcmpA
GetStringTypeW
GetStringTypeA
GetModuleFileNameA
lstrcatA
LCMapStringW
LCMapStringA
VirtualAlloc
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetACP
SetEnvironmentVariableA
CloseHandle
FlushFileBuffers
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
SetFilePointer
HeapSize
RaiseException
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GlobalReAlloc
HeapCompact
FreeEnvironmentStringsA
GetOEMCP
GetCPInfo
lstrcpynA
lstrlenA
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalFree
lstrlenW
WideCharToMultiByte
FreeLibrary
GetProcessHeap
HeapAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleA
GetCommandLineA
GetFileAttributesA
DisableThreadLibraryCalls
HeapFree
GetVersion
InitializeCriticalSection
LoadResource
DeleteCriticalSection
FindResourceA
lstrcmpiA
LockResource
GetLastError
InterlockedIncrement
HeapReAlloc
InterlockedDecrement
LoadLibraryA
GetProcAddress
GetLocaleInfoA
GetWindowsDirectoryA
EnterCriticalSection
LeaveCriticalSection
lstrcpyA

user32

SetCursorPos
RegisterClipboardFormatA
LoadStringA
RegisterClassA
GetDialogBaseUnits
FillRect
DefWindowProcA
LoadCursorA
RegisterWindowMessageA
PeekMessageA
PostMessageA
PostMessageW
PeekMessageW
GetClipboardFormatNameA
GetSysColor
ScreenToClient
CharLowerBuffA
LoadBitmapA
MessageBoxA
DrawFocusRect
SetClipboardData
DrawTextA
GetWindowTextA
GetWindowTextLengthA
SetWindowTextA
IsWindow
FrameRect
GetDesktopWindow
KillTimer
SetTimer
WindowFromPoint
HideCaret
ChildWindowFromPoint
SetCursor
GetClassInfoA
GetClassNameA
GetCursor
GetUpdateRect
UpdateWindow
GetDoubleClickTime
ClientToScreen
GetWindowRect
ReleaseCapture
PtInRect
SetCapture
SetWindowPos
SetWindowLongA
GetClientRect
OffsetRect
MapWindowPoints
GetCursorPos
GetWindowLongA
EnableWindow
UnregisterClassA
InvalidateRect
GetCapture
GetFocus
CreateDialogIndirectParamA
IsChild
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
GetKeyState
CallWindowProcA
ShowWindow
SetWindowRgn
IntersectRect
EqualRect
DialogBoxIndirectParamA
EndDialog
CreateWindowExA
GetSystemMetrics
GetActiveWindow
MoveWindow
SendMessageA
SetFocus
BeginPaint
EndPaint
SetParent
IsWindowVisible
wsprintfA
DestroyWindow
CharNextA
GetDC
ReleaseDC
GetDlgItem
GetDlgItemTextA
GetWindow
GetParent
GetDlgCtrlID

ole32

ReleaseStgMedium
CoTaskMemFree
OleGetClipboard
DoDragDrop
OleSetClipboard
OleUninitialize
OleInitialize
OleFlushClipboard
CreateOleAdviseHolder
CoTaskMemAlloc
CoCreateInstance
RevokeDragDrop
RegisterDragDrop

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
SafeArrayCopy
SafeArrayRedim
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadTypeLi
OleCreatePropertyFrame
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantChangeType
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysStringLen
OleTranslateColor
SysFreeString
OleCreatePictureIndirect
VariantClear
VariantInit
SysAllocString
SafeArrayGetDim
VarR4FromCy

comdlg32

ChooseColorA

gdi32

GetTextExtentPoint32A
GetGlyphOutlineA
GetCharABCWidthsA
Polyline
DeleteMetaFile
Pie
RestoreDC
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateRectRgnIndirect
GetViewportExtEx
SaveDC
LPtoDP
SetMapMode
GetWindowExtEx
Polygon
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
GetStockObject
GetPaletteEntries
GetDIBits
RealizePalette
SelectPalette
GetObjectA
CreateDIBitmap
CreateBitmap
GetBitmapBits
StretchDIBits
CopyEnhMetaFileA
SetMetaFileBitsEx
GetTextMetricsA
GetBkMode
CreatePatternBrush
CreateHatchBrush
CreateBrushIndirect
CreatePenIndirect
CreateFontIndirectA
EnumFontFamiliesA
ExtTextOutA
GetKerningPairsA
SetPolyFillMode
SetROP2
SetBkMode
SetBkColor
SetTextColor
CopyMetaFileA
IntersectClipRect
SetPixel
LineTo
MoveToEx
Rectangle
Ellipse
Chord
Arc
SetViewportExtEx
UpdateColors
CreateMetaFileA
Escape
CloseMetaFile
GetPixel
DPtoLP
CreatePalette
GetNearestColor
GetOutlineTextMetricsA
CreatePen
UnrealizeObject
SetBrushOrgEx
OffsetViewportOrgEx
PlayMetaFile
GetMetaFileBitsEx
StretchBlt
SetTextAlign
TextOutA
PolyPolygon

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SPORDER.DLL
.dll windows:4 windows x86 arch:x86

fdff396dc61c37367ae446577e1de173

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
_adjust_fdiv
malloc
_initterm

kernel32

OpenMutexA
CloseHandle
ReleaseMutex
lstrcpyA
lstrcatA
lstrlenA
lstrcmpA
WaitForSingleObject
CreateMutexA
GlobalFree
GlobalAlloc
GetVersion

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

user32

MessageBoxA

Exports

Exports

WSCWriteProviderOrder

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/iPYSvc.exe
.exe windows:4 windows x86 arch:x86

4b1691afdb8884cadac069ea40002a98

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetCurrentProcess
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleHandleA
GetShortPathNameA
MultiByteToWideChar
lstrlenW
CreateEventA
SetEvent
CloseHandle
WaitForSingleObject
CreateProcessA
GetLastError
GetModuleFileNameA
lstrlenA
GetCommandLineA
lstrcmpiA
GetCurrentThreadId
InterlockedDecrement
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
SetFilePointer
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetStartupInfoA
GetVersion
ExitProcess
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr

user32

PostThreadMessageA
DispatchMessageA
GetMessageA
LoadStringA
MessageBoxA
CharNextA

advapi32

OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
StartServiceA
ControlService
DeleteService
CreateServiceA
RegDeleteValueA
RegSetValueExA
StartServiceCtrlDispatcherA
RegCloseKey
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
GetTokenInformation

ole32

CoInitializeSecurity
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/iPYSvr.exe
.exe windows:4 windows x86 arch:x86

33563a047f848ded68dc21e878135f09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
GetProcessVersion
GetFileAttributesA
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileAttributesA
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
GetDriveTypeA
GetLocalTime
GetTimeZoneInformation
GetSystemTime
IsBadReadPtr
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
TerminateProcess
RaiseException
SetStdHandle
GetFileType
GetACP
HeapReAlloc
TlsFree
LCMapStringA
LCMapStringW
SetCurrentDirectoryA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalHandle
DeleteCriticalSection
TlsAlloc
UnmapViewOfFile
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
InterlockedIncrement
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
MoveFileA
UnlockFile
LockFile
GetCurrentProcess
DuplicateHandle
lstrcpynA
LoadLibraryA
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetDiskFreeSpaceA
SetVolumeLabelA
InterlockedExchange
GetModuleHandleA
GetProcAddress
SetLastError
FreeLibrary
InterlockedDecrement
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateProcessA
WaitForMultipleObjects
ResetEvent
ResumeThread
Sleep
TerminateThread
GetTickCount
CreateThread
GetComputerNameA
SetEndOfFile
CreateMutexA
DeleteFileA
GetCurrentProcessId
FindFirstFileA
FindNextFileA
FindClose
LocalAlloc
LocalFree
CreateEventA
SetEvent
GetVersionExA
SetFilePointer
lstrlenA
FlushFileBuffers
Beep
GetFullPathNameA
GetModuleFileNameA
GetVolumeInformationA
GetVersion
SetFileTime
GetTempPathA
GetTempFileNameA
WriteFile
WaitForSingleObject
GetLastError
CreateFileA
GetFileSize
CloseHandle
ReadFile
ReleaseMutex
HeapSize
GetSystemDirectoryA

user32

CharUpperA
IsDialogMessageA
SetWindowTextA
ShowWindow
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
SetFocus
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
CharToOemBuffA
OemToCharBuffA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
EnableWindow
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
SetTimer
DefDlgProcA
LoadIconA
LoadCursorA
GetSysColor
RegisterClassA
RegisterWindowMessageA
FindWindowA
PostMessageA
UnregisterClassA

gdi32

DeleteObject
RestoreDC
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetDeviceCaps
CreateSolidBrush
GetClipBox
CreateBitmap
SelectObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

SetFileSecurityA
RegCreateKeyExA
RegNotifyChangeKeyValue
GetUserNameA
AllocateAndInitializeSid
SetEntriesInAclA
RegCloseKey
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ord17

wsock32

WSAAsyncSelect
recvfrom
connect
ntohs
WSASetLastError
WSAStartup
WSACleanup
inet_ntoa
WSAGetLastError
send
listen
inet_addr
gethostbyaddr
ioctlsocket
socket
htons
bind
setsockopt
sendto
closesocket
recv
accept
shutdown
htonl

wininet

HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetSetOptionA
InternetOpenA
InternetCrackUrlA

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathFileExistsA

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/ipycp.exe
.exe windows:4 windows x86 arch:x86

2cf45675e9a81f10ff9d135dbbc4fbff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

sporder

WSCWriteProviderOrder

ws2_32

WSCInstallProvider
WSCDeinstallProvider
WSCEnumProtocols
closesocket
WSAGetLastError
WSACleanup
inet_ntoa
gethostbyaddr
gethostbyname
inet_addr
sendto
setsockopt
bind
htons
htonl
socket
WSAStartup

msimg32

AlphaBlend

kernel32

DuplicateHandle
GetCurrentProcess
LockFile
UnlockFile
GetFileAttributesA
GetFileTime
WritePrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
GetLocalTime
GetTimeZoneInformation
GetSystemTime
RaiseException
IsBadReadPtr
GetStartupInfoA
GetCommandLineA
HeapFree
GetACP
SetStdHandle
GetFileType
TerminateProcess
HeapSize
HeapReAlloc
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GetCurrentThread
lstrcmpA
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GlobalLock
GlobalUnlock
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
FindResourceA
LoadResource
LockResource
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapAlloc
GlobalFree
GlobalAlloc
ExitProcess
FreeLibrary
FormatMessageA
InterlockedDecrement
WritePrivateProfileStructA
GetPrivateProfileStructA
Sleep
TerminateThread
GetTickCount
CreateThread
GetComputerNameA
SetEndOfFile
CreateMutexA
DeleteFileA
GetCurrentProcessId
FindFirstFileA
FindNextFileA
FindClose
LocalAlloc
LocalFree
CreateEventA
SetEvent
GetVersionExA
SetFilePointer
lstrlenA
FlushFileBuffers
Beep
GetFullPathNameA
GetModuleFileNameA
GetVolumeInformationA
GetVersion
WriteFile
WaitForSingleObject
GetLastError
CreateFileA
GetFileSize
CloseHandle
ReadFile
ReleaseMutex
GetSystemDirectoryA
InterlockedExchange
GetDriveTypeA

user32

GetDesktopWindow
GetSysColorBrush
CopyAcceleratorTableA
SetRect
MessageBeep
CharUpperA
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
LoadStringA
wvsprintfA
GetMessageA
TranslateMessage
ValidateRect
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
IsDialogMessageA
MapDialogRect
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
AdjustWindowRectEx
GetTopWindow
MessageBoxA
IsChild
WinHelpA
wsprintfA
GetClassInfoA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
GetWindowPlacement
LoadImageA
SetWindowContextHelpId
UnregisterClassA
GetWindowRect
GetClassNameA
GetWindowTextA
IsWindowVisible
DrawStateA
SendMessageA
GetClientRect
EnumChildWindows
GetParent
EnableWindow
ScreenToClient
FrameRect
DrawEdge
DrawFocusRect
SetRectEmpty
UpdateWindow
CreatePopupMenu
AppendMenuA
IsIconic
DefDlgProcA
LoadCursorA
RegisterClassA
DestroyWindow
CopyRect
GetSysColor
FillRect
LoadMenuA
GetSubMenu
RedrawWindow
KillTimer
SetTimer
PostQuitMessage
DestroyMenu
CharNextA
WindowFromPoint
SystemParametersInfoA
GetDlgItem
SetFocus
GetWindowLongA
MoveWindow
GetCapture
OffsetRect
GetCursorPos
SetForegroundWindow
RegisterWindowMessageA
GetSystemMetrics
IsWindow
LoadIconA
InvalidateRect
SetCapture
PtInRect
ReleaseCapture
DrawIcon
SetCursor
PostMessageA
FindWindowA
SetWindowTextA

gdi32

GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
PtVisible
RectVisible
TextOutA
ExtTextOutA
GetTextMetricsA
GetTextColor
GetBkColor
GetMapMode
DPtoLP
LPtoDP
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteObject
GetObjectA
CreateSolidBrush
CreateFontA
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
PatBlt
Escape
GetStockObject
LineTo
MoveToEx
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
SetFileSecurityA
RegCloseKey
RegCreateKeyExA
GetUserNameA
AllocateAndInitializeSid
SetEntriesInAclA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
ImageList_Destroy

oledlg

ord8

ole32

CoRegisterMessageFilter
CreateILockBytesOnHGlobal
OleRun
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree

olepro32

ord253

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocStringLen
VariantCopy
SysAllocString
GetErrorInfo
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SysStringLen

wininet

InternetCrackUrlA
InternetOpenA
InternetSetOptionA
InternetCloseHandle
InternetAttemptConnect
InternetReadFile
InternetOpenUrlA

Sections

.text
Size: 452KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/ipynotify.exe
.exe windows:4 windows x86 arch:x86

7be984f817cf0700fa9f4f5fb607139d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
HeapSize
SetUnhandledExceptionFilter
GetLastError
CloseHandle
WriteFile
SetFilePointer
FlushFileBuffers
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetProcAddress
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
ReadFile
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
LoadLibraryA
CreateFileA
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
GetTempPathA
HeapReAlloc
DeleteFileA

user32

GetDC
ReleaseDC
GetWindowDC
GetClientRect
GetDesktopWindow

gdi32

DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
RealizePalette
GetDIBits

ws2_32

WSACleanup
WSAStartup
htons
recv
send
socket
connect
gethostname
gethostbyname
gethostbyaddr
inet_addr
closesocket

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$SYSDIR/ipysp.dll
.dll windows:4 windows x86 arch:x86

9ff48f365ef0ec6be9ede48b7e80f5cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationA
GetModuleFileNameA
GetFullPathNameA
Beep
FlushFileBuffers
lstrlenA
SetFilePointer
GetVersionExA
SetEvent
CreateEventA
LocalFree
LocalAlloc
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
GetComputerNameA
GetTickCount
TerminateThread
Sleep
HeapAlloc
CreateSemaphoreA
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjectsEx
PostQueuedCompletionStatus
ReleaseSemaphore
ExitThread
GetQueuedCompletionStatus
WaitForSingleObjectEx
DeleteCriticalSection
GetVersion
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
ExpandEnvironmentStringsA
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
WideCharToMultiByte
GetProcAddress
LoadLibraryA
LoadLibraryW
ExpandEnvironmentStringsW
HeapCreate
HeapDestroy
FreeLibrary
CompareStringW
CompareStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
HeapFree
WriteFile
GetLastError
CloseHandle
CreateFileA
GetFileSize
ReadFile
ReleaseMutex
GetSystemDirectoryA
WaitForSingleObject
ResetEvent
EnterCriticalSection
CreateThread
SleepEx
LeaveCriticalSection
GetProcessHeap
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
VirtualFree
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentDirectoryA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetLastError
GetCurrentThreadId
GetModuleHandleA
InterlockedExchange
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetLocalTime
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetEnvironmentVariableA

user32

PostQuitMessage
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
DefWindowProcA
PostMessageA
FindWindowA
RegisterWindowMessageA
IsWindow
wsprintfA
LoadStringA

gdi32

GetStockObject

advapi32

RegEnumKeyA
RegOpenKeyA
RegQueryValueA
GetUserNameA
AllocateAndInitializeSid
SetEntriesInAclA
SetFileSecurityA
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ws2_32

inet_addr
gethostbyname
gethostbyaddr
inet_ntoa
WSASetLastError
WSAGetLastError
WPUCompleteOverlappedRequest
WSCEnumProtocols
ntohs
WSCGetProviderPath

wininet

InternetCrackUrlA

Exports

Exports

WSPStartup

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ipyun.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/scriptmessages.ini
$SYSDIR/msippos.dat
$SYSDIR/mssctm.dat
$SYSDIR/mssfng.dat
$SYSDIR/msxml3.dll
.dll regsvr32 windows:5 windows x86 arch:x86

7e5a3ca1d045e5cb414a409544507355

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateFreeThreadedMarshaler
CreateBindCtx
CoUninitialize
CoInitialize
StringFromCLSID
CoTaskMemFree
CLSIDFromProgID
CoTaskMemAlloc
GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateInstance

shlwapi

ord117
ord56
ord136
ord60
ord116
PathFindExtensionW
UrlCanonicalizeW
ord2
PathFindFileNameW
ord260
ord217
UrlCombineA
UrlCanonicalizeA
UrlUnescapeA
PathCreateFromUrlA
StrChrA
StrCmpNIA
ord151
StrStrA
StrToIntA
ord153
ord342
StrRChrA
ord15
ord150
ord44
ord28
ord311
ord310
PathIsURLW
ord125
ord128
StrCmpIW
StrCpyW
StrCatW
ord158
ord156
ord68
ord66
ord43
ord38
ord26
StrToIntW
StrCmpNIW
ord45
StrCmpNW
ord51
ord83
StrCmpW
ord115
UrlUnescapeW
PathSearchAndQualifyW
UrlCreateFromPathW
PathCreateFromUrlW
UrlIsW
ord52
UrlGetLocationW

kernel32

InterlockedDecrement
FlushFileBuffers
WriteFile
GetCPInfo
GetLocalTime
GetTimeZoneInformation
SetThreadPriority
lstrcatW
SetFilePointer
ReadFile
CreateFileA
IsBadStringPtrW
RtlMoveMemory
GetSystemTimeAsFileTime
GetExitCodeThread
IsBadStringPtrA
LocalFileTimeToFileTime
IsBadReadPtr
IsBadWritePtr
CreateThread
FormatMessageW
GlobalAlloc
GlobalFree
CreateEventA
LocalAlloc
LocalFree
GetSystemTime
SleepEx
lstrcmpiA
GetDateFormatA
GetTimeFormatA
GlobalLock
GlobalUnlock
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
FormatMessageA
LoadLibraryExA
FindResourceA
LockResource
SizeofResource
LoadResource
WideCharToMultiByte
RaiseException
SetLastError
GetSystemInfo
HeapCreate
GetLastError
HeapDestroy
CreateSemaphoreA
ReleaseSemaphore
GetTickCount
OutputDebugStringA
ResetEvent
SetEvent
SuspendThread
ResumeThread
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
DebugBreak
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
EnterCriticalSection
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
FreeLibrary
GetVersionExW
lstrcatA
MultiByteToWideChar
lstrcmpA
ExpandEnvironmentStringsA
GetModuleFileNameA
lstrcpynA
TlsSetValue
TlsGetValue
HeapAlloc
HeapReAlloc
RtlUnwind
SetEndOfFile
InterlockedIncrement
lstrlenW
HeapSize
VirtualFree
VirtualAlloc
GetProcessHeap
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
CloseHandle
GetModuleHandleA
GetVersionExA
TlsAlloc
TlsFree
GetThreadContext
InterlockedExchange
Sleep

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 851KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msxml3a.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msxml3r.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Warn/a-1.bmp
Warn/a-2.bmp
Warn/a-3.bmp
Warn/a-4.bmp
Warn/a-5.bmp
Warn/a-6.bmp
Warn/b-1.bmp
Warn/b-2.bmp
Warn/b-3.bmp
Warn/b-4.bmp
Warn/b-5.bmp
Warn/b-6.bmp
Warn/bgw.gif
.gif
Warn/bk-left-1.jpg
.jpg
Warn/bk-top.jpg
.jpg
Warn/c-1.bmp
Warn/c-2.bmp
Warn/c-3.bmp
Warn/c-4.bmp
Warn/c-5.bmp
Warn/c-6.bmp
Warn/d-1.bmp
Warn/d-2.bmp
Warn/d-3.bmp
Warn/d-4.bmp
Warn/d-5.bmp
Warn/d-6.bmp
Warn/main.html
.html
Warn/menu.html
.html .js polyglot
Warn/preview.html
.html
Warn/title.html
.html
ipy_manual.chm
.chm
license.txt
safety-tips.pdf
.pdf
- http://SoftForYou.com

Sharing

General

Malware Config

Signatures

Files

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 3KB - Virtual size: 4KB

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 930B

a0a3b80e18d8fb6ca27a1f8612e03304

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 592KB - Virtual size: 592KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 43KB - Virtual size: 44KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 238KB - Virtual size: 237KB

.reloc Size: 44KB - Virtual size: 43KB

fdff396dc61c37367ae446577e1de173

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 84B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

.text
Size: 592KB - Virtual size: 592KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 43KB - Virtual size: 44KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 238KB - Virtual size: 237KB

.reloc
Size: 44KB - Virtual size: 43KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 84B

.data
Size: 512B - Virtual size: 1.1MB

.idata
Size: 1024B - Virtual size: 676B

.rsrc
Size: 1024B - Virtual size: 956B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 272KB - Virtual size: 268KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 40KB - Virtual size: 54KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 452KB - Virtual size: 449KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 40KB - Virtual size: 56KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB