62717138d82ad55cf292e149a8ef6ef3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

62717138d82ad55cf292e149a8ef6ef3_JaffaCakes118
Size

3.5MB
MD5

62717138d82ad55cf292e149a8ef6ef3
SHA1

72473618df6668a1384b404b9d4505a10160b941
SHA256

a9d4d53f59dc494e7936c00dd9668da73fba8a6ee4c06518a91da1d45c230826
SHA512

6e26a187071250b72ff34e7f069e1d4c9ab7ca1f539e81a7d588f4b9f4a8cd7728e652de41de9fa1ea7d347338cc8706f489223dc5588b65f50924607fd9afcf
SSDEEP

98304:3aEmN2kQduYraqWupV6SXHC80bY+sO5ywqajX5VAhK9Jec7:qEmN2ddaqWuHXZ02Oywqi4K9Jey

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
62717138d82ad55cf292e149a8ef6ef3_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/COMDLG32.dll
unpack001/MSIMG32.dll
unpack001/VERSION.dll
unpack001/WININET.dll
unpack001/easypdfreader.exe
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

62717138d82ad55cf292e149a8ef6ef3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
COMDLG32.dll
.dll windows:6 windows x86 arch:x86

9cdb9712b209145906aa6f9c0e06ed0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comdlg32.pdb

Imports

msvcrt

wcsrchr
wcsstr
wcschr
iswalpha
memcpy
memmove
wcstok
_vsnwprintf
_ftol2_sse
wcstok_s
_ftol2
_wcsicmp
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
memset

ntdll

RtlUnicodeToMultiByteSize
RtlInitUnicodeStringEx
EtwEventRegister
EtwEventUnregister
EtwEventWrite
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
WinSqmAddToStream
RtlNtStatusToDosError
NtFsControlFile
NtQueryInformationFile
WinSqmIncrementDWORD
EtwEventEnabled
RtlIsNameLegalDOS8Dot3

shlwapi

UrlIsW
StrPBrkW
PathRemoveBackslashW
StrIsIntlEqualW
ord270
PathBuildRootW
ord540
StrCmpW
ord168
ord476
PathIsUNCServerW
ord495
ord508
ord499
ord271
StrDupW
PathAddBackslashW
StrChrW
PathSkipRootW
ord388
ord215
ord217
StrRChrW
PathIsRootW
PathRemoveBlanksW
StrCmpNIW
ord174
StrStrW
StrStrIW
ord219
PathFindExtensionW
PathFindFileNameW
ord456
PathFileExistsW
PathGetDriveNumberW
SHStrDupW
PathIsUNCW
ord24
ord618
AssocGetPerceivedType
PathIsNetworkPathW
ord164
ord163
StrCmpIW
ord199
PathCombineW
PathIsFileSpecW
PathMatchSpecExW
ord176
ord172
ord204
ord638
ord479
ord478
ord481
SHRegGetValueW
ord461
PathCanonicalizeW
PathIsRelativeW
ord16
ord178
StrRetToBufW
ord158
ord266
ord630
ord175
ord437
ord225
ord237
PathMatchSpecW
ord355
ord197

user32

SetDlgItemInt
UpdateWindow
GetDlgItemTextW
SendDlgItemMessageW
ReleaseCapture
ClipCursor
RemovePropW
EndDialog
SetWindowPos
SetFocus
PtInRect
ValidateRect
SetCapture
ChildWindowFromPoint
EnableWindow
ShowWindow
AdjustWindowRect
GetDlgItemInt
SetWindowLongW
GetWindowRect
DrawEdge
FillRect
GetParent
SendMessageW
GetPropW
CallWindowProcW
GetDlgItem
GetClientRect
MapWindowPoints
GetFocus
GetDC
InflateRect
DrawFocusRect
ReleaseDC
CopyRect
GetSysColor
FrameRect
GetWindowLongW
EndPaint
BeginPaint
InvalidateRect
SetPropW
GetSysColorBrush
EqualRect
IntersectRect
SetCursor
LoadCursorW
ShowCursor
LoadStringW
GetWindowLongA
CreateWindowExW
ScreenToClient
GetSystemMetrics
GetDialogBaseUnits
CharNextW
CharLowerW
PostMessageW
GrayStringW
RegisterClipboardFormatW
IsProcessDPIAware
ActivateKeyboardLayout
CreateDialogIndirectParamAorW
DialogBoxIndirectParamAorW
DefWindowProcW
SetDlgItemTextW
DlgDirListW
SetWindowTextW
CheckDlgButton
IsDlgButtonChecked
MessageBeep
RegisterWindowMessageW
RegisterWindowMessageA
IsWindow
CheckRadioButton
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
DestroyWindow
IsWindowEnabled
GetKeyboardLayout
GetWindowTextW
MessageBoxW
DrawTextW
DialogBoxIndirectParamW
LoadImageW
LoadIconW
GetKeyState
SetWindowPlacement
GetWindowPlacement
DrawIcon
GetMonitorInfoW
CopyIcon
GetClassLongW
SendMessageTimeoutW
GetAncestor
GetDlgCtrlID
EnumChildWindows
LoadBitmapW
EndDeferWindowPos
GetWindow
DeferWindowPos
BeginDeferWindowPos
MonitorFromWindow
MapDialogRect
PeekMessageW
IsWindowVisible
OffsetRect
EnumDisplayMonitors
MonitorFromRect
GetNextDlgTabItem
TranslateAcceleratorW
CallNextHookEx
DestroyAcceleratorTable
UnhookWindowsHookEx
SetWindowsHookExW
SetTimer
LoadAcceleratorsW
DeleteMenu
GetSystemMenu
GetForegroundWindow
DestroyIcon
SetForegroundWindow
KillTimer
ChangeWindowMessageFilterEx
EnableMenuItem
RedrawWindow
SetParent
CreateDialogIndirectParamW
GetWindowTextLengthW
GetComboBoxInfo
InsertMenuItemW
GetMenuItemCount
DestroyMenu
TrackPopupMenuEx
CreatePopupMenu
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetClassNameW
CreateDialogIndirectParamA
MoveWindow

gdi32

GetLayout
ExtTextOutW
GetTextExtentPoint32W
OffsetWindowOrgEx
SetWindowOrgEx
ExcludeClipRect
EqualRgn
CombineRgn
SetRectRgn
CreateRectRgn
DeleteObject
CreateSolidBrush
Rectangle
SelectObject
GetStockObject
CreatePen
GetNearestColor
DeleteDC
CreateCompatibleDC
RealizePalette
SelectPalette
PatBlt
BitBlt
LineTo
MoveToEx
CreateCompatibleBitmap
CreateDIBitmap
CreateDiscardableBitmap
GetObjectW
GetTextMetricsW
SetBkMode
SetTextColor
SetBkColor
GetTextExtentPointW
GetDeviceCaps
GetTextCharset
TextOutW
GetTextCharsetInfo
GetGlyphIndicesW
CreateFontIndirectW
EnumFontFamiliesExW
TranslateCharsetInfo
GetCharWidth32W
SelectClipRgn
CreateRectRgnIndirect
CreateFontW
CreateICW
CreateDCW

comctl32

ord324
ImageList_GetIconSize
ord335
ord336
ord332
ord331
ord328
ord385
ord386
ord16
InitCommonControlsEx
ord338
ImageList_Draw
ImageList_Destroy
CreateToolbarEx
ord341
ord388
ord326
ord323
ord322
ord236
ord321
ord339
ord320
CreatePropertySheetPageW
PropertySheetW
ord410
ord412
ord413
ord329
ord334

shell32

SHGetFileInfoW
SHGetSpecialFolderPathW
SheChangeDirExW
ord100
ord155
ord18
ord25
ord64
SHAddDefaultPropertiesByExt
SHCreateItemFromIDList
ord21
SHGetSpecialFolderLocation
ord28
SHCreateItemFromParsingName
SHBindToObject
SHGetDesktopFolder
SHParseDisplayName
SHCreateShellItemArray
SHCreateShellItemArrayFromIDLists
SHCreateItemWithParent
SHGetPathFromIDListW
SHGetIDListFromObject
SHGetKnownFolderIDList
ord814
ord849
ord815
SHGetKnownFolderItem
ord778
SHBindToParent
ord645
ord644
SHCreateShellItemArrayFromDataObject
ord850
ord903
ord654
ord818
SHCreateShellItemArrayFromShellItem
ord68
SHChangeNotifyRegisterThread
SHBindToFolderIDListParent
ord4
ord89
ord71
ord16
ord2
ord152
ord17
ord840
SHCreateItemInKnownFolder
ord195
ord19
ord787
ord761
SHGetFolderLocation
ord77
ord153
ord24
SHBindToFolderIDListParentEx
ord102
SHGetItemFromObject
ord714

kernel32

TlsFree
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
GlobalReAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
DeleteFileW
GlobalAlloc
TlsAlloc
lstrcmpW
GetACP
MulDiv
GetUserDefaultUILanguage
FindResourceA
SetErrorMode
SetCurrentDirectoryW
CreateEventW
GetModuleFileNameW
LoadLibraryW
CreateThread
WaitForSingleObject
ResetEvent
FreeLibraryAndExitThread
InitializeCriticalSection
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetProcessVersion
LocalSize
WideCharToMultiByte
CloseHandle
SetEvent
GetDriveTypeW
lstrcmpiW
FormatMessageW
CreateFileW
GetCurrentDirectoryW
GetShortPathNameW
GetLastError
EnterCriticalSection
LeaveCriticalSection
SizeofResource
lstrlenW
GetThreadUILanguage
TlsGetValue
SetLastError
LocalAlloc
lstrlenA
MultiByteToWideChar
LocalFree
FindResourceW
LoadResource
TlsSetValue
LockResource
DisableThreadLibraryCalls
ExpandEnvironmentStringsW
FreeResource
GetCurrentThreadId
SetThreadUILanguage
HeapAlloc
GetProcessHeap
HeapFree
FindResourceExW
GetModuleHandleW
CompareStringW
WaitForMultipleObjects
CompareStringOrdinal
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
OpenEventW
GetVolumePathNameW
GetComputerNameExW
GetComputerNameW
DuplicateHandle
RegGetValueW
SystemTimeToFileTime
GetVersionExW
LocalReAlloc
GetCurrentThread
GlobalFree

Exports

Exports

ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
DllCanUnloadNow
DllGetClassObject
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
LoadAlterBitmap
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
Ssync_ANSI_UNICODE_Struct_For_WOW
WantArrows
dwLBSubclass
dwOKSubclass

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSIMG32.dll
.dll windows:6 windows x86 arch:x86

ce669631cead1d131a8efe42e5e645c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msimg32.pdb

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetLastError
DisableThreadLibraryCalls
GetVersionExA
GetSystemTimeAsFileTime
FreeLibrary

gdi32

GetCurrentObject
GetObjectA
GetDeviceCaps
GdiTransparentBlt
GdiGradientFill
GdiAlphaBlend
GetObjectType

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VERSION.dll
.dll windows:6 windows x86 arch:x86

105f233d0e5db86b1f4409873b8b8e3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

version.pdb

Imports

kernel32

SetLastError
SetFileTime
GetFileTime
LocalAlloc
LocalFree
TlsGetValue
_lopen
_lread
GetLastError
_lwrite
_lclose
_llseek
FreeLibrary
InterlockedExchangeAdd
GetProcAddress
LoadLibraryW
TlsSetValue
_lcreat
lstrcmpiA
GetFullPathNameA
DeleteFileA
GetFileSize
ReadFile
SetFilePointer
GetFileSizeEx
CloseHandle
CreateFileW
IsDBCSLeadByte
LoadLibraryExW
SetErrorMode
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrlenA
CompareStringA
CompareStringW
GetSystemDirectoryW
GetWindowsDirectoryW
MoveFileW
lstrcmpiW
lstrlenW
DeleteFileW
LZClose
LZCopy
LZInit
GetFileAttributesW
LZCloseFile
WideCharToMultiByte
LZCreateFileW
TlsFree
TlsAlloc
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter

msvcrt

_vsnprintf
memcpy
_wcsicmp
_vsnwprintf
_XcptFilter
malloc
free
_initterm
_except_handler4_common
_amsg_exit

ntdll

RtlFreeAnsiString
LdrResSearchResource
NlsMbCodePageTag
RtlAllocateHeap
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WININET.dll
.dll windows:6 windows x86 arch:x86

508714c1458040b981cb9919bb50ec10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wininet.pdb

Imports

msvcrt

_purecall
_mbstok
iscntrl
ispunct
strcpy_s
_strtoui64
time
iswdigit
isalpha
atol
isalnum
wcsstr
strpbrk
isdigit
isxdigit
memchr
_vsnprintf
iswxdigit
iswascii
iswlower
qsort
_vsnprintf_s
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
memcpy
memset
_vsnwprintf
isupper
_wcsicmp
_wtoi
_wcsnicmp
wcstok
malloc
free
realloc
atoi
strrchr
strtok_s
wcsrchr
iswspace
wcstok_s
memmove
strtol
__isascii
islower
sprintf_s
swprintf_s
wcstol
_strnicmp
??_U@YAPAXI@Z
??_V@YAXPAX@Z
qsort_s
bsearch
wcsncmp
isspace

ntdll

RtlConvertSidToUnicodeString
RtlMoveMemory

shlwapi

SHRegGetValueW
ord158
SHRegGetValueA
PathAddBackslashW
PathFindFileNameW
StrRChrW
PathRemoveBackslashA
PathRemoveFileSpecA
ord155
PathRemoveBlanksA
PathAddBackslashA
ord157
PathAppendA
ord215
PathUnExpandEnvStringsA
PathRenameExtensionA
SHDeleteKeyA
SHDeleteValueW
StrCmpNIW
StrCmpNIA
StrStrIA
StrStrA
ord151
StrChrA
ord154
ord217
UrlCombineW
UrlCanonicalizeW
ord153
PathCreateFromUrlW
UrlUnescapeA
UrlCombineA
UrlCanonicalizeA
StrToIntW
StrCmpW
StrCmpNA
StrRChrA
StrToIntA
StrStrIW
SHGetValueA
SHSetValueA
SHGetValueW
SHSetValueW
ord437
StrChrNW
StrTrimW
ord12
StrChrW
PathCombineW

advapi32

RegEnumKeyExW
RegCreateKeyExW
CredReadDomainCredentialsW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
EventUnregister
EventRegister
CredReadW
CredFree
CredWriteW
CredDeleteW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
SystemFunction041
SystemFunction040
RegOpenKeyA
RegEnumKeyA
TraceEvent
DuplicateTokenEx
CreateWellKnownSid
SetTokenInformation
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteValueA
OpenThreadToken
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptGetProvParam
GetTokenInformation
EventWrite
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsA
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
GetUserNameA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus

kernel32

lstrcmpiW
GetEnvironmentVariableA
GetShortPathNameA
GetShortPathNameW
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetDiskFreeSpaceExA
CopyFileA
SetFileTime
CreateDirectoryA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetFileAttributesA
LCMapStringA
GetFileAttributesExA
FileTimeToDosDateTime
GetFileSizeEx
lstrcmpW
RaiseException
DosDateTimeToFileTime
MoveFileExW
MoveFileW
MoveFileA
SetFilePointerEx
LocalFileTimeToFileTime
CreateSemaphoreA
ReleaseSemaphore
SetFileAttributesA
GetCurrentProcessId
GetFileTime
lstrcmpA
GetModuleHandleExA
ResumeThread
FreeLibraryAndExitThread
ResetEvent
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
FindResourceW
GetACP
InterlockedExchangeAdd
CreateThread
Sleep
GetModuleHandleA
OpenMutexA
GetSystemDirectoryA
FormatMessageA
SetErrorMode
IsDBCSLeadByteEx
UnmapViewOfFile
SetEndOfFile
FlushViewOfFile
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
LoadLibraryW
HeapFree
HeapAlloc
GetProcessHeap
GetTimeFormatW
GetDateFormatW
GetComputerNameA
GlobalUnlock
GlobalLock
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FindResourceExW
LoadResource
LoadLibraryExW
MapViewOfFile
CreateFileMappingW
GetVersionExW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
SetFileAttributesW
CompareFileTime
WritePrivateProfileStringW
GetFileAttributesW
GetOverlappedResult
CreateEventW
GetQueuedCompletionStatus
GetModuleHandleExW
CreateIoCompletionPort
SwitchToThread
PostQueuedCompletionStatus
CreateMutexW
DuplicateHandle
OpenMutexW
OpenEventW
LockResource
SizeofResource
MoveFileExA
DeleteFileW
GetProcAddress
LoadLibraryA
FreeLibrary
InterlockedExchange
CloseHandle
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
CompareStringW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
CreateEventA
CreateMutexA
CompareStringA
ReleaseMutex
GetCurrentThreadId
LocalFree
LocalAlloc
DeleteCriticalSection
SetEvent
InterlockedIncrement
lstrcmpiA
lstrlenA
InterlockedDecrement
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LocalReAlloc
FileTimeToSystemTime
ReadFile
GetFileSize
CreateFileA
CreateFileW
SetFilePointer
WriteFile
GetModuleFileNameA
GetVersionExA
WritePrivateProfileStringA
GetSystemTime
GetModuleHandleW
FormatMessageW
DeleteFileA
GetLongPathNameA
lstrlenW
GetLongPathNameW
GlobalFree
IsValidCodePage
IsDBCSLeadByte
GetCurrentProcess
GetCurrentThread
InterlockedCompareExchange
GlobalAlloc
GetLocaleInfoW
GetUserDefaultLCID
GetCPInfoExW
GetTimeFormatA
GetDateFormatA
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
GetTickCount
SystemTimeToFileTime

user32

RegisterWindowMessageW
LoadStringW
DialogBoxParamW
GetDesktopWindow
SendDlgItemMessageA
LoadIconA
LoadImageA
LoadStringA
CharLowerA
DestroyWindow
KillTimer
EnableWindow
SetWindowTextW
GetDlgItem
SetFocus
EndDialog
CheckDlgButton
SendMessageW
SendMessageA
IsDlgButtonChecked
DefWindowProcA
SetWindowLongA
GetWindowLongA
RegisterClassW
CreateWindowExW
SetTimer
GetWindowTextW
MessageBoxW
CharNextA
GetWindowInfo
CharToOemA
CharUpperA
CharLowerW
IsCharAlphaNumericA
GetWindowThreadProcessId
EnumChildWindows
IsWindowVisible
GetAncestor
EnumWindows
CharNextExA
PostMessageA
IsWindow
SetWindowPos
SetDlgItemTextW
DestroyIcon
SetForegroundWindow
GetWindow
GetWindowRect
EqualRect
IntersectRect
PostMessageW
FindWindowW
ReleaseDC
GetDC
SendDlgItemMessageW
LoadImageW
GetSystemMetrics

normaliz

IdnToAscii
IdnToUnicode

urlmon

ord423
ord421
ord416
ord422
ord414
ord410
ord408
ord407

iertutil

ord9
ord58
ord32
ord33
ord37
ord50
ord16
ord670
ord654
ord651
ord650
ord17
ord173
ord685

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
DispatchAPICall
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
ReadUrlCacheEntryStreamEx
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach
_GetFileExtensionFromUrl

Sections

.text
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
easypdfreader.exe
.exe windows:5 windows x86 arch:x86

444eb2554f4aa064fab85bffc1c9273d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Workspace\Personel\Freelancer\Suamtra\obj-rel\SumatraPDF.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

kernel32

GetCommandLineW
CopyFileExW
GetDriveTypeW
CreateProcessW
InterlockedIncrement
InterlockedDecrement
GetProfileStringW
SetEvent
GetLogicalDrives
OutputDebugStringW
LoadLibraryW
FormatMessageW
GetFileAttributesW
MulDiv
ReleaseSemaphore
GlobalFree
ResetEvent
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
GetUserDefaultUILanguage
LocalFree
SetFileAttributesW
CreateThread
ReadDirectoryChangesW
GetOverlappedResult
GlobalDeleteAtom
GlobalAddAtomW
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
RaiseException
LCMapStringW
GetFileAttributesExW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStdHandle
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
MoveFileA
CreateDirectoryW
FindFirstFileExW
FileTimeToLocalFileTime
FileTimeToSystemTime
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleW
RtlUnwind
HeapReAlloc
GlobalUnlock
GetTimeFormatW
GetLocaleInfoW
GlobalAlloc
GlobalLock
GetDateFormatW
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObject
GetCurrentProcess
SetUnhandledExceptionFilter
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
lstrcpyW
MultiByteToWideChar
GetLongPathNameW
GetTimeZoneInformation
ReadFile
WriteFile
GetFileSize
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
GetWindowsDirectoryW
CloseHandle
FindNextFileW
FindClose
lstrlenW
CreateFileW
GetModuleFileNameW
lstrcpynW
WideCharToMultiByte
FindFirstFileW
GetFullPathNameW
GetSystemTimeAsFileTime

user32

KillTimer
IsZoomed
GetKeyState
GetFocus
LoadCursorW
FindWindowW
CreateMenu
ModifyMenuW
ShowCaret
DdeFreeStringHandle
CharLowerW
GetCapture
TranslateMessage
LoadAcceleratorsW
GetForegroundWindow
RegisterClassExW
LoadIconW
CheckMenuRadioItem
IntersectRect
GetScrollInfo
DdeUninitialize
AppendMenuW
DdeCreateDataHandle
GetWindowTextW
SystemParametersInfoW
SetClassLongW
EnableMenuItem
MonitorFromWindow
GetSysColor
DrawTextW
LoadBitmapW
ShowScrollBar
InsertMenuW
AdjustWindowRectEx
DdeClientTransaction
DdeConnect
MessageBoxW
ReleaseCapture
IsWindowVisible
SetCapture
LoadImageW
GetMenuItemID
DdeCreateStringHandleW
IsIconic
ShowWindowAsync
GetWindowDC
PostQuitMessage
GetMessageW
HideCaret
UpdateWindow
DestroyMenu
SetWindowTextW
SetScrollInfo
SetTimer
MonitorFromRect
GetMonitorInfoW
SendMessageW
GetSystemMetrics
LoadStringW
ReleaseDC
OffsetRect
GetDC
GetClientRect
IsCharUpperW
CallWindowProcW
GetPropW
DrawFrameControl
EndDeferWindowPos
MapWindowPoints
ReuseDDElParam
IsWindowUnicode
UnpackDDElParam
DdeInitializeW
SetMenu
TranslateAcceleratorW
BeginDeferWindowPos
DeferWindowPos
GetDesktopWindow
SetWindowLongW
GetScrollPos
DdeDisconnect
CheckMenuItem
GetMessagePos
DdeFreeDataHandle
DispatchMessageW
CloseClipboard
wsprintfW
EmptyClipboard
OpenClipboard
SetClipboardData
DialogBoxParamW
SetFocus
EndDialog
SendDlgItemMessageW
SetWindowPos
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
EnableWindow
CopyRect
EndPaint
DestroyWindow
SetCursor
SetActiveWindow
BeginPaint
InflateRect
GetWindowLongW
GetCursorPos
ShowWindow
CreateWindowExW
DefWindowProcW
MoveWindow
FillRect
CopyImage
PostMessageW
RemovePropW
ScreenToClient
GetWindowRect
GetParent
PtInRect
SetPropW
GetWindowPlacement
UnionRect
InvalidateRect
GetDlgItem

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
StretchBlt
DeleteDC
SetTextColor
LineTo
BitBlt
MoveToEx
CreateCompatibleBitmap
TextOutW
GetTextExtentPoint32W
AbortDoc
GetStockObject
EndDoc
StartDocW
GetObjectW
Rectangle
SetMapMode
CreateDCW
GetDeviceCaps
CreateFontIndirectW
CreateDIBSection
StartPage
EndPage
CreatePen
CreateDIBitmap
CreateSolidBrush

comdlg32

PrintDlgExW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

shell32

SHAddToRecentDocs
DragAcceptFiles
SHChangeNotify
SHGetDesktopFolder
SHBindToParent
ShellExecuteExW
DragFinish
SHGetSpecialFolderPathW
DragQueryFileW

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_AddMasked

msimg32

AlphaBlend

winspool.drv

ord203
ClosePrinter
EnumPrintersW
DocumentPropertiesW
OpenPrinterW

wininet

InternetCloseHandle

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

StrRStrIW
StrStrIW
PathIsRelativeW
StrStrW
PathIsRelativeA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 794KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 442KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 593KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9cdb9712b209145906aa6f9c0e06ed0b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

shlwapi

user32

gdi32

comctl32

shell32

kernel32

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 343KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 107KB - Virtual size: 106KB

.reloc Size: 17KB - Virtual size: 16KB

ce669631cead1d131a8efe42e5e645c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 180B

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 512B - Virtual size: 76B

105f233d0e5db86b1f4409873b8b8e3e

Headers

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 344KB - Virtual size: 343KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 107KB - Virtual size: 106KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 180B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 76B

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 796B

.text
Size: 731KB - Virtual size: 730KB

.data
Size: 13KB - Virtual size: 26KB

.rsrc
Size: 182KB - Virtual size: 182KB

.reloc
Size: 27KB - Virtual size: 27KB

.text
Size: 794KB - Virtual size: 794KB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 442KB - Virtual size: 469KB

.rsrc
Size: 593KB - Virtual size: 593KB

.reloc
Size: 63KB - Virtual size: 63KB