65fe8d64228376578e344466b96a7bac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

65fe8d64228376578e344466b96a7bac_JaffaCakes118
Size

1.0MB
MD5

65fe8d64228376578e344466b96a7bac
SHA1

6a8ce9426be21665d1d72f1154c3030100b672af
SHA256

21de2896775d69077715747e2d8e2dfb1ab722edb0b0bd4cdc1e0086283db364
SHA512

530b35fdce11231f2604812e5179926be9ea3ae7d4add3c83a467a8bbd3cf474bd66162fdb7994d27ba73358dbf0f64a96eb36e4a405e2abf20b082bcfcc45da
SSDEEP

24576:MnYlRHFa8VmZg7DTBgLnQUV9SOAn67nRn3MCM2:MnOF6ABaL9SObn98Cx

Score

3^/10

Malware Config

Signatures

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HA_RegCptDotNet-v18_CZ.EXE
unpack002/$PLUGINSDIR/installoptions.dll
unpack002/$PLUGINSDIR/killprocdll.dll
unpack002/$PLUGINSDIR/nsWeb.dll
unpack002/$PLUGINSDIR/nsweb.dll
unpack002/$PLUGINSDIR/startmenu.dll
unpack002/$PLUGINSDIR/system.dll
unpack002/$PLUGINSDIR/textreplace.dll
unpack002/$PLUGINSDIR/time.dll
unpack002/$PROGRAM_FILES/Baidu/bar/TempData.KGB
unpack002/$PROGRAM_FILES/Baidu/bar/baidubar.dll
unpack002/$PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
unpack002/Lang2052.DAT
unpack002/file,diz.thx
unpack002/regcompact.net_chs.exe
unpack002/regcompact.net_eng.exe
unpack002/uninst.exe
unpack003/$PLUGINSDIR/killprocdll.dll
unpack003/$PROGRAM_FILES/Baidu/bar/TempData.KGB

Files

65fe8d64228376578e344466b96a7bac_JaffaCakes118
.rar
HA_RegCptDotNet-v18_CZ.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.uNSIS
Size: 261B - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HelloFAR
Size: 47KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/installoptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/killprocdll.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsweb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/startmenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/system.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/textreplace.dll
.dll windows:4 windows x86 arch:x86

68af796cbe4fdd2d5baf33b0af9aa583

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpiA
lstrcatA
lstrcpynA
lstrcmpA
lstrlenA
GlobalFree
CloseHandle
ReadFile
GlobalAlloc
GetFileSize
CreateFileA
WriteFile
SetFileAttributesA
GetFileAttributesA
CopyFileA

user32

CharUpperA

Exports

Exports

FILLREADBUFFER
FREEREADBUFFER
FindInFile
ReplaceInFile

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 791B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/time.dll
.dll windows:4 windows x86 arch:x86

5c9a5d5468ec62f250171c012eda3c26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
lstrcmpA
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CloseHandle
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

GETFILETIME
GETFILETIMEUTC
GETLOCALTIME
GETLOCALTIMEUTC
MATHTIME
SETFILETIME
SETFILETIMEUTC
SETLOCALTIME
SETLOCALTIMEUTC
TIMESTRING

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/TempData.KGB
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/baidubar.dat
$PROGRAM_FILES/Baidu/bar/baidubar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/img/imglist.bmp
$PROGRAM_FILES/Baidu/bar/img/logo.bmp
$PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
.exe windows:4 windows x86 arch:x86

d31173ca8ec2d5e26170e3b96a28428f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrcatA
GetLastError
lstrcpynA
lstrcmpiA
WinExec
GetModuleFileNameA
TerminateProcess
lstrlenA
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
GetVersion
WriteFile
MoveFileExA
GetSystemDirectoryA
CreateFileA
DeviceIoControl
DeleteFileA
GetVersionExA
GetCurrentProcess
CloseHandle
GetTempPathA
GetProcAddress
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetSystemDefaultLangID
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetOEMCP
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringA
GetEnvironmentStrings
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
VirtualFree
LCMapStringW
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter

user32

ExitWindowsEx
wsprintfA
MessageBoxA

advapi32

CloseServiceHandle
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
CreateServiceA
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lang2052.DAT
.exe windows:4 windows x86 arch:x86

d31173ca8ec2d5e26170e3b96a28428f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrcatA
GetLastError
lstrcpynA
lstrcmpiA
WinExec
GetModuleFileNameA
TerminateProcess
lstrlenA
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
GetVersion
WriteFile
MoveFileExA
GetSystemDirectoryA
CreateFileA
DeviceIoControl
DeleteFileA
GetVersionExA
GetCurrentProcess
CloseHandle
GetTempPathA
GetProcAddress
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetSystemDefaultLangID
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetOEMCP
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringA
GetEnvironmentStrings
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
VirtualFree
LCMapStringW
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter

user32

ExitWindowsEx
wsprintfA
MessageBoxA

advapi32

CloseServiceHandle
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
CreateServiceA
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file,diz.thx
.exe windows:4 windows x86 arch:x86

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

MessageBoxA

Sections

.rsrc
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
regcompact.net.chm
.chm
regcompact.net_chs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regcompact.net_chs.exe.manifest
.xml
regcompact.net_eng.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regcompact.net_eng.exe.manifest
.xml
regcompact_dotnet.jpg
.jpg
uninst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.uNSIS
Size: 261B - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HelloFAR
Size: 47KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/killprocdll.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PROGRAM_FILES/Baidu/bar/TempData.KGB
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/baidubar.dat
$PROGRAM_FILES/Baidu/bar/img/imglist.bmp
$PROGRAM_FILES/Baidu/bar/img/logo.bmp
˵.txt
ⷴ.url
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.uNSIS Size: 261B - Virtual size: 700KB

HelloFAR Size: 47KB - Virtual size: 244KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 644B

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 644B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

.uNSIS
Size: 261B - Virtual size: 700KB

HelloFAR
Size: 47KB - Virtual size: 244KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 791B

.data
Size: - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 322B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 414B