663beaed8d7a5d6b7f152d0b5b5ae20d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

663beaed8d7a5d6b7f152d0b5b5ae20d_JaffaCakes118
Size

1.4MB
MD5

663beaed8d7a5d6b7f152d0b5b5ae20d
SHA1

64d102eb277d6f7bd21cd82db6082f6c8449cd1d
SHA256

221308e2e12588a3fd4c54d9d6932d25abfb85e596dcb43b3a2acb8ce2d6033f
SHA512

4696dc40f86a884f6bed9ea304a51c958379226cf307fed110deeca23ebfebc37dad6abde1ca08b5fd803400f3e57b20108896006490eecc14cb67906c3c2307
SSDEEP

24576:hTpPIgqwHUsQBzDwas3oeRF/UAKLFNXYHRZ7JhgpkNX8e1enhJ09Kwiu:lpAgRYyZRFaFNXYHRmCd5WJ0yu

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
663beaed8d7a5d6b7f152d0b5b5ae20d_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$SYSDIR/cfx32.ocx
unpack001/TestingMaster.exe
unpack001/libeay32.dll
unpack001/logger.dll
unpack001/uninst.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack001/wrcore.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

663beaed8d7a5d6b7f152d0b5b5ae20d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/testingmaster.ini
$SYSDIR/CFX32.LIC
$SYSDIR/cfx32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

a43fba7f27b8132c0e4b5ffa61797648

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt40

__CxxFrameHandler
fabs
??3@YAXPAX@Z
??2@YAPAXI@Z
srand
sprintf
memset
memmove
strtok
memcpy
cos
sin
ceil
abs
rand
_EH_prolog
sqrt
atan2
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_ftol

mfc40

ord1035
ord1084
ord1986
ord2065
ord1073
ord2007
ord5363
ord1540
ord5647
ord4704
ord3922
ord2845
ord2961
ord4101
ord3262
ord3110
ord3158
ord3185
ord724
ord509
ord5405
ord5407
ord1432
ord2707
ord1426
ord1014
ord706
ord3656
ord486
ord2154
ord2069
ord2064
ord1989
ord5725
ord5765
ord2114
ord1753
ord3710
ord2261
ord3884
ord3162
ord606
ord2008
ord662
ord421
ord760
ord762
ord570
ord3145
ord2112
ord1752
ord3709
ord2258
ord3881
ord3120
ord582
ord548
ord5492
ord2710
ord2115
ord4694
ord3134
ord315
ord3724
ord4173
ord2072
ord2060
ord5648
ord3963
ord2234
ord2197
ord5070
ord3431
ord965
ord4627
ord2097
ord2909
ord4713
ord4715
ord2389
ord3579
ord4165
ord4719
ord4703
ord5053
ord3458
ord2960
ord3192
ord721
ord504
ord532
ord5630
ord1075
ord1097
ord1085
ord2754
ord2617
ord5441
ord4735
ord4741
ord4739
ord4736
ord4723
ord483
ord4729
ord4740
ord2223
ord2140
ord4691
ord651
ord403
ord505
ord2795
ord5211
ord2556
ord2815
ord5279
ord2728
ord4863
ord3010
ord5352
ord1633
ord3738
ord2176
ord2358
ord1043
ord1071
ord1365
ord2135
ord1464
ord4973
ord881
ord3827
ord4154
ord4113
ord5023
ord1873
ord4314
ord4375
ord5001
ord3611
ord4230
ord4360
ord4024
ord3997
ord4070
ord4441
ord4380
ord4385
ord4390
ord4122
ord4156
ord4473
ord4127
ord4117
ord3838
ord4241
ord4123
ord4111
ord4505
ord4060
ord3854
ord3844
ord3840
ord4202
ord1850
ord4201
ord3892
ord4079
ord4459
ord3898
ord4432
ord2177
ord2963
ord5643
ord2618
ord2755
ord2844
ord3946
ord2851
ord2621
ord2695
ord3581
ord4098
ord5160
ord632
ord598
ord2561
ord3452
ord347
ord381
ord545
ord285
ord3417
ord2515
ord1400
ord4444
ord4403
ord5341
ord3530
ord5568
ord3979
ord4649
ord4685
ord1119
ord2451
ord1105
ord1369
ord1042
ord328
ord1046
ord1367
ord5681
ord988
ord1370
ord269
ord733
ord671
ord711
ord3202
ord3906
ord4096
ord2916
ord2860
ord3952
ord5638
ord2894
ord5637
ord265
ord1647
ord3592
ord5342
ord3080
ord5610
ord2081
ord406
ord5307
ord654
ord3205
ord3907
ord4099
ord3580
ord2694
ord3340
ord3346
ord3345
ord2696
ord2620
ord2861
ord2744
ord3945
ord2843
ord1387
ord722
ord4510
ord4677
ord1494
ord1785
ord3268
ord5649
ord4296
ord2323
ord3919
ord3837
ord3314
ord4700
ord2086
ord5644
ord4608
ord1539
ord4657
ord3890
ord2199
ord3578
ord5360
ord4312
ord4176
ord4450
ord4462
ord3859
ord4681
ord4046
ord4302
ord4141
ord2793
ord5748
ord3451
ord4124
ord5438
ord4204
ord1000
ord999

kernel32

Sleep
LocalFree
LocalAlloc
LocalReAlloc
LocalLock
LocalUnlock
GetTickCount
WriteProfileStringA
GetProcAddress
WritePrivateProfileStringA
GetPrivateProfileStringA
FreeLibrary
GetVersion
LoadLibraryA
LoadResource
LockResource
FreeResource
FindResourceA
GlobalSize
_lopen
lstrcmpA
_lread
_lcreat
_lwrite
_lclose
lstrcpyA
GetProfileStringA
GlobalReAlloc
lstrcatA
lstrlenA
GlobalAlloc
GlobalLock
MulDiv
GlobalUnlock
GlobalFree

user32

LoadMenuA
LoadIconA
GetSystemMetrics
DestroyMenu
SetMenu
DrawMenuBar
IsWindow
DestroyIcon
DeferWindowPos
EndDeferWindowPos
DialogBoxParamA
GetUpdateRect
CheckMenuItem
EnableMenuItem
DrawIcon
IsIconic
BeginDeferWindowPos
PtInRect
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageA
MessageBoxA
GetFocus
FrameRect
GetDesktopWindow
GetClassInfoA
SetParent
LoadStringA
WindowFromPoint
DestroyCursor
GetWindowWord
GetSubMenu
GetCapture
OpenClipboard
CopyRect
IsWindowEnabled
SetDlgItemInt
EnableWindow
IsDlgButtonChecked
GetDlgItem
SetFocus
SendDlgItemMessageA
EndDialog
UnregisterClassA
RegisterClassA
KillTimer
BeginPaint
wsprintfA
SendMessageA
DrawTextA
EndPaint
DefWindowProcA
FillRect
SetCapture
SetWindowPos
ReleaseCapture
GetParent
GetWindowLongA
GetClientRect
ScrollDC
UpdateWindow
SetWindowLongA
InvalidateRect
GetDC
ReleaseDC
LoadCursorA
ShowCursor
SetCursor
ClientToScreen
TrackPopupMenu
SetTimer
GetKeyState
SetWindowTextA
CallWindowProcA
SetRect
GetScrollRange
ShowWindow
GetScrollPos
SetScrollRange
SetScrollPos
CreateDialogParamA
TranslateMessage
DispatchMessageA
PeekMessageA
GetWindowRect
ScreenToClient
InflateRect
GetWindowTextA
DestroyWindow
OffsetRect
GetDlgItemTextA
CheckDlgButton
CreateWindowExA
LoadBitmapA
GetSysColor
GetDlgItemInt
CheckRadioButton
SetDlgItemTextA
DrawFocusRect

gdi32

DeleteObject
Arc
Pie
DPtoLP
SetMapMode
SetWindowExtEx
SetViewportExtEx
GetBkColor
GetTextColor
SetTextAlign
CreatePolygonRgn
PtInRegion
LPtoDP
CreateRectRgnIndirect
GetClipBox
CreateFontA
RoundRect
CreateCompatibleBitmap
StretchDIBits
CreateDIBitmap
CreateCompatibleDC
SetROP2
LineTo
Polyline
CreatePen
GetTextMetricsA
MoveToEx
SetBkMode
Rectangle
SetTextColor
GetStockObject
SelectClipRgn
GetTextExtentPointA
TextOutA
CreateSolidBrush
CreateRectRgn
GetObjectA
CreateDCA
SetBkColor
EndDoc
EndPage
DeleteDC
StartDocA
SetAbortProc
StartPage
CreateFontIndirectA
SetPixel
ExtTextOutA
Polygon
BitBlt
Ellipse
CreateBitmap
CreatePatternBrush
PatBlt
GetDeviceCaps
SelectObject

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

oleaut32

LoadRegTypeLi
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CFX20_Sp
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Le
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_In
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_En
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Sc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Co
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Op
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Ar
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_St
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Co
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Pr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Fi
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Co
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Da
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Li
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_To
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Ba
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Co
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Dr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Cl
Size: 1024B - Virtual size: 939B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Pr
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Ba
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Pa
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Pi
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Ro
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CFX20_Pa
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TestingMaster.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 903KB - Virtual size: 903KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
libeay32.dll
.dll windows:4 windows x86 arch:x86

574b96e9a07cceef78f2bba02197adcf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

sendto
recvfrom
accept
ntohl
bind
listen
inet_ntoa
WSACancelBlockingCall
WSACleanup
getsockopt
getservbyname
ntohs
WSAStartup
gethostbyname
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
closesocket

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

user32

MessageBoxIndirectA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

msvcrt

_write
_fileno
_stat
_chmod
_getch
_isctype
_read
sprintf
abort
wcsstr
_vsnprintf
vfprintf
_iob
free
realloc
malloc
memchr
time
localtime
gmtime
strncpy
_errno
memmove
_pctype
__mb_cur_max
_getpid
fprintf
strstr
fputs
fopen
fclose
fread
fwrite
fflush
_setmode
ftell
fseek
fgets
_ftol
atoi
perror
qsort
strcmp
getenv
strerror
strchr
strncmp
strtoul
strrchr
tolower
sscanf
exit
strtol
signal
printf
_initterm
_adjust_fdiv

kernel32

SetLastError
LoadLibraryA
FreeLibrary
FindClose
GetModuleHandleA
GetCurrentProcessId
GetThreadTimes
GetCurrentThread
GetProcAddress
GetFileType
GetVersion
GlobalMemoryStatus
QueryPerformanceCounter
CloseHandle
GetTickCount
GetVersionExA
FlushConsoleInputBuffer
ExitProcess
GetCurrentThreadId
FindNextFileA
GetLastError
FindFirstFileA
GetStdHandle

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_cfbr_encrypt_block
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
ASN1_ANY_it
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_encode
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_to_generalizedtime
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_callback_ctrl
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_cipher
BIO_set_ex_data
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CBIGNUM_it
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get1_default_config_file
CONF_get_number
CONF_get_section
CONF_get_string
CONF_imodule_get_flags
CONF_imodule_get_module
CONF_imodule_get_name
CONF_imodule_get_usr_data
CONF_imodule_get_value
CONF_imodule_set_flags
CONF_imodule_set_usr_data
CONF_load
CONF_load_bio
CONF_load_fp
CONF_module_add
CONF_module_get_usr_data
CONF_module_set_usr_data
CONF_modules_finish
CONF_modules_free
CONF_modules_load
CONF_modules_load_file

Sections

.text
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license.txt
logger.dll
.dll windows:4 windows x86 arch:x86

4456795e2b94de8a9d52b079fb546444

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
WideCharToMultiByte
lstrcatA
MultiByteToWideChar
InterlockedDecrement
GetTickCount
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
SetFilePointer
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetLastError
lstrlenA
LocalFree
HeapFree
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapAlloc
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
HeapSize
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

ole32

CoCreateInstance

oleaut32

SafeArrayAccessData
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString

Exports

Exports

IsIEAviable
StartLog2
StopLog2

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
testingmaster.chm
.chm
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
wrcore.dll
.dll windows:4 windows x86 arch:x86

f6131372e1794a2522faa0aba3b8bbe0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
gethostbyname
htons
inet_addr
socket
connect
setsockopt
gethostname
WSAGetLastError
WSACleanup
send
recv
select
closesocket

kernel32

GetConsoleOutputCP
WriteConsoleA
GetTickCount
WideCharToMultiByte
OutputDebugStringA
MultiByteToWideChar
LocalFree
FormatMessageA
GetLastError
lstrcmpA
GlobalLock
GlobalAlloc
InterlockedIncrement
lstrlenA
InterlockedExchange
FindResourceA
GetModuleHandleA
CompareStringA
CompareStringW
lstrcpyA
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
CreateThread
WriteConsoleW
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
WaitForSingleObject
GetCurrentThreadId
lstrcmpW
WaitForMultipleObjects
SetEvent
CreateEventA
GetModuleFileNameA
lstrcatA
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceExA
GetVersionExA
GetVolumeInformationA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetStdHandle
CreateFileW
LoadLibraryA
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA
GetThreadLocale
DeleteCriticalSection
SetHandleCount
InitializeCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
HeapSize
ExitProcess
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetACP
GetCPInfo
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
VirtualAlloc
GetProcAddress
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
ExitThread
GetStdHandle

user32

wsprintfA
UnregisterClassA
MessageBoxA

advapi32

RegCloseKey
RegSetValueA
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
GetUserNameA

ole32

CoInitializeEx
CoUninitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantCopy
SysAllocString
VariantClear
VariantInit
SysFreeString
VariantChangeType

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetGetLastResponseInfoA
InternetConnectA

netapi32

Netbios

Exports

Exports

AbortRun
CheckForNewVersion
CleanWR
CleanupWR
CreateTestSet
FreeTestSet
GetCoreVersion
GetInfo
GetKey1
GetKey2
GetMinutesToExpire
GetResults
InitRegistration
InitWR
IsRegistred
IsTrialExpired
ParseGeneralParam
ParseTest
RegisterRequest
RunTest
SaveResults
SetOutFunc
SetProgressReporter
SetProperty
XLoadTest

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 17KB - Virtual size: 17KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 741B

.rdata Size: 1024B - Virtual size: 657B

.data Size: 512B - Virtual size: 85B

.reloc Size: 512B - Virtual size: 154B

a43fba7f27b8132c0e4b5ffa61797648

Headers

File Characteristics

Imports

msvcrt40

mfc40

kernel32

user32

gdi32

comdlg32

advapi32

oleaut32

Exports

Exports

Sections

CFX20_Sp Size: 3KB - Virtual size: 2KB

CFX20_Le Size: 4KB - Virtual size: 3KB

CFX20_In Size: 2KB - Virtual size: 1KB

CFX20_En Size: 512B - Virtual size: 360B

CFX20_Sc Size: 3KB - Virtual size: 2KB

CFX20_Co Size: 2KB - Virtual size: 2KB

CFX20_Op Size: 4KB - Virtual size: 3KB

CFX20_Ar Size: 4KB - Virtual size: 3KB

.text Size: 62KB - Virtual size: 62KB

CFX20_St Size: 2KB - Virtual size: 1KB

CFX20_Co Size: 4KB - Virtual size: 4KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 17KB - Virtual size: 17KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 657B

.data
Size: 512B - Virtual size: 85B

.reloc
Size: 512B - Virtual size: 154B

CFX20_Sp
Size: 3KB - Virtual size: 2KB

CFX20_Le
Size: 4KB - Virtual size: 3KB

CFX20_In
Size: 2KB - Virtual size: 1KB

CFX20_En
Size: 512B - Virtual size: 360B

CFX20_Sc
Size: 3KB - Virtual size: 2KB

CFX20_Co
Size: 2KB - Virtual size: 2KB

CFX20_Op
Size: 4KB - Virtual size: 3KB

CFX20_Ar
Size: 4KB - Virtual size: 3KB

.text
Size: 62KB - Virtual size: 62KB

CFX20_St
Size: 2KB - Virtual size: 1KB

CFX20_Co
Size: 4KB - Virtual size: 4KB

CFX20_Pr
Size: 4KB - Virtual size: 3KB

CFX20_Fi
Size: 3KB - Virtual size: 3KB

CFX20_Co
Size: 19KB - Virtual size: 19KB

CFX20_Da
Size: 6KB - Virtual size: 5KB

CFX20_Li
Size: 4KB - Virtual size: 4KB

CFX20_To
Size: 6KB - Virtual size: 5KB

CFX20_Ba
Size: 1KB - Virtual size: 1KB

CFX20_Co
Size: 2KB - Virtual size: 2KB

CFX20_Dr
Size: 4KB - Virtual size: 4KB

CFX20_Cl
Size: 1024B - Virtual size: 939B

CFX20_Pr
Size: 6KB - Virtual size: 6KB

CFX20_Ba
Size: 8KB - Virtual size: 7KB

CFX20_Pa
Size: 1KB - Virtual size: 1KB

CFX20_Pi
Size: 3KB - Virtual size: 2KB

CFX20_Ro
Size: 6KB - Virtual size: 5KB

CFX20_Pa
Size: 2KB - Virtual size: 2KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 16KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 78KB - Virtual size: 77KB

.reloc
Size: 15KB - Virtual size: 15KB

CODE
Size: 1.1MB - Virtual size: 1.1MB

DATA
Size: 12KB - Virtual size: 11KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 903KB - Virtual size: 903KB

.text
Size: 700KB - Virtual size: 699KB

.rdata
Size: 248KB - Virtual size: 245KB

.data
Size: 56KB - Virtual size: 67KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 42KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB