78d130d3621308ab9e6aea088939f301_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78d130d3621308ab9e6aea088939f301_JaffaCakes118
Size

6.7MB
MD5

78d130d3621308ab9e6aea088939f301
SHA1

424343ba778f10a0bc50aa4b10dc90d118e9c6b0
SHA256

9b7e4f39efbe64a1e36769d8b04c8fb404c245a1914c3515cb6a36a5e718c6e9
SHA512

4708f3447626a58fd1b485d759bc10bb7298274d051fcc01316ba3c588f169d45630f56b29c0fa360ab47401273e2ab2d65a311d751dd3dc53f31788bb752387
SSDEEP

196608:W+kbE5ujbXa+MQuJFM+nQfdn8Ud61Ia8vEXvA1EAYjd:BkbE5wbKfFtjUd61j8vEfFFjd

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/enswerapi.dll	patched_upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/nat.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/nat.dll	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
78d130d3621308ab9e6aea088939f301_JaffaCakes118
unpack001/FsLauncher.exe
unpack001/JJangDiskDown.exe
unpack001/JJangDiskUp.exe
unpack001/Uninstall.exe
unpack001/enswerapi.dll
unpack001/nat.dll
unpack003/out.upx
unpack001/unrar.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

78d130d3621308ab9e6aea088939f301_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
FsLauncher.exe
.exe windows:4 windows x86 arch:x86

9b68613a5e971847239d13cbe3624e1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\test_server\111.jjangdisk.com\src_webcontrol\FsLauncher\Release\FsLauncher.pdb

Imports

kernel32

ExitThread
CreateThread
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
FreeEnvironmentStringsA
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetSystemTimeAsFileTime
ExitProcess
GetFileTime
GetFileAttributesA
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
GetCurrentDirectoryA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
InterlockedDecrement
WritePrivateProfileStringA
FreeResource
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
SetLastError
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
GetTempPathA
Sleep
GetModuleHandleA
GetModuleFileNameA
CloseHandle
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStrings
InterlockedExchange

user32

DestroyMenu
EndPaint
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
PtInRect
GetWindow
UnhookWindowsHookEx
ReleaseDC
GetDC
GetClientRect
CopyRect
GetDesktopWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
MessageBoxA
LoadIconA
EnableWindow
KillTimer
SetTimer
UpdateWindow
SendMessageA
wsprintfA

gdi32

PtVisible
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrFormatByteSizeA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
JJangDisk.ico
JJangDiskDown.exe
.exe windows:4 windows x86 arch:x86

d9a279ec53b4dee8dc3e8230805d5bd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\test_server\NewClient_20100625\JJangDiskDown_TurboClient\DownClient\release\JJangDiskDown.pdb

Imports

ws2_32

WSAGetLastError
setsockopt
recv
__WSAFDIsSet
select
send
connect
inet_addr
closesocket
htons
socket

kernel32

InterlockedIncrement
GetFileTime
SetErrorMode
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
ExitThread
CreateThread
HeapSize
SetStdHandle
VirtualProtect
TlsFree
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
GetFullPathNameW
GetVolumeInformationW
GetThreadLocale
GetModuleHandleA
FindFirstFileW
FindNextFileW
FindClose
InterlockedDecrement
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
FormatMessageW
LocalAlloc
LocalFree
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
GetVersionExA
DeleteFileW
GetVersionExW
GetProcAddress
SetLastError
MulDiv
lstrcpynW
LoadLibraryW
GetModuleHandleW
GlobalReAlloc
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
GetModuleFileNameW
DuplicateHandle
GetFileType
FlushFileBuffers
CreateFileW
ReadFile
WriteFile
LockFile
UnlockFile
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileA
lstrcpyW
GetDiskFreeSpaceExA
lstrcatW
SetCurrentDirectoryW
LockResource
EnterCriticalSection
GetTempPathW
lstrlenW
MultiByteToWideChar
lstrcmpW
GetFileAttributesW
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
InitializeCriticalSection
GetDriveTypeA
GetTickCount
CreateDirectoryW
LoadResource
FindResourceW
lstrlenA
GetCommandLineW
CloseHandle
GetLastError
Sleep
GetCurrentProcess
CreateMutexW
VirtualAlloc

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
GetSysColorBrush
LoadCursorW
IsRectEmpty
MoveWindow
SetWindowTextW
IsDialogMessageW
CharUpperW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
ValidateRect
SetWindowContextHelpId
MapDialogRect
IsWindowEnabled
PostQuitMessage
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessagePos
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetClassNameW
ReleaseDC
MapWindowPoints
GetWindowThreadProcessId
FillRect
GetFocus
DrawFocusRect
IsWindowVisible
SetWindowRgn
FindWindowW
GetDC
SetRect
GetWindowLongW
GetActiveWindow
GetDesktopWindow
IsWindow
MessageBoxW
CallWindowProcW
SetCursor
UpdateWindow
LoadBitmapW
ClientToScreen
LoadImageW
SetCapture
DrawIconEx
WindowFromPoint
PtInRect
GetIconInfo
GetCapture
InflateRect
OffsetRect
PostThreadMessageW
RegisterClipboardFormatW
GetSysColor
ReleaseCapture
GetMessageTime
UnregisterClassW
GetSystemMetrics
DestroyIcon
CopyRect
TrackPopupMenu
GetCursorPos
ShowWindow
CreatePopupMenu
SetMenuDefaultItem
DestroyMenu
GetParent
GetSystemMenu
SetTimer
GetWindowRect
PostMessageW
KillTimer
GetKeyState
SetForegroundWindow
ReplyMessage
GetClientRect
ExitWindowsEx
SendMessageA
TranslateMessage
LoadIconW
InvalidateRect
AppendMenuW
PeekMessageW
SetWindowLongW
RedrawWindow
SendMessageW
EnableWindow
DispatchMessageW
GetClassInfoW
UnregisterClassA
RegisterClassW

gdi32

GetDeviceCaps
GetWindowExtEx
GetBkColor
GetTextColor
GetRgnBox
GetViewportExtEx
SelectClipRgn
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StretchBlt
SetBkColor
CreateBitmap
SelectObject
CreateCompatibleDC
DPtoLP
SetMapMode
CreateCompatibleBitmap
GetMapMode
CreateFontIndirectW
DeleteObject
GetObjectW
GetTextExtentPoint32W
Rectangle
GetStockObject
CreateSolidBrush
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
SetRectRgn
CreateRectRgnIndirect
CreatePen
CreateDIBSection
CombineRgn
ExtCreateRegion
BitBlt
DeleteDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
OpenProcessToken
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyW
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExW
RegSetValueExA
RegEnumKeyW
ControlService
OpenServiceW
OpenSCManagerW
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathGetArgsW
StrFormatByteSizeW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocString
OleCreateFontIndirect
SysAllocStringLen
SysFreeString

nat

ord10
ord8
ord1
ord9
ord11
ord14
ord16
ord15
ord4

wininet

HttpSendRequestW
InternetConnectW
InternetReadFile
FtpOpenFileW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
FtpGetCurrentDirectoryW
HttpOpenRequestW
InternetQueryDataAvailable
InternetOpenW
InternetCloseHandle

Sections

.text
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
JJangDiskUp.exe
.exe windows:4 windows x86 arch:x86

6713dd19d4d94d8b86aaaaff40985e80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\test_server\New_UploadClient_20100510\111.jjangdisk.com\src_client\up_client\Release\up_client.pdb

Imports

unrar

RARReadHeaderEx
RAROpenArchiveEx
RARCloseArchive
RARProcessFile

kernel32

VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
ExitProcess
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetStartupInfoA
TerminateProcess
HeapReAlloc
HeapSize
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetDriveTypeA
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
lstrcmpiA
lstrlenA
CompareStringA
CompareStringW
Sleep
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
GetCurrentDirectoryA
WritePrivateProfileStringA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
LocalAlloc
InterlockedIncrement
RaiseException
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
CreateMutexA
SizeofResource
LockResource
LoadResource
FindResourceA
IsBadReadPtr
SetThreadPriority
GetCurrentThread
CloseHandle
LeaveCriticalSection
EnterCriticalSection
SetEvent
FileTimeToSystemTime
FindNextFileA
FindClose
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
InterlockedDecrement
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
InitializeCriticalSection
EnumResourceLanguagesA
LoadLibraryA
SetLastError
FormatMessageA
LocalFree
WriteFile
CreateFileA
GetFileTime
GetFileAttributesA
lstrcatA
GetCommandLineA
GetTempPathA
GetCurrentProcess
GetTickCount
lstrcpynA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
lstrcpyA
GetSystemInfo
DeleteCriticalSection
WaitForSingleObject
CreateEventA

user32

InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
CharNextA
LoadCursorA
GetSysColorBrush
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ExitWindowsEx
ReplyMessage
GetFocus
IsWindowVisible
DrawFocusRect
FillRect
SetWindowRgn
FindWindowA
GetWindowLongA
GetActiveWindow
GetDC
LoadBitmapA
SetRect
SetWindowLongA
CallWindowProcA
IsWindow
SetCursor
GetParent
RedrawWindow
UpdateWindow
GetWindowRect
LoadImageA
GetIconInfo
DestroyIcon
DrawIconEx
ReleaseCapture
GetSysColor
GetSystemMetrics
EnableWindow
WindowFromPoint
SetCapture
GetCapture
InvalidateRect
ClientToScreen
GetClientRect
OffsetRect
InflateRect
PtInRect
CopyRect
PostThreadMessageA
RegisterClipboardFormatA
MessageBeep
IntersectRect
GetNextDlgGroupItem
DestroyWindow
ShowWindow
LoadIconA
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
PostMessageA
SendMessageA
KillTimer
SetTimer
GetClassInfoA
MessageBoxA
CharUpperA
SetWindowPos

gdi32

SelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetBkColor
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRectRgn
GetDeviceCaps
SetRectRgn
CreateRectRgnIndirect
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
StretchBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
GetObjectA
DeleteObject
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
SetViewportOrgEx
Rectangle

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegOpenKeyA
OpenSCManagerA
OpenServiceA
ControlService
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetFileInfoA
Shell_NotifyIconA

comctl32

ImageList_Draw
ImageList_Destroy
ord17

shlwapi

PathGetArgsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrFormatByteSize64A
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CreateILockBytesOnHGlobal
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysFreeString
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

ws2_32

WSAConnect
WSASend
WSAWaitForMultipleEvents
WSARecv
setsockopt
WSASocketA
socket
inet_addr
htons
connect
WSACleanup
WSAStartup
select
WSAGetLastError
send
__WSAFDIsSet
closesocket

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
enswerapi.dll
.dll windows:4 windows x86 arch:x86

a0715cb0f483c1a9ac1099b7a266e4e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

closesocket
inet_ntoa
gethostbyname
send
inet_addr
ioctlsocket
htons
shutdown
setsockopt
socket
WSAStartup
WSAGetLastError

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
PeekNamedPipe
GetFileInformationByHandle
QueryPerformanceCounter
GetEnvironmentStringsW
CreateThread
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
CreatePipe
TerminateThread
CreateProcessA
CloseHandle
TerminateProcess
GetLastError
CreateMutexA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
GetVersionExA
CreateFileA
GetFileSize
GetLocaleInfoW
WriteFile
GetTickCount
LockResource
LoadResource
CreateDirectoryA
SizeofResource
FindResourceA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
GetFileAttributesA
MultiByteToWideChar
IsDBCSLeadByteEx
WideCharToMultiByte
InterlockedExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateFileW
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetCurrentDirectoryA
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RemoveDirectoryA
GetTimeFormatA
GetDateFormatA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
DuplicateHandle
DeleteFileA
GetTimeZoneInformation
FindNextFileA
GetCommandLineA
RtlUnwind
RaiseException
MoveFileA
HeapReAlloc
SetFilePointer
GetModuleHandleA
ExitProcess
GetFullPathNameA
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetLastError
GetStdHandle
GetStringTypeA

ws2_32

WSACreateEvent
WSACloseEvent
WSACleanup
WSARecv
WSAWaitForMultipleEvents
WSAConnect
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSAResetEvent

Exports

Exports

DeleteReport
EnswerAPIConnect
EnswerAPIConnectArg
EnswerAPIConnectArg2
EnswerAPIDelete
EnswerAPIDisconnect
EnswerAPIDownloadCheck
EnswerAPIDownloadCheckByKey
EnswerAPIGetErrorString
EnswerAPIGetHash
EnswerAPIGetLastError
EnswerAPIGetUnitedHash
EnswerAPIInit
EnswerAPINew
EnswerAPISetEnv
EnswerAPISetEnv2
EnswerAPISetLastError
EnswerAPIStopUploadCheck
EnswerAPIUploadCheck
EnswerAPIUploadCheck_NoHashCheck
NewReport

Sections

.text
Size: 472KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stabstr
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nat.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_AddServer
_DownloadCompleteFile
_ExistFile
_GetCurrentFileSize
_GetHttpPage
_GetTraffic
_Init
_ReceiveSize
_SetDownloadSpeed
_SetFileServerPeerCount
_Speed
_StartDownload
_StartDownload2
_Status
_StopDownload
_UnInit

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 510KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
unrar.dll
.dll windows:4 windows x86 arch:x86

244d2f9772f4886a651db44514a2a29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ver.ini

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 17KB

9b68613a5e971847239d13cbe3624e1e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

urlmon

wininet

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 28KB - Virtual size: 26KB

d9a279ec53b4dee8dc3e8230805d5bd2

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

nat

wininet

Sections

.text Size: 352KB - Virtual size: 348KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

6713dd19d4d94d8b86aaaaff40985e80

Headers

File Characteristics

PDB Paths

Imports

unrar

kernel32

user32

gdi32

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 352KB - Virtual size: 348KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.text
Size: 252KB - Virtual size: 250KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 472KB - Virtual size: 468KB

.rdata
Size: 1.8MB - Virtual size: 1.7MB

.data
Size: 12KB - Virtual size: 20KB

.stab
Size: 172KB - Virtual size: 170KB

.stabstr
Size: 468KB - Virtual size: 465KB

.rsrc
Size: 10.8MB - Virtual size: 10.8MB

.reloc
Size: 64KB - Virtual size: 62KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 510KB - Virtual size: 512KB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.itext
Size: 5KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 20KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 13KB - Virtual size: 13KB