8a7a0f7ca9ef1b4e0c8a181011dd71cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a7a0f7ca9ef1b4e0c8a181011dd71cd_JaffaCakes118
Size

3.5MB
MD5

8a7a0f7ca9ef1b4e0c8a181011dd71cd
SHA1

dd8985889ded8da9dfe4dd95a95917b8e1c54317
SHA256

1504cb4e2f657807a462803fca391fe2a36205000efb753e678f6a7c4c87c80e
SHA512

9560679f42cae6a22c518c85fd16855e4b05cac7b2ae35834314b2fb8f7d06a4751a94b335a5732bd85d2ab8e6a8b225f2f7571f0011eb28e6e75d1ef56b91ae
SSDEEP

98304:7z1mOIS2ndEyx1NOmq2/GYe4JN7FriVYM/hC:hIS2ndVx1Ns+JrGVYM/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CyboQQ/Config.exe
unpack001/CyboQQ/CyboQQ.exe
unpack001/CyboQQ/Cyboma.dll
unpack001/CyboQQ/JiPai.exe
unpack001/CyboQQ/SonicUI.dll

Files

8a7a0f7ca9ef1b4e0c8a181011dd71cd_JaffaCakes118
.rar
CyboQQ/Config.exe
.exe windows:4 windows x86 arch:x86

440388a662bf07019b47887a692abc08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Program\Soho\CybomaQQ\Config\Release\Config.pdb

Imports

kernel32

GetProcAddress
GetCommandLineA
LoadLibraryA
GetLastError
CreateMutexA
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
ExitProcess
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetVersionExA
HeapAlloc
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
InterlockedExchange
VirtualQuery
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection

user32

LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterClassExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
EndPaint
PostQuitMessage
EndDialog
LoadCursorA

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CyboQQ/CyboQQ.exe
.exe windows:4 windows x86 arch:x86

d7d0c21e964b277d8b9fb8e74a6b8828

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Program\Soho\CybomaQQ\CybomaQQ\Release\CybomaQQ.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize

user32

LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
EndPaint
PostQuitMessage
EndDialog
CreateWindowExA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CyboQQ/Cyboma.dll
.dll windows:4 windows x86 arch:x86

39ce23114d357cda4e91b28c47e2a22c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Program\Soho\CybomaQQ\Cyboma\Release\Cyboma.pdb

Imports

kernel32

GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
WideCharToMultiByte
CreateThread
CloseHandle
ReleaseMutex
WritePrivateProfileStringA
GetPrivateProfileIntA
WaitForSingleObject
CreateMutexA
CopyFileA
CreateEventA
lstrcpynA
SetEvent
Sleep
GetCurrentThreadId
DisableThreadLibraryCalls
SetEnvironmentVariableA
OpenFileMappingA
lstrcmpiW
lstrlenW
lstrcatA
CreateProcessA
lstrcmpiA
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
HeapAlloc
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetLastError
CompareStringW
CompareStringA
GetCommandLineA
LCMapStringW
HeapFree
MulDiv
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryExA
IsDBCSLeadByte
SetProcessWorkingSetSize
VirtualFree
TerminateThread
VirtualQuery
ReadProcessMemory
VirtualAlloc
OpenProcess
WriteProcessMemory
VirtualProtect
InterlockedCompareExchange
LocalFree
FormatMessageA
TlsAlloc
OutputDebugStringA
FormatMessageW
CreateDirectoryA
TlsGetValue
FindFirstFileA
ReadFile
GetEnvironmentVariableA
DuplicateHandle
SleepEx
ExitThread
lstrcpynW
CreateSemaphoreA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
LCMapStringA
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
GetFullPathNameA
WriteFile
IsBadWritePtr
HeapCreate
TerminateProcess
SetUnhandledExceptionFilter
TlsFree
GetCurrentThread
ExitProcess
IsBadReadPtr
GetSystemInfo
GetSystemTimeAsFileTime
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
SetLastError
SetFilePointer
SetEndOfFile
DebugSetProcessKillOnExit
WaitForDebugEvent
ContinueDebugEvent
OpenThread
GetThreadContext
SuspendThread
DebugActiveProcessStop
VirtualQueryEx
VirtualProtectEx
LoadLibraryA
GetProcAddress
FindNextFileA
FindClose
SetFileAttributesA
DeleteFileA
MoveFileExA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
lstrcpyW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GlobalAlloc
GlobalLock
GlobalFree
lstrcpyA
TryEnterCriticalSection
GlobalUnlock
GetPrivateProfileStringA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
TlsSetValue
lstrcmpA

user32

ReleaseCapture
PostThreadMessageA
PtInRect
DrawTextA
ClientToScreen
wsprintfA
InvalidateRgn
SetCapture
CreateAcceleratorTableA
CharNextA
RedrawWindow
FillRect
IsChild
UnregisterHotKey
EnumWindows
ShowWindow
IsWindow
RegisterHotKey
GetClassNameA
GetWindowThreadProcessId
GetWindowLongA
IsWindowVisible
UnregisterClassA
SubtractRect
GetSystemMetrics
GetWindowRect
FindWindowA
ReleaseDC
CloseClipboard
GetFocus
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthA
RegisterWindowMessageA
GetClassInfoExA
KillTimer
SetTimer
GetKeyState
CopyRect
GetMessagePos
GetWindow
SystemParametersInfoA
MapWindowPoints
GetWindowTextA
SetMenuItemInfoA
CreateDialogParamA
DefWindowProcA
TrackMouseEvent
LoadCursorA
RegisterClassExA
CreateWindowExA
MessageBoxA
FindWindowExA
GetDlgCtrlID
SendInput
CallWindowProcA
RemovePropA
SetWindowLongA
GetPropA
GetParent
DestroyWindow
GetDlgItem
UpdateWindow
ScreenToClient
MoveWindow
SetWindowPos
PostMessageA
SetClipboardData
GetDC
SetForegroundWindow
PostQuitMessage
IsIconic
SendMessageA
SetActiveWindow
SetPropA
GetDesktopWindow
SetRect
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowsHookExA
CallNextHookEx
EqualRect
GetActiveWindow
MessageBeep
DialogBoxParamA
EndPaint
BeginPaint
LoadImageA
DrawIconEx
GetClientRect
DestroyIcon
EndDialog
EmptyClipboard
OpenClipboard
InvalidateRect
TrackPopupMenu
SetWindowTextA
EnableWindow
OffsetRect
SetFocus
LoadMenuA
GetSubMenu
GetCursorPos

gdi32

ExtTextOutA
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
GetPixel
BitBlt
CreateSolidBrush
GetDeviceCaps
GetObjectA
GetStockObject
SetTextColor
CreateFontIndirectA
SetBkColor

comdlg32

GetOpenFileNameA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
Shell_NotifyIconW
ord92

ole32

CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CoTaskMemAlloc
StgOpenStorage
StgCreateDocfile
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromGUID2

oleaut32

SysReAllocStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
VariantClear
SysAllocString
VariantInit
SysAllocStringLen
SysStringLen
SysStringByteLen

shlwapi

PathAddBackslashA
StrStrIW
PathUnquoteSpacesA
PathRemoveFileSpecA
PathFileExistsA
PathIsDirectoryA
PathAppendA
StrCpyNW
StrCatW
StrStrIA

wininet

InternetSetStatusCallback
HttpAddRequestHeadersA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetWriteFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
HttpEndRequestA
HttpSendRequestExA

iphlpapi

SendARP

psapi

GetModuleInformation

ws2_32

ntohl
ntohs
gethostname
getpeername
socket
htons
gethostbyname
sendto
closesocket
send
inet_ntoa
htonl
inet_addr
getsockname
WSASend
connect
select
WSAGetLastError
setsockopt
recvfrom
WSACleanup
WSAIoctl
WSAStartup
ioctlsocket

dbghelp

ImageDirectoryEntryToData

wintrust

WinVerifyTrust

rpcrt4

RpcStringFreeA
UuidToStringA

Exports

Exports

DoConfig
IsCyboRunning
LoadQQ
ReportData

Sections

.text
Size: 824KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CyboQQ/IP.dat
CyboQQ/Images/41.gif
CyboQQ/Images/48.gif
CyboQQ/JiPai.exe
.exe windows:4 windows x86 arch:x86

62a76024121a897b1a6724ece7a3609b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
MultiByteToWideChar
lstrlenW
CompareStringA
CompareStringW
IsBadReadPtr
GetProcAddress
GetModuleHandleA
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
IsBadCodePtr
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
LocalFree
FormatMessageA
TlsAlloc
OutputDebugStringA
FormatMessageW
TlsSetValue
TlsGetValue
TryEnterCriticalSection
ReleaseMutex
LoadLibraryA
ReadFile
VirtualQuery
ExitThread
GetCurrentProcessId
lstrcpynA
VirtualAlloc
CreateSemaphoreA
lstrcpynW
TlsFree
VirtualFree
VirtualProtect
GetTickCount
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ReadProcessMemory
GetTempPathA
CreateThread
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrlenA
GetModuleFileNameA
CopyFileA
lstrcmpiA
lstrcmpA
CreateProcessA
CreateMutexA
GetLastError
GetCurrentThreadId
VirtualQueryEx
VirtualProtectEx
WriteProcessMemory
OpenThread
TerminateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
FlushFileBuffers
SetFilePointer
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
WriteFile
TerminateProcess
IsBadWritePtr
HeapCreate
SetUnhandledExceptionFilter
SetLastError
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
QueryPerformanceCounter
SetFileAttributesA
HeapAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
FreeResource
CreateEventA
CreateDirectoryA
MoveFileExA
DeleteFileA
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
SetEvent
CloseHandle
GetProcessHeap
HeapFree
Sleep
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetCommandLineA
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetACP
WaitForSingleObject

user32

SetWindowPos
GetWindowRect
BeginPaint
EndPaint
InvalidateRect
SetTimer
PostMessageA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
CreateDialogParamA
KillTimer
ShowWindow
SetWindowLongA
GetClassInfoExA
SystemParametersInfoA
MapWindowPoints
GetDlgItem
EnableWindow
IsWindow
SubtractRect
FindWindowExA
GetDesktopWindow
PostQuitMessage
SetRect
OffsetRect
GetLayeredWindowAttributes
GetWindowLongA
DefWindowProcA
GetCursorPos
SetCapture
ReleaseCapture
CopyRect
GetWindow
GetParent
DestroyWindow
SendMessageA
GetClientRect
UnregisterClassA
IntersectRect
IsWindowEnabled
FillRect
wsprintfA
GetWindowTextA
SetWindowTextA
MonitorFromWindow
GetMonitorInfoA
GetClassNameA
ValidateRect
MoveWindow
WindowFromPoint
SetLayeredWindowAttributes
GetActiveWindow
UpdateLayeredWindow
SetPropA
GetPropA
RemovePropA
IsWindowVisible
GetDC
ReleaseDC
WindowFromDC
ScreenToClient
PtInRect
GetClassLongA
CreateWindowExA
RegisterClassExA
TrackMouseEvent
LoadCursorA
SetClassLongA
CallWindowProcA
ClientToScreen
SetWindowRgn

gdi32

Rectangle
CreateSolidBrush
CreateRectRgn
CombineRgn
StretchBlt
GetCurrentObject
GetObjectA
SetDIBitsToDevice
CreateCompatibleDC
CreateDIBSection
DeleteDC
GetTextExtentExPointA
GetBkMode
SetTextColor
SetBkMode
TextOutA
CreateFontIndirectA
BitBlt
GetClipBox
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
SetBkColor
ExtTextOutA
GetDIBits
RealizePalette
RestoreDC
SetStretchBltMode
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
GetTextExtentPoint32A

advapi32

RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHCreateDirectoryExA
ord92

ole32

StgCreateDocfile
StgOpenStorage
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
OleLoadPicture

shlwapi

StrCpyNW
PathStripPathA
PathIsDirectoryA
PathAppendA
PathFileExistsA
StrStrIA
StrCatW
PathRemoveFileSpecA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetSetStatusCallback
InternetSetOptionA
InternetOpenA
InternetWriteFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
HttpEndRequestA
HttpSendRequestExA
HttpAddRequestHeadersA

psapi

EnumProcessModules
GetModuleFileNameExA

msimg32

TransparentBlt
AlphaBlend

winmm

timeSetEvent
timeKillEvent

comctl32

InitCommonControlsEx

wintrust

WinVerifyTrust

ws2_32

closesocket
sendto
gethostbyname
htons
ioctlsocket
socket
WSAStartup
inet_addr
WSAGetLastError
setsockopt
recvfrom
WSACleanup

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
GetSonicUI

Sections

.text
Size: 720KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CyboQQ/SonicUI.dll
.dll windows:4 windows x86 arch:x86

528792dde82c726426435bdb02dbde35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Program\Soho\SonicUI_src\SonicUI\Release\SonicUI.pdb

Imports

kernel32

VirtualQueryEx
VirtualProtectEx
GetACP
SetEnvironmentVariableA
SetEndOfFile
LoadLibraryA
SetStdHandle
CreateFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
IsBadWritePtr
VirtualFree
HeapCreate
LCMapStringW
CompareStringW
CompareStringA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
IsBadReadPtr
lstrlenA
lstrcpyA
lstrcmpiA
WideCharToMultiByte
FreeResource
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
IsBadCodePtr
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
TlsAlloc
SetUnhandledExceptionFilter
LCMapStringA
GetStringTypeW
ExitProcess
GetCommandLineA
GetStringTypeA
GetCPInfo
GetOEMCP
WriteProcessMemory
GlobalAlloc
FlushFileBuffers
GetStartupInfoA
GetFileType
GetStdHandle
GetCurrentThreadId
VirtualQuery
GetSystemInfo
SetHandleCount
SetFilePointer
WriteFile
ReadFile
CloseHandle
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
VirtualProtect
VirtualAlloc

user32

CreateWindowExA
DestroyWindow
PtInRect
CopyRect
PostMessageA
SetWindowPos
GetDC
GetDesktopWindow
OffsetRect
IntersectRect
GetClientRect
SendMessageA
SetRect
ReleaseDC
WindowFromDC
ValidateRect
MoveWindow
WindowFromPoint
SetLayeredWindowAttributes
GetActiveWindow
ShowWindow
UpdateLayeredWindow
BeginPaint
EndPaint
IsWindowVisible
GetParent
SetTimer
RegisterClassExA
TrackMouseEvent
LoadCursorA
ClientToScreen
GetCursorPos
GetLayeredWindowAttributes
IsWindow
ReleaseCapture
SetCapture
IsWindowEnabled
FillRect
GetWindow
GetWindowRect
ScreenToClient
SetPropA
SetWindowRgn
GetWindowLongA
GetClassLongA
SetClassLongA
SetWindowLongA
GetWindowTextA
SetWindowTextA
MonitorFromWindow
GetMonitorInfoA
InvalidateRect
GetClassNameA
GetPropA
DefWindowProcA
RemovePropA
CallWindowProcA

gdi32

GetTextExtentExPointA
GetTextExtentPoint32A
GetBkMode
MoveToEx
LineTo
TextOutA
CreateFontIndirectA
CreatePen
Rectangle
CreateSolidBrush
SetBkMode
SetTextColor
CreateRectRgn
CombineRgn
StretchBlt
GetCurrentObject
GetObjectA
SetDIBitsToDevice
SetBkColor
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetClipBox
GetDIBits
SaveDC
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
RestoreDC
RealizePalette

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHCreateDirectoryExA
ShellExecuteA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

shlwapi

StrStrIA
PathFileExistsA

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

msimg32

TransparentBlt
AlphaBlend

winmm

timeSetEvent
timeKillEvent

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
GetSonicUI

Sections

.text
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CyboQQ/Version.ini
CyboQQ/mar

Sharing

General

Malware Config

Signatures

Files

440388a662bf07019b47887a692abc08

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 33KB

d7d0c21e964b277d8b9fb8e74a6b8828

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 20KB - Virtual size: 17KB

39ce23114d357cda4e91b28c47e2a22c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

iphlpapi

psapi

ws2_32

dbghelp

wintrust

rpcrt4

Exports

Exports

Sections

.text Size: 824KB - Virtual size: 820KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 20KB - Virtual size: 156KB

.rsrc Size: 180KB - Virtual size: 176KB

.reloc Size: 52KB - Virtual size: 48KB

62a76024121a897b1a6724ece7a3609b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wininet

psapi

msimg32

winmm

comctl32

wintrust

ws2_32

Exports

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 33KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 20KB - Virtual size: 17KB

.text
Size: 824KB - Virtual size: 820KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 20KB - Virtual size: 156KB

.rsrc
Size: 180KB - Virtual size: 176KB

.reloc
Size: 52KB - Virtual size: 48KB

.text
Size: 720KB - Virtual size: 718KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 72KB - Virtual size: 68KB

.text
Size: 416KB - Virtual size: 412KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 24KB - Virtual size: 22KB