a51cc8972e7a87ac965560515aaa24db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a51cc8972e7a87ac965560515aaa24db_JaffaCakes118
Size

2.9MB
MD5

a51cc8972e7a87ac965560515aaa24db
SHA1

f83be7d26ee4a1eb6f495195f6267df9d6cbacbe
SHA256

d02646e3f1155e8f3e067bdba2a5d247ca359bf6ad2f36fb594b0ec6c8dbca1c
SHA512

d20f74f6e6ba21e547e30d85dae1415cfeaea5b4746738b5bbb5370cb0e55f94b82a3de79d7c5f78bbe8e5c4cbeb417f5d1098193c0b57c49dc3382f4feb07b3
SSDEEP

49152:EAarg4Br4RndRbwyMf103SDZSPRR5Tcf4CJbZbOAbn0r+TJXELfr9c0p4Jm6FbSy:ENghZMN0fPf1cBhhbn06TYRjG46Vz

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
a51cc8972e7a87ac965560515aaa24db_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/bass.dll
unpack001/cpss.exe
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

a51cc8972e7a87ac965560515aaa24db_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_CDDoor
BASS_CDFree
BASS_CDGetID
BASS_CDGetTrackLength
BASS_CDGetTracks
BASS_CDInDrive
BASS_CDInit
BASS_CDPlay
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetEAXMix
BASS_ChannelGetFlags
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelResume
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetDSoundObject
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetGlobalVolumes
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetChannelVol
BASS_MusicGetLength
BASS_MusicGetName
BASS_MusicLoad
BASS_MusicPlay
BASS_MusicPlayEx
BASS_MusicPreBuf
BASS_MusicSetAmplify
BASS_MusicSetChannelVol
BASS_MusicSetPanSep
BASS_MusicSetPositionScaler
BASS_Pause
BASS_RecordFree
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SamplePlay
BASS_SamplePlay3D
BASS_SamplePlay3DEx
BASS_SamplePlayEx
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DAlgorithm
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetBufferLength
BASS_SetCLSID
BASS_SetEAXParameters
BASS_SetGlobalVolumes
BASS_SetLogCurves
BASS_SetNetConfig
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetLength
BASS_StreamGetTags
BASS_StreamPlay
BASS_StreamPreBuf
BASS_Update
_

Sections

Size: 95KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cpss.exe
.exe windows:4 windows x86 arch:x86

a450b803697c7a297f04a9e5f997691c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

tcskin

ord2
?skinppSetDialogEraseBkgnd@@YAXPAUHWND__@@H@Z
?skinppGetBitmapRes@@YAPAUHBITMAP__@@PBD@Z
ord12
ord5
ord3
ord39

mfc42

ord4133
ord4297
ord5788
ord472
ord283
ord3742
ord3610
ord656
ord809
ord818
ord556
ord1270
ord1232
ord4275
ord3693
ord755
ord3138
ord5785
ord3797
ord470
ord2379
ord2393
ord1088
ord2431
ord3807
ord2122
ord6178
ord924
ord2859
ord4284
ord5981
ord2089
ord686
ord384
ord6654
ord2096
ord3573
ord4476
ord1175
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord617
ord5301
ord5214
ord296
ord986
ord520
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord642
ord327
ord2087
ord6197
ord6379
ord2086
ord3481
ord3916
ord2252
ord2652
ord1669
ord518
ord785
ord3337
ord3811
ord1200
ord2575
ord4396
ord3574
ord609
ord3301
ord2841
ord2107
ord922
ord4278
ord397
ord699
ord3438
ord5593
ord4188
ord912
ord1979
ord6385
ord5442
ord665
ord5186
ord354
ord610
ord287
ord6139
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6835
ord6817
ord6614
ord6691
ord3721
ord6880
ord795
ord6241
ord6453
ord6597
ord6808
ord6478
ord6514
ord6800
ord465
ord466
ord2241
ord1238
ord1601
ord326
ord6358
ord5572
ord926
ord3692
ord341
ord654
ord5791
ord6140
ord5053
ord613
ord289
ord4160
ord6438
ord3708
ord781
ord6662
ord4277
ord6663
ord4132
ord6136
ord6134
ord3061
ord3283
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord2380
ord2259
ord4836
ord4440
ord3720
ord527
ord794
ord4264
ord4541
ord2567
ord1234
ord4083
ord1928
ord3779
ord1099
ord1574
ord772
ord3701
ord500
ord4220
ord2584
ord3654
ord2438
ord6142
ord2863
ord5606
ord2763
ord5683
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord2408
ord5860
ord3986
ord807
ord2920
ord2012
ord4163
ord2120
ord554
ord1644
ord940
ord5787
ord2764
ord536
ord2452
ord2753
ord1195
ord2582
ord4402
ord3370
ord3640
ord693
ord4243
ord6905
ord3286
ord6696
ord3293
ord1269
ord4400
ord3630
ord682
ord2450
ord5786
ord1841
ord4241
ord3401
ord815
ord561
ord1247
ord2621
ord1134
ord2725
ord1106
ord2080
ord2078
ord3873
ord3771
ord6131
ord6216
ord2152
ord1233
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1945
ord4273
ord4341
ord4349
ord4723
ord4890
ord4964
ord4961
ord1726
ord560
ord813
ord2100
ord2862
ord6270
ord6907
ord6007
ord3998
ord2448
ord2044
ord5834
ord690
ord1988
ord5207
ord389
ord1842
ord4467
ord366
ord674
ord4242
ord975
ord5252
ord4457
ord4413
ord4499
ord4508
ord1948
ord5303
ord4699
ord5715
ord817
ord565
ord2726
ord4226
ord1138
ord4123
ord1576
ord1158
ord5037
ord6157
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord5710
ord356
ord6283
ord6282
ord2029
ord4919
ord5478
ord5796
ord278
ord605
ord3570
ord966
ord4975
ord4863
ord4335
ord4411
ord2031
ord5481
ord5810
ord3706
ord6394
ord5450
ord6383
ord5440
ord2614
ord939
ord3089
ord2864
ord2915
ord6648
ord567
ord616
ord3582
ord4424
ord3402
ord5290
ord4398
ord6055
ord2578
ord4218
ord2023
ord2411
ord1146
ord4853
ord2645
ord5280
ord4710
ord6199
ord2642
ord6215
ord3092
ord3874
ord535
ord4234
ord641
ord324
ord3597
ord4425
ord2124
ord5261
ord1727
ord3749
ord5241
ord1775
ord6052
ord2514
ord4998
ord4376
ord5265
ord784
ord2754
ord1640
ord1168
ord5875
ord5789
ord6172
ord941
ord4129
ord858
ord2818
ord2405
ord537
ord2860
ord1641
ord4456
ord4299
ord2302
ord2414
ord3626
ord3663
ord825
ord364
ord323
ord800
ord540
ord860
ord640
ord4432
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259

msvcrt

srand
rand
sprintf
fscanf
fgets
getc
fputc
fflush
ftell
fseek
fwrite
fread
fclose
_purecall
__CxxFrameHandler
_itoa
_ultoa
_setmbcp
__p__fmode
__set_app_type
_controlfp
memmove
time
atoi
_mbscmp
_ftol
fopen
wcslen
strncpy
_splitpath
sscanf
strstr
ceil
vsprintf
fprintf
localtime
_beginthreadex
free
_close
_read
_lseeki64
_sopen
_mbsnbcpy
_mbsnbicmp
malloc
wcscpy
strtol
atof
sin
cos
sqrt
fabs
_stricmp
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_except_handler3
exit
_iob
getenv
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

kernel32

GetProcAddress
GetVersionExA
InterlockedExchange
Sleep
GetPrivateProfileIntA
lstrcpyA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrlenA
GetTickCount
GetStartupInfoA
FindClose
FindFirstFileA
GetModuleHandleA
LocalFree
FormatMessageA
lstrcatA
lstrcpynA
lstrcmpiA
InterlockedDecrement
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
WaitForMultipleObjects
GetLastError
ResetEvent
FreeLibrary
LoadLibraryA
ResumeThread
CreateThread
SizeofResource
LockResource
LoadResource
FindResourceA
GetWindowsDirectoryA
GetVersion
lstrlenW
GetCPInfo
TerminateThread
CreateProcessA
ReadFile
CreateDirectoryA
SetFilePointer
CreateFileA
lstrcmpA
FindNextFileA
GetCommandLineA
SetEndOfFile
WriteFile
DeleteFileA
GetFileSize
GetShortPathNameA
ExitProcess
GetCurrentDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA

user32

TabbedTextOutA
RemoveMenu
GetSysColorBrush
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
InsertMenuA
AppendMenuA
DrawTextA
DrawIconEx
DrawEdge
GetMenuItemInfoA
BeginDeferWindowPos
EndDeferWindowPos
EqualRect
GetIconInfo
GrayStringA
DrawStateA
FrameRect
DrawFocusRect
GetSubMenu
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyMenu
GetClassInfoA
GetSystemMenu
IsWindowVisible
FillRect
InflateRect
SetWindowLongA
RedrawWindow
CopyRect
GetDesktopWindow
SendMessageTimeoutA
GetCursorPos
ScreenToClient
GetWindowDC
CheckMenuItem
SetMenu
CreateIconIndirect
SystemParametersInfoA
IsWindow
UnregisterClassA
RegisterClassA
DestroyWindow
PostThreadMessageA
CreateWindowExA
GetForegroundWindow
EnableMenuItem
SetCursorPos
IntersectRect
PeekMessageA
MsgWaitForMultipleObjects
InvalidateRect
GetWindowRect
SetTimer
UnionRect
LoadCursorFromFileA
GetSystemMetrics
MessageBoxA
SetWindowPos
UpdateWindow
SetForegroundWindow
LoadIconA
TranslateMessage
GetMessageA
DispatchMessageA
CopyIcon
GetDC
ReleaseDC
DefWindowProcA
GetCursor
DrawFrameControl
OffsetRect
SetRectEmpty
SetRect
SetCapture
GetKeyState
SetCursor
PtInRect
LoadCursorA
GetSysColor
GetFocus
IsChild
GetParent
LoadImageA
ReleaseCapture
PostMessageA
SendMessageA
EnableWindow
KillTimer
GetClientRect
LoadBitmapA
PostQuitMessage
DestroyCursor

gdi32

CreateFontA
SetBitmapBits
GetBitmapBits
GetCurrentObject
SetGraphicsMode
SetBrushOrgEx
CreateRectRgnIndirect
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
CreateDIBSection
Ellipse
GetTextExtentPoint32W
CreateSolidBrush
CreatePen
GetBkMode
SetPixel
SetBkColor
SetTextColor
CreatePalette
RealizePalette
GetDeviceCaps
DeleteDC
PtInRegion
GetPixel
CreateCompatibleBitmap
Rectangle
PlgBlt
BitBlt
DeleteObject
CreateBitmap
FillRgn
CreatePolygonRgn
CreateCompatibleDC
SelectObject
GetTextExtentPoint32A
StretchBlt
GetStockObject
GetObjectA
CreateFontIndirectA
GetDIBits

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_Remove
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetIconSize

ole32

OleCreateStaticFromData
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleDuplicateData
ReleaseStgMedium
OleSetContainedObject

oleaut32

VariantClear
SysFreeString

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_7out_of_range@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1out_of_range@std@@UAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ

wsock32

getsockopt
ntohs
getpeername
ioctlsocket
gethostbyname
htons
WSASetLastError
send
WSAGetLastError
recv
WSAAsyncSelect
connect
select
bind
socket
closesocket
listen

rpcrt4

UuidCreate

winmm

mciSendStringA
PlaySoundA
sndPlaySoundA

iphlpapi

GetAdaptersInfo

zlib1

deflateEnd
deflate
deflateInit_
inflateEnd
inflate
uncompress
inflateInit_

msvcirt

?openprot@filebuf@@2HB
??0ifstream@@QAE@PBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock
??_Difstream@@QAEXXZ

cximagecrt

?PutC@CxMemFile@@UAE_NE@Z
?Error@CxMemFile@@UAEJXZ
?Eof@CxMemFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Size@CxMemFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Seek@CxMemFile@@UAE_NJH@Z
?Write@CxMemFile@@UAEIPBXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Close@CxMemFile@@UAE_NXZ
??0CxMemFile@@QAE@PAEK@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@ABV0@_N11@Z
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?AlphaGet@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetFrameDelay@CxImage@@QBEKXZ
?Copy@CxImage@@QAEXABV1@_N11@Z
?GetFrame@CxImage@@QBEPAV1@J@Z
?GetC@CxMemFile@@UAEJXZ
?SetFrame@CxImage@@QAEXJ@Z
?SetRetreiveAllFrames@CxImage@@QAEX_N@Z
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?GetTransIndex@CxImage@@QBEJXZ
?SetTransIndex@CxImage@@QAEXJ@Z
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetHeight@CxImage@@QBEKXZ
?GetWidth@CxImage@@QBEKXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?IsTransparent@CxImage@@QBE_NXZ
??0CxImage@@QAE@PAEKK@Z
?DestroyFrames@CxImage@@QAE_NXZ
?Destroy@CxImage@@QAE_NXZ
??1CxMemFile@@UAE@XZ
?GetS@CxMemFile@@UAEPADPADH@Z
?Decode@CxImage@@QAE_NPAEKK@Z
?Scanf@CxMemFile@@UAEJPBDPAX@Z

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z

Sections

.text
Size: 584KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cpss.ini
skins/common/148 126.pps
skins/common/174 32.pps
skins/common/180 126.pps
skins/common/192 32.pps
skins/common/32 126.pps
skins/common/64 126.pps
skins/common/96 126.pps
skins/common/pal.quad
skins/common/partical.png
.png
skins/common/shinynova.pps
skins/common/Ư.pps
skins/common/ƯЧ.pps
skins/common/Ư.pps
skins/common/ͬ1.pps
skins/common/ͬ2.pps
skins/common/ͬ3.pps
skins/common/ͬ4.pps
skins/common/ͬ5.pps
skins/common/ͬ6.pps
skins/common/ͬ7.pps
skins/common/͵.pps
skins/common/͵Ч.pps
skins/common/ָ.pps
skins/common/ץ.ani
skins/common/ץ.pps
skins/common/ׯ.pps
skins/common/׼.pps
skins/common/.pps
skins/common/Ч.pps
skins/common/.pps
skins/common/׼.ani
skins/common/豭.pps
skins/common/Ư.pps
skins/common/ƯЧ.pps
skins/common/ƴ.pps
skins/common/.pps
skins/common/.pps
skins/common/.pps
skins/common/.pps
skins/common/Ч.pps
skins/common/.ani
skins/common/.pps
skins/common/.pps
skins/common/.ani
skins/common/ʮLOGO.pps
skins/common/.pps
skins/common/.ani
skins/common/.pps
skins/common/.pps
skins/common/Ч.pps
skins/common/.pps
skins/common/.pps
skins/common/Ч.pps
skins/common/.pps
skins/common/ֻ.pps
skins/common/.pps
skins/common/.pps
skins/common/Ӻ2.pps
skins/common/2.pps
skins/common/ͼ.pps
skins/common/ȷ.pps
skins/common/㱨.pps
skins/common/Ư.pps
skins/common/.pps
skins/common/ʼ.pps
skins/common/.ani
skins/common/ɫ.pps
skins/common/.pps
skins/common/Ʊ.pps
skins/common/.pps
skins/common/.pps
skins/common/.pps
skins/common/Ч.pps
skins/common/ѡҪ͵.pps
skins/common/.pps
skins/common/ȴׯҳ.pps
skins/common/ȴҲ.pps
skins/common/.pps
skins/common/й.pps
.ps1
skins/common/й.pps
skins/common/.pps
skins/common/.pps
skins/skin1/Checkbox.bmp
skins/skin1/CloseButton.bmp
skins/skin1/CloseButtonInactive.bmp
skins/skin1/ComboButton.bmp
skins/skin1/DlgBarBK.bmp
skins/skin1/ExtraImages.bmp
skins/skin1/GroupBox.bmp
skins/skin1/Headerbar.bmp
skins/skin1/Hover.wav
skins/skin1/PushButton.bmp
skins/skin1/Scroll_BtnHorz.bmp
skins/skin1/Scroll_BtnVert.bmp
skins/skin1/Scroll_Buttons.bmp
skins/skin1/Scroll_Horz.bmp
skins/skin1/Scroll_Vert.bmp
skins/skin1/SplitterHorBK.bmp
skins/skin1/SplitterVerBK.bmp
skins/skin1/SunkEdge.bmp
skins/skin1/commdlgbk.bmp
skins/skin1/exit.bmp
skins/skin1/frame_Bottom.bmp
skins/skin1/frame_Left.bmp
skins/skin1/frame_Top.bmp
skins/skin1/frame_right.bmp
skins/skin1/game_bottom.bmp
skins/skin1/game_close.bmp
skins/skin1/game_left.bmp
skins/skin1/game_max.bmp
skins/skin1/game_min.bmp
skins/skin1/game_rest.bmp
skins/skin1/game_right.bmp
skins/skin1/game_skin.bmp
skins/skin1/game_top.bmp
skins/skin1/help.bmp
skins/skin1/jubao.bmp
skins/skin1/operate2bk.bmp
skins/skin1/radio.bmp
skins/skin1/rule.bmp
skins/skin1/setup.bmp
skins/skin1/skin.ini
sound/00/.wav
sound/00/.wav
sound/00/.wav
sound/00/.wav
sound/00/.wav
sound/01/.wav
sound/01/.wav
sound/01/.wav
sound/01/.wav
sound/01/.wav
sound/common/shinynova.mp3
sound/common/͵.wav
sound/common/ϴ.wav
sound/common/ץ.wav
sound/common/.wav
sound/common/.wav
sound/common/.wav
sound/common/.wav
sound/common/.wav
sound/common/.wav
sound/common/Ӵ.wav
sound/common/.wav
sound/common/ʼϷ.wav
sound/common/.wav
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 3.6MB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 95KB - Virtual size: 336KB

Size: 4KB - Virtual size: 3KB

a450b803697c7a297f04a9e5f997691c

Headers

File Characteristics

Imports

tcskin

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

wsock32

rpcrt4

winmm

iphlpapi

zlib1

msvcirt

cximagecrt

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 580KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 16KB - Virtual size: 81KB

.rsrc Size: 228KB - Virtual size: 225KB

7fa974366048f9c551ef45714595665e

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 584KB - Virtual size: 580KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 16KB - Virtual size: 81KB

.rsrc
Size: 228KB - Virtual size: 225KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB