a72e52a9a8282e02502981d33a9501fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a72e52a9a8282e02502981d33a9501fc_JaffaCakes118
Size

8.4MB
MD5

a72e52a9a8282e02502981d33a9501fc
SHA1

50e3b5e20aedebf21bc15d7e77e6998f8eb9a420
SHA256

2903bdf0bb6f80924d6ccc0c183c1e9bc9d2f70d11e8fe8a556f84699d557c73
SHA512

75d9c1f8332db495809861c68c09c0d82aacc81b48b816a4c2c4385496f06f247df0de6726d54407feb3b59858ab62730ae015658b2068d98458bfd686cb6907
SSDEEP

196608:U/5J/fENJK0kwtSf77Gmx2f45nVFtB4V2GrIP+PLtEkneCmzb+n:U/5dCcf7S41GrFPL65C3n

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/sqbhsj20090215-U/sinstar2/UninstIME.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sqbhsj20090215-U/FindCaller.exe
unpack001/sqbhsj20090215-U/register.exe
unpack001/sqbhsj20090215-U/server/isserver.exe
unpack001/sqbhsj20090215-U/sinstar2.ime
unpack001/sqbhsj20090215-U/sinstar2/UninstIME.dll
unpack002/out.upx

Files

a72e52a9a8282e02502981d33a9501fc_JaffaCakes118
.rar
sqbhsj20090215-U/FindCaller.exe
.exe windows:4 windows x86 arch:x86

62a9f331f0cac06aed348e2191a551e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord825
ord641
ord4234
ord4710
ord823
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord5261
ord3738
ord815
ord540
ord561
ord800
ord617
ord693
ord686
ord858
ord5214
ord296
ord6117
ord2621
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord1146
ord1168
ord384
ord567
ord2302
ord5953
ord3522
ord3996
ord2862
ord2096
ord2379
ord755
ord470
ord4224
ord3286
ord6007
ord6907
ord3998
ord6403
ord3098
ord3302
ord6453
ord2408
ord3499
ord2515
ord355
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord4424
ord5265
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
malloc
free
__CxxFrameHandler
sprintf
__dllonexit
_onexit
_exit
_XcptFilter
_setmbcp
calloc
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
OpenProcess
TerminateProcess
Process32First
Process32Next
CloseHandle
Module32Next
lstrcmpiA
CreateToolhelp32Snapshot
Module32First

user32

BringWindowToTop
FlashWindow
IsIconic
GetSystemMetrics
GetClientRect
CreateWindowExA
SetWindowLongA
GetWindowTextA
GetDlgItem
LoadCursorA
CallWindowProcA
KillTimer
PtInRect
GetCursorPos
PostMessageA
SetCursor
FillRect
SetFocus
SetTimer
InvalidateRect
DestroyWindow
EndPaint
BeginPaint
DrawIcon
SendMessageA
LoadIconA
EnumWindows
GetWindowThreadProcessId
GetParent
GetWindowLongA
EnableWindow
GetWindowRect

gdi32

CreatePen
SetBkMode
MoveToEx
LineTo
SetTextColor
GetTextExtentPointA
TextOutA
DeleteObject
SelectObject

shell32

ShellExecuteA
ExtractIconExA

comctl32

ImageList_ReplaceIcon
ImageList_SetImageCount

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqbhsj20090215-U/Ksphonet.ttf
sqbhsj20090215-U/install.bat
sqbhsj20090215-U/register.exe
.exe windows:4 windows x86 arch:x86

fcaff8fb50166af341649ad31b32420b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetSystemTime
WritePrivateProfileStringA
GetPrivateProfileStringA
CopyFileA
CreateProcessA
CloseHandle
GetLastError
CreateMutexA
GetSystemDirectoryA
Sleep
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetPrivateProfileIntA
DeleteFileA
WaitForSingleObject
FindNextFileA
GetModuleFileNameA
LCMapStringW
LCMapStringA
ReadFile
GetStringTypeW
GetStringTypeA
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
SetFilePointer
WriteFile
RtlUnwind
GetFileAttributesA
FindClose
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW

user32

SendMessageA
GetActiveWindow
PostMessageA
DialogBoxParamA
GetDlgItemTextA
EndDialog
SetDlgItemTextA
LoadIconA
MessageBoxA
SystemParametersInfoA
GetWindowRect
SetWindowPos
IsWindow
GetWindowThreadProcessId

imm32

ImmInstallIMEA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqbhsj20090215-U/server/bhmq.cit
sqbhsj20090215-U/server/bhmq.pit
sqbhsj20090215-U/server/blur.ini
sqbhsj20090215-U/server/config.ini
sqbhsj20090215-U/server/default.spl
sqbhsj20090215-U/server/isserver.exe
.exe windows:4 windows x86 arch:x86

c433a63b2e9866edb53245fcfbd0a255

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4243
ord3089
ord6675
ord2379
ord5875
ord3370
ord3361
ord668
ord1980
ord3185
ord2781
ord2770
ord356
ord3996
ord4160
ord6888
ord6907
ord3998
ord3874
ord384
ord686
ord3571
ord3181
ord2862
ord1146
ord2096
ord2408
ord3286
ord924
ord4129
ord1200
ord3302
ord1199
ord6007
ord535
ord2860
ord537
ord3184
ord858
ord3499
ord3177
ord2515
ord355
ord5951
ord656
ord3398
ord3733
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord810
ord3098
ord2652
ord1669
ord4000
ord3303
ord4055
ord1779
ord6905
ord6215
ord3092
ord538
ord283
ord3317
ord1834
ord5067
ord4635
ord4607
ord4716
ord4750
ord4608
ord5016
ord4375
ord4852
ord4834
ord3610
ord4229
ord4287
ord2089
ord6880
ord6197
ord3095
ord5789
ord693
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord5710
ord6663
ord2086
ord2621
ord2725
ord1168
ord2863
ord1105
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord4299
ord2380
ord690
ord1988
ord1567
ord4224
ord798
ord6877
ord1997
ord6392
ord5194
ord533
ord5808
ord268
ord5204
ord3229
ord6059
ord389
ord3337
ord3811
ord1768
ord6380
ord6199
ord6378
ord941
ord5572
ord2915
ord6696
ord3716
ord3719
ord790
ord793
ord2642
ord6111
ord4694
ord3698
ord765
ord4284
ord3910
ord3097
ord665
ord603
ord1979
ord1969
ord5462
ord273
ord353
ord4202
ord5683
ord5442
ord5186
ord354
ord3640
ord4402
ord2582
ord823
ord2859
ord2864
ord470
ord2754
ord1641
ord5788
ord4297
ord4133
ord2414
ord755
ord3663
ord3626
ord3693
ord6453
ord4275
ord795
ord3721
ord5953
ord4710
ord4234
ord2302
ord2370
ord2289
ord825
ord324
ord567
ord540
ord860
ord641
ord616
ord800
ord3582
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4398
ord1776
ord4078
ord6055
ord2578
ord4218
ord2023
ord2411
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord4673
ord5265
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
__CxxFrameHandler
sprintf
_setmbcp
_stricmp
memmove
strncpy
fread
fwrite
free
malloc
realloc
fclose
ftell
fseek
fopen
calloc
fprintf
strncmp
_splitpath
_mbscmp
atoi
_ftol
srand
time
isdigit
sscanf
wcstol
strtol
_atoi64
strstr
fgets
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_controlfp

kernel32

GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
GetLastError
DeleteFileA
GetTempFileNameA
GetModuleHandleA
GetStartupInfoA
CopyFileA
GetFileAttributesA
lstrcmpiA
WaitForSingleObject
lstrcpynA
GetProcAddress
LoadLibraryA
FreeLibrary
GetCommandLineA
GetModuleFileNameA
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetProcessWorkingSetSize
GetCurrentProcess
GetVersionExA
CreateMutexA
CreateFileMappingA
OpenEventA
GetPrivateProfileSectionA
WritePrivateProfileStringA
MultiByteToWideChar
GetLocalTime
FindClose
FindNextFileA
FindFirstFileA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetFileSize
CreateFileA
LoadLibraryW
GetUserDefaultLangID
WideCharToMultiByte

user32

CallWindowProcA
SetWindowLongA
GetWindowLongA
LoadCursorA
SetCursor
ReleaseCapture
SetCapture
RegisterWindowMessageA
KillTimer
LoadMenuA
GetSubMenu
GetCursorPos
PostMessageA
GetSystemMetrics
DrawIcon
SetWindowPos
AppendMenuA
SetTimer
LoadIconA
GetDesktopWindow
IsWindowVisible
IsIconic
SetActiveWindow
SetForegroundWindow
UpdateWindow
GetSysColor
GetWindowRect
SetRect
CreateWindowExA
FillRect
GetFocus
DrawTextA
LoadBitmapA
GetDC
ReleaseDC
GetParent
DestroyCursor
GetSystemMenu
CopyIcon
GetClientRect
DrawFocusRect
EnableWindow
SendMessageA
BeginPaint
EndPaint
DestroyWindow
SetFocus
IsWindow
ScreenToClient
PtInRect
GetDlgItem
GetWindowTextA
InvalidateRect
LoadImageA

gdi32

MoveToEx
GetTextExtentPointA
TextOutA
CreatePalette
CreateDIBitmap
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectPalette
RealizePalette
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
GetPixel
CreatePen
DeleteDC
GetObjectA
DeleteObject
LineTo

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA
Shell_NotifyIconA

comctl32

ImageList_AddMasked

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

olepro32

ord251

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqbhsj20090215-U/server/line.dat
sqbhsj20090215-U/server/sbhsg3.cit
sqbhsj20090215-U/server/sbhsg4.chm
.chm
sqbhsj20090215-U/server/sbhsg4.cit
sqbhsj20090215-U/server/sbhsg4.pit
sqbhsj20090215-U/server/sentence.dat
sqbhsj20090215-U/server/sghmq.cit
sqbhsj20090215-U/server/sghmq.pit
sqbhsj20090215-U/server/spell.dat
sqbhsj20090215-U/server/spell.pit
sqbhsj20090215-U/server/spell2.grp
sqbhsj20090215-U/server/spell2.pit
sqbhsj20090215-U/server/symbol.txt
sqbhsj20090215-U/server/test.ud2
sqbhsj20090215-U/server/user.dat
sqbhsj20090215-U/server/usercmd.ud
sqbhsj20090215-U/server/userdef.ud
sqbhsj20090215-U/server/wb86.cit
sqbhsj20090215-U/server/wb86.pit
sqbhsj20090215-U/server/wordrate.dat
sqbhsj20090215-U/sinstar2.ime
.dll windows:4 windows x86 arch:x86

60bbb50cd5cd1c2da8934e8f333d248a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
RtlUnwind
GetLastError
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
VirtualAlloc
VirtualFree
SetEndOfFile
HeapDestroy
GetEnvironmentVariableA
HeapReAlloc
GetVersion
GetCommandLineA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
GetVersionExA
GetModuleHandleA
OutputDebugStringA
WaitForSingleObject
ReleaseMutex
OpenFileMappingA
MapViewOfFile
OpenMutexA
CreateEventA
CreateProcessA
UnmapViewOfFile
GetSystemDirectoryA
GetFileAttributesA
GlobalAlloc
GetPrivateProfileStringA
GetPrivateProfileIntA
CloseHandle
CreateMutexA
FreeLibrary
GetProcAddress
LoadLibraryA
RaiseException
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalLock
GlobalUnlock
GetPrivateProfileSectionA
WritePrivateProfileStringA
FindFirstFileA
FindNextFileA
GetModuleFileNameA
FindClose
HeapCreate
GetTickCount
lstrcpynA
GetCurrentThreadId
GlobalFree

user32

SetWindowPos
GetWindowRect
GetWindow
SendMessageA
GetParent
PostMessageA
InvalidateRect
GetDlgCtrlID
SetWindowLongA
CheckDlgButton
GetDlgItem
EmptyClipboard
GetDlgItemTextA
IsDlgButtonChecked
GetWindowLongA
GetDlgItemInt
DestroyMenu
SetDlgItemInt
TrackPopupMenu
OpenClipboard
RegisterClipboardFormatA
GetFocus
ReleaseDC
GetDC
FindWindowA
SetClipboardData
SetDlgItemTextA
GetSubMenu
LoadMenuA
GetWindowTextA
CheckRadioButton
EnableWindow
LoadIconA
VkKeyScanA
LoadImageA
ShowWindow
MapVirtualKeyA
keybd_event
DeleteMenu
InsertMenuA
EnableMenuItem
GetClipboardData
EqualRect
OffsetRect
IntersectRect
IsRectEmpty
CheckMenuItem
GetSystemMetrics
SetCapture
ReleaseCapture
InflateRect
GetKeyState
GetCaretPos
ClientToScreen
SetWindowRgn
DestroyWindow
PeekMessageA
CreateWindowExA
FillRect
DrawTextA
UnhookWindowsHookEx
SetWindowTextA
SetWindowsHookExA
SetFocus
CallNextHookEx
BeginPaint
GetSysColor
EndPaint
SystemParametersInfoA
GetCursorPos
SetTimer
KillTimer
ScreenToClient
SetCursor
DefWindowProcA
IsWindowVisible
DialogBoxParamA
EndDialog
GetActiveWindow
MessageBoxA
SetRect
LoadBitmapA
UnregisterClassA
LoadCursorA
RegisterClassExA
IsWindow
GetClientRect
PtInRect
CallWindowProcA
SetForegroundWindow
WaitForInputIdle
CloseClipboard

gdi32

GetDIBits
CreateICA
CreateDIBitmap
RealizePalette
CreatePalette
GetTextExtentPoint32A
GetTextExtentPointA
BitBlt
SelectClipRgn
CreatePen
PtInRegion
SetRectRgn
ExtCreateRegion
SetStretchBltMode
StretchBlt
TextOutA
MoveToEx
LineTo
SetTextColor
SetBkMode
Rectangle
CreateDIBSection
CreateRectRgn
CombineRgn
GetRgnBox
CreateRectRgnIndirect
EqualRgn
OffsetRgn
GetRegionData
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateFontIndirectA
GetStockObject
DeleteObject
CreateSolidBrush

comdlg32

ChooseColorA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHFileOperationA
ShellExecuteA

imm32

ImmLockIMCC
ImmUnlockIMCC
ImmDestroyIMCC
ImmReSizeIMCC
ImmCreateIMCC
ImmUnlockIMC
ImmLockIMC
ImmSetOpenStatus
ImmReleaseContext
ImmGetContext
ImmGenerateMessage
ImmAssociateContext

comctl32

PropertySheetA
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_GetImageCount
ImageList_Remove

winmm

PlaySoundA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msimg32

AlphaBlend

Exports

Exports

CandWndProc
CompWndProc
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
StatusWndProc
UIWndProc

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sinstar
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqbhsj20090215-U/sinstar2/SINSTAR2.CHM
.chm
sqbhsj20090215-U/sinstar2/SPCHAR.INI
sqbhsj20090215-U/sinstar2/UninstIME.dll
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sqbhsj20090215-U/sinstar2/batch/expert1.ini
sqbhsj20090215-U/sinstar2/batch/expert2.ini
sqbhsj20090215-U/sinstar2/batch/fleshmen1.ini
sqbhsj20090215-U/sinstar2/batch/fleshmen2.ini
sqbhsj20090215-U/sinstar2/config.ini
sqbhsj20090215-U/sinstar2/hotkey_神奇四码.txt
sqbhsj20090215-U/sinstar2/register.log
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/CLOSE.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/EXTENT.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/Help.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/MAKEWORD.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/Menu.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/QUERY.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/RECORD1.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/RECORD2.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/SHRINK.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/SOUND1.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/SOUND2.PNG
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/ViewMode1.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/ViewMode2.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/config.ini
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/inputwindow.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/open.png
.png
sqbhsj20090215-U/sinstar2/skins/AirPlayStyle/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/close.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/config.ini
sqbhsj20090215-U/sinstar2/skins/VistaBlue/extent.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/inputwindow.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/makeword.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/open.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/query.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/record1.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/record2.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/shrink.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/sound1.png
.png
sqbhsj20090215-U/sinstar2/skins/VistaBlue/sound2.png
.png
sqbhsj20090215-U/sinstar2/skins/default/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/default/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/default/close.png
.png
sqbhsj20090215-U/sinstar2/skins/default/config.ini
sqbhsj20090215-U/sinstar2/skins/default/extent.png
.png
sqbhsj20090215-U/sinstar2/skins/default/makeword.png
.png
sqbhsj20090215-U/sinstar2/skins/default/mode.png
.png
sqbhsj20090215-U/sinstar2/skins/default/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/default/open.png
.png
sqbhsj20090215-U/sinstar2/skins/default/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/default/query.png
.png
sqbhsj20090215-U/sinstar2/skins/default/record1.png
.png
sqbhsj20090215-U/sinstar2/skins/default/record2.png
.png
sqbhsj20090215-U/sinstar2/skins/default/shrink.png
.png
sqbhsj20090215-U/sinstar2/skins/default/skin1.png
.png
sqbhsj20090215-U/sinstar2/skins/default/skin2.png
.png
sqbhsj20090215-U/sinstar2/skins/default/skin3.png
.png
sqbhsj20090215-U/sinstar2/skins/default/sound1.png
.png
sqbhsj20090215-U/sinstar2/skins/default/sound2.png
.png
sqbhsj20090215-U/sinstar2/skins/green/charmode1.bmp
sqbhsj20090215-U/sinstar2/skins/green/charmode2.bmp
sqbhsj20090215-U/sinstar2/skins/green/close.bmp
sqbhsj20090215-U/sinstar2/skins/green/config.ini
sqbhsj20090215-U/sinstar2/skins/green/english1.bmp
sqbhsj20090215-U/sinstar2/skins/green/english2.bmp
sqbhsj20090215-U/sinstar2/skins/green/extent.bmp
sqbhsj20090215-U/sinstar2/skins/green/icon2.bmp
sqbhsj20090215-U/sinstar2/skins/green/inputwindow.bmp
sqbhsj20090215-U/sinstar2/skins/green/makeword.bmp
sqbhsj20090215-U/sinstar2/skins/green/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/green/open.bmp
sqbhsj20090215-U/sinstar2/skins/green/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/green/record1.bmp
sqbhsj20090215-U/sinstar2/skins/green/record2.bmp
sqbhsj20090215-U/sinstar2/skins/green/shrink.bmp
sqbhsj20090215-U/sinstar2/skins/green/sound1.bmp
sqbhsj20090215-U/sinstar2/skins/green/sound2.bmp
sqbhsj20090215-U/sinstar2/skins/windows 7/CLOSE.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/EXTENT.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/Help.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/MAKEWORD.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/Menu.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/Menu1.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/QUERY.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/RECORD1.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/RECORD2.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/SHRINK.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/SOUND1.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/SOUND2.PNG
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/config.ini
sqbhsj20090215-U/sinstar2/skins/windows 7/help1.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/inputwindow.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/inputwindow1.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/mode.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/open.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/word.png
.png
sqbhsj20090215-U/sinstar2/skins/windows 7/word1.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/charmode.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/close.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/config.ini
sqbhsj20090215-U/sinstar2/skins/京剧-武生/extent.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/makeword.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/mode.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/open.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/query.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/record1.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/record2.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/shrink.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/skin1.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/skin2.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/sound1.png
.png
sqbhsj20090215-U/sinstar2/skins/京剧-武生/sound2.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/close.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/config.ini
sqbhsj20090215-U/sinstar2/skins/启程logo/extent.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/inputwindow.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/inputwindow1.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/makeword.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/mode.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/open.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/query.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/record1.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/record2.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/shrink.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/sound1.png
.png
sqbhsj20090215-U/sinstar2/skins/启程logo/sound2.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/close.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/config.ini
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/extent.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/makeword.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/mode.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/open.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/query.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/record1.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/record2.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/shrink.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/skin1.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/skin2.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/sound1.png
.png
sqbhsj20090215-U/sinstar2/skins/小鸭宝宝/sound2.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/CLOSE.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/EXTENT.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/Help.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/MAKEWORD.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/Menu.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/QUERY.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/RECORD1.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/RECORD2.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/SHRINK.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/SOUND1.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/SOUND2.PNG
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/ViewMode1.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/ViewMode2.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/config.ini
sqbhsj20090215-U/sinstar2/skins/经典界面/inputwindow.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/inputwindow1.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/mode.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/open.png
.png
sqbhsj20090215-U/sinstar2/skins/经典界面/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/charmode1.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/charmode2.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/close.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/config.ini
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/extent.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/makeword.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/mode.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/nextpage.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/open.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/prevpage.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/query.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/record1.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/record2.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/shrink.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/skin1.bmp
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/skin2.bmp
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/sound1.png
.png
sqbhsj20090215-U/sinstar2/skins/驴子屹耳/sound2.png
.png
sqbhsj20090215-U/sinstar2/sound/ChongMa.wav
sqbhsj20090215-U/sinstar2/sound/KongMa.wav
sqbhsj20090215-U/sinstar2/sound/LianXiang.wav
sqbhsj20090215-U/sinstar2/sound/error.wav
sqbhsj20090215-U/sinstar2/spskin/config.ini
sqbhsj20090215-U/sinstar2/spskin/exit.bmp
sqbhsj20090215-U/sinstar2/spskin/insert.bmp
sqbhsj20090215-U/sinstar2/spskin/left.bmp
sqbhsj20090215-U/sinstar2/spskin/right.bmp
sqbhsj20090215-U/sinstar2/spskin/sphead.BMP
sqbhsj20090215-U/sinstar2/tips.txt
sqbhsj20090215-U/uninstall.bat
sqbhsj20090215-U/使用说明.txt
sqbhsj20090215-U/新云软件.url
.url
sqbhsj20090215-U/神奇码系列输入法1.0简体版.chm
.chm

Sharing

General

Malware Config

Signatures

Files

62a9f331f0cac06aed348e2191a551e9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

comctl32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 492B

.rsrc Size: 20KB - Virtual size: 18KB

fcaff8fb50166af341649ad31b32420b

Headers

File Characteristics

Imports

kernel32

user32

imm32

version

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

c433a63b2e9866edb53245fcfbd0a255

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

version

Sections

.text Size: 260KB - Virtual size: 259KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 41KB

.rsrc Size: 28KB - Virtual size: 27KB

60bbb50cd5cd1c2da8934e8f333d248a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

imm32

comctl32

winmm

version

msimg32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 32KB - Virtual size: 98KB

.sinstar Size: 4KB - Virtual size: 688B

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 16KB - Virtual size: 12KB

Headers

File Characteristics

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 492B

.rsrc
Size: 20KB - Virtual size: 18KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 260KB - Virtual size: 259KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 41KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 32KB - Virtual size: 98KB

.sinstar
Size: 4KB - Virtual size: 688B

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 16KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 17KB - Virtual size: 20KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 15KB