a77eb00b271981d2a4564abdbb638dff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a77eb00b271981d2a4564abdbb638dff_JaffaCakes118
Size

1.3MB
MD5

a77eb00b271981d2a4564abdbb638dff
SHA1

f5a640e797d45ae34db10f76e4a6ef00705f8996
SHA256

b53cf6fc4557b36bcab41cdb5aa3eeb060100a7bc606ef3c286892d71f8cb6f3
SHA512

b49de25f564140fc20c4abc1e4e19d8f4ab76bfcb80ce68669396d8c3b00061fb6e4d6a38bbd57fa313c7c042aa3d65f2a2beff4e2d13a2c82c3aa363a2f9dec
SSDEEP

24576:9lytuvZRYnSzGfpg/BSAQiYMbc2eSygi1kHr8oGrwUGJ5HO:TphryOZS1NMbulkHvIwVHu

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/File,Diz.ThX	aspack_v212_v242
static1/unpack002/screenrecorder.exe	aspack_v212_v242

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HA_AimOneSR-1310_CZ.EXE
unpack002/$PLUGINSDIR/delay.dll
unpack002/$PLUGINSDIR/installoptions.dll
unpack002/$PLUGINSDIR/killprocdll.dll
unpack002/$PLUGINSDIR/nsWeb.dll
unpack002/$PLUGINSDIR/nsweb.dll
unpack002/$PLUGINSDIR/startmenu.dll
unpack002/$PLUGINSDIR/system.dll
unpack002/$PLUGINSDIR/textreplace.dll
unpack002/$PLUGINSDIR/time.dll
unpack002/$PROGRAM_FILES/Baidu/bar/TempData.KGB
unpack002/$PROGRAM_FILES/Baidu/bar/baidubar.dll
unpack002/$PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
unpack002/File,Diz.ThX
unpack002/Lang2052.DAT
unpack002/asfcore.dll
unpack002/screenrecorder.exe
unpack002/uninst.exe
unpack003/$PLUGINSDIR/killprocdll.dll
unpack003/$PROGRAM_FILES/Baidu/bar/TempData.KGB

Files

a77eb00b271981d2a4564abdbb638dff_JaffaCakes118
.rar
HA_AimOneSR-1310_CZ.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LordFox
Size: - Virtual size: 680KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FoxLord
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Soft2CN
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/delay.dll
.dll windows:4 windows x86 arch:x86

54a446b9f0afe3eda402221783c78dcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
Sleep
CloseHandle

user32

GetWindowTextLengthA
EnableWindow
wsprintfA
SetWindowTextA
GetWindowTextA

msvcp60

?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

msvcrt

atoi
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
_beginthreadex
??2@YAPAXI@Z
__CxxFrameHandler
free

Exports

Exports

DelayButton
Free

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/installoptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/killprocdll.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsweb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/startmenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/system.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/textreplace.dll
.dll windows:4 windows x86 arch:x86

68af796cbe4fdd2d5baf33b0af9aa583

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpiA
lstrcatA
lstrcpynA
lstrcmpA
lstrlenA
GlobalFree
CloseHandle
ReadFile
GlobalAlloc
GetFileSize
CreateFileA
WriteFile
SetFileAttributesA
GetFileAttributesA
CopyFileA

user32

CharUpperA

Exports

Exports

FILLREADBUFFER
FREEREADBUFFER
FindInFile
ReplaceInFile

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 791B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/time.dll
.dll windows:4 windows x86 arch:x86

5c9a5d5468ec62f250171c012eda3c26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
lstrcmpA
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CloseHandle
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

GETFILETIME
GETFILETIMEUTC
GETLOCALTIME
GETLOCALTIMEUTC
MATHTIME
SETFILETIME
SETFILETIMEUTC
SETLOCALTIME
SETLOCALTIMEUTC
TIMESTRING

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/TempData.KGB
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/baidubar.dat
$PROGRAM_FILES/Baidu/bar/baidubar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/img/imglist.bmp
$PROGRAM_FILES/Baidu/bar/img/logo.bmp
$PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
.exe windows:4 windows x86 arch:x86

d31173ca8ec2d5e26170e3b96a28428f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrcatA
GetLastError
lstrcpynA
lstrcmpiA
WinExec
GetModuleFileNameA
TerminateProcess
lstrlenA
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
GetVersion
WriteFile
MoveFileExA
GetSystemDirectoryA
CreateFileA
DeviceIoControl
DeleteFileA
GetVersionExA
GetCurrentProcess
CloseHandle
GetTempPathA
GetProcAddress
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetSystemDefaultLangID
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetOEMCP
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringA
GetEnvironmentStrings
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
VirtualFree
LCMapStringW
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter

user32

ExitWindowsEx
wsprintfA
MessageBoxA

advapi32

CloseServiceHandle
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
CreateServiceA
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
File,Diz.ThX
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LordFox
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Lang2052.DAT
.exe windows:4 windows x86 arch:x86

d31173ca8ec2d5e26170e3b96a28428f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrcatA
GetLastError
lstrcpynA
lstrcmpiA
WinExec
GetModuleFileNameA
TerminateProcess
lstrlenA
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
GetVersion
WriteFile
MoveFileExA
GetSystemDirectoryA
CreateFileA
DeviceIoControl
DeleteFileA
GetVersionExA
GetCurrentProcess
CloseHandle
GetTempPathA
GetProcAddress
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetSystemDefaultLangID
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetOEMCP
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringA
GetEnvironmentStrings
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
VirtualFree
LCMapStringW
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter

user32

ExitWindowsEx
wsprintfA
MessageBoxA

advapi32

CloseServiceHandle
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
CreateServiceA
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
asfcore.dll
.dll windows:4 windows x86 arch:x86

02dafd4669f8d58914ff9f0bf0c8a98f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetSystemDefaultLCID
CloseHandle
GetLastError
WriteFile
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

ole32

CoCreateInstance

wmvcore

WMCreateProfileManager

oleaut32

SysFreeString

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license.txt
screenrecord.chm
.chm
screenrecorder.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

��ү
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��ү
Size: 445KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��ү
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��ү
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��ү
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LordFox
Size: - Virtual size: 680KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FoxLord
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Soft2CN
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/killprocdll.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PROGRAM_FILES/Baidu/bar/TempData.KGB
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/baidubar.dat
$PROGRAM_FILES/Baidu/bar/img/imglist.bmp
$PROGRAM_FILES/Baidu/bar/img/logo.bmp
wizardimage.bmp
wizardsmallimage.bmp
˵.txt
ⷴ.url
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

LordFox Size: - Virtual size: 680KB

FoxLord Size: 21KB - Virtual size: 24KB

Soft2CN Size: 28KB - Virtual size: 28KB

54a446b9f0afe3eda402221783c78dcd

Headers

File Characteristics

Imports

kernel32

user32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 108B

.reloc Size: 4KB - Virtual size: 232B

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 644B

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

LordFox
Size: - Virtual size: 680KB

FoxLord
Size: 21KB - Virtual size: 24KB

Soft2CN
Size: 28KB - Virtual size: 28KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 108B

.reloc
Size: 4KB - Virtual size: 232B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 791B

.data
Size: - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 322B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 414B