ab189bc8f822eb37e48741572565fbed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab189bc8f822eb37e48741572565fbed_JaffaCakes118
Size

1.9MB
MD5

ab189bc8f822eb37e48741572565fbed
SHA1

14f7e4afe303241bd71de34bdac92bdefaf77da1
SHA256

76d229c49879bc3b0b013834cc4d73916317ef9e356e6f7821969c19206ee2db
SHA512

ed7f7888848f3075329bd479d67b911bbda300f1390f266d3d013a11d12df64ce810be0de25fb4d514965399db414e023703b153c7fc29b768e556275d30d186
SSDEEP

49152:RQhljP8Qe98BK5GGN5//gNKHhBSbyR/0dT5GP/gW+GY4QlXTyt8:RQ7j0QI8BE5XgNKHSbyR0KngW+GY3lXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MeChat.exe
unpack002/MeChatUser.dll
unpack001/SysData/template/video/MeChatUser6.exe

Files

ab189bc8f822eb37e48741572565fbed_JaffaCakes118
.rar
MeChat.exe
.exe windows:4 windows x86 arch:x86

6ae2fc89b213032f07285309eafcbfcf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelIo
GetTickCount
lstrlenA
GetWindowsDirectoryA
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetCurrentProcessId
OpenProcess
Process32Next
TerminateProcess
DebugBreak
GetModuleFileNameA
GetLastError
PostQueuedCompletionStatus
Sleep
VirtualFree
VirtualAlloc
GetVersionExA
CreateFileA
CloseHandle
GetLogicalDriveStringsA
GetDriveTypeA
WriteFile
MultiByteToWideChar
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
GetTimeZoneInformation
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
SetStdHandle
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileAttributesA
GetProcAddress
GetOEMCP
GetACP
LCMapStringW
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
GetLocaleInfoA
GetSystemTime
GetLocalTime
RtlUnwind
ExitProcess
GetCurrentProcess
DeleteFileA
SetConsoleCtrlHandler
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateDirectoryA
GetCommandLineA
GetVersion
RaiseException
DeviceIoControl
GetStdHandle
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
HeapSize
ReadFile
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
WideCharToMultiByte
GetCPInfo
IsValidLocale
IsValidCodePage

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
LockServiceDatabase
CreateServiceA
CloseServiceHandle
UnlockServiceDatabase
RegSetValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

select
WSASend
ntohl
htonl
ntohs
getsockopt
WSACleanup
gethostbyname
WSASendTo
setsockopt
WSAGetLastError
sendto
inet_ntoa
ioctlsocket
WSAStartup
listen
bind
WSARecv
WSAIoctl
WSASocketA
WSARecvFrom
inet_addr
send
htons
closesocket
socket
connect

odbc32

ord44
ord19
ord43
ord45
ord58
ord63
ord11
ord20
ord18
ord76
ord36
ord38
ord75
ord24
ord68
ord4
ord16
ord30
ord13
ord49
ord48
ord27
ord9
ord57
ord72
ord12
ord31
ord39
ord7

Sections

.text
Size: 608KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MeChat.ini
MeChatLinux
.elf linux x86
SysData/db/MSSqlScript.txt
SysData/db/MeChat.mdb
SysData/db/MySqlScript.txt
SysData/db/OracleScript.txt
SysData/ini/1/main.ini
SysData/ini/2/main.ini
SysData/ini/3/TemplateNote.txt
SysData/ini/3/main.ini
SysData/ini/4/TemplateNote.txt
SysData/ini/4/main.ini
SysData/ini/5/TemplateNote.txt
SysData/ini/5/main.ini
SysData/ini/act.ini
SysData/ini/admin.ini
SysData/ini/badip.ini
SysData/ini/baduser.ini
SysData/ini/badword.ini
SysData/ini/effect.ini
SysData/ini/emote.ini
SysData/ini/message.ini
.js
SysData/logs/roomlog/room1/log.1206.htm
SysData/logs/roomlog/room101/log.1014.htm
SysData/rooms/privateroom.ini
SysData/rooms/room101.ini
SysData/rooms/sampleroom.ini
SysData/template/1/body.htm
.html .js polyglot
SysData/template/1/body2.htm
.html .js polyglot
SysData/template/1/chatform.htm
.html .js polyglot
SysData/template/1/frame1.htm
.html .js polyglot
SysData/template/1/roomlist.htm
.html .js polyglot
SysData/template/1/userlist.htm
.html .js polyglot
SysData/template/2/body.htm
.html .js polyglot
SysData/template/2/body2.htm
.html .js polyglot
SysData/template/2/chatform.htm
.html .js polyglot
SysData/template/2/frame1.htm
.html .js polyglot
SysData/template/2/roomlist.htm
.html .js polyglot
SysData/template/2/userlist.htm
.html .js polyglot
SysData/template/3/VideoControl2.htm
.html .js polyglot
SysData/template/3/body.htm
.html .js polyglot
SysData/template/3/body2.htm
.html .js polyglot
SysData/template/3/chatform.htm
.html .js polyglot
SysData/template/3/frame1.htm
.html .js polyglot
SysData/template/3/roomlist.htm
.html .js polyglot
SysData/template/3/userlist.htm
.html .js polyglot
SysData/template/4/Thumbs.db
SysData/template/4/body.htm
.html .js polyglot
SysData/template/4/body2.htm
.html .js polyglot
SysData/template/4/chatform.htm
.html .js polyglot
SysData/template/4/frame1.htm
.html .js polyglot
SysData/template/4/roomlist.htm
.html .js polyglot
SysData/template/4/userlist.htm
.html .js polyglot
SysData/template/5/TemplateNote.txt
SysData/template/5/模板修改指南.txt
SysData/template/admin/Admin.htm
.html
SysData/template/admin/Common/ErrorMessage.htm
.html
SysData/template/admin/index.htm
SysData/template/admin/main.css
SysData/template/alluserinfo.htm
.html .js polyglot
SysData/template/alluserinfo0.htm
.html .js polyglot
SysData/template/allusers.htm
.html .js polyglot
SysData/template/buildprivate.htm
.html .js polyglot
SysData/template/buildprivateresult.htm
.html .js polyglot
SysData/template/emote1.htm
.html
SysData/template/emote2.htm
.html
SysData/template/errorpassword.htm
.html
SysData/template/face/100.gif
.gif
SysData/template/face/101.gif
.gif
SysData/template/face/102.gif
.gif
SysData/template/face/103.gif
.gif
SysData/template/face/104.gif
.gif
SysData/template/face/105.gif
.gif
SysData/template/face/106.gif
.gif
SysData/template/face/107.gif
.gif
SysData/template/face/108.gif
.gif
SysData/template/face/109.gif
.gif
SysData/template/face/110.gif
.gif
SysData/template/face/111.gif
.gif
SysData/template/face/112.gif
.gif
SysData/template/face/113.gif
.gif
SysData/template/face/114.gif
.gif
SysData/template/face/115.gif
.gif
SysData/template/face/116.gif
.gif
SysData/template/face/117.gif
.gif
SysData/template/face/118.gif
.gif
SysData/template/face/119.gif
.gif
SysData/template/face/120.gif
.gif
SysData/template/face/201.gif
.gif
SysData/template/face/202.gif
.gif
SysData/template/face/203.gif
.gif
SysData/template/face/204.gif
.gif
SysData/template/face/205.gif
.gif
SysData/template/face/301.gif
.gif
SysData/template/face/302.gif
.gif
SysData/template/face/303.gif
.gif
SysData/template/face/304.gif
.gif
SysData/template/face/305.gif
.gif
SysData/template/face/306.gif
.gif
SysData/template/face/307.gif
.gif
SysData/template/face/308.gif
.gif
SysData/template/face/309.gif
.gif
SysData/template/face/310.GIF
.gif
SysData/template/face/PicUsage.TXT
SysData/template/face/贴图使用说明.TXT
SysData/template/finduser.htm
.html .js polyglot
SysData/template/getpassword.htm
.html .js polyglot
SysData/template/getpassword2.htm
.html .js polyglot
SysData/template/gm.htm
.html .js polyglot
SysData/template/gmresult.htm
.html
SysData/template/icon/0.gif
.gif
SysData/template/icon/1.gif
.gif
SysData/template/icon/2.gif
.gif
SysData/template/icon/300001.gif
.gif
SysData/template/icon/300002.gif
.gif
SysData/template/icon/300003.gif
.gif
SysData/template/icon/300004.gif
.gif
SysData/template/icon/300005.gif
.gif
SysData/template/icon/300006.gif
.gif
SysData/template/icon/300007.gif
.gif
SysData/template/icon/300008.gif
.gif
SysData/template/icon/300009.gif
.gif
SysData/template/icon/300010.gif
.gif
SysData/template/icon/300011.gif
.gif
SysData/template/icon/300012.gif
.gif
SysData/template/icon/300013.gif
.gif
SysData/template/icon/300014.gif
.gif
SysData/template/icon/300015.gif
.gif
SysData/template/icon/300016.gif
.gif
SysData/template/icon/300017.gif
.gif
SysData/template/icon/300018.gif
.gif
SysData/template/icon/300019.gif
.gif
SysData/template/icon/300020.gif
.gif
SysData/template/icon/300021.gif
.gif
SysData/template/icon/300022.gif
.gif
SysData/template/icon/300023.gif
.gif
SysData/template/icon/300024.gif
.gif
SysData/template/icon/300025.gif
.gif
SysData/template/icon/300026.gif
.gif
SysData/template/icon/300027.gif
.gif
SysData/template/icon/300028.gif
.gif
SysData/template/icon/300029.gif
.gif
SysData/template/icon/300030.gif
.gif
SysData/template/icon/300031.gif
.gif
SysData/template/icon/300032.gif
.gif
SysData/template/icon/300033.gif
.gif
SysData/template/icon/300034.gif
.gif
SysData/template/icon/300035.gif
.gif
SysData/template/icon/300036.gif
.gif
SysData/template/icon/300037.gif
.gif
SysData/template/icon/300038.gif
.gif
SysData/template/icon/300039.gif
.gif
SysData/template/icon/300040.gif
.gif
SysData/template/icon/300041.gif
.gif
SysData/template/icon/300042.gif
.gif
SysData/template/icon/300043.gif
.gif
SysData/template/icon/300044.gif
.gif
SysData/template/icon/300045.gif
.gif
SysData/template/icon/300046.gif
.gif
SysData/template/icon/300047.gif
.gif
SysData/template/icon/300048.gif
.gif
SysData/template/icon/300049.gif
.gif
SysData/template/icon/300050.gif
.gif
SysData/template/icon/300051.gif
.gif
SysData/template/icon/300052.gif
.gif
SysData/template/icon/300053.gif
.gif
SysData/template/icon/300054.gif
.gif
SysData/template/icon/300055.gif
.gif
SysData/template/icon/300056.gif
.gif
SysData/template/icon/300057.gif
.gif
SysData/template/icon/300058.gif
.gif
SysData/template/icon/300059.gif
.gif
SysData/template/icon/300060.gif
.gif
SysData/template/icon/300061.gif
.gif
SysData/template/icon/300062.gif
.gif
SysData/template/icon/300063.gif
.gif
SysData/template/icon/300064.gif
.gif
SysData/template/icon/300065.gif
.gif
SysData/template/icon/300066.gif
.gif
SysData/template/icon/300067.gif
SysData/template/icon/300068.gif
.gif
SysData/template/icon/300069.gif
.gif
SysData/template/icon/300070.gif
.gif
SysData/template/icon/300071.gif
.gif
SysData/template/icon/300072.gif
.gif
SysData/template/icon/300073.gif
.gif
SysData/template/icon/300074.gif
.gif
SysData/template/icon/300075.gif
.gif
SysData/template/icon/300076.gif
.gif
SysData/template/icon/300077.gif
.gif
SysData/template/icon/300078.gif
.gif
SysData/template/icon/300079.gif
.gif
SysData/template/icon/300080.gif
.gif
SysData/template/icon/300081.gif
.gif
SysData/template/icon/300082.gif
SysData/template/icon/300083.gif
.gif
SysData/template/icon/300084.gif
.gif
SysData/template/icon/300085.gif
.gif
SysData/template/icon/300086.gif
.gif
SysData/template/icon/300087.gif
.gif
SysData/template/icon/300088.gif
.gif
SysData/template/icon/300089.gif
.gif
SysData/template/icon/300090.gif
.gif
SysData/template/icon/300091.gif
.gif
SysData/template/icon/300092.gif
.gif
SysData/template/icon/300093.gif
.gif
SysData/template/icon/300094.gif
.gif
SysData/template/icon/300095.gif
.gif
SysData/template/icon/300096.gif
.gif
SysData/template/icon/300097.gif
.gif
SysData/template/icon/300098.gif
.gif
SysData/template/icon/300099.gif
.gif
SysData/template/icon/300100.gif
.gif
SysData/template/icon/300101.gif
.gif
SysData/template/icon/300102.gif
.gif
SysData/template/icon/300103.gif
.gif
SysData/template/icon/300104.gif
.gif
SysData/template/icon/300105.gif
.gif
SysData/template/icon/300106.gif
.gif
SysData/template/icon/300107.gif
.gif
SysData/template/icon/300108.gif
.gif
SysData/template/icon/300109.gif
.gif
SysData/template/icon/300110.gif
.gif
SysData/template/icon/300111.gif
.gif
SysData/template/icon/300112.gif
.gif
SysData/template/icon/300113.gif
.gif
SysData/template/icon/300114.gif
.gif
SysData/template/icon/300115.gif
.gif
SysData/template/icon/300116.gif
.gif
SysData/template/icon/300117.gif
.gif
SysData/template/icon/300118.gif
.gif
SysData/template/icon/300119.gif
.gif
SysData/template/icon/300120.gif
.gif
SysData/template/icon/300121.gif
.gif
SysData/template/icon/300122.gif
.gif
SysData/template/icon/300123.gif
.gif
SysData/template/icon/300124.gif
.gif
SysData/template/icon/300125.gif
.gif
SysData/template/icon/300126.gif
.gif
SysData/template/icon/300127.gif
.gif
SysData/template/icon/300128.gif
.gif
SysData/template/icon/300129.gif
SysData/template/icon/300130.gif
.gif
SysData/template/icon/300131.gif
.gif
SysData/template/icon/300132.gif
.gif
SysData/template/icon/300133.gif
.gif
SysData/template/icon/300134.gif
.gif
SysData/template/icon/300135.gif
.gif
SysData/template/icon/300136.gif
.gif
SysData/template/icon/300137.gif
SysData/template/icon/300138.gif
SysData/template/icon/300139.gif
SysData/template/icon/300140.gif
.gif
SysData/template/icon/300141.gif
.gif
SysData/template/icon/300142.gif
.gif
SysData/template/icon/300143.gif
.gif
SysData/template/icon/300144.gif
.gif
SysData/template/icon/300145.gif
.gif
SysData/template/icon/300146.gif
.gif
SysData/template/icon/300147.gif
.gif
SysData/template/icon/300148.gif
.gif
SysData/template/icon/300149.gif
.gif
SysData/template/icon/300150.gif
.gif
SysData/template/icon/300151.gif
.gif
SysData/template/icon/300152.gif
.gif
SysData/template/icon/300153.gif
.gif
SysData/template/icon/300154.gif
.gif
SysData/template/icon/300155.gif
.gif
SysData/template/icon/300156.gif
.gif
SysData/template/icon/300157.gif
.gif
SysData/template/icon/300158.gif
.gif
SysData/template/icon/300159.gif
.gif
SysData/template/icon/300160.gif
.gif
SysData/template/icon/300161.gif
.gif
SysData/template/icon/300162.gif
.gif
SysData/template/icon/300163.gif
.gif
SysData/template/icon/300164.gif
.gif
SysData/template/icon/300165.gif
.gif
SysData/template/icon/300166.gif
SysData/template/icon/300167.gif
.gif
SysData/template/icon/300168.gif
.gif
SysData/template/icon/300169.gif
.gif
SysData/template/icon/300170.gif
.gif
SysData/template/icon/300171.gif
.gif
SysData/template/icon/300172.gif
.gif
SysData/template/icon/300173.gif
.gif
SysData/template/icon/300174.gif
.gif
SysData/template/icon/300175.gif
.gif
SysData/template/icon/300176.gif
.gif
SysData/template/icon/300177.gif
.gif
SysData/template/icon/300178.gif
.gif
SysData/template/icon/300179.gif
.gif
SysData/template/icon/300180.gif
.gif
SysData/template/icon/300181.gif
.gif
SysData/template/icon/300182.gif
.gif
SysData/template/icon/300183.gif
.gif
SysData/template/icon/300184.gif
.gif
SysData/template/icon/300185.gif
.gif
SysData/template/icon/300186.gif
.gif
SysData/template/icon/300187.gif
.gif
SysData/template/icon/300188.gif
.gif
SysData/template/icon/300189.gif
.gif
SysData/template/icon/300190.gif
.gif
SysData/template/icon/300191.gif
.gif
SysData/template/icon/300192.gif
.gif
SysData/template/icon/300193.gif
.gif
SysData/template/icon/300194.gif
.gif
SysData/template/icon/300195.gif
.gif
SysData/template/icon/300196.gif
.gif
SysData/template/icon/300197.gif
.gif
SysData/template/icon/300198.gif
.gif
SysData/template/icon/300199.gif
.gif
SysData/template/icon/300200.gif
SysData/template/icon/300201.gif
.gif
SysData/template/icon/300202.gif
.gif
SysData/template/icon/300203.gif
SysData/template/icon/300204.gif
.gif
SysData/template/icon/300205.gif
.gif
SysData/template/icon/300206.gif
.gif
SysData/template/icon/300207.gif
.gif
SysData/template/icon/300208.gif
.gif
SysData/template/icon/300209.gif
.gif
SysData/template/icon/300210.gif
.gif
SysData/template/icon/300211.gif
.gif
SysData/template/icon/300212.gif
.gif
SysData/template/icon/300213.gif
.gif
SysData/template/icon/300214.gif
.gif
SysData/template/icon/300215.gif
.gif
SysData/template/icon/300216.gif
.gif
SysData/template/icon/300217.gif
.gif
SysData/template/icon/300218.gif
.gif
SysData/template/icon/300219.gif
.gif
SysData/template/icon/300220.gif
.gif
SysData/template/icon/300221.gif
SysData/template/icon/300222.gif
SysData/template/icon/300223.gif
SysData/template/icon/300224.gif
SysData/template/icon/300225.gif
.gif
SysData/template/icon/300226.gif
.gif
SysData/template/icon/300227.gif
.gif
SysData/template/icon/300228.gif
.gif
SysData/template/icon/300229.gif
.gif
SysData/template/icon/300230.gif
.gif
SysData/template/icon/300231.gif
.gif
SysData/template/icon/300232.gif
SysData/template/icon/300233.gif
.gif
SysData/template/icon/300234.gif
SysData/template/icon/300235.gif
.gif
SysData/template/icon/300236.gif
SysData/template/icon/300237.gif
SysData/template/icon/300238.gif
.gif
SysData/template/icon/300239.gif
.gif
SysData/template/icon/300240.gif
.gif
SysData/template/icon/300241.gif
.gif
SysData/template/icon/300242.gif
.gif
SysData/template/icon/300243.gif
.gif
SysData/template/icon/300244.gif
.gif
SysData/template/icon/300245.gif
.gif
SysData/template/icon/300246.gif
.gif
SysData/template/icon/300247.gif
.gif
SysData/template/icon/300248.gif
.gif
SysData/template/icon/300249.gif
.gif
SysData/template/icon/300250.gif
.gif
SysData/template/icon/300251.gif
.gif
SysData/template/icon/300252.gif
.gif
SysData/template/icon/300253.gif
.gif
SysData/template/icon/300254.gif
SysData/template/icon/300255.gif
.gif
SysData/template/icon/300256.gif
.gif
SysData/template/icon/300257.gif
.gif
SysData/template/icon/300258.gif
.gif
SysData/template/icon/300259.gif
.gif
SysData/template/icon/300260.gif
.gif
SysData/template/icon/300261.gif
.gif
SysData/template/icon/300262.gif
.gif
SysData/template/icon/300263.gif
.gif
SysData/template/icon/300264.gif
.gif
SysData/template/icon/300265.gif
.gif
SysData/template/icon/300266.gif
.gif
SysData/template/icon/300267.gif
.gif
SysData/template/icon/300268.gif
.gif
SysData/template/icon/300269.gif
.gif
SysData/template/icon/300270.gif
SysData/template/icon/300271.gif
.gif
SysData/template/icon/300272.gif
.gif
SysData/template/icon/300273.gif
.gif
SysData/template/icon/300274.gif
.gif
SysData/template/icon/300275.gif
.gif
SysData/template/icon/300276.gif
.gif
SysData/template/icon/300277.gif
.gif
SysData/template/icon/300278.gif
SysData/template/icon/300279.gif
.gif
SysData/template/icon/300280.gif
.gif
SysData/template/icon/300281.gif
.gif
SysData/template/icon/300282.gif
.gif
SysData/template/icon/300283.gif
.gif
SysData/template/icon/300284.gif
.gif
SysData/template/icon/300285.gif
.gif
SysData/template/icon/300286.gif
.gif
SysData/template/icon/300287.gif
.gif
SysData/template/icon/300288.gif
.gif
SysData/template/icon/300289.gif
.gif
SysData/template/icon/300290.gif
.gif
SysData/template/icon/300291.gif
.gif
SysData/template/icon/300292.gif
.gif
SysData/template/icon/300293.gif
.gif
SysData/template/icon/300294.gif
.gif
SysData/template/icon/300295.gif
.gif
SysData/template/icon/300296.gif
.gif
SysData/template/icon/300297.gif
.gif
SysData/template/icon/300298.gif
.gif
SysData/template/icon/300299.gif
.gif
SysData/template/icon/300300.gif
.gif
SysData/template/icon/300301.gif
.gif
SysData/template/icon/300302.gif
.gif
SysData/template/icon/300303.gif
.gif
SysData/template/icon/300304.gif
.gif
SysData/template/icon/300305.gif
.gif
SysData/template/icon/300306.gif
.gif
SysData/template/icon/300307.gif
.gif
SysData/template/icon/300308.gif
.gif
SysData/template/icon/300309.gif
.gif
SysData/template/icon/300310.gif
.gif
SysData/template/icon/300311.gif
.gif
SysData/template/icon/300312.gif
.gif
SysData/template/icon/300313.gif
.gif
SysData/template/icon/300314.gif
.gif
SysData/template/icon/300315.gif
.gif
SysData/template/icon/300316.gif
.gif
SysData/template/icon/300317.gif
.gif
SysData/template/icon/300318.gif
.gif
SysData/template/icon/300319.gif
.gif
SysData/template/icon/300320.gif
.gif
SysData/template/icon/300321.gif
.gif
SysData/template/icon/300322.gif
.gif
SysData/template/icon/300323.gif
.gif
SysData/template/icon/300324.gif
.gif
SysData/template/icon/300325.gif
.gif
SysData/template/icon/300326.gif
.gif
SysData/template/icon/300327.gif
.gif
SysData/template/icon/300328.gif
.gif
SysData/template/icon/300329.gif
.gif
SysData/template/icon/300330.gif
.gif
SysData/template/icon/300331.gif
.gif
SysData/template/icon/300332.gif
.gif
SysData/template/icon/300333.gif
.gif
SysData/template/icon/300334.gif
.gif
SysData/template/icon/300335.gif
.gif
SysData/template/icon/300336.gif
.gif
SysData/template/icon/300337.gif
.gif
SysData/template/icon/300338.gif
.gif
SysData/template/icon/300339.gif
.gif
SysData/template/icon/300340.gif
.gif
SysData/template/icon/300341.gif
.gif
SysData/template/icon/300342.gif
.gif
SysData/template/icon/300343.gif
.gif
SysData/template/icon/300344.gif
.gif
SysData/template/icon/300345.gif
.gif
SysData/template/icon/300346.gif
.gif
SysData/template/icon/300347.gif
SysData/template/icon/300348.gif
SysData/template/icon/300349.gif
.gif
SysData/template/icon/300350.gif
.gif
SysData/template/icon/300351.gif
.gif
SysData/template/icon/300352.gif
.gif
SysData/template/icon/300353.gif
.gif
SysData/template/icon/300354.gif
SysData/template/icon/300355.gif
.gif
SysData/template/icon/300356.gif
.gif
SysData/template/icon/300357.gif
.gif
SysData/template/icon/300358.gif
.gif
SysData/template/icon/300359.gif
.gif
SysData/template/icon/300360.gif
SysData/template/images/aaa.gif
.gif
SysData/template/images/aaa1.gif
.gif
SysData/template/images/aaa2.gif
.gif
SysData/template/images/bbb.jpg
.jpg
SysData/template/images/bg1.gif
.gif
SysData/template/images/button2.gif
.gif
SysData/template/images/button3.gif
.gif
SysData/template/images/f9.gif
.gif
SysData/template/images/input.gif
.gif
SysData/template/images/mic.gif
.gif
SysData/template/images/v.gif
.gif
SysData/template/index.htm
.html .js polyglot
SysData/template/index.htm.htm
SysData/template/index3.htm
.html .js polyglot
SysData/template/indexRoomPassword.htm
.html .js polyglot
SysData/template/inputroompasword.htm
.html .js polyglot
SysData/template/lookuser.htm
.html .js polyglot
SysData/template/message.htm
.html
SysData/template/oneroomindex.htm
.html .js polyglot
SysData/template/regist.htm
.html .js polyglot
SysData/template/registmodify.htm
.html .js polyglot
SysData/template/registmodifyresult.htm
.html .js polyglot
SysData/template/registresult.htm
.html
SysData/template/reloadroom.htm
SysData/template/reloadtemplate.htm
SysData/template/roominfo.htm
SysData/template/roominfo.htm.htm
SysData/template/selecthead.htm
.html
SysData/template/selecticon01.htm
.html
SysData/template/selecticon02.htm
.html
SysData/template/selecticon03.htm
.html
SysData/template/selecticon04.htm
.html
SysData/template/selecticon05.htm
.html
SysData/template/selecticon06.htm
.html
SysData/template/selecticon07.htm
.html
SysData/template/selecticon08.htm
.html
SysData/template/selecticon09.htm
.html
SysData/template/selecticon10.htm
.html
SysData/template/stopsystem.htm
SysData/template/top.htm
.html
SysData/template/toppart.htm
SysData/template/userguide.htm
.html .js polyglot
SysData/template/userhelp.htm
.html
SysData/template/userinfo.htm
SysData/template/userstatus.htm
SysData/template/video/MeChatUser.cab
.cab
MeChatUser.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d77ab5b3a658300a316425932c64ead1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
GlobalLock
GlobalUnlock
lstrlenA
MultiByteToWideChar
lstrlenW
lstrcatA
GetProcAddress
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
SizeofResource
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrcpyA
MulDiv
LCMapStringA
OutputDebugStringA
WideCharToMultiByte
CreateFileA
WriteFile
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
FlushInstructionCache
lstrcmpA
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
FindResourceA
LoadLibraryA
GetTickCount
GetStringTypeA
IsBadCodePtr
GetStringTypeW
GetCPInfo
GetVersionExA
GetACP
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
IsBadReadPtr
SetUnhandledExceptionFilter
GetOEMCP
IsValidLocale
LCMapStringW
GetLocaleInfoW
ReadFile
CompareStringA
CompareStringW
SetEndOfFile
GetEnvironmentStringsW
GetEnvironmentStrings
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
CreateDirectoryA
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
RaiseException
HeapSize
GetEnvironmentVariableA
HeapCreate
IsBadWritePtr
SetFilePointer
SetEnvironmentVariableA
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LocalFree
SetStdHandle
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers

user32

FillRect
IsWindowVisible
EnumChildWindows
DestroyWindow
SetTimer
KillTimer
SetDlgItemTextA
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
GetWindowRect
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindow
SetWindowLongA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
GetSysColor
SetFocus
IsChild
GetFocus
ReleaseDC
GetDC
CallWindowProcA
EndPaint
ShowWindow
PostMessageA
IsWindow
SendMessageA
GetClientRect
BeginPaint
SetWindowPos
RedrawWindow
GetClassNameA
GetParent
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
wsprintfA
CreateWindowExA
MessageBoxA
EnableWindow
SetRect
ScreenToClient
GetNextDlgTabItem
IsDialogMessageA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
GetKeyState
CharNextA
DrawTextA
GetDialogBaseUnits

gdi32

DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectA
GetStockObject
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCA
GetTextExtentPointA
GetTextMetricsA
CreateFontIndirectA
SetBkMode
SetTextColor
Rectangle
SetBkColor
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
BitBlt
GetDeviceCaps

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA

ole32

CoInitialize
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
WriteClassStm
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning

oleaut32

OleTranslateColor
SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
VariantChangeType
SysStringByteLen
OleCreatePropertyFrame
SysAllocStringByteLen
SysStringLen

ws2_32

WSACleanup
gethostbyname
sendto
recvfrom
WSAGetLastError
ntohs
inet_addr
socket
connect
getsockname
inet_ntoa
WSAAsyncSelect
shutdown
closesocket
WSAStartup
htons
ntohl
htonl
bind
setsockopt
select

winmm

waveOutOpen
waveOutClose
waveInOpen
mixerGetID
waveInClose
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mixerClose

dsound

ord6
ord7
ord1

msvfw32

DrawDibDraw
ICSeqCompressFrameStart
ICClose
ICSendMessage
ICOpen
ICDecompress
ICCompressorFree
ICSeqCompressFrameEnd
DrawDibClose
ICSeqCompressFrame
DrawDibOpen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SysData/template/video/MeChatUser6.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SysData/template/video/VideoControl.htm
.html
SysData/template/video/VideoControl2.htm
.html .js polyglot
SysData/template/whoami.htm
SysData/template/whoru.htm
SysData/template/文件说明.txt
SysData/users/All
SysData/users/abc
SysData/users/abc2
SysData/users/abc3
SysData/users/abc4
SysData/users/admin
SysData/users/xxx
SysData/users/yaocj
SysData/users/ycj
SysData/users/yyy
SysData/users/yyyy
SysData/users/ρ
SysData/users/ρ
SysData/users/大家好
SysData/users/测试用户
SysData/users/老大
SysData/users/
SysData/下载说明.htm
.html .js polyglot
dat1
datl1
install.bat
restartservice.bat
run.bat
uninstall.bat
下载说明.htm
.html .js polyglot
升级说明.txt
安装方法.txt
文件用途.txt

Sharing

General

Malware Config

Signatures

Files

6ae2fc89b213032f07285309eafcbfcf

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

odbc32

Sections

.text Size: 608KB - Virtual size: 605KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 60KB - Virtual size: 1.8MB

d77ab5b3a658300a316425932c64ead1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

winmm

dsound

msvfw32

Exports

Exports

Sections

.text Size: 688KB - Virtual size: 687KB

.rodata Size: 12KB - Virtual size: 9KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 64KB - Virtual size: 1.9MB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 44KB - Virtual size: 40KB

Headers

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 35KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 608KB - Virtual size: 605KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 60KB - Virtual size: 1.8MB

.text
Size: 688KB - Virtual size: 687KB

.rodata
Size: 12KB - Virtual size: 9KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 64KB - Virtual size: 1.9MB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 44KB - Virtual size: 40KB

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB