ac7491531e15debeebb17a0fa830e3a5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ac7491531e15debeebb17a0fa830e3a5_JaffaCakes118
Size

4.2MB
MD5

ac7491531e15debeebb17a0fa830e3a5
SHA1

a81d261b50d41525cc5c751fb3e5074df7754962
SHA256

91b58b58645401d748ffbca177d56f705ddd981b79ff1758c7666590beaa228e
SHA512

51fa2115994302af955ff06b441a803e440e3cadd95386ab523e47c59e13099b242efd64a8105f9e875efb726cd32da0f056f8c335d18fd3c18a4c060c4869c3
SSDEEP

98304:RDe9IQTL3ErasIKsVwb369Qsw/XmlTfuE6JJzz62QAfQ2S:RYIM3E2sI3+b369QswelTmpjz2jArS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$_3_/EQSandBox.exe.tmp	upx
static1/unpack001/$_3_/EQUpdate.exe.tmp	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
ac7491531e15debeebb17a0fa830e3a5_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsSCM.dll
unpack001/$_3_/CrashRpt.dll.tmp
unpack001/$_3_/EQCommUI.dll.tmp
unpack001/$_3_/EQSandBox.exe.tmp
unpack002/out.upx
unpack001/$_3_/EQSandBoxUI.dll.tmp
unpack001/$_3_/EQService.exe.tmp
unpack001/$_3_/EQShellUI.dll.tmp
unpack001/$_3_/EQSysSecure.exe.tmp
unpack001/$_3_/EQSysSecure.sys.tmp
unpack001/$_3_/EQUpdate.exe.tmp
unpack003/out.upx
unpack001/$_3_/dbghelp.dll.tmp
unpack001/$_3_/lang/$_3_/uninst.exe
unpack004/$PLUGINSDIR/nsSCM.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/$_3_/lang/$_3_/uninst.exe	nsis_installer_1

Files

ac7491531e15debeebb17a0fa830e3a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

48815f256b99e9e5b31546e652c07562

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
CheckDlgButton
SetCursor
LoadCursorA
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsSCM.dll
.dll windows:4 windows x86 arch:x86

cae3b41a07819ca715746a4d081b8a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CreateServiceA
StartServiceA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CloseServiceHandle

kernel32

GlobalFree
GetLastError
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

Exports

Exports

Install
QueryStatus
Remove
Start
Stop

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/CrashRpt.dll.tmp
.dll windows:5 windows x86 arch:x86

56358d20545d4421146bef4c9b9b9841

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dbghelp

MiniDumpWriteDump

kernel32

LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
DebugBreak
OutputDebugStringA
FindClose
FindFirstFileA
CloseHandle
ReadFile
CreateFileA
SetUnhandledExceptionFilter
DeleteFileA
GetSystemInfo
GetVersionExA
GetCurrentProcessId
GetTempPathA
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
lstrcpynA
FileTimeToLocalFileTime
GetTempFileNameA
FileTimeToDosDateTime
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LCMapStringW
LCMapStringA
SetFilePointer
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
SizeofResource
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
GetStdHandle
WriteFile
ExitProcess
Sleep
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCommandLineA
VirtualQuery
GetModuleHandleW
VirtualProtect
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
WriteConsoleA
TerminateProcess
FreeLibrary
SetLastError
VirtualAlloc
CompareStringA
lstrcpyA
IsDBCSLeadByte
lstrcmpiA
InterlockedIncrement
GetLastError
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
CopyFileA
GetCurrentThreadId
lstrlenA
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
GetProcessHeap
HeapFree
InterlockedCompareExchange
FreeEnvironmentStringsA

user32

UnregisterClassA
GetSysColorBrush
EndDialog
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
MessageBoxA
GetDlgItem
wvsprintfA
GetClassNameA
CreateCursor
DialogBoxParamA
GetSysColor
GetFocus
OffsetRect
GetCapture
ReleaseCapture
ReleaseDC
GetDC
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
DrawTextA
PtInRect
CallWindowProcA
SetWindowPos
IsWindow
GetDlgCtrlID
GetParent
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
GetClientRect
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateWindowExA
GetWindowLongA
DestroyCursor
SetRectEmpty
DestroyWindow
CharNextA
DefWindowProcA
LoadStringA
SetWindowLongA
GetActiveWindow

gdi32

GetStockObject
CreateFontIndirectA
DeleteDC
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateSolidBrush
GetObjectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetFileInfoA
ShellExecuteA

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysAllocString
VarUI4FromStr
SysFreeString

comctl32

_TrackMouseEvent

Exports

Exports

AddFile
GenerateErrorReport
Install
Uninstall

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/EQCommUI.dll.tmp
.dll windows:5 windows x86 arch:x86

b1ef5315be487f2c21eade374734763b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\PctutuEQ\bin\Release\EQCommUI.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/EQSandBox.exe.tmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 740KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/EQSandBoxUI.dll.tmp
.dll windows:5 windows x86 arch:x86

aef909a93cac46b02353322b3315f0cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\PctutuEQ\bin\Release\EQSandBoxUI.pdb

Imports

ws2_32

WSACloseEvent
ioctlsocket
WSAIoctl
connect
inet_ntoa
WSAStartup
recvfrom
inet_addr
WSARecv
WSASend
select
WSAGetLastError
htons
WSAEventSelect
ntohs
getsockname
shutdown
sendto
WSACleanup
recv
bind
socket
WSACreateEvent
closesocket
gethostbyname
listen

kernel32

SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
GetTickCount
QueryPerformanceCounter
FormatMessageA
InterlockedExchange
DisableThreadLibraryCalls
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
LocalFree
CreateThread
WaitNamedPipeW
WriteFile
Sleep
ReadFile
CreateFileW
GetOverlappedResult
GetLastError
CloseHandle
WaitForSingleObject
SetEvent
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
CreateEventW
FreeLibrary
InterlockedIncrement
GetQueuedCompletionStatus
InterlockedDecrement
GetCurrentProcess
LoadLibraryW
RaiseException
GetProcAddress
CreateIoCompletionPort
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapSize
GetModuleFileNameA
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
HeapReAlloc
VirtualAlloc
VirtualFree
GetUserDefaultLCID
GetModuleHandleA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WaitForMultipleObjects
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
GetCPInfo
RtlUnwind
LCMapStringA
LCMapStringW
HeapAlloc
HeapCreate
HeapDestroy

user32

MsgWaitForMultipleObjects
ScreenToClient
GetWindowRect
GetWindowDC
IsZoomed
GetParent
CallNextHookEx
EnumWindows
SetPropW
InflateRect
SetRect
GetWindowLongW
ReleaseDC
GetDesktopWindow
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
GetPropW
GetWindowThreadProcessId
MoveWindow

gdi32

MoveToEx
LineTo
DeleteObject
CreatePen
SelectObject

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Exports

Exports

EQInit
EQUnInit

Sections

.text
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EQSandBo
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/EQService.exe.tmp
.exe windows:5 windows x86 arch:x86

0d12da6dbfacf4fe839748fa777d6d41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\PctutuEQ\bin\Release\EQService.pdb

Imports

kernel32

WriteFile
OpenProcess
GetSystemDirectoryW
TerminateThread
CopyFileW
SizeofResource
TerminateProcess
FileTimeToSystemTime
CreateFileW
ResetEvent
LockResource
CreateEventW
DeviceIoControl
FreeEnvironmentStringsW
GetCurrentProcessId
WaitNamedPipeW
ReadFile
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
WaitForMultipleObjects
GetVersion
GetLongPathNameW
ExpandEnvironmentStringsW
InterlockedDecrement
GetCurrentDirectoryW
SetLastError
GetFileSize
FreeLibrary
VirtualFree
VirtualAlloc
DuplicateHandle
DosDateTimeToFileTime
SetEvent
SystemTimeToFileTime
SetFileTime
GetFileType
SetFileAttributesW
InterlockedIncrement
GetQueuedCompletionStatus
RaiseException
CreateIoCompletionPort
HeapFree
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
GetEnvironmentStringsW
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
ReleaseMutex
FindNextFileW
GetLocalTime
FindClose
WaitForSingleObject
CreateDirectoryW
FindFirstFileW
GlobalFree
lstrlenW
GetProcAddress
LoadLibraryW
GlobalAlloc
LoadLibraryExW
lstrcmpiW
GetModuleFileNameW
GetVersionExW
GetCommandLineW
DeleteCriticalSection
HeapSize
InitializeCriticalSection
CloseHandle
SetProcessWorkingSetSize
SetConsoleCtrlHandler
EnterCriticalSection
GetLastError
LeaveCriticalSection
GetCurrentProcess
CreateMutexW
CreateThread
LocalFree
OutputDebugStringA
GetCurrentThreadId
MultiByteToWideChar
Sleep
WideCharToMultiByte
FormatMessageA
GetModuleHandleW
GetComputerNameW
HeapAlloc
HeapDestroy
InterlockedExchange
SetFilePointer
HeapCreate
TlsFree
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
IsDebuggerPresent

user32

wsprintfW
EndPaint
FillRect
LoadStringW
LoadStringA
DispatchMessageW
OpenWindowStationW
SetThreadDesktop
TranslateMessage
CloseDesktop
OpenDesktopW
CloseWindowStation
GetMessageW
SetProcessWindowStation
GetUserObjectInformationW
OpenInputDesktop
DefWindowProcW
UpdateWindow
RegisterClassW
CreateWindowExW
FrameRect
ShowWindow
SetLayeredWindowAttributes
GetDesktopWindow
BeginPaint
GetClientRect
LoadCursorW
DrawIconEx
DrawTextW
MsgWaitForMultipleObjects
CharLowerW
LoadImageW

gdi32

CreateCompatibleDC
SetMapMode
CreateCompatibleBitmap
SetTextColor
DeleteDC
SetBkColor
SetBkMode
DeleteObject
SelectObject
ExtTextOutW
CreateFontW
CreateSolidBrush
BitBlt

advapi32

OpenServiceW
GetUserNameW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegisterServiceCtrlHandlerW
UnlockServiceDatabase
RegOpenKeyExW
SetServiceStatus
StartServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

CommandLineToArgvW
SHGetFolderPathW

shlwapi

PathRemoveArgsW
PathFileExistsW
PathMakePrettyW
PathParseIconLocationW
PathFindExtensionW
PathFindFileNameW
PathCanonicalizeW
PathAddBackslashW
PathSkipRootW
PathAddExtensionW
PathAppendW

ws2_32

listen
gethostbyname
closesocket
WSACreateEvent
socket
bind
recv
WSACleanup
sendto
shutdown
getsockname
ntohs
WSAEventSelect
htons
WSAGetLastError
select
WSASend
WSARecv
inet_addr
recvfrom
WSAStartup
inet_ntoa
connect
WSAIoctl
ioctlsocket
WSACloseEvent

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_3_/EQShellUI.dll.tmp
.dll regsvr32 windows:5 windows x86 arch:x86

d9f2f9c532f1a421610f6af9730cf16f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
gethostbyname
listen
inet_addr
WSACloseEvent
ioctlsocket
WSAIoctl
connect
inet_ntoa
WSAStartup
recvfrom
WSARecv
WSASend
select
WSAGetLastError
htons
WSAEventSelect
ntohs
getsockname
shutdown
sendto
WSACleanup
recv
bind
socket
WSACreateEvent

kernel32

EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
OutputDebugStringA
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
GetCurrentThreadId
lstrcpynA
WideCharToMultiByte
lstrcpynW
LocalFree
FormatMessageA
CreateProcessW
GetCurrentProcessId
DeleteFileW
SetFileAttributesW
IsValidLocale
GetFileSize
CloseHandle
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
SetLastError
GetCurrentDirectoryW
SetFilePointer
GetFileType
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime
WriteFile
Sleep
GetOverlappedResult
WaitNamedPipeW
SetEvent
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
GetQueuedCompletionStatus
LoadLibraryW
CreateIoCompletionPort
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
HeapSize
HeapReAlloc
InterlockedExchange
HeapFree
HeapAlloc
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetModuleHandleA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
VirtualAlloc
VirtualFree
GetCPInfo
LCMapStringW
LCMapStringA
HeapDestroy

user32

MsgWaitForMultipleObjects
LoadBitmapW
InsertMenuW
CreatePopupMenu
SetMenuItemBitmaps
CharLowerW
CharNextW

gdi32

DeleteObject

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

DragQueryFileW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

shlwapi

PathRemoveArgsW
PathCanonicalizeW
PathAddExtensionW
PathFindExtensionW
PathFindFileNameW
PathParseIconLocationW
PathSkipRootW
PathAppendW
PathAddBackslashW
PathMakePrettyW
PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/EQSysSecure.default.tmp
$_3_/EQSysSecure.exe.tmp
.exe windows:5 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 1.1MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 853KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lltafvru
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aymmsays
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$_3_/EQSysSecure.sys.tmp
.sys windows:5 windows x86 arch:x86

b7e13463a214b93d58bc06e50ecf4b1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\PctutuEQ\bin\Release\EQSysSecure_SYS.pdb

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
ZwCreateFile
IoFreeIrp
KeSetEvent
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
InterlockedIncrement
ExFreePool
KeWaitForSingleObject
SeCreateAccessState
IoGetFileObjectGenericMapping
KeGetCurrentThread
IoAllocateIrp
ExAllocatePoolWithTag
KeInitializeEvent
ObInsertObject
ObCreateObject
IoFileObjectType
RtlInitUnicodeString
memcpy
memset
IofCallDriver
IoGetRelatedDeviceObject
IoFreeMdl
KeClearEvent
PsSetCreateProcessNotifyRoutine
KeInitializeMutex
KeReleaseMutex
memmove
_wcsnicmp
ZwQueryObject
InterlockedExchange
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
InitSafeBootMode
PsGetVersion
PsGetCurrentProcessId
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
wcsncpy
wcschr
_wcsicmp
wcsrchr
IoGetTopLevelIrp
RtlUpcaseUnicodeChar
ZwAllocateVirtualMemory
RtlTimeToTimeFields
KeQuerySystemTime
_stricmp
ZwReadFile
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ProbeForRead
_except_handler3
ProbeForWrite
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ObOpenObjectByPointer
PsProcessType
IoGetCurrentProcess
MmIsAddressValid
ObReferenceObjectByName
IoDriverObjectType
_snprintf
strncmp
strncpy
ZwQueryValueKey
ZwOpenKey
ObQueryNameString
ObfDereferenceObject
MmGetPhysicalAddress
KeAddSystemServiceTable
PsInitialSystemProcess
KeDelayExecutionThread
KeSetAffinityThread
InterlockedDecrement
RtlCompareUnicodeString
KeInitializeSpinLock
wcsncat
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
ExInitializeResourceLite
ExDeleteResourceLite
ZwQuerySystemInformation
ZwQueryInformationProcess
PsLookupProcessByProcessId
KeUnstackDetachProcess
KeStackAttachProcess
ZwQueryVolumeInformationFile
RtlVolumeDeviceToDosName
ObfReferenceObject
IoGetDeviceObjectPointer
RtlCompareString
RtlInitString
MmGetSystemRoutineAddress
PsTerminateSystemThread
KeResetEvent
PsCreateSystemThread
ZwRestoreKey
ZwDeviceIoControlFile
ZwSetSystemTime
ZwRequestWaitReplyPort
ZwOpenProcess
ZwSetSystemInformation
ZwOpenSection
ZwLoadDriver
ZwCreateSection
ZwWriteFile
ZwTerminateProcess
LpcPortObjectType
KeGetPreviousMode
swprintf
PsGetCurrentThreadId
ZwQuerySection
ZwOpenThread
RtlCopyUnicodeString
wcsncmp
ZwQueryInformationFile
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
ZwQueryKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwDeleteValueKey
ZwDeleteKey
ZwCreateKey
ZwSetValueKey
ZwSetInformationFile
ZwQueryDirectoryFile
ZwFreeVirtualMemory
tolower
MmMapLockedPages
ZwClose
IoCreateDevice
IoAttachDeviceToDeviceStack
IoDetachDevice
KeServiceDescriptorTable
IoDeleteDevice

hal

ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/EQSysSecure.xml.tmp
$_3_/EQUpdate.exe.tmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_3_/dbghelp.dll.tmp
.dll windows:5 windows x86 arch:x86

42cfa6142c38112bdaffa05fb22db82e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

__dllonexit
_wcsicmp
wcsncpy
wcscmp
wcsncmp
__CxxFrameHandler
_wsplitpath
_wcsnicmp
towlower
__unDName
fclose
wcstol
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
_mbsnbcpy
fflush
_iob
_wmakepath
wcsrchr
wcscpy
_wcsdup
ftell
_wgetenv
_mbsicmp
_access
_fullpath
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_onexit
_chsize
_close
_get_osfhandle
_open_osfhandle
_winminor
_winmajor
_mbscmp
_memicmp
wcsncat
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
time
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
_strnicmp
isxdigit
wcslen
sprintf
strrchr
strncpy
_except_handler3
_splitpath
_stricmp
strchr
_lseeki64
wprintf

kernel32

GetFileType
Sleep
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateFileMappingW
LCMapStringW
GetDriveTypeW
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
GetDriveTypeA
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemInfo
GetVersionExW
GetProcessHeap
SuspendThread
ResumeThread
GetThreadContext
VirtualQueryEx
LoadLibraryW
TerminateThread
SetEndOfFile
GetThreadSelectorEntry
MapViewOfFileEx
FlushViewOfFile
TlsSetValue
CreateThread

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/eq_eng.cfg.tmp
$_3_/lang/$_3_/uninst.exe
.exe windows:4 windows x86 arch:x86

48815f256b99e9e5b31546e652c07562

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
CheckDlgButton
SetCursor
LoadCursorA
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsSCM.dll
.dll windows:4 windows x86 arch:x86

cae3b41a07819ca715746a4d081b8a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CreateServiceA
StartServiceA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CloseServiceHandle

kernel32

GlobalFree
GetLastError
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

Exports

Exports

Install
QueryStatus
Remove
Start
Stop

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_3_/lang/eng.zip
.zip
Buy.bmp
EQSandBox.xml
EQService.xml
EQSysSecure.xml
Logo.gif
.gif

Sharing

General

Malware Config

Signatures

Files

48815f256b99e9e5b31546e652c07562

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 4KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

cae3b41a07819ca715746a4d081b8a6c

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 650B

.data Size: 512B - Virtual size: 28B

.reloc Size: 512B - Virtual size: 284B

56358d20545d4421146bef4c9b9b9841

Headers

File Characteristics

Imports

dbghelp

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 650B

.data
Size: 512B - Virtual size: 28B

.reloc
Size: 512B - Virtual size: 284B

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 740KB

UPX1
Size: 253KB - Virtual size: 256KB

.rsrc
Size: 21KB - Virtual size: 24KB

.text
Size: 587KB - Virtual size: 586KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 15KB - Virtual size: 152KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 66KB - Virtual size: 65KB

.text
Size: 485KB - Virtual size: 485KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 15KB - Virtual size: 23KB

EQSandBo
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 62KB - Virtual size: 61KB