ae4d8039236e575abd5370d37714e1f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae4d8039236e575abd5370d37714e1f5_JaffaCakes118
Size

1.5MB
MD5

ae4d8039236e575abd5370d37714e1f5
SHA1

c447779502bbf9be0d3f5478ea09e1e9d5bb3601
SHA256

dce005c449bd0eee02e4150d329fa12e914f1cf7926a7142433ae9779cb9fd16
SHA512

199f8aecfc723151563047636a9cfe7e2b27795be83b3ead83c42599e1e1983b2302fa88bd690f5d2b3684610dde8fc2a2e0848236d065b0684e409ee1000ae1
SSDEEP

24576:i/pCzrKG5MUwEhuq0jA6zJ1AzA0O5kJifKidRbMdYfOJ5wSpOyLE+D60P7:0Czr95lhLoA6z8EPkIfKij8E+D62

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/acbsetup.exe
unpack002/$PLUGINSDIR/CloseAcooBrowser.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/AcooBrowser.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/acbsetup.exe	nsis_installer_1

Files

ae4d8039236e575abd5370d37714e1f5_JaffaCakes118
.rar
acbsetup.exe
.exe windows:4 windows x86 arch:x86

c1d02edd28ce94e699431ce65bed28ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CloseHandle
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CloseAcooBrowser.dll
.dll windows:4 windows x86 arch:x86

b207b02b1cd4ee4ca47cd8127ba124f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetVersionExW
lstrcmpiA
IsDBCSLeadByte
Sleep
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LoadLibraryExA
InterlockedExchange
LoadLibraryA
GetCPInfo
GetOEMCP
IsBadCodePtr
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
ExitProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadReadPtr

user32

GetSysColor
SendMessageTimeoutA
CharNextA
RegisterWindowMessageA
GetClassNameA
EnumWindows
IsWindow
PostMessageA

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

SHDeleteKeyA

Exports

Exports

CloseApp
IsUnicodeOS
RestoreDefaultBrowser

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
PtInRect
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
OpenClipboard

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
AcooBrowser.exe
.exe windows:4 windows x86 arch:x86

f543016eb5456277639e30767606bdc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\output\abrowser\AcooBrowserU.pdb

Imports

kernel32

SetFileAttributesA
GetFileAttributesA
FileTimeToSystemTime
GetTempPathA
CreateDirectoryA
CopyFileA
CreateProcessA
FormatMessageA
CreateMutexA
ReleaseMutex
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
SetEnvironmentVariableA
CompareStringA
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
GetOEMCP
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
DeleteFileA
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStartupInfoA
GetStdHandle
SetHandleCount
VirtualProtect
HeapSize
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetCPInfo
GetFullPathNameW
GetStartupInfoW
CreateThread
ExitThread
HeapReAlloc
RtlUnwind
GetVersionExA
TerminateThread
ResetEvent
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
GetTempPathW
GetWindowsDirectoryW
GetSystemDirectoryW
DuplicateHandle
GetFileAttributesW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
FormatMessageW
SetLastError
WinExec
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLangID
CreateMutexW
ExitProcess
WaitForSingleObject
GetTempFileNameW
WaitForMultipleObjects
TryEnterCriticalSection
SetEvent
CreateEventW
CopyFileW
GlobalSize
LockResource
GetCommandLineW
FindResourceW
LoadResource
SizeofResource
GetExitCodeThread
Beep
Sleep
CreateDirectoryW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
lstrcpyA
GetCurrentDirectoryW
ExpandEnvironmentStringsW
OutputDebugStringW
SetFilePointer
IsDebuggerPresent
CreateProcessW
GlobalMemoryStatus
GetFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
IsBadStringPtrW
CompareStringW
GetFileType
GlobalFree
GlobalAddAtomW
GlobalDeleteAtom
LocalAlloc
LocalFree
GetFileSize
ReadFile
lstrcatW
InterlockedDecrement
InterlockedIncrement
MulDiv
FreeLibrary
GlobalAlloc
RaiseException
GlobalLock
GlobalUnlock
CreateFileW
WideCharToMultiByte
lstrcpynA
GetLastError
DeleteFileW
WriteFile
lstrcmpiW
GetSystemInfo
GetModuleHandleA
GetCurrentProcessId
LoadLibraryExA
LoadLibraryW
LoadLibraryA
lstrcmpiA
WriteProcessMemory
VirtualQuery
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
CloseHandle
GetModuleHandleW
LoadLibraryExW
GetProcAddress
MoveFileW
SetErrorMode
lstrcmpW
GetTickCount
GetProfileIntW
GetSystemTimeAsFileTime
lstrlenA
lstrcpyW
MultiByteToWideChar
HeapFree
GetModuleFileNameW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrlenW
lstrcpynW
GetCurrentThreadId
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsValidLocale

user32

WindowFromPoint
wvsprintfW
CreateDialogParamW
GetDlgItemInt
SetDlgItemInt
DispatchMessageW
TranslateMessage
MessageBoxW
SetForegroundWindow
GetMenuStringW
DefFrameProcW
GetMessageW
SetParent
FillRect
DrawEdge
SendMessageW
AppendMenuW
GetMenuItemCount
DestroyMenu
TranslateMDISysAccel
GetClassInfoExW
wsprintfW
WindowFromDC
IsZoomed
SetWindowPlacement
FrameRect
CharLowerW
LoadBitmapW
GetMenuDefaultItem
GetSystemMenu
DrawFrameControl
TrackPopupMenu
IsRectEmpty
DragDetect
WaitMessage
WaitForInputIdle
RegisterClipboardFormatW
FindWindowW
CopyIcon
GetMenu
LoadCursorW
SetWindowTextW
IsCharAlphaNumericW
CharUpperBuffW
ValidateRect
FindWindowExW
UnregisterHotKey
RegisterHotKey
SetWindowRgn
SetClipboardData
IsClipboardFormatAvailable
GetClipboardData
SendMessageTimeoutW
UnpackDDElParam
ReuseDDElParam
GetWindowThreadProcessId
GetDialogBaseUnits
GetMessagePos
GetScrollRange
SetMenu
DrawAnimatedRects
GetNextDlgTabItem
GetScrollInfo
SetWindowPos
GetClientRect
ClientToScreen
IsWindowVisible
SetFocus
IsChild
UnregisterClassW
CreatePopupMenu
BeginPaint
EndPaint
GetDC
ReleaseDC
SetRect
GetSysColor
RegisterClassExW
CreateWindowExW
MessageBeep
GetSubMenu
RegisterWindowMessageW
SetCursor
GetKeyState
EnableMenuItem
CallWindowProcW
GetParent
PostMessageW
KillTimer
SetTimer
DialogBoxParamW
GetActiveWindow
CreateAcceleratorTableW
CopyAcceleratorTableW
LoadIconW
SetWindowLongW
ScrollWindowEx
SetScrollInfo
SetScrollPos
GetScrollPos
CopyRect
GetDoubleClickTime
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
LoadAcceleratorsW
LoadMenuW
DefMDIChildProcW
CharNextW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRgn
DeleteMenu
EnumChildWindows
LoadImageW
MapVirtualKeyW
GetAsyncKeyState
GetMenuState
CheckMenuItem
AdjustWindowRectEx
GetForegroundWindow
GetMenuItemID
LoadStringA
PostQuitMessage
LoadStringW
LockWindowUpdate
TranslateAcceleratorW
GetWindowPlacement
InsertMenuW
SetActiveWindow
GetLastActivePopup
BringWindowToTop
keybd_event
GetTopWindow
RedrawWindow
IsIconic
GetWindowDC
OffsetRect
SetRectEmpty
TrackPopupMenuEx
SetMenuItemInfoW
GetMenuItemInfoW
ModifyMenuW
InsertMenuItemW
DestroyCursor
RemoveMenu
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetAncestor
DrawFocusRect
GetSysColorBrush
PtInRect
GetDlgCtrlID
UpdateWindow
SetClassLongW
GetClassLongW
GetWindow
EndDialog
SystemParametersInfoW
DrawTextW
EnableWindow
GetClassNameW
SetDlgItemTextW
DestroyWindow
InflateRect
IntersectRect
GetCursorPos
SetCapture
PeekMessageW
GetCapture
ReleaseCapture
ShowWindow
GetWindowRect
MoveWindow
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
MapWindowPoints
IsMenu
SetMenuDefaultItem
IsWindow
GetFocus
DrawIconEx
DrawStateW
GetUpdateRect
EqualRect
ScreenToClient
GetSystemMetrics
GetWindowLongW
DefWindowProcW
OpenClipboard
DestroyIcon
IsWindowEnabled
InvalidateRect
AttachThreadInput
DispatchMessageA
MessageBoxA
CreateDialogIndirectParamW
EnumWindows
GetMonitorInfoW
CharUpperW
UnregisterClassA
GetWindowLongA
RegisterWindowMessageA
RegisterClassA
SendMessageA
IsDialogMessageA
CreateWindowExA
DefWindowProcA
DestroyCaret
ScrollWindow
ToAscii
GetKeyboardState
VkKeyScanA
HideCaret
ShowCaret
SetCaretPos
CreateCaret
SetWindowTextA
PeekMessageA
CreateDialogParamA
SendDlgItemMessageA
SetDlgItemTextA
SetWindowLongA
DialogBoxParamA
CheckDlgButton
GetWindowTextLengthA
IsDlgButtonChecked
LoadCursorA
EmptyClipboard
CloseClipboard
GetKeyboardLayout
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW

gdi32

EndPath
StrokeAndFillPath
SetMapMode
GetBkColor
GetMapMode
GetTextExtentExPointW
GetTextExtentPoint32W
GetViewportOrgEx
SetBkColor
FillRgn
CreatePolygonRgn
CopyMetaFileW
ExtCreatePen
Ellipse
CreateFontW
PolyBezierTo
RoundRect
BitBlt
RestoreDC
SetBkMode
IntersectClipRect
SaveDC
SelectClipRgn
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetClipBox
PatBlt
SetWindowOrgEx
PathToRegion
StretchBlt
SelectPalette
RealizePalette
SelectObject
Polyline
GetObjectW
DeleteObject
GetStockObject
DeleteDC
CreatePen
CreateCompatibleDC
SetViewportOrgEx
CreateCompatibleBitmap
CreateRoundRectRgn
ExtTextOutW
OffsetWindowOrgEx
CreatePatternBrush
CreateBitmap
SetTextColor
Rectangle
CreateFontIndirectW
LineTo
MoveToEx
CreateSolidBrush
GetTextMetricsW
GetDeviceCaps
DPtoLP
LPtoDP
GetClipRgn
Polygon
CreatePalette
CreateDIBSection
GetPaletteEntries
TextOutW
BeginPath
SetAbortProc
StartDocA
EndDoc
StartPage
EndPage
GetTextExtentPoint32A
GetObjectA
GetBkMode
GetTextColor
GetCurrentObject
GetTextExtentExPointA
TextOutA
GetTextMetricsA
CreateFontIndirectA
CreateEllipticRgnIndirect
ExcludeClipRect
SetStretchBltMode
SetPolyFillMode
SetBrushOrgEx
GetDIBColorTable

comdlg32

PrintDlgA
PageSetupDlgA
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

CopySid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
RegSetKeySecurity
RegEnumValueW
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW
RegEnumKeyW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetLengthSid

shell32

SHGetFileInfoA
SHGetFolderLocation
Shell_NotifyIconW
SHAppBarMessage
ExtractIconExW
SHFileOperationW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW
DragFinish
DragQueryFileW
ShellExecuteA

ole32

DoDragDrop
OleGetClipboard
OleDuplicateData
CoTaskMemRealloc
CoTaskMemFree
CoRegisterClassObject
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CreateDataAdviseHolder
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCopy
OleLoadPicture
VarUI4FromStr
VarBstrCmp
SafeArrayCreateVector
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
VarCmp
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocString
VariantClear
VariantInit
SysFreeString
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayUnaccessData
SafeArrayAccessData

winmm

PlaySoundW

comctl32

ord17
ord8
ImageList_DrawIndirect
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Remove
CreateStatusWindowW
ImageList_GetImageInfo
ImageList_AddMasked
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIcon
ImageList_Draw
ImageList_Destroy
ImageList_GetIconSize

shlwapi

StrToIntW
UrlUnescapeA
PathCompactPathA
StrStrA
StrStrIA
SHDeleteKeyW

wininet

ReadUrlCacheEntryStream
UnlockUrlCacheEntryStream
InternetQueryOptionW
RetrieveUrlCacheEntryStreamW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetSetOptionW
GetUrlCacheEntryInfoW

imagehlp

ImageDirectoryEntryToData

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

UrlMkSetSessionOption
URLDownloadToFileW
CoInternetGetSession
URLDownloadToCacheFileW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/KillAd/killad.htm
.html .js polyglot
Plugins/KillAd/killad.ico
Plugins/KillAd/plugin.ini
Plugins/PaneSample/acoo.ico
Plugins/PaneSample/index.htm
.html
Plugins/PaneSample/plugin.ini
config/British English/SearchEngine.ini
config/Chinese Simplified/ActiveXFilters.ini
config/Chinese Simplified/AdFilters.ini
config/Chinese Simplified/Alias.ini
config/Chinese Simplified/DownloadManager.ini
.vbs
config/Chinese Simplified/ExtTools.ini
config/Chinese Simplified/Groups.ini
config/Chinese Simplified/SearchEngine.ini
config/Chinese Simplified/WebBasedServices.ini
config/Chinese Simplified/rssfail.htm
.html
config/Chinese Traditional/SearchEngine.ini
config/Chinese Traditional/WebBasedServices.ini
config/Croatian/ExtTools.ini
config/Croatian/Groups.ini
config/Croatian/SearchEngine.ini
config/Croatian/WebBasedServices.ini
config/Farsi/ExtTools.ini
config/Farsi/SearchEngine.ini
config/French/ExtTools.ini
config/German/Alias.ini
config/German/ExtTools.ini
config/German/Groups.ini
config/German/SearchEngine.ini
config/German/WebBasedServices.ini
config/Hungarian/ExtTools.ini
config/Hungarian/SearchEngine.ini
config/Italian/Alias.ini
config/Italian/ExtTools.ini
config/Italian/Groups.ini
config/Italian/SearchEngine.ini
config/Italian/WebBasedServices.ini
config/Japanese/ExtTools.ini
config/Korean/ExtTools.ini
config/Polish/SearchEngine.ini
config/Polish/WebBasedServices.ini
config/Portuguese Brazilian/Alias.ini
config/Portuguese Brazilian/ExtTools.ini
config/Portuguese Brazilian/Groups.ini
config/Portuguese Brazilian/SearchEngine.ini
config/Russian/Alias.ini
config/Russian/ExtTools.ini
config/Russian/Groups.ini
config/Russian/SearchEngine.ini
config/Russian/WebBasedServices.ini
config/Spanish/Alias.ini
config/defaults/ActiveXFilters.ini
config/defaults/AdFilters.ini
config/defaults/Alias.ini
config/defaults/DownloadManager.ini
.vbs
config/defaults/ExtTools.ini
config/defaults/Groups.ini
config/defaults/Popups.ini
config/defaults/SearchEngine.ini
config/defaults/WebBasedServices.ini
config/defaults/control.bmp
config/defaults/dict.ico
config/defaults/dict_h.ico
config/defaults/image.ico
config/defaults/image_h.ico
config/defaults/install.bmp
config/defaults/mp3.ico
config/defaults/mp3_h.ico
config/defaults/news.ico
config/defaults/news_h.ico
config/defaults/rssfail.htm
.html
config/defaults/rsstemplate.htm
.html
language/Arabic.lng
language/British English.lng
language/Chinese Simplified.lng
language/Chinese Traditional.lng
language/Croatian.lng
language/Dutch.lng
language/English.lng
language/Farsi.lng
language/French.lng
language/German.lng
language/Hebrew.lng
language/Hungarian.lng
language/Indonesian.lng
language/Italian.lng
language/Korean.lng
language/Polish.lng
language/Portuguese Brazilian.lng
language/Portuguese.lng
language/Russian.lng
language/Serbian Cyrillic.lng
language/Serbian.lng
language/Slovak.lng
language/Spanish.lng
language/Turkish.lng
language/ar.bmp
language/br.bmp
language/cn.bmp
language/de.bmp
language/en.bmp
language/es.bmp
language/fr.bmp
language/hr.bmp
language/hu.bmp
language/id.bmp
language/il.bmp
language/ir.bmp
language/it.bmp
language/kr.bmp
language/nl.bmp
language/pl.bmp
language/pt.bmp
language/ru.bmp
language/sk.bmp
language/sr.bmp
language/tr.bmp
language/uk.bmp
skins/Blue Moon/MainWindow.bmp
skins/Blue Moon/Toolbar.bmp
skins/Blue Moon/skin.xml
.xml
skins/Corona/MainWindow.bmp
skins/Corona/Toolbar.bmp
skins/Corona/skin.xml
.xml
skins/MacX/BarMark.bmp
skins/MacX/clips.bmp
skins/MacX/skin.xml
.xml
skins/NucleoX/MainWindow.bmp
skins/NucleoX/Toolbar.bmp
skins/NucleoX/skin.xml
.xml
skins/SkinVista/FrameVista.bmp
skins/SkinVista/skin.xml
.xml
skins/SkinVista/toolbar.bmp
sounds/adblocked.wav
sounds/popblocked.wav
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

c1d02edd28ce94e699431ce65bed28ec

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 10KB - Virtual size: 10KB

b207b02b1cd4ee4ca47cd8127ba124f4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 6KB - Virtual size: 5KB

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 994B

f543016eb5456277639e30767606bdc7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

comctl32

shlwapi

wininet

imagehlp

version

urlmon

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 994B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 360KB - Virtual size: 359KB

.data
Size: 40KB - Virtual size: 68KB

.rsrc
Size: 732KB - Virtual size: 731KB