b170f2ee2968017621af9db45c23e0eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b170f2ee2968017621af9db45c23e0eb_JaffaCakes118
Size

1.5MB
MD5

b170f2ee2968017621af9db45c23e0eb
SHA1

369f1f24ce11666182f745ff78d614ce022f0989
SHA256

9a67728480e547d6b73e643a6e4f84891ef40bcbbe1bd050e536295fb02b23bb
SHA512

c6983f4ef52d97f4b3c64207e868adc5a2d47a428785cd21ddea42ad8816a7bc91c9d4cfc10a6eb87f64f960158b059a42537949e5a9592ccf7b23c998f4bfee
SSDEEP

24576:S2IGnRPWX4ob2n/8yzkiK26jQohW9DCn8db4wl6mEk1Qy7QSi4dptIXrrQ3BQDqz:zIGnRgSkyzdKtjQunfA3ZZNdp8ABQg

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
b170f2ee2968017621af9db45c23e0eb_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/WebMediaPlayer.exe
unpack001/sqlite3.dll
unpack001/uninst.exe
unpack003/$PLUGINSDIR/LangDLL.dll
unpack003/$PLUGINSDIR/UserInfo.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

b170f2ee2968017621af9db45c23e0eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd532a76f1d9d3c9d8a995c2bc18d129

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
SearchPathA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
lstrcpyA
CreateProcessW
lstrcatW
lstrcpyW
lstrlenW
GetVersionExA
CreateFileW
GetSystemDirectoryW
ReleaseMutex
GlobalFindAtomA
CreateMutexA
GlobalAddAtomA
GlobalDeleteAtom
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetLastError
FindFirstFileW
WideCharToMultiByte
TerminateThread
GetExitCodeThread
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
RemoveDirectoryA
MulDiv

user32

EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
SetClipboardData
CharLowerA
CharLowerW
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
SetWindowPos
IsWindowEnabled
SetClassLongA
GetSystemMenu
EnableMenuItem
CloseClipboard
IsWindowVisible
CallWindowProcA
LoadBitmapA
GetMessagePos
PeekMessageA
CheckDlgButton
GetWindowRect
ScreenToClient
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
DialogBoxParamA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
CoInitializeSecurity

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
DeleteUrlCacheEntry
InternetOpenA
InternetOpenUrlA

msvcrt

free
rand
srand
time
strchr
sprintf
memcpy
strncmp
malloc
strncat
realloc
_except_handler3
strstr
memset

oleaut32

VariantClear

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
WebMediaPlayer.exe
.exe windows:4 windows x86 arch:x86

aa635818fbd9b9d98e52b4a496daed6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
HttpSendRequestA
InternetReadFile
InternetSetOptionA
InternetConnectA
InternetSetStatusCallback
InternetOpenA
HttpQueryInfoA
InternetOpenUrlA
InternetGetConnectedState
HttpOpenRequestA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mfc42

ord3640
ord686
ord693
ord384
ord6242
ord2100
ord4243
ord3754
ord6197
ord6215
ord3753
ord3797
ord3138
ord5148
ord4694
ord3996
ord2862
ord1168
ord2096
ord1642
ord3293
ord5981
ord939
ord2763
ord3742
ord818
ord6453
ord6379
ord3874
ord4287
ord3619
ord1270
ord1232
ord3721
ord795
ord2116
ord4133
ord4297
ord2152
ord4129
ord5683
ord5710
ord1949
ord501
ord773
ord1083
ord5607
ord2762
ord5773
ord5442
ord5600
ord2919
ord3180
ord4277
ord922
ord2135
ord4034
ord433
ord4033
ord4160
ord4402
ord6283
ord4204
ord5856
ord940
ord2575
ord4396
ord3574
ord609
ord2302
ord6199
ord4226
ord1948
ord2396
ord3346
ord5300
ord5303
ord2726
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord817
ord565
ord3692
ord1233
ord1768
ord5791
ord3706
ord3318
ord4673
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3738
ord815
ord561
ord668
ord2621
ord1134
ord1980
ord3181
ord3178
ord2781
ord2770
ord356
ord6007
ord3998
ord2645
ord1200
ord1106
ord6378
ord6380
ord3286
ord798
ord1997
ord5465
ord5194
ord533
ord5575
ord4284
ord4299
ord2688
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord1105
ord1795
ord2078
ord2860
ord2582
ord3370
ord470
ord472
ord5788
ord5875
ord2381
ord755
ord682
ord3630
ord4400
ord535
ord924
ord2915
ord5572
ord2379
ord283
ord2452
ord4275
ord2089
ord567
ord656
ord3573
ord3610
ord4424
ord1776
ord6055
ord3402
ord5290
ord354
ord5186
ord1979
ord6385
ord2393
ord665
ord2614
ord1228
ord926
ord858
ord5787
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord1146
ord2864
ord2859
ord1641
ord323
ord1640
ord5785
ord640
ord2414
ord3663
ord3626
ord3571
ord6449
ord823
ord2818
ord4202
ord2764
ord941
ord861
ord537
ord860
ord4710
ord5953
ord4234
ord825
ord324
ord540
ord641
ord800
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord1576
ord4278

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_purecall
malloc
strtoul
_ismbcspace
memmove
_mbsinc
_mbsstr
strchr
strtok
strncpy
abs
_except_handler3
time
sprintf
free
realloc
_CxxThrowException
_ftol
strcmp
strlen
strcpy
strrchr
strcat
memcpy
strstr
memset
wcslen
atof
atol
atoi
_mbscmp
__CxxFrameHandler
_ltoa
_stricmp
_iob
fprintf
_setmbcp

kernel32

LocalReAlloc
CreateThread
WriteFile
MulDiv
GlobalLock
GlobalUnlock
LocalFree
GetSystemDirectoryA
LocalAlloc
GetFileSize
GlobalAlloc
ReadFile
CloseHandle
GetWindowsDirectoryA
CreateDirectoryA
GlobalFree
GetTickCount
GetLastError
DeleteFileA
CreateMutexA
ReleaseMutex
MultiByteToWideChar
InterlockedDecrement
lstrlenA
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
Sleep
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
GetStartupInfoA
LocalSize
GetModuleHandleA
lstrcmpA
WaitForSingleObject
ResumeThread
GetExitCodeThread
SystemTimeToTzSpecificLocalTime
GetModuleFileNameA
GetUserDefaultLangID
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileAttributesExA
GetVersionExA
GlobalAddAtomA
GlobalDeleteAtom
GlobalFindAtomA
CreateProcessA
GetTempPathA
FindClose
FindFirstFileA
SetLastError
GetCurrentProcess
GetProcAddress
LoadLibraryA
lstrcpyA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
FreeLibrary
GetSystemDefaultLangID
OpenFileMappingA
SetCurrentDirectoryA
GetCurrentDirectoryA
LoadLibraryExA
CopyFileA
MoveFileA
lstrcpynA
WideCharToMultiByte
SetThreadAffinityMask
CreateFileA
GetCurrentThread

user32

GetClassInfoA
DefWindowProcA
GetScrollBarInfo
FillRect
wsprintfA
LoadIconA
GetSystemMetrics
SetWindowRgn
LoadCursorA
GetFocus
ReleaseCapture
SetCapture
PtInRect
GetClientRect
GetWindowDC
OffsetRect
FrameRect
GetParent
GetWindowRect
InvalidateRect
IsWindow
PostMessageA
GrayStringA
DrawTextA
TabbedTextOutA
GetDC
ChildWindowFromPoint
IsWindowVisible
ReleaseDC
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
EnableWindow
ScreenToClient
GetIconInfo
CreateIconIndirect
DestroyIcon
CopyIcon
GetSysColor
DestroyCursor
LoadImageA
SetCursor
AttachThreadInput
PostThreadMessageA
KillTimer
SetTimer
DrawIcon
IsIconic
ShowCursor
ShowWindow
SetForegroundWindow
GetCursorPos
AppendMenuA
CreatePopupMenu
SendMessageA

gdi32

CreateBitmap
SetTextColor
LineTo
MoveToEx
CreatePen
GetTextMetricsA
SetBkColor
SetBkMode
StretchBlt
GetTextExtentPoint32A
SetTextJustification
CreateHalftonePalette
CreatePalette
GetDIBColorTable
ExtCreateRegion
AddFontResourceA
RemoveFontResourceA
CreateFontA
SelectObject
CreateCompatibleBitmap
DeleteObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetStockObject
RealizePalette
CreateDIBSection
DeleteDC
GetDeviceCaps
CreateRectRgn
Polygon
CreateSolidBrush
CreateCompatibleDC
BitBlt
CreateFontIndirectA
GetObjectA
Escape

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetImageCount
_TrackMouseEvent
ImageList_GetIcon

ole32

CoInitializeEx
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

olepro32

ord251

oleaut32

SysAllocString
SysStringLen
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear

iphlpapi

GetIfEntry
GetAdaptersInfo

tapi32

lineInitialize
lineNegotiateAPIVersion
lineOpenA
lineGetNewCalls
lineShutdown
lineGetCallInfoA

sqlite3

sqlite3_get_table
sqlite3_close
sqlite3_exec
sqlite3_free_table
sqlite3_open

shlwapi

StrTrimA
PathFileExistsA

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

aqppugkr
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r2jg9ptt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
resources/languages_v2.xml
.xml
resources/webmedias
skins/classic.skn
.zip
fonts/font1.ttf
fonts/font1b.ttf
gfx/ColumnHeaderLeft.bmp
gfx/ColumnHeaderLeftDown.bmp
gfx/ColumnHeaderLeftOver.bmp
gfx/ColumnHeaderRight.bmp
gfx/ColumnHeaderRightDown.bmp
gfx/ColumnHeaderRightOver.bmp
gfx/ColumnHeaderSpan.bmp
gfx/ColumnHeaderSpanDown.bmp
gfx/ColumnHeaderSpanInactive.bmp
gfx/ColumnHeaderSpanOver.bmp
gfx/bkApp.bmp
gfx/btClose.bmp
gfx/btCloseOver.bmp
gfx/btFullMode.bmp
gfx/btFullMode2.bmp
gfx/btFullModeOver.bmp
gfx/btFullModeOver2.bmp
gfx/btFullModeOverPun.bmp
gfx/btFullModePun.bmp
gfx/btHScrollLeft.bmp
gfx/btHScrollRight.bmp
gfx/btHScrollThumb.bmp
gfx/btMenuChecked.bmp
gfx/btMenuCheckedOver.bmp
gfx/btMenuNormal.bmp
gfx/btMenuNotChecked.bmp
gfx/btMenuNotCheckedOver.bmp
gfx/btMenuOver.bmp
gfx/btMenuResetText.bmp
gfx/btMenuResetTextOver.bmp
gfx/btMinimize.bmp
gfx/btMinimizeOver.bmp
gfx/btMute.bmp
gfx/btMuteOver.bmp
gfx/btMuteValid.bmp
gfx/btMuteValidOver.bmp
gfx/btOnTop.bmp
gfx/btOnTopOver.bmp
gfx/btOnTopValid.bmp
gfx/btOnTopValidOver.bmp
gfx/btReduire.bmp
gfx/btReduireSurvole.bmp
gfx/btSendToFriend.bmp
gfx/btSendToFriendOver.bmp
gfx/btSmallMode.bmp
gfx/btSmallModeOver.bmp
gfx/btSmallModeOverPun.bmp
gfx/btSmallModePun.bmp
gfx/btVScrollDown.bmp
gfx/btVScrollDownOver.bmp
gfx/btVScrollThumb.bmp
gfx/btVScrollThumbOver.bmp
gfx/btVScrollUp.bmp
gfx/btVScrollUpOver.bmp
gfx/btWebRadioRepos.bmp
gfx/btWebRadioValid.bmp
gfx/btWebTvRepos.bmp
gfx/btWebTvValid.bmp
gfx/listCheck.bmp
gfx/listWebMedias.bmp
gfx/onIdle.wmv
gfx/sldVolumeNormal.bmp
gfx/sldVolumeOver.bmp
gfx/sldVolumeValid.bmp
gfx/titleBarSmallMode.bmp
skin.xml
.xml
templates/staticSearch.tpl
templates/styles.css
templates/tooltipResults.tpl
templates/wmpInfos.tpl
templates/wmpStatus.tpl
sqlite3.dll
.dll windows:4 windows x86 arch:x86

cd4a5c39f36662a6a2f5167f71af9796

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LockFile
LockFileEx
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

_iob
atof
atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memset
realloc
sprintf
strcat
strcmp
strcpy
strncmp
strncpy
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_data_count
sqlite3_db_handle
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_prepare
sqlite3_prepare16
sqlite3_progress_handler
sqlite3_reset
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_snprintf
sqlite3_step
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vmprintf

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 448B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

bd532a76f1d9d3c9d8a995c2bc18d129

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
SearchPathA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
lstrcpyA
CreateProcessW
lstrcatW
lstrcpyW
lstrlenW
GetVersionExA
CreateFileW
GetSystemDirectoryW
ReleaseMutex
GlobalFindAtomA
CreateMutexA
GlobalAddAtomA
GlobalDeleteAtom
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetLastError
FindFirstFileW
WideCharToMultiByte
TerminateThread
GetExitCodeThread
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
RemoveDirectoryA
MulDiv

user32

EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
SetClipboardData
CharLowerA
CharLowerW
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
SetWindowPos
IsWindowEnabled
SetClassLongA
GetSystemMenu
EnableMenuItem
CloseClipboard
IsWindowVisible
CallWindowProcA
LoadBitmapA
GetMessagePos
PeekMessageA
CheckDlgButton
GetWindowRect
ScreenToClient
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
DialogBoxParamA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
CoInitializeSecurity

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
DeleteUrlCacheEntry
InternetOpenA
InternetOpenUrlA

msvcrt

free
rand
srand
time
strchr
sprintf
memcpy
strncmp
malloc
strncat
realloc
_except_handler3
strstr
memset

oleaut32

VariantClear

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Signatures

Files

bd532a76f1d9d3c9d8a995c2bc18d129

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

wininet

msvcrt

oleaut32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 109KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 7KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 264B

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 741B

.rdata Size: 1024B - Virtual size: 657B

.data Size: 512B - Virtual size: 85B

.reloc Size: 512B - Virtual size: 154B

aa635818fbd9b9d98e52b4a496daed6c

Headers

File Characteristics

Imports

wininet

version

mfc42

msvcrt

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 109KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 264B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 657B

.data
Size: 512B - Virtual size: 85B

.reloc
Size: 512B - Virtual size: 154B

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 232KB - Virtual size: 232KB

aqppugkr
Size: 127KB - Virtual size: 128KB

r2jg9ptt
Size: 4KB - Virtual size: 4KB

.text
Size: 241KB - Virtual size: 240KB

.data
Size: 512B - Virtual size: 248B

.bss
Size: - Virtual size: 448B

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

.stab
Size: 6KB - Virtual size: 6KB

.stabstr
Size: 5KB - Virtual size: 5KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 109KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 7KB