b2693994cd5d5a795fc9be332bca4cb8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2693994cd5d5a795fc9be332bca4cb8_JaffaCakes118
Size

1.0MB
MD5

b2693994cd5d5a795fc9be332bca4cb8
SHA1

888ece6a3ff04ffb02f4308b662080de545b50e2
SHA256

099ca6e20c1924ff9a1170b06be097373d3940d84c4ca06ab83534cc7d8f7cd5
SHA512

bfc0c08014120dc50f21ebd22177cd11fdac561805b6f1f0964359380231bf394ba263e4c92dba08227333118b4b8f5b5cab3f5718fc9ab66fa462a5674ef72d
SSDEEP

24576:iUTgNWTQQbqYGqMtHN5UgJdRpPIwUTUrYdNF8RDN00S:iUTgNWMQ8qcHNKQdRpAf8RDpS

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AudioFilePro.dll
unpack001/SkinPro.dll
unpack001/SoundLrcsh.dll
unpack001/lame_enc.dll
unpack001/ٸ.exe

Files

b2693994cd5d5a795fc9be332bca4cb8_JaffaCakes118
.zip
AudioFilePro.dll
.dll windows:5 windows x86 arch:x86

9d54b2a1f40516ee502e306f669d1360

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\RunImage\语音处理\AudioFilePro.pdb

Imports

kernel32

FlushFileBuffers
GetCurrentProcess
lstrlenA
HeapFree
HeapAlloc
GetCommandLineA
HeapReAlloc
Sleep
ExitProcess
RtlUnwind
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FormatMessageW
GetModuleHandleA
WritePrivateProfileStringW
GlobalFlags
GlobalFindAtomW
LoadLibraryA
GetVersionExA
SetErrorMode
lstrlenW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
LocalFree
LocalAlloc
GlobalAddAtomW
GetCurrentProcessId
GetLastError
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedExchange
lstrcmpW
FreeLibrary
GetModuleHandleW
GetProcAddress
GlobalReAlloc
CloseHandle
GlobalHandle
GlobalFree
GlobalUnlock
CreateFileW
ReadFile
GlobalAlloc
WriteFile
GlobalLock
SetFilePointer
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetFileInformationByHandle
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar

user32

GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
ClientToScreen
ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
IsWindow
GetWindowTextW
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
MessageBoxW
GetActiveWindow
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
DestroyMenu
RemovePropW
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
SendMessageW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
PostMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor

ole32

CoInitialize

shlwapi

PathFindFileNameW
PathFindExtensionW

wmvcore

WMCreateSyncReader

msacm32

acmFormatSuggest
acmMetrics
acmStreamUnprepareHeader
acmStreamSize
acmStreamClose
acmStreamPrepareHeader
acmStreamConvert
acmStreamOpen

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

GetClipBox
SetTextColor
SetBkColor
DeleteObject
GetDeviceCaps
SaveDC
RestoreDC
SetMapMode
GetStockObject
DeleteDC
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

oleaut32

VariantInit
VariantChangeType
VariantClear

Exports

Exports

MediaFile_Interface

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sample.MP3
Sample.lrc
SkinPro.dll
.dll windows:4 windows x86 arch:x86

9c51a1d97e7992203ece4536fb057d55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord800
ord609
ord2614
ord540
ord567
ord4275
ord860
ord2379
ord755
ord3874
ord470
ord2864
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord2405
ord2754
ord6021
ord1640
ord323
ord5785
ord5781
ord5875
ord2860
ord2982
ord4353
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord6467
ord2859
ord4220
ord2584
ord3654
ord2438
ord2455
ord1644
ord6270
ord3619
ord2753
ord2713
ord1949
ord1176
ord3643
ord394
ord696
ord909
ord5628
ord4185
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord3089
ord5290
ord826
ord269
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord1795
ord1168
ord1146
ord1641
ord6320
ord5597
ord823
ord996
ord2867
ord6242
ord715
ord2414
ord3626
ord3663
ord825
ord415
ord4284
ord3571

msvcrt

_except_handler3
?terminate@@YAXXZ
free
_onexit
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_initterm
_strcmpi
_mbscmp
__CxxFrameHandler
__dllonexit

kernel32

LocalFree
LocalAlloc

user32

PtInRect
DrawIconEx
CallWindowProcA
SetWindowLongA
GetSystemMetrics
GetWindowRect
GetDC
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowDC
ReleaseDC
PostMessageA
SetCapture
IsZoomed
GetWindowRgn
GetClientRect
CopyRect
SetWindowRgn
GetFocus
ReleaseCapture
GetSysColor
LoadBitmapA
EnumChildWindows
InvalidateRect
UpdateWindow
SendMessageA
SetWindowTextA
GetClassNameA
RemoveMenu
EnableMenuItem
SetRect
UnionRect
GetSystemMenu
GetMenuItemCount
GetWindowLongA
SetWindowPos
GetMenuItemID
ShowWindow
SystemParametersInfoA
MoveWindow
IsWindow
IsWindowVisible
IsRectEmpty
EqualRect
OffsetRect
GetParent
SetRectEmpty

gdi32

GetMapMode
CreateCompatibleDC
BitBlt
SelectClipRgn
PtInRegion
GetDIBits
CombineRgn
CreateCompatibleBitmap
GetViewportExtEx
GetWindowExtEx
CreateRectRgn
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
SetBkColor
SelectObject
SetPixelV
CreateFontA
GetPixel
PtVisible
GetObjectA
DeleteObject

comctl32

_TrackMouseEvent

msimg32

TransparentBlt

Exports

Exports

SkinPro_Interface

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoundLrcsh.dll
.dll windows:4 windows x86 arch:x86

8f9932312c988367af579dea2ff1c038

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6061
ord5864
ord3596
ord3663
ord640
ord2414
ord2753
ord800
ord537
ord6172
ord5789
ord5875
ord2754
ord6021
ord5785
ord1641
ord1640
ord323
ord2859
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord5759
ord2982
ord3147
ord5571
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord1146
ord4284
ord2864
ord6467
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2971
ord3626
ord3619
ord3571
ord1168
ord354
ord5579
ord5736
ord5678
ord5794
ord5873
ord6189
ord4330
ord6186
ord5756
ord3259
ord6192
ord5186
ord3318
ord823
ord5442
ord1979
ord665
ord3953
ord825

msvcrt

_adjust_fdiv
rand
sprintf
_ftol
qsort
fclose
strncmp
atof
atol
strrchr
strchr
fgets
fopen
__dllonexit
_onexit
free
_initterm
malloc
__CxxFrameHandler
??1type_info@@UAE@XZ

kernel32

LocalFree
GetModuleHandleA
GetTickCount
GetComputerNameA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc

user32

TabbedTextOutA
SendMessageA
GetDC
CopyRect
GrayStringA
DrawTextA
ReleaseDC
LoadCursorA
SetCursor
ClipCursor
DestroyWindow
CreateDialogParamA
GetDlgItem
LoadIconA
GetClientRect
SetWindowPos
GetWindowRect
ShowWindow
PostMessageA
IsWindow
ClientToScreen

gdi32

BitBlt
CreateFontA
GetWindowExtEx
GetMapMode
CreateCompatibleBitmap
CreateCompatibleDC
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A

shell32

DragFinish
StrStrIA
DragQueryFileA

winmm

timeGetTime

Exports

Exports

SoundLrcsh_Interface

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lame_enc.dll
.dll windows:4 windows x86 arch:x86

6c9a4903d39434de5426fb0c342408d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetModuleFileNameA
OutputDebugStringA
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLastError
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ReadFile
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
RaiseException
FlushFileBuffers
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
RtlUnwind
SetEndOfFile

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

beCloseStream
beDecodeChunk
beDeinitStream
beEncodeChunk
beEncodeChunkFloatS16NI
beExitDecoder
beFlushNoGap
beGetMP3Info
beInitDecoder
beInitStream
beVersion
beWriteInfoTag
beWriteVBRHeader
lame_close
lame_encode_buffer_interleaved
lame_encode_flush
lame_get_in_samplerate
lame_get_num_channels
lame_get_num_samples
lame_get_out_samplerate
lame_get_scale
lame_get_scale_left
lame_get_scale_right
lame_init
lame_init_params
lame_mp3_tags_fid
lame_set_in_samplerate
lame_set_num_channels
lame_set_num_samples
lame_set_out_samplerate
lame_set_scale
lame_set_scale_left
lame_set_scale_right

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ٸ.exe
.exe windows:4 windows x86 arch:x86

58a9c78aadd5775ab0643ef95435b7b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord800
ord2864
ord540
ord5290
ord5277
ord4284
ord2379
ord5053
ord5981
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord5773
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2514
ord2621
ord1200
ord1134
ord641
ord793
ord809
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord324
ord4234
ord3402
ord3719
ord1146
ord2976
ord556
ord2370
ord2302
ord6197
ord6378
ord6380
ord2915
ord4224
ord6215
ord2642
ord3092
ord1779
ord1105
ord1088
ord2122
ord2086
ord4160
ord2863
ord2818
ord537
ord6385
ord6153
ord3790
ord6334
ord755
ord470
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord356
ord6199
ord6358
ord4694
ord4476
ord4055
ord2582
ord4402
ord3370
ord3640
ord693
ord3996
ord6905
ord6904
ord3716
ord790
ord6111
ord3546
ord4133
ord4297
ord5788
ord472
ord1783
ord2513
ord293
ord2938
ord858
ord4278
ord6663
ord535
ord926
ord922
ord3081
ord2985
ord3262
ord1576
ord3136
ord4465
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord1776
ord4078
ord6055
ord1795
ord1168
ord1641
ord823
ord6242
ord2414
ord5597
ord715
ord3663
ord3626
ord6021
ord2754
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord323
ord1640
ord5785
ord2405
ord640
ord4275
ord567
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord5583
ord3830
ord825
ord415
ord860
ord3571

msvcrt

__CxxFrameHandler
_setmbcp
rand
time
strcmp
strcpy
cos
memcpy
memset
_ftol
memmove
sprintf
strlen
memcmp
_splitpath
_makepath
strcat
_stricmp
abs
atoi
strstr
_strupr
_mbscmp
srand
sin
sqrt
strchr
_strrev
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
GetExitCodeThread
TerminateThread
CreateThread
IsBadReadPtr
IsBadWritePtr
CreateDirectoryA
GetFileAttributesA
FindFirstFileA
FindClose
MultiByteToWideChar
GetVersionExA
lstrcpyA
SetEvent
CreateEventA
ResetEvent
WaitForMultipleObjectsEx
WaitForSingleObject
GetTempPathA
GetSystemDirectoryA
GetLocalTime
GetModuleFileNameA
SetCurrentDirectoryA
CloseHandle
CreateMutexA
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
Sleep
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetComputerNameA
GetStartupInfoA

user32

DrawIcon
UnregisterHotKey
KillTimer
GetWindowRect
GetSystemMenu
AppendMenuA
RegisterHotKey
SetTimer
PostMessageA
SetForegroundWindow
LoadIconA
EnableWindow
GrayStringA
DrawTextA
InvalidateRect
SetFocus
TabbedTextOutA
GetSystemMetrics
ReleaseDC
GetNextDlgTabItem
ClientToScreen
WindowFromPoint
SetCursor
SetRect
SystemParametersInfoA
IsRectEmpty
LoadCursorA
LoadBitmapA
GetDC
FillRect
PostThreadMessageA
SendMessageA
GetSysColor
GetParent
GetClientRect
CopyRect
IsIconic

gdi32

TextOutA
ExtTextOutA
Escape
CreateSolidBrush
SetPixelV
DeleteDC
SelectObject
SetBkMode
CreateCompatibleBitmap
SetTextColor
CreateFontA
RectVisible
GetMapMode
GetWindowExtEx
GetViewportExtEx
CreateCompatibleDC
BitBlt
PtVisible
SetBkColor
GetStockObject
GetTextExtentPointA
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

DragQueryFileA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA
StrStrIA
DragFinish
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoUninitialize
CoCreateInstance

msimg32

TransparentBlt

dsound

ord11
ord6

winmm

timeGetTime

skinpro

SkinPro_Interface

ws2_32

inet_addr
ntohl
WSACleanup
gethostbyname
WSAStartup
closesocket
shutdown
recv
__WSAFDIsSet
select
bind
setsockopt
htons
socket
send
connect

audiofilepro

MediaFile_Interface

soundlrcsh

SoundLrcsh_Interface

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
˵.txt
.url
.url

Sharing

General

Malware Config

Signatures

Files

9d54b2a1f40516ee502e306f669d1360

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

shlwapi

wmvcore

msacm32

oleacc

gdi32

winspool.drv

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 68KB - Virtual size: 83KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 31KB - Virtual size: 31KB

9c51a1d97e7992203ece4536fb057d55

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

msimg32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 128KB - Virtual size: 125KB

.reloc Size: 4KB - Virtual size: 2KB

8f9932312c988367af579dea2ff1c038

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

winmm

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

6c9a4903d39434de5426fb0c342408d7

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 20KB - Virtual size: 361KB

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 68KB - Virtual size: 83KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 31KB - Virtual size: 31KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 128KB - Virtual size: 125KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 20KB - Virtual size: 361KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 80KB - Virtual size: 77KB