b5d6eb767c7ac630ea57f27e3a7ebd52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5d6eb767c7ac630ea57f27e3a7ebd52_JaffaCakes118
Size

2.1MB
MD5

b5d6eb767c7ac630ea57f27e3a7ebd52
SHA1

9271fef3c437c137d59ece7b50a6bff9ef3e85f5
SHA256

9d1f96ea8046b1ddfdb32cef65790b7a07bbfa2828f821300acb8e3109aaa7c1
SHA512

e47da2c3f9d1d15ecf3576b56d88e1e641bab17275876da7f78722ff03cbd0e25a7958eba8963a6b40b11a64df02c4e1fef1c89bdd09d140b78c735351e44ef1
SSDEEP

49152:v3xr+lWJZ+SHnSy1mJEb4cFqy9E5PX3Ucq/k7KQKWFps2f:f1KwZPnjmmb4c5E1Ucq/FQKWXX

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/htmlayout.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/htmlayout.dll	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
b5d6eb767c7ac630ea57f27e3a7ebd52_JaffaCakes118
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/Popup.exe
unpack001/TurboClient.exe
unpack001/htmlayout.dll
unpack002/out.upx
unpack001/uninstall.exe
unpack003/$PLUGINSDIR/LangDLL.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsDialogs.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

b5d6eb767c7ac630ea57f27e3a7ebd52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Popup.exe
.exe windows:5 windows x86 arch:x86

c7fcf99b18e2d872b52a011f94fefc91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\GFI\TurboGames\trunk\Output\Win32\Release\Popup.pdb

Imports

htmlayout

HTMLayout_UseElement
HTMLayout_UnuseElement
HTMLayoutSetAttributeByName
HTMLayoutUpdateWindow
HTMLayoutSetScrollPos
HTMLayoutGetScrollInfo
HTMLayoutShowPopup
HTMLayoutRequestElementData
HTMLayoutHidePopup
HTMLayoutSortElements
HTMLayoutControlGetType
HTMLayoutGetElementHtml
HTMLayoutLoadHtmlEx
HTMLayoutHttpRequest
HTMLayoutCombineURL
ValueStringData
ValueToString
ValueIntDataSet
HTMLayoutPostEvent
HTMLayoutScrollToView
HTMLayoutInsertElement
HTMLayoutGetNthChild
HTMLayoutGetElementInnerText16
HTMLayoutGetElementType
HTMLayoutCreateElement
HTMLayoutGetChildrenCount
HTMLayoutGetElementIndex
HTMLayoutSetElementHtml
HTMLayoutSetCapture
HTMLayoutGetStyleAttribute
HTMLayoutGetGraphin
ValueIntData
HTMLayoutUpdateElementEx
ValueNthElementValue
ValueStringDataSet
ValueGetValueOfKey
HTMLayoutSelectElementsW
ValueElementsCount
ValueFloatData
HTMLayoutSetTimer
ValueClear
HTMLayoutSetElementState
HTMLayoutControlSetValue
ValueInit
HTMLayoutGetElementState
ValueCopy
HTMLayoutControlGetValue
HTMLayoutGetParentElement
HTMLayoutIsElementVisible
HTMLayoutSelectParent
HTMLayoutSendEvent
HTMLayoutCallBehaviorMethod
HTMLayoutGetElementHwnd
HTMLayoutIsElementEnabled
HTMLayoutDataReady
HTMLayoutLoadHtml
HTMLayoutSetCallback
HTMLayoutGetMinHeight
HTMLayoutGetMinWidth
HTMLayoutProcND
HTMLayoutDetachElement
HTMLayoutDeleteElement
HTMLayoutSetElementInnerText16
HTMLayoutGetElementLocation
HTMLayoutUpdateElement
HTMLayoutSelectElements
HTMLayoutVisitElements
HTMLayoutGetRootElement
HTMLayoutSetStyleAttribute
HTMLayoutGetAttributeByName
HTMLayoutWindowAttachEventHandler

winmm

timeGetTime

wininet

HttpQueryInfoA
InternetGetLastResponseInfoA

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
WriteFile
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetCPInfo
LCMapStringW
LCMapStringA
FindFirstFileA
GetDriveTypeA
FindClose
GetCurrentThreadId
ExitThread
SetFilePointer
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
CreateDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
InterlockedDecrement
InterlockedIncrement
FormatMessageA
ExpandEnvironmentStringsA
GetTickCount
GetModuleHandleA
GetStdHandle
GetFileType
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
GetLastError
ReleaseMutex
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
FindResourceW
IsDebuggerPresent
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
CreateFileA
GetFileSize
CloseHandle
WideCharToMultiByte
GetLocalTime
SetFileAttributesA
OutputDebugStringA
RaiseException
TerminateProcess
GetCurrentProcess
lstrlenA
WaitForSingleObject
Sleep
CreateThread
WaitForMultipleObjects
PeekNamedPipe
ReadFile
SetLastError
SleepEx
SetEvent
ResetEvent
CreateEventA
SetStdHandle
GetFullPathNameA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
FreeLibrary

user32

GetDoubleClickTime
GetGUIThreadInfo
IsWindow
MessageBeep
SendMessageA
ReleaseCapture
GetDlgCtrlID
MessageBoxW
GetFocus
GetParent
DrawTextW
DefWindowProcA
MapWindowPoints
UpdateWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DestroyWindow
GetWindowRect
SetWindowLongA
MessageBoxA
PostQuitMessage
TranslateMessage
GetSystemMetrics
GetMessageW
DispatchMessageW
PostMessageA
PtInRect
GetWindowLongA
ShowWindow

gdi32

GetTextAlign
SetTextAlign
ExtCreatePen
MoveToEx
LineTo
DeleteObject
Ellipse
SelectObject
GetTextColor

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitialize

wldap32

ord22
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord46
ord41
ord27
ord301
ord33
ord79
ord211
ord200

ws2_32

getaddrinfo
recvfrom
accept
listen
WSASetLastError
__WSAFDIsSet
select
ioctlsocket
freeaddrinfo
socket
connect
setsockopt
getsockopt
htons
bind
WSAGetLastError
WSACleanup
WSAStartup
ntohs
getsockname
send
recv
closesocket
sendto

Sections

.text
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TurboClient.exe
.exe windows:5 windows x86 arch:x86

cd745aaf8750f402b2b095ea7c0b7a3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\GFI\TurboGames\trunk\Output\Win32\TurboGames Release\TurboClient.pdb

Imports

htmlayout

HTMLayoutUpdateWindow
HTMLayoutSetScrollPos
HTMLayoutGetScrollInfo
HTMLayoutHidePopup
HTMLayoutShowPopup
HTMLayoutRequestElementData
HTMLayoutSortElements
ValueIntData
HTMLayoutControlGetType
HTMLayoutGetElementHtml
ValueStringDataSet
HTMLayoutLoadHtmlEx
HTMLayoutHttpRequest
HTMLayoutGetStyleAttribute
HTMLayoutCombineURL
ValueStringData
ValueToString
ValueIntDataSet
HTMLayoutPostEvent
HTMLayoutScrollToView
HTMLayoutGetElementType
HTMLayoutGetElementIndex
HTMLayoutSetElementHtml
HTMLayoutSetCapture
ValueClear
HTMLayoutControlSetValue
ValueInit
HTMLayoutGetElementState
ValueCopy
HTMLayoutControlGetValue
HTMLayoutSelectParent
HTMLayoutSendEvent
HTMLayoutGetElementHwnd
HTMLayoutIsElementEnabled
HTMLayoutDataReady
HTMLayoutLoadHtml
HTMLayoutSetCallback
HTMLayoutGetMinHeight
HTMLayoutGetMinWidth
HTMLayoutProcND
HTMLayoutCallBehaviorMethod
HTMLayoutDetachElement
HTMLayoutInsertElement
HTMLayoutCreateElement
HTMLayoutIsElementVisible
HTMLayoutSetTimer
HTMLayoutSetElementState
HTMLayoutDeleteElement
HTMLayoutSetElementInnerText16
HTMLayoutGetElementInnerText16
HTMLayoutGetElementLocation
HTMLayoutUpdateElement
HTMLayoutSelectElements
HTMLayoutVisitElements
HTMLayoutGetRootElement
HTMLayoutSetStyleAttribute
HTMLayoutGetParentElement
HTMLayoutGetNthChild
HTMLayoutGetChildrenCount
HTMLayoutGetAttributeByName
HTMLayoutSetAttributeByName
HTMLayout_UnuseElement
HTMLayout_UseElement
HTMLayoutWindowAttachEventHandler

winmm

timeGetTime

wininet

InternetQueryOptionA
HttpQueryInfoA
InternetGetConnectedState
InternetGetLastResponseInfoA

winhttp

WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCloseHandle

kernel32

GetStringTypeW
GetStringTypeA
GetFullPathNameA
SetStdHandle
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
VirtualAlloc
VirtualFree
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
LCMapStringW
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
FindFirstFileA
GetDriveTypeA
FindClose
ExitThread
GetFileInformationByHandle
FileTimeToSystemTime
HeapReAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
UnhandledExceptionFilter
CreateDirectoryA
ExpandEnvironmentStringsA
GetTickCount
FreeLibrary
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
GetLastError
ReleaseMutex
GetProcAddress
LoadLibraryA
LocalFree
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
FindResourceW
IsDebuggerPresent
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
CreateFileA
GetFileSize
CloseHandle
GetLocalTime
WriteFile
lstrlenA
OutputDebugStringA
RaiseException
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileTime
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
lstrcpyA
GlobalMemoryStatus
SetFilePointer
lstrcatA
CreateProcessA
GetVersionExA
GetModuleHandleA
lstrcmpiA
SetFileAttributesA
TerminateProcess
CreateMailslotA
GetMailslotInfo
GlobalAlloc
ReadFile
GlobalFree
lstrcpynA
GetFileAttributesA
WaitForSingleObject
OpenProcess
GetExitCodeProcess
Sleep
WideCharToMultiByte
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetUnhandledExceptionFilter
FormatMessageA
IsBadStringPtrA
CreateThread
DeleteFileA
RemoveDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
ResetEvent
SetEvent
SleepEx
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
GetCommandLineW
GetProcessHeap
CreateEventA

user32

wvsprintfA
wsprintfA
MessageBoxA
GetParent
GetFocus
MessageBoxW
GetDlgCtrlID
ReleaseCapture
SendMessageA
MessageBeep
DrawTextW
InsertMenuA
CreatePopupMenu
GetCursorPos
PostQuitMessage
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DestroyWindow
GetWindowRect
SetWindowLongA
SetForegroundWindow
IsWindowVisible
GetWindowLongA
PtInRect
PostMessageA
DispatchMessageW
GetMessageW
UpdateWindow
SetActiveWindow
DefWindowProcA
MapWindowPoints
SetTimer
GetSystemMetrics
TranslateMessage
ShowWindow
TrackPopupMenu

gdi32

SetTextAlign
GetTextAlign

advapi32

RegSetValueExA
RegOpenKeyExW
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExW

shell32

ShellExecuteW
ShellExecuteExA
Shell_NotifyIconA
CommandLineToArgvW

dbghelp

MiniDumpWriteDump
SymGetTypeInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wldap32

ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord41
ord46

ws2_32

WSAStartup
closesocket
recv
WSAGetLastError
getsockname
ntohs
bind
htons
getsockopt
setsockopt
connect
socket
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
WSASetLastError
__WSAFDIsSet
select
ioctlsocket
WSACleanup
send

Sections

.text
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
htmlayout.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?HTMLayoutEnumResourcesEx@@YGIPAUHWND__@@P6GHPBGPBDPBEKPAX@ZPAPAX@Z
HTMLayoutAnimateElement
HTMLayoutAppendMasterCSS
HTMLayoutAttachEventHandler
HTMLayoutAttachEventHandlerEx
HTMLayoutCallBehaviorMethod
HTMLayoutClassNameA
HTMLayoutClassNameW
HTMLayoutClearAttributes
HTMLayoutClipboardCopy
HTMLayoutCloneElement
HTMLayoutCombineURL
HTMLayoutCommitUpdates
HTMLayoutControlGetType
HTMLayoutControlGetValue
HTMLayoutControlSetValue
HTMLayoutCreateElement
HTMLayoutDataReady
HTMLayoutDataReadyAsync
HTMLayoutDeclareElementType
HTMLayoutDeleteElement
HTMLayoutDetachElement
HTMLayoutDetachEventHandler
HTMLayoutDialog
HTMLayoutElementGetExpando
HTMLayoutElementSetExpando
HTMLayoutEnumElementStyles
HTMLayoutEnumResources
HTMLayoutEnumerate
HTMLayoutFindElement
HTMLayoutGetAttributeByName
HTMLayoutGetAttributeCount
HTMLayoutGetCharacterRect
HTMLayoutGetChildrenCount
HTMLayoutGetElementByUID
HTMLayoutGetElementHtml
HTMLayoutGetElementHwnd
HTMLayoutGetElementIndex
HTMLayoutGetElementInnerText
HTMLayoutGetElementInnerText16
HTMLayoutGetElementIntrinsicHeight
HTMLayoutGetElementIntrinsicWidths
HTMLayoutGetElementLocation
HTMLayoutGetElementState
HTMLayoutGetElementText
HTMLayoutGetElementType
HTMLayoutGetElementUID
HTMLayoutGetFocusElement
HTMLayoutGetGraphin
HTMLayoutGetMinHeight
HTMLayoutGetMinWidth
HTMLayoutGetNthAttribute
HTMLayoutGetNthChild
HTMLayoutGetParentElement
HTMLayoutGetRootElement
HTMLayoutGetScrollInfo
HTMLayoutGetSelectedHTML
HTMLayoutGetStyleAttribute
HTMLayoutHidePopup
HTMLayoutHttpRequest
HTMLayoutInit
HTMLayoutInsertElement
HTMLayoutIsElementEnabled
HTMLayoutIsElementVisible
HTMLayoutLoadFile
HTMLayoutLoadHtml
HTMLayoutLoadHtmlEx
HTMLayoutMoveElement
HTMLayoutMoveElementEx
HTMLayoutParseValue
HTMLayoutPostEvent
HTMLayoutProc
HTMLayoutProcND
HTMLayoutProcW
HTMLayoutProcessUIEvent
HTMLayoutRangeAdvancePos
HTMLayoutRangeCreate
HTMLayoutRangeFromPositions
HTMLayoutRangeFromSelection
HTMLayoutRangeInsertHtml
HTMLayoutRangeIsEmpty
HTMLayoutRangeRelease
HTMLayoutRangeReplace
HTMLayoutRangeToHtml
HTMLayoutRender
HTMLayoutRenderElement
HTMLayoutRequestElementData
HTMLayoutScrollToView
HTMLayoutSelectElements
HTMLayoutSelectElementsW
HTMLayoutSelectParent
HTMLayoutSelectParentW
HTMLayoutSelectionExist
HTMLayoutSendEvent
HTMLayoutSetAttributeByName
HTMLayoutSetCSS
HTMLayoutSetCallback
HTMLayoutSetCapture
HTMLayoutSetDataLoader
HTMLayoutSetElementHtml
HTMLayoutSetElementInnerText
HTMLayoutSetElementInnerText16
HTMLayoutSetElementState
HTMLayoutSetEventRoot
HTMLayoutSetHttpHeaders
HTMLayoutSetMasterCSS
HTMLayoutSetMediaType
HTMLayoutSetMode
HTMLayoutSetOption
HTMLayoutSetScrollPos
HTMLayoutSetStyleAttribute
HTMLayoutSetTimer
HTMLayoutSetTimerEx
HTMLayoutSetupDebugOutput
HTMLayoutShowPopup
HTMLayoutShowPopupAt
HTMLayoutSortElements
HTMLayoutSwapElements
HTMLayoutTrackPopupAt
HTMLayoutTranslateMessage
HTMLayoutTraverseUIEvent
HTMLayoutUpdateElement
HTMLayoutUpdateElementEx
HTMLayoutUpdateView
HTMLayoutUpdateWindow
HTMLayoutVisitElements
HTMLayoutWindowAttachEventHandler
HTMLayoutWindowDetachEventHandler
HTMLayout_UnuseElement
HTMLayout_UseElement
HTMLiteAdvanceFocus
HTMLiteAttachEventHandler
HTMLiteCreateInstance
HTMLiteDestroyInstance
HTMLiteDetachEventHandler
HTMLiteFindElement
HTMLiteGetDocumentMinHeight
HTMLiteGetDocumentMinWidth
HTMLiteGetElementHTMLITE
HTMLiteGetFocusElement
HTMLiteGetNextFocusable
HTMLiteGetRootElement
HTMLiteGetTag
HTMLiteLoadHtmlFromFile
HTMLiteLoadHtmlFromMemory
HTMLiteMeasure
HTMLiteRender
HTMLiteRenderOnBitmap
HTMLiteSetCallback
HTMLiteSetDataReady
HTMLiteSetDataReadyAsync
HTMLiteSetMediaType
HTMLiteSetTag
HTMLiteTraverseUIEvent
HTMPrintCreateInstance
HTMPrintDestroyInstance
HTMPrintGetDocumentHeight
HTMPrintGetDocumentMinWidth
HTMPrintGetRootElement
HTMPrintGetTag
HTMPrintLoadHtmlFromFile
HTMPrintLoadHtmlFromFileW
HTMPrintLoadHtmlFromMemory
HTMPrintMeasure
HTMPrintRender
HTMPrintSetDataReady
HTMPrintSetHyperlinkAreaCallback
HTMPrintSetLoadDataCallback
HTMPrintSetMediaType
HTMPrintSetNextPageCallback
HTMPrintSetTag
ValueBinaryData
ValueBinaryDataSet
ValueClear
ValueCompare
ValueCopy
ValueElementsCount
ValueFloatData
ValueFloatDataSet
ValueFromString
ValueGetValueOfKey
ValueInit
ValueInt64Data
ValueInt64DataSet
ValueIntData
ValueIntDataSet
ValueInvoke
ValueNthElementKey
ValueNthElementValue
ValueNthElementValueSet
ValueSetValueToKey
ValueStringData
ValueStringDataSet
ValueToString
ValueType
_HTMLayoutUrlEscape@16
_HTMLayoutUrlUnescape@12
_HTMLiteGetElementByUID@12
_HTMPrintSetCallback@12
_ValueEnumElements@12
_ValueIsolate@4

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
popres/game.jpg
.jpg
popres/hover_buy.png
.png
popres/hover_download.png
.png
popres/hover_x.png
.png
popres/norm_buy.png
.png
popres/norm_download.png
.png
popres/norm_x.png
.png
popres/popup.htm
.html
popres/popupsm.htm
.html
popres/press_buy.png
.png
popres/press_download.png
.png
popres/press_x.png
.png
popres/window.png
.png
res/banner.png
.png
res/banner.swf
res/bt_buy.png
.png
res/bt_buy_active.png
.png
res/bt_buy_active_eng.png
.png
res/bt_buy_eng.png
.png
res/bt_close.jpg
.jpg
res/bt_close_hover.jpg
.jpg
res/bt_del.png
.png
res/bt_del_disable.png
.png
res/bt_del_press.png
.png
res/bt_help.png
.png
res/bt_help_hover.png
.png
res/bt_m_buy.png
.png
res/bt_m_buy_eng.png
.png
res/bt_m_buy_over.png
.png
res/bt_m_buy_over_eng.png
.png
res/bt_m_down.png
.png
res/bt_m_down_eng.png
.png
res/bt_m_down_over.png
.png
res/bt_m_down_over_eng.png
.png
res/bt_m_play.png
.png
res/bt_m_play_eng.png
.png
res/bt_m_play_over.png
.png
res/bt_m_play_over_eng.png
.png
res/bt_minimize.jpg
.jpg
res/bt_minimize_hover.jpg
.jpg
res/bt_play.png
.png
res/bt_play_active.png
.png
res/bt_play_active_eng.png
.png
res/bt_play_eng.png
.png
res/bt_reg.png
.png
res/bt_reg_eng.png
.png
res/bt_reg_hover.png
.png
res/bt_reg_hover_eng.png
.png
res/bt_tab_game.png
.png
res/bt_tab_game_active.png
.png
res/bt_tab_game_hover.png
.png
res/bt_tab_mygames.png
.png
res/bt_tab_mygames_active.png
.png
res/bt_tab_mygames_hover.png
.png
res/bt_tab_new.png
.png
res/bt_tab_new_hover.png
.png
res/bt_tab_top.png
.png
res/bt_tab_top_hover.png
.png
res/bt_tab_vip.png
.png
res/bt_tab_vip_hover.png
.png
res/btpr_m_down_empty.png
.png
res/btpr_m_down_full.png
.png
res/btpr_m_pause_empty.png
.png
res/btpr_m_pause_full.png
.png
res/button-back-active.png
.png
res/button-back-hover.png
.png
res/button-back.png
.png
res/default_eng.htm
.html
res/default_rus.htm
.html
res/game.jpg
.jpg
res/game1.png
.png
res/game2.png
.png
res/game3.png
.png
res/game4.png
.png
res/game5.png
.png
res/hover_vip.png
.png
res/loading_16.png
.png
res/logo.png
.png
res/normal_vip.png
.png
res/novinka.png
.png
res/novinka_eng.png
.png
res/prog_empty.png
.png
res/prog_full.png
.png
res/res_eng.txt
res/res_rus.txt
res/ta.gif
.gif
res/windows.png
.png
uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 19KB - Virtual size: 19KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

c7fcf99b18e2d872b52a011f94fefc91

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

htmlayout

winmm

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

wldap32

ws2_32

Sections

.text Size: 377KB - Virtual size: 377KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 27KB - Virtual size: 26KB

cd745aaf8750f402b2b095ea7c0b7a3f

Headers

DLL Characteristics

File Characteristics

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 19KB - Virtual size: 19KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 377KB - Virtual size: 377KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 27KB - Virtual size: 26KB

.text
Size: 443KB - Virtual size: 442KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 7KB - Virtual size: 25KB

.rsrc
Size: 31KB - Virtual size: 30KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 740KB - Virtual size: 740KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 188KB - Virtual size: 184KB

.data
Size: 148KB - Virtual size: 157KB

.rsrc
Size: 48KB - Virtual size: 46KB

.reloc
Size: 88KB - Virtual size: 87KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 19KB - Virtual size: 19KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB