bc669433a58e9fb99d6830d1f99af072_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc669433a58e9fb99d6830d1f99af072_JaffaCakes118
Size

251KB
MD5

bc669433a58e9fb99d6830d1f99af072
SHA1

13c9896fc841b1636a106f26195121793644e758
SHA256

61f46c164a8b149c26d7ab905d3c4893b647d8d17073cfd406ece493c7daa32c
SHA512

6d2efcacec59d713edcd72468b19d9d4378676f7b6995be69c812c8c666c4c7e246bdf55117c09eae245d166ff6b3ead52dedf94e212d8af152afc0321890ac7
SSDEEP

6144:gzr3t8YWjQEk+cJfjTothE0qawdXopGCYxaPFbq9GdxGa:IGGEk+cJkqrd0GV4PFm8XGa

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/62830930/ICQMenace/Resources/cw3220mt.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/62830930/ICQMenace/Resources/brcc32.exe	upx
static1/unpack001/62830930/ICQMenace/Resources/cw3220mt.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/62830930/ICQMenace/Resources/brcc32.exe
unpack001/62830930/ICQMenace/Resources/cw3220mt.dll
unpack003/out.upx

Files

bc669433a58e9fb99d6830d1f99af072_JaffaCakes118
.rar
62830930/Dll/ICQMenace.cfg
62830930/Dll/ICQMenace.dof
62830930/Dll/ICQMenace.dpr
62830930/Dll/ICQMenace.res
62830930/Dll/Main.pas
.js
62830930/Dll/xBase.pas
62830930/Help/D6OnHelpFix.pas
62830930/Help/D6OnHelpFix.txt
62830930/Help/hh.pas
62830930/Help/hh_doc.txt
62830930/Help/hh_funcs.pas
.js
62830930/ICQMenace/About.dfm
62830930/ICQMenace/About.pas
62830930/ICQMenace/ICQMenace.cfg
62830930/ICQMenace/ICQMenace.dof
62830930/ICQMenace/ICQMenace.dpr
62830930/ICQMenace/ICQMenace.res
62830930/ICQMenace/Main.dfm
62830930/ICQMenace/Main.pas
.js
62830930/ICQMenace/Options.dfm
62830930/ICQMenace/Options.pas
62830930/ICQMenace/PktHandlerLocal.pas
.js
62830930/ICQMenace/Resources.res
62830930/ICQMenace/Resources/Data/about.txt
62830930/ICQMenace/Resources/Data/list.bmp
62830930/ICQMenace/Resources/Data/tree.bmp
62830930/ICQMenace/Resources/Resources.rc
62830930/ICQMenace/Resources/brcc32.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
62830930/ICQMenace/Resources/compile_resources.bat
62830930/ICQMenace/Resources/cw3220mt.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@$badd$qpxcrx6string
@$bdele$qpv
@$bdiv$qdr7complex
@$bdiv$qr7complext1
@$bdla$qpv
@$blsh$qr7ostreamr3bcd
@$blsh$qr7ostreamr7complex
@$blsh$qr7ostreamrx6string
@$bmul$qr7complext1
@$bnew$qui
@$bnew$quipv
@$bnwa$qui
@$bnwa$quipv
@$brsh$qr7istreamr3bcd
@$brsh$qr7istreamr6string
@$brsh$qr7istreamr7complex
@TDiagBase@Message$qpxct1t1t1ul
@TDiagBase@Out
@TDiagBase@Output$qpxc
@TDiagBase@Trace$qpxct1t1ul
@TDiagBase@Warn$qpxct1t1ul
@TDiagGroupDef@Flags
@TDiagGroupDef@Name
@TDiagGroupDef@Trace$qucpxct2ul
@TDiagGroupDef@Warn$qucpxct2ul
@TRegexp@$basg$qpxc
@TRegexp@$basg$qrx7TRegexp
@TRegexp@$bctr$qpxc
@TRegexp@$bctr$qrx7TRegexp
@TRegexp@$bdtr$qv
@TRegexp@copy_pattern$qrx7TRegexp
@TRegexp@find$xqrx6stringpuiui
@TRegexp@gen_pattern$qpxc
@TRegexp@maxpat
@TRegexp@status$qv
@TStringRef@$bctr$qcui
@TStringRef@$bctr$qp11HINSTANCE__uii
@TStringRef@$bctr$qpxcuit1uiui
@TStringRef@$bdtr$qv
@TStringRef@check_freeboard$qv
@TStringRef@grow_to$qui
@TStringRef@read_to_delim$qr7istreamc
@TStringRef@read_token$qr7istream
@TStringRef@reserve$qui
@TStringRef@round_capacity$qui
@TStringRef@splice$quiuipxcui
@TSubString@$basg$qrx6string
@TSubString@$bcall$qui
@TSubString@$beql$xqpxc
@TSubString@assert_element$xqui
@TSubString@to_lower$qv
@TSubString@to_upper$qv
@_CatchCleanup$qv
@_ReThrowException$quipuc
@_ThrowException$qpvt1t1t1uiuiuipuc
@__DynamicCast$qpvt1t1t1i
@__GetTypeInfo$qpvt1t1t1
@__ThrowExceptionName$qv
@__ThrowFileName$qv
@__ThrowLineNumber$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
@_cast_memptr$qpvt1uiuiui
@_vector_apply_$qpvt1uiuiuit1
@_vector_vapply_$qpvt1uiuiuit1
@abs$qr7complex
@acos$qr7complex
@arg$qr7complex
@asin$qr7complex
@atan$qr7complex
@complex@$brdiv$qr7complex
@complex@$brmul$qr7complex
@conbuf@$bctr$qv
@conbuf@current
@conbuf@makeActive$qv
@conbuf@makeInactive$qv
@conbuf@overflow$qi
@conbuf@swap$qv
@constream@$bctr$qv
@constream@isCon_
@cos$qr7complex
@cosh$qr7complex
@dec$qr3ios
@endl$qr7ostream
@ends$qr7ostream
@exp$qr7complex
@filebuf@$bctr$qi
@filebuf@$bctr$qipci
@filebuf@$bctr$qv
@filebuf@$bdtr$qv
@filebuf@attach$qi
@filebuf@close$qv
@filebuf@lock$qv
@filebuf@open$qpxcii
@filebuf@openprot
@filebuf@overflow$qi
@filebuf@seekoff$ql12ios@seek_diri
@filebuf@setbuf$qpci
@filebuf@sync$qv
@filebuf@underflow$qv
@filebuf@unlock$qv
@flush$qr7ostream
@fstream@$bctr$qi
@fstream@$bctr$qipci
@fstream@$bctr$qpxcii
@fstream@$bctr$qv
@fstream@$bdtr$qv
@fstreambase@$bctr$qi
@fstreambase@$bctr$qipci
@fstreambase@$bctr$qpxcii
@fstreambase@$bctr$qv
@fstreambase@$bdtr$qv
@fstreambase@attach$qi
@fstreambase@close$qv
@fstreambase@open$qpxcii
@fstreambase@setbuf$qpci
@getline$qr7istreamr6string
@getline$qr7istreamr6stringc
@hex$qr3ios
@ifstream@$bctr$qi
@ifstream@$bctr$qipci
@ifstream@$bctr$qpxcii
@ifstream@$bctr$qv
@ifstream@$bdtr$qv
@ios@$bctr$qp9streambuf
@ios@$bctr$qv
@ios@$bdtr$qv
@ios@adjustfield
@ios@basefield
@ios@bitalloc$qv
@ios@clear$qi
@ios@flags$ql
@ios@floatfield
@ios@init$qp9streambuf
@ios@iword$qi
@ios@nextbit
@ios@pword$qi
@ios@setf$ql
@ios@setf$qll
@ios@setstate$qi
@ios@skip$qi
@ios@stdioflush
@ios@sync_with_stdio$qv
@ios@tie$qp7ostream
@ios@unsetf$ql
@ios@usercount
@ios@usersize$qi
@ios@xalloc$qv
@iostream@$bctr$qp9streambuf
@iostream@$bctr$qv
@iostream@$bdtr$qv
@iostream_withassign@$basg$qp9streambuf
@iostream_withassign@$basg$qr3ios
@iostream_withassign@$bctr$qv
@iostream_withassign@$bdtr$qv
@istream@$bctr$qiip7ostream
@istream@$bctr$qipci
@istream@$bctr$qp9streambuf
@istream@$bctr$qp9streambufip7ostream
@istream@$bctr$qv
@istream@$bdtr$qv
@istream@$brsh$qp9streambuf
@istream@$brsh$qpc
@istream@$brsh$qpqr3ios$r3ios
@istream@$brsh$qr4bool
@istream@$brsh$qrc
@istream@$brsh$qrd
@istream@$brsh$qrf
@istream@$brsh$qrg
@istream@$brsh$qri
@istream@$brsh$qrl
@istream@$brsh$qrs
@istream@$brsh$qruc
@istream@$brsh$qrui
@istream@$brsh$qrul
@istream@$brsh$qrus
@istream@$brsh$qrzc
@istream@do_get$qv
@istream@eatwhite$qv
@istream@get$qpcic
@istream@get$qr9streambufc
@istream@get$qrc
@istream@get$qruc
@istream@get$qrzc
@istream@get$qv
@istream@getline$qpcic
@istream@ignore$qii
@istream@ipfx$qi
@istream@putback$qc
@istream@read$qpci
@istream@seekg$ql
@istream@seekg$ql12ios@seek_dir
@istream@tellg$qv
@istream_withassign@$basg$qp9streambuf
@istream_withassign@$basg$qr7istream
@istream_withassign@$bctr$qv
@istream_withassign@$bdtr$qv
@istrstream@$bctr$qpc
@istrstream@$bctr$qpci
@istrstream@$bctr$qpuc
@istrstream@$bctr$qpuci
@istrstream@$bctr$qpzc
@istrstream@$bctr$qpzci
@istrstream@$bdtr$qv
@lock$qr3ios
@log$qr7complex
@log10$qr7complex
@norm$qr7complex
@oct$qr3ios
@ofstream@$bctr$qi
@ofstream@$bctr$qipci
@ofstream@$bctr$qpxcii
@ofstream@$bctr$qv
@ofstream@$bdtr$qv
@ostream@$bctr$qi
@ostream@$bctr$qipc
@ostream@$bctr$qp9streambuf
@ostream@$bctr$qv
@ostream@$bdtr$qv
@ostream@$blsh$q4bool
@ostream@$blsh$qc
@ostream@$blsh$qg
@ostream@$blsh$ql
@ostream@$blsh$qp9streambuf
@ostream@$blsh$qpqr3ios$r3ios
@ostream@$blsh$qpv
@ostream@$blsh$qul
@ostream@do_opfx$qv
@ostream@do_osfx$qv
@ostream@flush$qv
@ostream@outstr$qpxct1
@ostream@seekp$ql
@ostream@seekp$ql12ios@seek_dir
@ostream@tellp$qv
@ostream@write$qpxci
@ostream_withassign@$basg$qp9streambuf
@ostream_withassign@$basg$qr7ostream
@ostream_withassign@$bctr$qv
@ostream_withassign@$bdtr$qv
@ostrstream@$bctr$qpcii
@ostrstream@$bctr$qpucii
@ostrstream@$bctr$qpzcii
@ostrstream@$bctr$qv
@ostrstream@$bdtr$qv
@pow$qdr7complex
@pow$qr7complexd
@pow$qr7complext1
@resetiosflags$ql
@set_new_handler$qpqv$v
@setbase$qi
@setfill$qi
@setiosflags$ql
@setprecision$qi
@setw$qi
@sin$qr7complex
@sinh$qr7complex
@sqrt$qr7complex
@std@$blsh$qr7ostreamrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%
@std@$brsh$qr7istreamr74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$basg$qc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$basg$qpxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$basg$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$qpxcrx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$qpxct1rx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$qpxcuirx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiuirx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$quicrx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$brplu$qc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$brplu$qpxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$brplu$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bsubs$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@append$qpxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@append$qpxct1
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@append$qpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@append$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$qpxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$qpxct1
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$qpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$quic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@at$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@at$xqui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@c_str$xqv
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@capacity$xqv
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@clobber$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@compare$xqpcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@compare$xqpcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@compare$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@copy$qpcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@copy$xqv
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_not_of$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_not_of$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_not_of$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_not_of$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_of$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_of$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_of$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_of$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_not_of$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_not_of$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_not_of$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_not_of$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_of$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_of$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_of$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_of$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@getRep$quiuir18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$qpcpxct2
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$qpcuic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$quipxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$quipxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$quirx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$quiuic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@npos
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@remove$qpc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@remove$qpct1
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$qpct1pxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$qpct1pxct3
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$qpct1pxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$qpct1uic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$quiuipxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$quiuipxcuiuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$quiuiuic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace_aux$quiuirx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@reserve$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@resize$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@resize$quic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@rfind$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@rfind$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@rfind$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@rfind$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@substr$xquiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@unSafeClone$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@unSafeClone$qv
@std@%numeric_limits$t4bool%@digits
@std@%numeric_limits$t4bool%@digits10
@std@%numeric_limits$t4bool%@has_denorm
@std@%numeric_limits$t4bool%@has_infinity
@std@%numeric_limits$t4bool%@has_quiet_NaN
@std@%numeric_limits$t4bool%@has_signaling_NaN
@std@%numeric_limits$t4bool%@is_bounded
@std@%numeric_limits$t4bool%@is_exact
@std@%numeric_limits$t4bool%@is_iec559
@std@%numeric_limits$t4bool%@is_integer
@std@%numeric_limits$t4bool%@is_modulo
@std@%numeric_limits$t4bool%@is_signed
@std@%numeric_limits$t4bool%@is_specialized
@std@%numeric_limits$t4bool%@max_exponent
@std@%numeric_limits$t4bool%@max_exponent10
@std@%numeric_limits$t4bool%@min_exponent
@std@%numeric_limits$t4bool%@min_exponent10
@std@%numeric_limits$t4bool%@radix
@std@%numeric_limits$t4bool%@round_style
@std@%numeric_limits$t4bool%@tinyness_before
@std@%numeric_limits$t4bool%@traps
@std@%numeric_limits$tb%@digits
@std@%numeric_limits$tb%@digits10
@std@%numeric_limits$tb%@has_denorm
@std@%numeric_limits$tb%@has_infinity
@std@%numeric_limits$tb%@has_quiet_NaN
@std@%numeric_limits$tb%@has_signaling_NaN
@std@%numeric_limits$tb%@is_bounded
@std@%numeric_limits$tb%@is_exact
@std@%numeric_limits$tb%@is_iec559
@std@%numeric_limits$tb%@is_integer
@std@%numeric_limits$tb%@is_modulo
@std@%numeric_limits$tb%@is_signed
@std@%numeric_limits$tb%@is_specialized
@std@%numeric_limits$tb%@max$qv
@std@%numeric_limits$tb%@max_exponent
@std@%numeric_limits$tb%@max_exponent10
@std@%numeric_limits$tb%@min$qv
@std@%numeric_limits$tb%@min_exponent
@std@%numeric_limits$tb%@min_exponent10
@std@%numeric_limits$tb%@radix
@std@%numeric_limits$tb%@round_style
@std@%numeric_limits$tb%@tinyness_before
@std@%numeric_limits$tb%@traps
@std@%numeric_limits$tc%@digits
@std@%numeric_limits$tc%@digits10
@std@%numeric_limits$tc%@has_denorm
@std@%numeric_limits$tc%@has_infinity
@std@%numeric_limits$tc%@has_quiet_NaN
@std@%numeric_limits$tc%@has_signaling_NaN
@std@%numeric_limits$tc%@is_bounded
@std@%numeric_limits$tc%@is_exact
@std@%numeric_limits$tc%@is_iec559
@std@%numeric_limits$tc%@is_integer
@std@%numeric_limits$tc%@is_modulo
@std@%numeric_limits$tc%@is_signed
@std@%numeric_limits$tc%@is_specialized
@std@%numeric_limits$tc%@max_exponent
@std@%numeric_limits$tc%@max_exponent10
@std@%numeric_limits$tc%@min_exponent
@std@%numeric_limits$tc%@min_exponent10
@std@%numeric_limits$tc%@radix
@std@%numeric_limits$tc%@round_style
@std@%numeric_limits$tc%@tinyness_before
@std@%numeric_limits$tc%@traps
@std@%numeric_limits$td%@denorm_min$qv
@std@%numeric_limits$td%@digits
@std@%numeric_limits$td%@digits10
@std@%numeric_limits$td%@has_denorm
@std@%numeric_limits$td%@has_infinity
@std@%numeric_limits$td%@has_quiet_NaN
@std@%numeric_limits$td%@has_signaling_NaN
@std@%numeric_limits$td%@infinity$qv
@std@%numeric_limits$td%@is_bounded
@std@%numeric_limits$td%@is_exact
@std@%numeric_limits$td%@is_iec559
@std@%numeric_limits$td%@is_integer
@std@%numeric_limits$td%@is_modulo
@std@%numeric_limits$td%@is_signed
@std@%numeric_limits$td%@is_specialized
@std@%numeric_limits$td%@max_exponent
@std@%numeric_limits$td%@max_exponent10
@std@%numeric_limits$td%@min_exponent
@std@%numeric_limits$td%@min_exponent10
@std@%numeric_limits$td%@quiet_NaN$qv
@std@%numeric_limits$td%@radix
@std@%numeric_limits$td%@round_error$qv
@std@%numeric_limits$td%@round_style
@std@%numeric_limits$td%@signaling_NaN$qv
@std@%numeric_limits$td%@tinyness_before
@std@%numeric_limits$td%@traps
@std@%numeric_limits$tf%@denorm_min$qv
@std@%numeric_limits$tf%@digits
@std@%numeric_limits$tf%@digits10
@std@%numeric_limits$tf%@has_denorm
@std@%numeric_limits$tf%@has_infinity
@std@%numeric_limits$tf%@has_quiet_NaN
@std@%numeric_limits$tf%@has_signaling_NaN
@std@%numeric_limits$tf%@infinity$qv
@std@%numeric_limits$tf%@is_bounded
@std@%numeric_limits$tf%@is_exact
@std@%numeric_limits$tf%@is_iec559
@std@%numeric_limits$tf%@is_integer
@std@%numeric_limits$tf%@is_modulo
@std@%numeric_limits$tf%@is_signed
@std@%numeric_limits$tf%@is_specialized
@std@%numeric_limits$tf%@max_exponent
@std@%numeric_limits$tf%@max_exponent10
@std@%numeric_limits$tf%@min_exponent
@std@%numeric_limits$tf%@min_exponent10
@std@%numeric_limits$tf%@quiet_NaN$qv
@std@%numeric_limits$tf%@radix
@std@%numeric_limits$tf%@round_error$qv
@std@%numeric_limits$tf%@round_style
@std@%numeric_limits$tf%@signaling_NaN$qv
@std@%numeric_limits$tf%@tinyness_before
@std@%numeric_limits$tf%@traps
@std@%numeric_limits$tg%@denorm_min$qv
@std@%numeric_limits$tg%@digits
@std@%numeric_limits$tg%@digits10
@std@%numeric_limits$tg%@has_denorm
@std@%numeric_limits$tg%@has_infinity
@std@%numeric_limits$tg%@has_quiet_NaN
@std@%numeric_limits$tg%@has_signaling_NaN
@std@%numeric_limits$tg%@infinity$qv
@std@%numeric_limits$tg%@is_bounded
@std@%numeric_limits$tg%@is_exact
@std@%numeric_limits$tg%@is_iec559
@std@%numeric_limits$tg%@is_integer
@std@%numeric_limits$tg%@is_modulo
@std@%numeric_limits$tg%@is_signed
@std@%numeric_limits$tg%@is_specialized
@std@%numeric_limits$tg%@max_exponent
@std@%numeric_limits$tg%@max_exponent10
@std@%numeric_limits$tg%@min_exponent
@std@%numeric_limits$tg%@min_exponent10
@std@%numeric_limits$tg%@quiet_NaN$qv
@std@%numeric_limits$tg%@radix
@std@%numeric_limits$tg%@round_error$qv
@std@%numeric_limits$tg%@round_style
@std@%numeric_limits$tg%@signaling_NaN$qv
@std@%numeric_limits$tg%@tinyness_before
@std@%numeric_limits$tg%@traps
@std@%numeric_limits$ti%@digits
@std@%numeric_limits$ti%@digits10
@std@%numeric_limits$ti%@has_denorm
@std@%numeric_limits$ti%@has_infinity
@std@%numeric_limits$ti%@has_quiet_NaN
@std@%numeric_limits$ti%@has_signaling_NaN
@std@%numeric_limits$ti%@is_bounded
@std@%numeric_limits$ti%@is_exact
@std@%numeric_limits$ti%@is_iec559
@std@%numeric_limits$ti%@is_integer
@std@%numeric_limits$ti%@is_modulo
@std@%numeric_limits$ti%@is_signed
@std@%numeric_limits$ti%@is_specialized
@std@%numeric_limits$ti%@max_exponent
@std@%numeric_limits$ti%@max_exponent10
@std@%numeric_limits$ti%@min_exponent
@std@%numeric_limits$ti%@min_exponent10
@std@%numeric_limits$ti%@radix
@std@%numeric_limits$ti%@round_style

Sections

UPX0
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 154KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 26KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
62830930/ICQMenace/Search.dfm
62830930/ICQMenace/Search.pas
62830930/ICQMenace/xBase.pas
.js
62830930/PktViewer/PktExporter.pas
62830930/PktViewer/PktViewer.pas
.js
62830930/ScriptCompiler/Compile.cfg
62830930/ScriptCompiler/Compile.dof
62830930/ScriptCompiler/Compile.dpr
.js
62830930/Shared/AppLink/PktHandler.pas
.js
62830930/Shared/AppLink/PktPipes.pas
.js
62830930/Shared/AppLink/PktUtils.pas
.js
62830930/Shared/madCodeHookLib.pas
62830930/clean_up.bat
62830930/ifps3/ifpicall.pas
.js
62830930/ifps3/ifpidelphi.pas
.js
62830930/ifps3/ifpidelphiruntime.pas
62830930/ifps3/ifps3.pas
.js
62830930/ifps3/ifps3_def.inc
62830930/ifps3/ifps3common.pas
62830930/ifps3/ifps3lib_std.pas
62830930/ifps3/ifps3lib_stdr.pas
62830930/ifps3/ifps3utl.pas
62830930/ifps3/ifpscomp.pas
.js
62830930/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 68KB

UPX1 Size: 25KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 200KB

UPX1 Size: 76KB - Virtual size: 80KB

.rsrc Size: 48KB - Virtual size: 48KB

Headers

File Characteristics

Sections

CODE Size: 154KB - Virtual size: 156KB

DATA Size: 26KB - Virtual size: 44KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 47KB - Virtual size: 48KB

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 68KB

UPX1
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 200KB

UPX1
Size: 76KB - Virtual size: 80KB

.rsrc
Size: 48KB - Virtual size: 48KB

CODE
Size: 154KB - Virtual size: 156KB

DATA
Size: 26KB - Virtual size: 44KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 47KB - Virtual size: 48KB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 4KB