bc9750155747e613b9d951660c0f76f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc9750155747e613b9d951660c0f76f8_JaffaCakes118
Size

1.1MB
MD5

bc9750155747e613b9d951660c0f76f8
SHA1

cdeeb3ad735bac901ae0f42bf1f078fd13572e34
SHA256

0f0a40b5918d903b22434f4c49c39364cac59aee940d5fc723397d96e602b7f3
SHA512

b4caabf917b264a8be2e489ea7790f0557e1b96f524aca1b0f0ca8b248b8b44921df49b8043eeb122ed4bbd388af0f99ebaecdac28bee0503149d462f91b5155
SSDEEP

24576:sdDsGq2pjeK7mxIYXIb7wLfcKQUfpx8p4PMTm5YE/ZQHYZ:UsGHpLkIeFLcKxYaPuHM

Score

9^/10

upx

Malware Config

Signatures

Detected Nirsoft tools 16 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/BulletsPassView.exe	Nirsoft
static1/unpack001/ChromePass.exe	Nirsoft
static1/unpack002/out.upx	Nirsoft
static1/unpack001/PasswordFox.exe	Nirsoft
static1/unpack003/out.upx	Nirsoft
static1/unpack004/out.upx	Nirsoft
static1/unpack005/out.upx	Nirsoft
static1/unpack001/VNCPassView.exe	Nirsoft
static1/unpack001/WebBrowserPassView.exe	Nirsoft
static1/unpack006/out.upx	Nirsoft
static1/unpack007/out.upx	Nirsoft
static1/unpack001/dialupass.exe	Nirsoft
static1/unpack008/out.upx	Nirsoft
static1/unpack001/mailpv.exe	Nirsoft
static1/unpack009/out.upx	Nirsoft
static1/unpack001/pspv.exe	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
static1/unpack001/mailpv.exe	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
static1/unpack001/WebBrowserPassView.exe	WebBrowserPassView

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/OperaPassView.exe	upx
static1/unpack001/PstPassword.exe	upx
static1/unpack001/RouterPassView.exe	upx
static1/unpack001/SniffPass.exe	upx
static1/unpack001/WirelessKeyView.exe	upx
static1/unpack001/astlog.exe	upx
static1/unpack001/iepv.exe	upx
static1/unpack001/mspass.exe	upx
static1/unpack001/netpass.exe	upx
static1/unpack001/rdpv.exe	upx

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BulletsPassView.exe
unpack001/ChromePass.exe
unpack001/OperaPassView.exe
unpack002/out.upx
unpack001/PasswordFox.exe
unpack001/PstPassword.exe
unpack003/out.upx
unpack001/RouterPassView.exe
unpack004/out.upx
unpack001/SniffPass.exe
unpack005/out.upx
unpack001/VNCPassView.exe
unpack001/WebBrowserPassView.exe
unpack001/WirelessKeyView.exe
unpack006/out.upx
unpack001/astlog.exe
unpack007/out.upx
unpack001/dialupass.exe
unpack001/iepv.exe
unpack008/out.upx
unpack001/mailpv.exe
unpack001/mspass.exe
unpack009/out.upx
unpack001/netpass.exe
unpack001/pspv.exe
unpack001/rdpv.exe

Files

bc9750155747e613b9d951660c0f76f8_JaffaCakes118
.zip
BulletsPassView.chm
.chm
BulletsPassView.exe
.exe windows:4 windows x86 arch:x86

d13224ffea16ed1229e8fcfa5168c5a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\BulletsPassView\Release\BulletsPassView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
strcpy
strlen
qsort
_purecall
_wcslwr
_itow
__p__fmode
__set_app_type
_controlfp
_except_handler3
_wcsicmp
malloc
wcschr
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
memcpy
wcscmp
wcscpy
memset
_snwprintf
wcscat
wcsncat

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
ord17

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateRemoteThread
EnumResourceTypesW
VirtualFreeEx
OpenProcess
ReadProcessMemory
GetCurrentProcess
ExitProcess
Sleep
VirtualAllocEx
WriteProcessMemory
ResumeThread
WaitForSingleObject
GetModuleHandleA
GetStartupInfoW
GetProcAddress
GetCurrentProcessId
SetErrorMode
DeleteFileW
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CompareFileTime
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
GetModuleHandleW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
ReadFile
GetModuleFileNameW
WriteFile
LocalFree
CreateFileW
LockResource
lstrcpyW
FindResourceW
lstrlenW
LoadResource
GlobalAlloc
LoadLibraryExW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetLastError
SizeofResource
GlobalLock
FormatMessageW
GetDateFormatW
GetVersionExW
GetTempFileNameW
GetFileSize
GetTimeFormatW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

EnumWindows
SendMessageTimeoutW
SetForegroundWindow
SetTimer
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
EndDialog
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
MessageBeep
GetWindowThreadProcessId
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
GetCursorPos
GetParent
GetSysColor
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetWindowTextW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
SetWindowPos
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
LoadIconW
DestroyIcon
IsDialogMessageW
TranslateMessage
DrawTextExW
DispatchMessageW
EndDeferWindowPos
KillTimer
BeginDeferWindowPos
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW

gdi32

CreateFontIndirectW
SetBkMode
DeleteObject
GetDeviceCaps
SetTextColor
GetStockObject
GetTextExtentPoint32W
SetBkColor
SelectObject

comdlg32

FindTextW
GetSaveFileNameW

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFileInfoW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ChromePass.chm
.chm
ChromePass.exe
.exe windows:4 windows x86 arch:x86

d8199d1ceb9095a2f8fb9efefd4d6df1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\ChromePass\Release\ChromePass.pdb

Imports

msvcrt

atoi
_ftol
toupper
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
isxdigit
_gmtime64
strftime
realloc
_purecall
_wcslwr
_itow
free
modf
wcstoul
_memicmp
tolower
isdigit
isspace
strcmp
isalnum
wcsrchr
malloc
wcschr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
_wcsicmp
wcscmp
wcslen
log
strlen
abs
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

comctl32

ord17
ImageList_ReplaceIcon
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx

kernel32

LockFileEx
GetTickCount
LockFile
UnlockFile
DeleteFileA
AreFileApisANSI
QueryPerformanceCounter
GetSystemTime
FlushFileBuffers
GetTempPathA
InterlockedIncrement
SetEndOfFile
GetFileAttributesA
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CreateFileA
Sleep
GetSystemTimeAsFileTime
InitializeCriticalSection
GetFullPathNameW
GetFullPathNameA
GetModuleHandleA
GetStartupInfoW
EnterCriticalSection
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
LocalFree
SystemTimeToFileTime
CopyFileW
CreateFileW
CompareFileTime
WriteFile
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
LocalAlloc
GetFileSize
FileTimeToSystemTime
GlobalLock
GetVersionExW
GetWindowsDirectoryW
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
LockResource
FindFirstFileW
ReadFile
SetFilePointer
GetModuleFileNameW
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
FindResourceW
GetTempPathW
LoadResource
LoadLibraryExW
FindNextFileW
SizeofResource
FormatMessageW
FindClose
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
SetErrorMode
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
OpenProcess
EnumResourceTypesW

user32

TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
BeginDeferWindowPos
TrackPopupMenu
RegisterWindowMessageW
EndDeferWindowPos
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
EndDialog
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
SetFocus
CloseClipboard
MoveWindow
GetMenuItemCount
CheckMenuItem
GetCursorPos
GetSysColor
GetSubMenu
GetMenu
SetClipboardData
EnableWindow
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetParent
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
DrawTextExW

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetTextExtentPoint32W
GetStockObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptCreateHash
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptDecrypt

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OperaPassView.chm
.chm
OperaPassView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PasswordFox.chm
.chm
PasswordFox.exe
.exe windows:4 windows x86 arch:x86

dfcc67256f12b91e6ab692ceebc97039

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\PasswordFox\Release\PasswordFox.pdb

Imports

comctl32

CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
ord17

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
__p__fmode
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_purecall
_wcslwr
__set_app_type
_controlfp
_cexit
_except_handler3
qsort
_itow
_memicmp
wcschr
malloc
free
modf
_wtoi
wcstoul
wcsrchr
_wcsnicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
_ultow
_snwprintf
wcsncat
memcpy
memset
_CIlog

kernel32

GetStartupInfoW
GetModuleHandleA
EnumResourceTypesW
OpenProcess
SetCurrentDirectoryW
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
ExitProcess
SetErrorMode
WriteFile
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
CompareFileTime
GetCurrentDirectoryW
ExpandEnvironmentStringsW
MultiByteToWideChar
CloseHandle
GetFileSize
GlobalUnlock
GetTempPathW
FindNextFileW
GlobalAlloc
FindResourceW
GetLastError
GetFileTime
LoadResource
LoadLibraryExW
FindClose
SizeofResource
GetWindowsDirectoryW
FormatMessageW
GetVersionExW
GlobalLock
LocalFree
LockResource
GetFileAttributesW
GetModuleHandleW
ReadFile
GetTempFileNameW
GetModuleFileNameW
CreateFileW
FindFirstFileW
EnumResourceNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
DeleteFileW

user32

SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
InvalidateRect
GetWindow
SetDlgItemInt
BeginPaint
DrawFrameControl
GetClientRect
SetWindowTextW
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndPaint
EndDialog
GetDlgItem
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
RegisterClassW
MessageBoxW
SetMenu
LoadIconW
GetParent
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetDC
SetClipboardData
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
CloseClipboard
GetMenuStringW
OpenClipboard
GetMenuItemCount
MoveWindow
GetSubMenu
GetCursorPos
CheckMenuItem
GetMenu
GetSysColor
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
DestroyWindow
CreateDialogParamW
EnumChildWindows
LoadStringW
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
IsDialogMessageW
TranslateMessage
DrawTextExW
DispatchMessageW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW

gdi32

SetBkMode
CreateFontIndirectW
SetTextColor
SelectObject
GetDeviceCaps
SetBkColor
DeleteObject
GetStockObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHBrowseForFolderW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PstPassword.chm
.chm
PstPassword.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RouterPassView.chm
.chm
RouterPassView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SniffPass.chm
.chm
SniffPass.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VNCPassView.chm
.chm
VNCPassView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WebBrowserPassView.chm
.chm
WebBrowserPassView.exe
.exe windows:4 windows x86 arch:x86

dddde7b93b0f7ff1b705cfebdd8f586a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb

Imports

msvcrt

exit
_wcmdln
__wgetmainargs
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
realloc
_gmtime64
_purecall
qsort
_itow
_wcsupr
_cexit
strchr
_strlwr
wcsncmp
free
modf
_memicmp
wcstoul
malloc
__dllonexit
strcpy
strcmp
_XcptFilter
_exit
_c_exit
_wcslwr
_onexit
wcsrchr
_wcsnicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
log
wcscmp
abs
wcslen
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
strlen
_snwprintf
wcscat
__set_app_type
_controlfp
_except_handler3
memchr
strftime
__p__fmode
__p__commode

comctl32

ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

DeleteFileA
GetDiskFreeSpaceW
AreFileApisANSI
GetFullPathNameW
GetSystemTime
LockFileEx
FormatMessageA
GetTempPathA
GetSystemTimeAsFileTime
UnlockFileEx
GetTickCount
LockFile
FlushFileBuffers
GetFullPathNameA
InitializeCriticalSection
CreateFileA
CreateFileMappingW
GetModuleHandleA
GetStartupInfoW
EnterCriticalSection
UnlockFile
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
CloseHandle
LocalFree
GetFileSize
SystemTimeToFileTime
CopyFileW
CreateFileW
FileTimeToLocalFileTime
DeleteFileW
WriteFile
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
CompareFileTime
GetCurrentDirectoryW
ExpandEnvironmentStringsW
MultiByteToWideChar
GlobalLock
FormatMessageW
FindClose
GetVersionExW
GetWindowsDirectoryW
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
ReadFile
SetFilePointer
GetModuleFileNameW
LockResource
lstrcpyW
lstrlenW
GlobalAlloc
FindResourceW
GlobalUnlock
LoadResource
GetTempPathW
LoadLibraryExW
FindNextFileW
SizeofResource
GetFileTime
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetStdHandle
SetErrorMode
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
SetCurrentDirectoryW
OpenProcess
EnumResourceTypesW
GetDiskFreeSpaceA
Sleep
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
SetEndOfFile
LeaveCriticalSection

user32

GetDlgCtrlID
PostQuitMessage
DispatchMessageW
EndDeferWindowPos
TrackPopupMenu
RegisterWindowMessageW
BeginDeferWindowPos
TranslateMessage
LoadCursorW
ChildWindowFromPoint
ShowWindow
SetCursor
GetSysColorBrush
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
UpdateWindow
GetClientRect
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
GetMenuStringW
MoveWindow
CloseClipboard
GetMenuItemCount
CheckMenuItem
GetParent
GetCursorPos
GetSysColor
GetMenu
SetClipboardData
EnableWindow
GetSubMenu
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
IsDialogMessageW
OpenClipboard
ModifyMenuW
GetMenuItemInfoW
GetClassNameW
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
SetWindowPos
GetWindowTextW
LoadMenuW
GetMessageW
DrawTextExW

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WirelessKeyView.chm
.chm
WirelessKeyView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astlog.chm
.chm
astlog.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dialupass.chm
.chm
dialupass.exe
.exe windows:4 windows x86 arch:x86

4e69ae93cb7605f9ffc0d08ac7061c12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\Projects\VS2005\Dialupass\Release\Dialupass.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_wcslwr
qsort
_purecall
_itow
malloc
free
modf
memcmp
wcstoul
__set_app_type
_controlfp
_except_handler3
_c_exit
_memicmp
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
wcschr
_wcsnicmp
_wtoi
memcpy
strlen
abs
_wcsicmp
wcslen
wcscmp
log
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
ImageList_ReplaceIcon
ord17
ImageList_Create
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rasapi32

RasGetEntryDialParamsW
RasSetEntryDialParamsW

kernel32

ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
DeleteFileW
SetErrorMode
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetVersionExW
GlobalLock
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
WriteFile
FindClose
FormatMessageW
SizeofResource
FindNextFileW
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
CloseHandle
MultiByteToWideChar
GetFileSize
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
LocalFree
FindFirstFileW
LockResource
ReadFile
lstrcpyW
GetModuleFileNameW
CreateFileW
lstrlenW
GlobalAlloc
GlobalUnlock
FindResourceW
GetTempPathW
LoadResource
LoadLibraryExW
GetLastError

user32

PostQuitMessage
GetMessageW
TrackPopupMenu
RegisterWindowMessageW
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
SetWindowPos
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadStringW
EndDialog
EndPaint
GetDlgItem
InvalidateRect
GetWindow
SetDlgItemInt
DrawFrameControl
BeginPaint
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
MoveWindow
GetMenuItemCount
CheckMenuItem
GetCursorPos
GetSysColor
GetSubMenu
GetMenu
SetClipboardData
EnableWindow
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
CloseClipboard
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
GetParent
DestroyMenu
DialogBoxParamW
CreateDialogParamW
DestroyWindow
EnumChildWindows
SendDlgItemMessageW

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iepv.chm
.chm
iepv.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mailpv.chm
.chm
mailpv.exe
.exe windows:4 windows x86 arch:x86

0b809905358c0eaa9b7750661bba40ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\mailpv\Release\mailpv.pdb

Imports

msvcrt

_strnicmp
wcsncmp
wcschr
wcslen
_itoa
_strlwr
qsort
strncmp
_mbsnbicmp
_snprintf
_mbsrchr
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
modf
memcmp
strtoul
strcmp
malloc
_memicmp
strrchr
_stricmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
atoi
log
_strcmpi
wcsstr
strcat
free
exit
_adjust_fdiv
_mbscmp
strchr
_purecall
abs
_ultoa
_mbsicmp
strcpy
memset
strlen
strncat
sprintf
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
__setusermatherr

comctl32

ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
CreateToolbarEx

rpcrt4

UuidFromStringA

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetStdHandle
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetComputerNameA
GetTempPathA
CloseHandle
GetVersionExA
ReadFile
GetWindowsDirectoryA
FindResourceA
LoadResource
EnumResourceTypesA
SizeofResource
LockResource
DeleteFileA
OpenProcess
GetStartupInfoA
FormatMessageA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsA
LocalFree
WriteFile
GetPrivateProfileSectionA
LoadLibraryA
FreeLibrary
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
GetFileSize
GetModuleFileNameA
FindNextFileA
FindFirstFileA
LoadLibraryExA
SetFilePointer
GetLastError
GetFileAttributesA
GetTempFileNameA
FindClose

user32

SetClipboardData
GetFocus
DispatchMessageA
DrawTextExA
IsDialogMessageA
GetMessageA
TranslateMessage
RegisterWindowMessageA
PostQuitMessage
TrackPopupMenu
PostMessageA
DestroyMenu
GetDlgCtrlID
DialogBoxParamA
DestroyWindow
ModifyMenuA
CreateDialogParamA
SetCursor
ChildWindowFromPoint
LoadCursorA
GetSysColorBrush
ShowWindow
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetClientRect
GetWindow
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SendDlgItemMessageA
SetWindowTextA
GetWindowRect
GetSystemMetrics
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetWindowPlacement
RegisterClassA
UpdateWindow
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
SendMessageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
OpenClipboard
GetDC
EmptyClipboard
GetSubMenu
MoveWindow
EnableMenuItem
ReleaseDC
CheckMenuItem
LoadStringA
GetMenuItemCount
GetMenuStringA
EnableWindow
MapWindowPoints
GetCursorPos
LoadImageA
GetSysColor
GetClassNameA
CloseClipboard
GetMenu
EnumChildWindows
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
GetParent

gdi32

SelectObject
DeleteObject
SetTextColor
CreateFontIndirectA
SetBkMode
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mspass.chm
.chm
mspass.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
netpass.chm
.chm
netpass.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pspv.chm
.chm
pspv.exe
.exe windows:4 windows x86 arch:x86

a625442ad6eaa488d197846f8b30467b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetModuleFileNameA
GetTempPathA
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryA
GetVersionExA
MultiByteToWideChar
GetProcAddress
DeleteFileA
GetStartupInfoA
GetModuleHandleA
GetWindowsDirectoryA
GetTempFileNameA
EnumResourceNamesA
WideCharToMultiByte
CreateFileA
WriteFile
FormatMessageA
GetLastError
SetFilePointer
ReadFile
GlobalLock
GlobalAlloc
GlobalUnlock
CloseHandle
LocalFree
GetFileSize

user32

TranslateMessage
DispatchMessageA
PostQuitMessage
TrackPopupMenu
IsDialogMessageA
TranslateAcceleratorA
DefWindowProcA
LoadIconA
RegisterWindowMessageA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
PostMessageA
CreateWindowExA
ShowWindow
DestroyMenu
DestroyWindow
GetWindowTextA
CreateDialogParamA
GetDlgCtrlID
EnumChildWindows
GetClientRect
SetWindowPos
LoadMenuA
GetMenuItemCount
GetMenuItemInfoA
ModifyMenuA
UpdateWindow
GetMessageA
GetMenuStringA
GetWindowLongA
GetWindowRect
GetCursorPos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CheckMenuItem
GetMenu
GetSubMenu
EnableMenuItem
MessageBoxA
SetFocus
DialogBoxParamA
ChildWindowFromPoint
GetDlgItem
LoadCursorA
SetCursor
GetSysColorBrush
EndDialog
SetDlgItemTextA
SendMessageA
LoadAcceleratorsA
GetWindowPlacement
GetSystemMetrics
LoadStringA
SetWindowLongA
SetMenu
RegisterClassA

gdi32

SetTextColor
CreateFontIndirectA
DeleteObject
SetBkMode

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA

shell32

ShellExecuteA

ole32

CoTaskMemFree

comctl32

ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_Create
CreateToolbarEx
ord6
InitCommonControlsEx

msvcrt

free
__dllonexit
strrchr
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
strcmp
strncmp
strcpy
__p__commode
strcat
sprintf
__CxxFrameHandler
__set_app_type
_onexit
_exit
malloc
memcpy
__getmainargs
_strcmpi
_memicmp
__p__fmode
_acmdln
_adjust_fdiv
_initterm
__setusermatherr
memcmp
_except_handler3
strlen
_itoa
strncat
_CxxThrowException
??1type_info@@UAE@XZ
_controlfp
_strnicmp
memset
exit
_XcptFilter

oleaut32

GetErrorInfo

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rdpv.chm
.chm
rdpv.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d13224ffea16ed1229e8fcfa5168c5a0

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 10KB - Virtual size: 9KB

d8199d1ceb9095a2f8fb9efefd4d6df1

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 11KB - Virtual size: 11KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 32KB - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 11KB

dfcc67256f12b91e6ab692ceebc97039

Headers

File Characteristics

PDB Paths

Imports

comctl32

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 13KB - Virtual size: 13KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 44KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 10KB - Virtual size: 9KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 11KB - Virtual size: 11KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 32KB - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 13KB - Virtual size: 13KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 11KB

UPX0
Size: - Virtual size: 88KB

UPX1
Size: 50KB - Virtual size: 52KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 3KB - Virtual size: 17KB

.rsrc
Size: 13KB - Virtual size: 13KB

UPX0
Size: - Virtual size: 104KB

UPX1
Size: 31KB - Virtual size: 32KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 59KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 251KB - Virtual size: 251KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 11KB