be4d32afdfa743a3046a977ffda0accd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be4d32afdfa743a3046a977ffda0accd_JaffaCakes118
Size

1021KB
MD5

be4d32afdfa743a3046a977ffda0accd
SHA1

0c0722d80f7e529e84c9cae19d8efffafe752f04
SHA256

9d2ad0b73b086d58d46ddb16340ce2f83c88fcc2004948c9fb660a26b164aa7a
SHA512

b4f1009e2cb4d45648a7d4bc176881d518355a799e3b77de03633811cee0deed8bc08349fe40aa7091977cafc581ddb6d9b9ce770d72bead568162ed9bd04636
SSDEEP

24576:tmJhI8hVOYnXom1Z04YjrPXh0gRC1t2RcJgHKdxSK/2dtDBQ3m:tN+LnXoI04A5b2tKcJnn2dtDcm

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
be4d32afdfa743a3046a977ffda0accd_JaffaCakes118
unpack001/$PLUGINSDIR/Dialer.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/OCSetupHlp.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsis_winamp.dll
unpack001/OpenCandy/OCSetupHlp.dll
unpack001/winamp.exe

Files

be4d32afdfa743a3046a977ffda0accd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Dialer.dll
.dll windows:5 windows x86 arch:x86

08b0635362e7aeb50569ca1a61d5a13f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
FreeLibrary
lstrcpynW
GlobalAlloc

Exports

Exports

AttemptConnect
AutodialHangup
AutodialOnline
AutodialUnattended
GetConnectedState

Sections

.text
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:5 windows x86 arch:x86

cbc66eb3222e3fcdbee2e18ba7195f5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
GetTickCount
DeleteFileA
Sleep
lstrcpyA
CreateFileA
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
CreateThread
WaitForSingleObject
WriteFile
CloseHandle
IsDebuggerPresent

user32

IsWindowVisible
GetFocus
GetDlgItem
ShowWindow
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongW
RegisterWindowMessageW
GetClientRect
GetWindowRect
CreateWindowExW
GetWindowLongW
wsprintfA
CallWindowProcW
DestroyWindow
EnableWindow
FindWindowExW
SendMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ws2_32

WSAGetLastError
send
closesocket
shutdown
ioctlsocket
htons
socket
WSACleanup
WSAStartup
recv
__WSAFDIsSet
connect
inet_addr
gethostbyname
select

Exports

Exports

download
download_quiet

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll windows:5 windows x86 arch:x86

7608b8bb4c1c73944e087294dd00fb9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
CreateEventA
WaitForMultipleObjects
SetEvent
DuplicateHandle
lstrlenA
CompareStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
GetModuleHandleA
GetTimeZoneInformation
FlushFileBuffers
GetFileAttributesA
CreateProcessA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileAttributesW
CreateProcessW
GetExitCodeProcess
LoadLibraryA
GetExitCodeThread
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
ReadFile
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualAlloc
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
TerminateThread
ExpandEnvironmentStringsA
FormatMessageA
WideCharToMultiByte
RemoveDirectoryW
ExitProcess
SleepEx
GetUserDefaultUILanguage
GetLocaleInfoW
LockResource
LoadResource
SizeofResource
FreeLibrary
FindResourceW
DeleteFileW
WriteFile
SetFilePointer
CreateFileW
GetTempPathW
GetLastError
CreateMutexW
CloseHandle
ReleaseMutex
GetModuleFileNameW
CreateDirectoryW
GetShortPathNameW
WaitForSingleObject
GetCurrentThreadId
Sleep
GetSystemDirectoryW
GetFullPathNameW
VirtualQuery
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
IsDebuggerPresent
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetSystemInfo
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResumeThread
ReleaseSemaphore
OpenProcess
LoadLibraryW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetVersion
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetFileTime
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
InitializeCriticalSection
GlobalFree
EnterCriticalSection
GetTempFileNameW
LeaveCriticalSection
InterlockedDecrement
FindResourceA
GetProcessHeap
HeapAlloc
HeapFree
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

msimg32

AlphaBlend

user32

DrawFocusRect
CreateWindowExW
InvalidateRect
ReleaseCapture
SetCapture
PostMessageW
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuW
DestroyMenu
PeekMessageW
EndPaint
BeginPaint
CallWindowProcW
GetSysColorBrush
GetCursor
SetFocus
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuItemInfoW
LoadIconW
LoadImageW
GetClientRect
GetSystemMetrics
EnableMenuItem
CallNextHookEx
UnhookWindowsHookEx
GetDesktopWindow
GetForegroundWindow
MessageBoxW
SetWindowsHookExW
ScreenToClient
ReleaseDC
GetDC
SetForegroundWindow
PostQuitMessage
LoadCursorW
SetCursor
ClientToScreen
IsWindowVisible
SetWindowPos
EnableWindow
ShowWindow
DialogBoxParamW
CreateDialogParamW
DestroyWindow
GetWindowLongW
SetWindowLongW
EndDialog
GetDlgItem
SendMessageW
MoveWindow
GetParent
GetWindowRect
ChildWindowFromPoint

gdi32

CreateDIBSection
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
GetStockObject
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
GdiFlush

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetUserNameW
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

secur32

GetUserNameExW

urlmon

URLDownloadToFileW

wininet

InternetGetConnectedStateExW
InternetQueryOptionW

psapi

GetProcessImageFileNameW
EnumProcesses

ws2_32

inet_ntoa
htons
gethostbyname
WSASetLastError
socket
inet_addr
__WSAFDIsSet
select
send
ioctlsocket
getsockname
bind
getsockopt
setsockopt
getprotobyname
connect
WSACleanup
recv
WSAGetLastError
closesocket
ntohs
WSAStartup

winmm

timeGetTime

Exports

Exports

DownloadMgr2Init
MainLoop
OCCleanupProduct
OCDeleteSelf
OCDetach
OCExecuteOffer
OCGetAsyncOfferStatus
OCGetBannerInfo
OCGetMsg
OCGetOfferState
OCGetOfferType
OCInit2A
OCInit2W
OCInitA
OCInitW
OCInnoAdjust
OCInnoRestore
OCInstallShieldAdjust
OCNSISAdjust
OCPreInit
OCRunDialog
OCSetOfferData
OCSetOfferLocation
OCShutdown
OCSignalProductFailed
OCSignalProductInstalled
_DLMgr2Check@16
_Display@16
_DownloadMgr2RecycleOffer@12
_MgrCheck@16
_MgrExec@16

Sections

.text
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis_winamp.dll
.dll windows:4 windows x86 arch:x86

a88d5dd1652a6846cfc944c29f1e3538

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\nullsoft\nsis_winamp\Release\nsis_winamp.pdb

Imports

shlwapi

PathCanonicalizeW
PathCombineW
StrToIntW
PathFindFileNameW
PathIsRelativeW

kernel32

GetPrivateProfileStringW
GlobalAlloc
lstrcpynW
lstrcpyW
GlobalFree
GetEnvironmentVariableW

user32

CharNextW

shell32

SHGetSpecialFolderPathW

Exports

Exports

GetCWD
GetFullPath
GetIniFile
GetIniPath
GetM3uBase
GetM3uPath
GetWAClassName
ReadSettings

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 246B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_28_
OpenCandy/OCSetupHlp.dll
.dll windows:5 windows x86 arch:x86

7608b8bb4c1c73944e087294dd00fb9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
CreateEventA
WaitForMultipleObjects
SetEvent
DuplicateHandle
lstrlenA
CompareStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
GetModuleHandleA
GetTimeZoneInformation
FlushFileBuffers
GetFileAttributesA
CreateProcessA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileAttributesW
CreateProcessW
GetExitCodeProcess
LoadLibraryA
GetExitCodeThread
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
ReadFile
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualAlloc
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
TerminateThread
ExpandEnvironmentStringsA
FormatMessageA
WideCharToMultiByte
RemoveDirectoryW
ExitProcess
SleepEx
GetUserDefaultUILanguage
GetLocaleInfoW
LockResource
LoadResource
SizeofResource
FreeLibrary
FindResourceW
DeleteFileW
WriteFile
SetFilePointer
CreateFileW
GetTempPathW
GetLastError
CreateMutexW
CloseHandle
ReleaseMutex
GetModuleFileNameW
CreateDirectoryW
GetShortPathNameW
WaitForSingleObject
GetCurrentThreadId
Sleep
GetSystemDirectoryW
GetFullPathNameW
VirtualQuery
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
IsDebuggerPresent
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetSystemInfo
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResumeThread
ReleaseSemaphore
OpenProcess
LoadLibraryW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetVersion
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetFileTime
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
InitializeCriticalSection
GlobalFree
EnterCriticalSection
GetTempFileNameW
LeaveCriticalSection
InterlockedDecrement
FindResourceA
GetProcessHeap
HeapAlloc
HeapFree
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

msimg32

AlphaBlend

user32

DrawFocusRect
CreateWindowExW
InvalidateRect
ReleaseCapture
SetCapture
PostMessageW
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuW
DestroyMenu
PeekMessageW
EndPaint
BeginPaint
CallWindowProcW
GetSysColorBrush
GetCursor
SetFocus
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuItemInfoW
LoadIconW
LoadImageW
GetClientRect
GetSystemMetrics
EnableMenuItem
CallNextHookEx
UnhookWindowsHookEx
GetDesktopWindow
GetForegroundWindow
MessageBoxW
SetWindowsHookExW
ScreenToClient
ReleaseDC
GetDC
SetForegroundWindow
PostQuitMessage
LoadCursorW
SetCursor
ClientToScreen
IsWindowVisible
SetWindowPos
EnableWindow
ShowWindow
DialogBoxParamW
CreateDialogParamW
DestroyWindow
GetWindowLongW
SetWindowLongW
EndDialog
GetDlgItem
SendMessageW
MoveWindow
GetParent
GetWindowRect
ChildWindowFromPoint

gdi32

CreateDIBSection
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
GetStockObject
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
GdiFlush

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetUserNameW
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

secur32

GetUserNameExW

urlmon

URLDownloadToFileW

wininet

InternetGetConnectedStateExW
InternetQueryOptionW

psapi

GetProcessImageFileNameW
EnumProcesses

ws2_32

inet_ntoa
htons
gethostbyname
WSASetLastError
socket
inet_addr
__WSAFDIsSet
select
send
ioctlsocket
getsockname
bind
getsockopt
setsockopt
getprotobyname
connect
WSACleanup
recv
WSAGetLastError
closesocket
ntohs
WSAStartup

winmm

timeGetTime

Exports

Exports

DownloadMgr2Init
MainLoop
OCCleanupProduct
OCDeleteSelf
OCDetach
OCExecuteOffer
OCGetAsyncOfferStatus
OCGetBannerInfo
OCGetMsg
OCGetOfferState
OCGetOfferType
OCInit2A
OCInit2W
OCInitA
OCInitW
OCInnoAdjust
OCInnoRestore
OCInstallShieldAdjust
OCNSISAdjust
OCPreInit
OCRunDialog
OCSetOfferData
OCSetOfferLocation
OCShutdown
OCSignalProductFailed
OCSignalProductInstalled
_DLMgr2Check@16
_Display@16
_DownloadMgr2RecycleOffer@12
_MgrCheck@16
_MgrExec@16

Sections

.text
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winamp.exe
.exe windows:5 windows x86 arch:x86

a642158410313cd3ac8e931bd01e8d95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathIsRootW
UrlIsW
UrlGetPartW
PathFindFileNameA
PathRemoveFileSpecA
PathAppendA
PathIsNetworkPathW
StrCmpIW
StrCmpNW
PathFindExtensionW
StrCmpNIW
PathStripPathW
PathCanonicalizeW
StrToIntExW
PathCommonPrefixW
PathAddBackslashW
PathIsUNCW
PathIsSameRootW
PathCombineA
StrToIntW
ord29
PathQuoteSpacesA
StrChrW
PathQuoteSpacesW
PathCombineW
PathFileExistsW
PathIsFileSpecW
PathIsRelativeW
PathStripToRootW
PathRemoveBlanksW
PathRemoveBackslashW
PathIsDirectoryW
PathFindFileNameW
PathIsURLW
PathRemoveExtensionW
PathAddExtensionW
PathAppendW
PathUnquoteSpacesW

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW
UuidCreate

nsutil

nsutil_fft_Create_F32R
nsutil_fft_Forward_F32R_IP
nsutil_image_Palette_RGB32
nsutil_image_PaletteFlipped_RGB32
nsutil_image_Convert_RGB24_RGB32
nsutil_image_ConvertFlipped_RGB24_RGB32
nsutil_stats_RMS_F32
nsutil_window_Multiply_F32_IP
nsutil_window_FillHann_F32_IP
nsutil_window_Hann_F32_IP
nsutil_pcm_FloatToInt_Interleaved
nsutil_pcm_IntToFloat_Interleaved_Gain
nsutil_image_Convert_YUV420_RGB32
nsutil_image_CopyFlipped_U8
nsutil_image_Copy_U8

kernel32

lstrlenW
GetFullPathNameW
OpenEventW
TerminateProcess
OpenProcess
DeleteFileW
ExitProcess
GetLastError
SetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetShortPathNameW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
SetEnvironmentVariableW
GetTempPathW
CopyFileW
CreateDirectoryW
lstrcmpiA
GetModuleFileNameA
FindClose
FindNextFileW
FindFirstFileW
lstrcpyW
FreeLibrary
LoadLibraryW
GetProcAddress
GetPrivateProfileIntW
SetThreadPriority
WriteFile
CreateThread
CreateFileA
LoadLibraryA
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThreadId
CompareStringW
CreateProcessW
RemoveDirectoryW
MoveFileExW
GetVersionExW
Sleep
WritePrivateProfileStringW
GlobalUnlock
GlobalLock
SetCurrentDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetPrivateProfileStringW
SetPriorityClass
GetCurrentProcess
RemoveDirectoryA
FindNextFileA
DeleteFileA
FindFirstFileA
GetVersion
CreateWaitableTimerA
SetWaitableTimer
MulDiv
SystemTimeToFileTime
GetSystemTime
GetStringTypeExA
GetStringTypeExW
GetSystemDirectoryW
GetModuleHandleA
SetThreadExecutionState
lstrcmpiW
InitializeCriticalSectionAndSpinCount
ReadFile
LocalFree
LocalAlloc
SetEndOfFile
SetFilePointer
MoveFileW
WaitForMultipleObjects
GetCurrentThread
ResetEvent
GetLongPathNameW
lstrcmpW
LoadLibraryExW
ReleaseSemaphore
CreateSemaphoreA
ReadProcessMemory
CreateProcessA
DuplicateHandle
CreateEventW
GetExitCodeThread
GetCommandLineW
GetDriveTypeW
GetLogicalDrives
SetCurrentDirectoryA
GetTempFileNameW
TlsGetValue
TlsSetValue
TlsAlloc
WaitForMultipleObjectsEx
TryEnterCriticalSection
GetLocaleInfoW
QueueUserAPC
CompareStringA
WritePrivateProfileSectionW
GetCurrentProcessId
QueryPerformanceCounter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetACP
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceA
FreeResource
HeapFree
HeapAlloc
GetProcessHeap
OutputDebugStringA
GetPrivateProfileStructA
WritePrivateProfileStructA
FindResourceExW
GetTimeFormatW
GetLocalTime
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStartupInfoA
GetShortPathNameA
InterlockedCompareExchange
RaiseException
InterlockedExchange
QueryPerformanceFrequency
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetModuleFileNameW
lstrcpynW
lstrcpynA
lstrlenA
SetEvent
GetTickCount
CreateEventA
CloseHandle
WaitForSingleObject
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateFileW

user32

GetMenu
RemovePropA
PostMessageW
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
LoadAcceleratorsA
LoadMenuW
LoadMenuA
DialogBoxParamW
DialogBoxParamA
LoadStringW
SystemParametersInfoW
AttachThreadInput
MapDialogRect
AdjustWindowRectEx
GetWindowTextLengthW
InflateRect
GetDesktopWindow
SendMessageCallbackA
ReplyMessage
CreateIconIndirect
TranslateAcceleratorW
IsDialogMessageW
InsertMenuItemA
RegisterClassA
SetClassLongA
GetKeyboardState
GetMenuItemInfoW
SetMenuItemInfoW
RegisterWindowMessageW
SendMessageTimeoutA
LoadStringA
DrawIconEx
IsDlgButtonChecked
GetDlgItemInt
CheckDlgButton
SetDlgItemInt
DeleteMenu
LoadAcceleratorsW
GetAncestor
ShowWindowAsync
GetClassInfoA
IsDialogMessageA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
GetSystemMenu
EqualRect
EnumDisplaySettingsA
GetWindowRgn
DrawTextA
GetKeyState
IsIconic
FlashWindowEx
MessageBeep
BringWindowToTop
MonitorFromWindow
MonitorFromRect
CharPrevA
CreateDialogParamA
IsWindowUnicode
MsgWaitForMultipleObjectsEx
CallMsgFilterA
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
ShowCursor
SetCursorPos
CallWindowProcW
GetActiveWindow
OffsetRect
SetWindowLongW
DestroyCursor
LoadImageW
BeginDeferWindowPos
EndDeferWindowPos
SetWindowRgn
SendNotifyMessageA
CharPrevW
WindowFromPoint
ChildWindowFromPoint
GetWindowTextA
RegisterClipboardFormatA
IsCharAlphaA
ModifyMenuW
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
EnableMenuItem
GetMenuItemRect
SystemParametersInfoA
CreateDialogIndirectParamW
GetMessageW
DialogBoxIndirectParamW
LoadBitmapW
GetSysColorBrush
SetDlgItemTextA
DestroyWindow
CallWindowProcA
SendMessageA
IsWindowEnabled
GetDlgItem
GetParent
MonitorFromPoint
GetMonitorInfoA
InsertMenuW
InsertMenuA
DestroyMenu
GetMenuItemInfoA
GetMenuItemCount
AppendMenuA
GetMenuStringW
GetSubMenu
GetMenuState
GetMenuItemID
AppendMenuW
CreatePopupMenu
InsertMenuItemW
PeekMessageA
GetForegroundWindow
GetMessageA
DispatchMessageA
SetWindowTextA
GetClassInfoW
RegisterClassW
DefWindowProcA
CharUpperW
FindWindowW
IsChild
GetWindowLongW
GetNextDlgTabItem
GetClassNameW
GetMessagePos
ChildWindowFromPointEx
ValidateRect
GetUpdateRect
GetUpdateRgn
RedrawWindow
ReleaseCapture
ClientToScreen
CreateWindowExW
MapWindowPoints
SetPropW
RemovePropW
FindWindowExA
GetPropW
GetCursorPos
TrackPopupMenu
EnumThreadWindows
IsWindowVisible
UpdateWindow
GetClassLongA
GetSystemMetrics
LoadIconA
DestroyIcon
CharLowerW
FindWindowA
GetClassInfoExW
RegisterClassExW
SetCursor
PtInRect
GetFocus
SetFocus
GetCapture
SetCapture
TrackMouseEvent
BeginPaint
EndPaint
LoadCursorA
SetRect
DefWindowProcW
GetDlgCtrlID
SendMessageW
FillRect
CopyRect
DrawFocusRect
GetDCEx
SetRectEmpty
GetSysColor
GetWindowThreadProcessId
FindWindowExW
CharNextW
PostThreadMessageA
KillTimer
MessageBoxW
SetTimer
GetWindow
SetScrollInfo
GetScrollInfo
SetScrollPos
SetDlgItemTextW
SetForegroundWindow
CreateDialogParamW
GetDlgItemTextW
DrawTextW
GetWindowTextW
SetWindowTextW
PostMessageA
ScreenToClient
SetParent
SetWindowPos
GetWindowLongA
InvalidateRect
GetWindowRect
EndDialog
GetDC
GetClientRect
GetWindowDC
ReleaseDC
LoadImageA
SendDlgItemMessageA
GetWindowTextLengthA
GetDlgItemTextA
CharUpperBuffA
MessageBoxA
CharNextA
IsWindow
RegisterWindowMessageA
ShowWindow
SetActiveWindow
SetWindowLongA
SendDlgItemMessageW
EnableWindow
GetAsyncKeyState
DeferWindowPos

gdi32

MoveToEx
SetBkColor
GetTextExtentPoint32W
GetTextMetricsW
ExtTextOutW
SetTextAlign
GetTextMetricsA
ExtTextOutA
CombineRgn
OffsetRgn
CreateRectRgn
GetTextExtentPoint32A
CreateFontIndirectA
CreatePolyPolygonRgn
CreatePen
Rectangle
LineTo
CreateFontA
CreateSolidBrush
FillRgn
GetStockObject
CreateRectRgnIndirect
GetObjectA
StretchBlt
GetPixel
SetPixel
CreateBrushIndirect
SetDIBits
GetNearestColor
SetStretchBltMode
RestoreDC
RectVisible
SetTextColor
SetBkMode
UpdateColors
SelectPalette
RealizePalette
BitBlt
GetDeviceCaps
CreateCompatibleDC
SelectObject
GetDIBits
GetDIBColorTable
DeleteDC
DeleteObject
CreatePalette
CreateCompatibleBitmap
GetCurrentObject
SetBrushOrgEx
CreatePatternBrush
GetObjectW
CreateFontIndirectW
GetFontLanguageInfo
IntersectClipRect
ExtSelectClipRgn
EnumFontsA
CreateFontW
SaveDC
CreateDIBSection

advapi32

RegQueryValueExA
RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegCloseKey

shell32

SHGetPathFromIDListW
DragQueryPoint
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHAppBarMessage
SHFileOperationW
SHChangeNotify
ord680
SHGetDesktopFolder
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
RevokeDragDrop
CoRevokeClassObject
OleUninitialize
OleInitialize
RegisterDragDrop
CoRegisterClassObject
CoCreateInstance
StringFromGUID2
CoGetObject
CoInitialize
CoInitializeEx
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
OleRun

oleaut32

SafeArrayCopy
SysAllocStringLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocString
VariantInit
VariantClear

msvcr90

vsprintf_s
strlen
wcslen
_i64tow_s
_configthreadlocale
_wsetlocale
_wchmod
wcscpy_s
fputs
_create_locale
_wtoi_l
swscanf
fgetws
_CIatan
_CItan
_CIcos
_except_handler3
_wtof_l
floor
wcsrchr
ferror
fseek
ftell
fwrite
fopen
sscanf
strtol
wcschr
memmove
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_waccess
fgets
feof
_strnicmp
atoi
fprintf
fputc
wcsnlen
towupper
wcsncmp
strchr
_stricmp
_purecall
_wcsnicmp
wcsstr
_wtoi
_itow
_wcsicmp
__CxxFrameHandler3
_vsnprintf
_wcsdup
_strdup
realloc
strrchr
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_CIsqrt
_CIsin
_CIpow
memset
strncmp
_wfopen
fread
fclose
memcpy
strstr
malloc
free
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_CxxThrowException

Exports

Exports

plstring_malloc
plstring_release
plstring_retain
plstring_wcsdup

Sections

.text
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 2.3MB

.rsrc Size: 189KB - Virtual size: 189KB

08b0635362e7aeb50569ca1a61d5a13f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 571B

.rdata Size: 1024B - Virtual size: 551B

.data Size: - Virtual size: 16B

.reloc Size: 512B - Virtual size: 210B

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 729B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 350B

cbc66eb3222e3fcdbee2e18ba7195f5e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 24KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

7608b8bb4c1c73944e087294dd00fb9f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msimg32

user32

gdi32

advapi32

shell32

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 2.3MB

.rsrc
Size: 189KB - Virtual size: 189KB

.text
Size: 1024B - Virtual size: 571B

.rdata
Size: 1024B - Virtual size: 551B

.data
Size: - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 210B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 350B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 333KB - Virtual size: 333KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 454B