be583416a847b556914d1ae61c4f8a7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be583416a847b556914d1ae61c4f8a7a_JaffaCakes118
Size

404KB
MD5

be583416a847b556914d1ae61c4f8a7a
SHA1

eb654faa8d152b199345904b818a9d0b86062ee1
SHA256

a0fccec33042101f663220fa1c9e0fcf5b68d0bf5d16c4df771b881afbd0e7a8
SHA512

d173a61cdf1ade391e353aff2e16cfb13a37c0040c814944768a5c2ee3a507467e7cc07372c4c4c136425856182fa2d60113b7f353504017f8d9b7c7818eb27c
SSDEEP

6144:dbVR8hYmGQ5zAKuZT3V3EIGNsXTdcilCHTaTIx5Vxrye3HY:tHGY2duD3EZNsjJ3Ix5Vxry9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be583416a847b556914d1ae61c4f8a7a_JaffaCakes118

Files

be583416a847b556914d1ae61c4f8a7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

26a8275a5aa14a2179735000b53fb082

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

frame

??0SECControlBarMDIChildWnd@@IAE@XZ
??1SECControlBarMDIChildWnd@@MAE@XZ
?PreCreateWindow@SECControlBarMDIChildWnd@@MAEHAAUtagCREATESTRUCTA@@@Z
?messageMap@SECControlBarMDIChildWnd@@1UAFX_MSGMAP@@B
?AddNotify@SECToolBarManager@@QAEXPAVCWnd@@@Z
?RemoveNotify@SECToolBarManager@@QAEXPAVCWnd@@@Z
?classSECControlBarMDIChildWnd@SECControlBarMDIChildWnd@@2UCRuntimeClass@@B
?RecalcLayout@SECControlBarMDIChildWnd@@UAEXH@Z
?GetCurBtn@SECCustomToolBar@@QBEHXZ
?GetItemID@SECCustomToolBar@@QBEIH@Z
?messageMap@SECToolBarCmdPage@@1UAFX_MSGMAP@@B
?OnNameKillFocus@SECToolBarsBase@@IAEXXZ
?GetCurBar@SECToolBarsBase@@IAEHAAPAVCControlBar@@PAH@Z
?OnInitDialog@SECToolBarsPage@@MAEHXZ
?OnStyleChanging@SECToolBarsPage@@IAEXI@Z
?messageMap@SECToolBarsPage@@1UAFX_MSGMAP@@B
?OnCreateClient@SECControlBarMDIChildWnd@@MAEHPAUtagCREATESTRUCTA@@PAUCCreateContext@@@Z
?EnableConfigMode@SECToolBarManager@@QAEXH@Z
?messageMap@SECToolBarSheet@@1UAFX_MSGMAP@@B
?DisableMainFrame@SECToolBarManager@@QAEXXZ
?SetNoDropWnd@SECToolBarManager@@QAEXPAVCWnd@@@Z
?GetControlBar@SECToolBarCmdPage@@IAEPAVSECCustomToolBar@@I@Z
?OnUpdateFrameMenu@SECMDIFrameWnd@@UAEXPAUHMENU__@@@Z
?AddTempString@CMenu7@@SAXJVCString@@H@Z
??0SECStatusBar@@QAE@XZ
??1SECMDIFrameWnd@@MAE@XZ
??1COlePropertyPageSite@@UAE@XZ
?GetStringProp@CProfile7@@QBEABVCString@@H@Z
??1CAccelTable7@@QAE@XZ
??1SECStatusBar@@UAE@XZ
?GetIntProp@CProfile7@@QBEHH@Z
??0CProfile7@@QAE@PBDPBUCProfileEntry7@@@Z
??0CLayoutItem@@QAE@XZ
?ShowControlBar@SECMDIFrameWnd@@QAEXPAVCControlBar@@HH@Z
?OnInitDialog@SECTipOfDay@@UAEHXZ
?SetLeadInText@SECTipOfDay@@QAEXPBD@Z
?messageMap@SECTipOfDay@@1UAFX_MSGMAP@@B
??0SECTipOfDay@@QAE@PBDHHPAVCWnd@@@Z
?GetRuntimeClass@SECTipOfDay@@UBEPAUCRuntimeClass@@XZ
?Create@SECTipOfDay@@UAEHXZ
??1SECTipOfDay@@UAE@XZ
?OnActivate@SECMDIFrameWnd@@IAEXIPAVCWnd@@H@Z
?GetDefaultUserCharSet@@YAEXZ
?ReMapBitmap2@@YGPAUHBITMAP__@@PAU1@KK@Z
?GetTempString@CMenu7@@SAAAVCString@@JH@Z
??0SECToolBarsPage@@QAE@XZ
?SetManager@SECToolBarsBase@@QAEXPAVSECToolBarManager@@@Z
??0SECToolBarCmdPage@@QAE@XZ
?SetManager@SECToolBarCmdPage@@QAEXPAVSECToolBarManager@@@Z
??1SECToolBarCmdPage@@UAE@XZ
??1SECToolBarsPage@@UAE@XZ
?DoDataExchange@SECToolBarsPage@@MAEXPAVCDataExchange@@@Z
?OnReset@SECToolBarsPage@@MAEXXZ
?OnSetActive@SECToolBarsPage@@MAEHXZ
?OnKillActive@SECToolBarsPage@@MAEHXZ
?GetRuntimeClass@SECToolBarCmdPage@@UBEPAUCRuntimeClass@@XZ
?OnInitDialog@SECToolBarCmdPage@@MAEHXZ
?OnReset@SECToolBarCmdPage@@MAEXXZ
?OnSetActive@SECToolBarCmdPage@@MAEHXZ
?OnKillActive@SECToolBarCmdPage@@MAEHXZ
?OnNcActivate@SECMDIFrameWnd@@IAEHH@Z
?RemovePropertyBox@CPropertyBox@@SAXXZ
?SaveWindowPosition@@YAHPAVCWnd@@PBD@Z
?ApplayAndValidate@CPropertyBox@@QAEHXZ
?GetSECManager@CTBManager@@SAPAVSECToolBarManager@@XZ
?Create@SECStatusBar@@QAEHPAVCWnd@@KI@Z
?SetIndicators@SECStatusBar@@QAEHPBIH@Z
?GetToolBarManager@@YAPAVCTBManager@@XZ
?EnableDocking@SECMDIFrameWnd@@QAEXK@Z
??0CLayoutItem@@QAE@VCString@@I@Z
??1CLayoutItem@@UAE@XZ
??0CLayout@@QAE@IPAVCLayoutItem@@HPAIPBDI@Z
?SendMessage7Direct@CTemplate7@@SAJPAVCCmdTarget@@IIIJ@Z
?Serialize@CLayoutItem@@UAEXAAVCArchive@@@Z
?classSECCustomToolBar@SECCustomToolBar@@2UCRuntimeClass@@B
?IsMainFrameEnabled@SECToolBarManager@@QAEHXZ
?classCDockableWindow@CDockableWindow@@2UCRuntimeClass@@B
?OnCommand@SECMDIFrameWnd@@MAEHIJ@Z
?OnCmdMsg@SECMDIFrameWnd@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z
??0SECMDIFrameWnd@@IAE@XZ
??1CProfile7@@UAE@XZ
?SetReadOnlyMode@CContainer@@QAEXH@Z
?DoMessageBox@CAppFrame@@UAEHPBDII@Z
?GetActiveFrame@SECMDIFrameWnd@@UAEPAVCFrameWnd@@XZ
?RecalcLayout@SECMDIFrameWnd@@UAEXH@Z
?OnSetPreviewMode@SECMDIFrameWnd@@UAEXHPAUCPrintPreviewState@@@Z
?OnUpdateFrameTitle@SECMDIFrameWnd@@UAEXH@Z
?EnableMainFrame@SECToolBarManager@@QAEXXZ
?DockControlBarEx@SECMDIFrameWnd@@UAEXPAVCControlBar@@IHHMH@Z
?CreateFloatingMDIChild@SECMDIFrameWnd@@UAEPAVCMDIChildWnd@@KPAVCControlBar@@@Z
?ActivateDockableFrame@SECMDIFrameWnd@@UAEXPAVSECFrameWnd@@@Z
?OnActivateDockableFrame@SECMDIFrameWnd@@UAEXPAVSECFrameWnd@@@Z
?LoadBarState@SECMDIFrameWnd@@UAEXPBD@Z
?SaveBarState@SECMDIFrameWnd@@UBEXPBD@Z
?SetDockState@SECMDIFrameWnd@@UAEXAAVSECDockState@@@Z
?GetDockState@SECMDIFrameWnd@@UBEXAAVSECDockState@@@Z
?GetControlBarManager@SECMDIFrameWnd@@UBEPAVSECControlBarManager@@XZ
?SetControlBarManager@SECMDIFrameWnd@@UAEXPAVSECControlBarManager@@@Z
?GetPropertyBox@CPropertyBox@@SAPAV1@XZ
?classCTBSearchBox@CTBSearchBox@@2USECButtonClass@@B
?messageMap@SECMDIFrameWnd@@1UAFX_MSGMAP@@B
?classSECMDIFrameWnd@SECMDIFrameWnd@@2UCRuntimeClass@@B
?IsOwnerDrawFlag@CMenu7@@SAHXZ
??0CTemplate7@@QAE@IPAUCRuntimeClass@@00@Z
??0CChooseDirDlg@@QAE@PAVCWnd@@@Z
?StopWait@CAppFrame@@QAEHI@Z
?WaitProc@CAppFrame@@QAEHPBD@Z
?StartWait@CAppFrame@@QAEHXZ
?DoOptionsDialog@CAppFrame@@QAEJXZ
?DispatchCmdMsg@CModule7@@SAHIHPAXPAUAFX_CMDHANDLERINFO@@@Z
?Add@CMenu7@@QAEXPAVCMenu@@H@Z
?GetRuntimeClass@CMenu7@@UBEPAUCRuntimeClass@@XZ
?SetNoSounds@CAppFrame@@QBEHH@Z
?InitMenus@CAppFrame@@QAEXII@Z
?Load@CProfile7@@QAEHPBD0@Z
?AddOptionsPage@CAppFrame@@QAEXABU_GUID@@PAUIUnknown@@@Z
?classCPopupFrame@CPopupFrame@@2UCRuntimeClass@@B
?SetIntProp@CProfile7@@QAEXHH@Z
?FinalRemoveExtra@CMenu7@@QAEXXZ
?SetOwnerDrawFlag@CMenu7@@SAXH@Z
?SetOwnerDraw@CMenu7@@SAXPAVCMenu@@HH@Z
?LoadWindowPosition@@YAHPAVCWnd@@PBDH@Z
?ReadPage@CContainer@@QAEHH@Z
?Save@CProfile7@@QAEHPBD0@Z
?SetStringProp@CProfile7@@QAEXHPBD@Z
?GetDateProp@CProfile7@@QBE?AVCDate@@H@Z
?GetToolBarManager@CAppFrame@@QAEPAVCTBManager@@XZ
?GetMainFrame@@YAPAVCMDIFrameWnd@@XZ
?GetDocument@CTemplate7@@SAPAVCDocument@@I@Z
?FromID@CTemplate7@@SAPAV1@I@Z
?SendMessage7Direct@CTemplate7@@SAJPAVCCmdTarget@@PAVCMessage7@@@Z

type32

??0CDate@@QAE@HHH@Z
?ResString@@YA?AVCString@@I@Z
?AllTrim@@YA?AVCString@@ABV1@@Z
?MakeUpper@@YAAAVCString@@AAV1@@Z
?GetYear@CDate@@QBEHXZ
?MakeLower@@YAAAVCString@@AAV1@@Z
SetDefCCYBefore
?SetRoundMode@CNumeric@@SAHH@Z
??0CNumeric@@QAE@N@Z
??1CNumeric@@QAE@XZ
??0CNumeric@@QAE@J@Z
?GetDouble@CNumeric@@QBEOXZ
??BCNumeric@@QBEJXZ
?SaveToString@CItemList@@UBEXAAVCString@@HPBD@Z
?AddItem@CItemList@@QAEHPAVCGenericItem@@@Z
??0CItem@@QAE@PBD@Z
??1CItemList@@UAE@XZ
??0CItemList@@QAE@XZ

br32

?EnableMouseWheel@CBrowse@@SAXH@Z
?RegisterControlClass@CBtnEdit@@SAHXZ
?RegisterControlClass@CMaskEdit@@SAXXZ
?ActivateOpenDocFrame@@YAPAVCDocument@@PAVCDocTemplate@@PBD@Z
?SetWaitProc@CBrowse@@SAXP6AHH@Z@Z
?InitBrowseLibrary@@YAXXZ
?RegisterControlClass@CBrowse@@SAHXZ

bkend

?Format@CValue@@QBEPBDXZ
??1CValue@@UAE@XZ
?GetFirstLoadedContextID@CBLContext@@SAKXZ
?GetLoadedContext@CBLContext@@SAPAV1@K@Z
?GetNextLoadedContextID@CBLContext@@SAKK@Z
?LoadFromValue@CBLSpeller@@QAEHABVCValue@@@Z
??0CValue@@QAE@ABV0@@Z
??0CValue@@QAE@XZ
?GetNumeric@CValue@@QBEABVCNumeric@@XZ
?GetDate@CValue@@QBE?AVCDate@@XZ
?CDateToDATE@@YANVCDate@@@Z
?GetString@CValue@@QBEABVCString@@XZ
?CheckSortOrder@CSortOrder@@SAHIPBE@Z
?FindCodePage@CDBEngDB7@@SAHPBD@Z
?Reset@CValue@@QAEXXZ
?IID_IExportContext@@3U_GUID@@B
?AssignContext@CValue@@QAEHPAVCBLContext@@@Z
??4CValue@@QAEABV0@ABVCNumeric@@@Z
?DATEToCDate@@YA?AVCDate@@N@Z
??4CValue@@QAEABV0@VCDate@@@Z
??4CValue@@QAEABV0@PBD@Z
?FromFile@CODBCConnectParams@@QAEHPBD@Z
?Reset@CODBCConnectParams@@QAEXXZ
?ToFile@CODBCConnectParams@@QAEHPBD@Z
??1CODBCConnectParams@@QAE@XZ
?SetUserdefFileName@CDataBase7@@SAXPBD@Z
?GetUserdefChecksum@CDataBase7@@SAHAAKH@Z
?InitLockCtrl@@YAHHPBD@Z
?SetSharedLockLimit@CLockCtrl@@QAEXHH@Z
?SetDefDateFmt@CValue@@SAXW4CDateFormat@@@Z
?SetCustomSortOrderFilePath@CDBEngDB7@@SAXPBD@Z
??0CDBEngDB7@@QAE@PAVCMetaDataCont@@@Z
??0CODBCDB7@@QAE@PAVCMetaDataCont@@@Z
?SelectCodePage@CDBEngDB7@@SAXH@Z
??0CBLSpeller@@QAE@ABV0@@Z
?GetCustomSortOrderFileName@CDBEngDB7@@SAPBDXZ
?SaveToFile@CSortOrder@@SAHPBD@Z
?SetConnectParamsCallback@CDataBase7@@SAXP6AXXZ@Z
?GetSelectedCodePageIdx@CDBEngDB7@@SAHXZ
?OpenDD@CDBEngDB7@@QAEHXZ
?CloseDD@CDBEngDB7@@QAEXXZ
?LoadFromFile@CBLSpeller@@QAEHPBD@Z
?SetTimePresentDec@@YAXH@Z
?RetryCopyNewData@@YA?AW4SuccessCode@@PBD000@Z
?DeleteAllData@CMetaDataCont@@QAEXH@Z
?FileCopy@@YAHPBD0@Z
?AddAccountsFromMD@@YAHH@Z
?RecalcProcess@@YAHVCString@@@Z
?GetSysSet@@YAPAVCSystemSet@@XZ
?GetAccRecalc@CSystemSet@@QAEHXZ
?RecalcAllAccTotals@@YAHHHHHH@Z
?GetMetaData@@YAPAVCMetaDataCont@@XZ
?UndoLockCtrl@@YAXH@Z
?GetDefault@CDataBase7@@SAPAV1@XZ
?SetDefault@CDataBase7@@SAXPAV1@@Z
?SetBkEndUI@@YAXPAVCBkEndUI@@@Z
?GetDefaultSpeller@@YAPAVCBLSpeller@@XZ
?InitDefaults@CBLSpeller@@QAEXXZ
?InitDateSpelling@@YAXXZ
?SetFindSpecialFileFunc@@YAXP6AHPBDAAVCString@@0@Z@Z
?GetLockCtrl@@YAPAVCLockCtrl@@H@Z
?GetCodePageAt@CDBEngDB7@@SAPAUSDBEngCodePage@@H@Z
?GetNCodePages@CDBEngDB7@@SAHXZ
??0CODBCConnectParams@@QAE@XZ
??4CODBCConnectParams@@QAEABV0@ABV0@@Z
?CheckConnectParams@CODBCDB7@@QAEHAAVCODBCConnectParams@@@Z
?IsEmpty@CODBCConnectParams@@QBEHXZ
??8CODBCConnectParams@@QBEHABV0@@Z
?SetFindBadSymbolsInNewDocs@@YAXH@Z
??0CBLExportContext@@QAE@PAVCBLContext@@@Z
?LinkContext@CValue@@QAEHH@Z

blang

?SetStaticVarValue@CBLModule@@QAEHHABVCValue@@H@Z
?IsExported@CBLProcInfo@@QBEHXZ
?FindStaticVar@CBLModule@@QBEHPBD@Z
?GetStaticVarDescr@CBLModule@@QBEHHAAVCBLVarInfo@@@Z
?IsExported@CBLVarInfo@@QBEHXZ
??0CStdOleBLContext@@QAE@H@Z
?TryFindFriendInterface@CStdOleBLContext@@QAEHXZ
??0CBLModule@@QAE@PAVCBLContext@@PBD@Z
?AssignSource@CBLModule@@QAEXPBD@Z
?Compile@CBLModule@@QAEHXZ
?Execute@CBLModule@@QAEHXZ
?FindProc@CBLModule@@QBEHPBDH@Z
?GetProcInfo@CBLModule@@QBEHHAAVCBLProcInfo@@@Z
?GetSyntaxMark@CBLModule@@UAEPBDXZ
?OnSyntaxError@CBLModule@@UAEHXZ
?OnRuntimeError@CBLModule@@UAEHXZ
?OnStartExecution@CBLModule@@UAEHXZ
?OnNextLine@CBLModule@@UAEHXZ
?OnEnterProc@CBLModule@@UAEXH@Z
?OnExitProc@CBLModule@@UAEXH@Z
?OnStopExecution@CBLModule@@UAEXXZ
?OnDoMessageBox@CBLModule@@UAEHPBDII@Z
?OnGetErrorDescription@CBLModule@@UAEXAAVCString@@@Z
?SetOnCommandExceptionHandler@CBLModule@@SAXP6AXPAVCException@@AAH@Z@Z
?GetStaticVarValue@CBLModule@@QBEHHAAVCValue@@H@Z
?CallAsProc@CBLModule@@QAEHHHPAPAVCValue@@@Z
?CallAsFunc@CBLModule@@QAEHHAAVCValue@@HPAPAV2@@Z
?GetNParams@CBLProcInfo@@QBEHXZ
?GetType@CBLProcInfo@@QBEHXZ
?EvalExpr@CBLModule@@QAEHPBDAAVCValue@@PAPAV2@@Z
?ExecuteBatch@CBLModule@@QAEHPBDPAPAVCValue@@@Z
?GetKind@CBLModule@@UBEHXZ
??1CBLModule@@UAE@XZ
?AssignSpeller@CBLModule@@QAEXPAVCBLSpeller@@@Z

seven

?DefineCalcContext@@YAXXZ
?DefineTradeContext@@YAXXZ
?DefineGeneralContext@@YAXXZ
?DefineAccountContext@@YAXXZ
?Update@CSplash@@QAEXXZ
?InitParamsPages@CApp7@@QAEXXZ
?StartLogging@CAdminService@@QAEJXZ
?LoadConfigContainer@CConfigCont@@SAHXZ
?InitDataBase@CApp7@@QAEHXZ
?StartTimer@CApp7@@QAEXXZ
?InitAddInService@CApp7@@QAEXXZ
?CLSID_AdminPropPage@@3U_GUID@@A
?UpdateAppTitle@CApp7@@QAEXXZ
?InitBasicExtContexts@@YAXXZ
?InitASPObjects@@YAXXZ
?InitGlobalModule@@YAHXZ
?Open@CTraceInterface@@SAPAVCTraceDataMap@@XZ
?OpenDataBase@CApp7@@QAEHHHH@Z
?CloseDataBase@CApp7@@QAEXXZ
?Open@CConfigInterface@@SAPAVCConfigDataMap@@XZ
?m_DataMutex@CConfigInterface@@0VCConfigMutex@@A
?Unlock@CConfigMutex@@QAEHXZ
?CompressAll@CConfigCont@@QAEHH@Z
?DocID@CMetaDataStream@@2IA
?classCMetaDataStream@CMetaDataStream@@2UCRuntimeClass@@B
?ConvertAllCJForms@CConfigCont@@QAEHXZ
?OnDBOpened@CApp7@@QAEXXZ
?OnDBClosing@CApp7@@QAEXXZ
?RecallArchive@CAdminService@@QAEXXZ
?Unregister_zlibEngine@CApp7@@QAEXXZ
?UndoGlobalModule@@YAXXZ
?UnloadAddIns@CApp7@@QAEXXZ
?UndoBasicExtContexts@@YAXXZ
?UndoASPObjects@@YAXXZ
?StopProfileOnExit@CBLModule7@@SAXXZ
?m_FullTempPath@CConfigCont@@2VCString@@A
?Close@CTraceInterface@@SAXXZ
?Close@CConfigInterface@@SAXXZ
?CheckDirectories@CApp7@@QAEHXZ
?StopTimer@CApp7@@QAEXXZ
?UndoParamsPages@CApp7@@QAEXXZ
?UndefineGeneralContext@@YAXXZ
?UndefineTradeContext@@YAXXZ
?UndefineCalcContext@@YAXXZ
?UndefineAccountContext@@YAXXZ
?WriteStatusLine@@YAXI@Z
?Start@CSplash@@QAEXPAVCWnd@@KH@Z
?GetSplashWnd@@YAPAVCSplash@@XZ
?ProcessOnCommandDBException7@CBLModule7@@SAXPAVCException@@AAH@Z
?AdjustDirectories@CApp7@@QAEXXZ
??1CLogoPan@@UAE@XZ
??0CAboutDlg@@QAE@H@Z
?ShowError@CApp7@@UAEXPBDW4MessageMarker@@0JH@Z
?WriteError@CApp7@@UAEXPBDW4MessageMarker@@0JH@Z
?WriteMessageString@CApp7@@UAEXPBDW4MessageMarker@@@Z
?ClearMessageDevice@CApp7@@UAEXXZ
?LockMessageDevice@CApp7@@UAEXH@Z
?ActivateMessageDevice@CApp7@@UAEXHH@Z
?SetExclMode@CAdminService@@QAEXH@Z
?ReportEventA@@YAXVCString@@PAULogEventInfo@@@Z
?WriteStatusLine@@YAXPBD@Z
?ReadStatusLine@@YA?AVCString@@XZ
?GetGlobalModule@@YAPAVCBLModule7@@XZ
?TranslateCommandLine@CApp7@@QAEXPBD@Z
?Serialize@CRightInfo@@UAEXAAVCArchive@@H@Z
?ModalMode@@YAHXZ
?m_uiExtCopyDataID@CApp7@@2IA
?SetStatusStr@CUserCommandContaner@@QBEXIAAVCString@@@Z
?GetData@CConfigInterface@@SAPAVCConfigDataMap@@XZ
?GetData@CTraceInterface@@SAPAVCTraceDataMap@@XZ
?GetGlobalDocType@@YAPAVCDocType@@XZ
?GethwndBCDlg@@YAPAUHWND__@@XZ
?ProcessAddinEvents@CApp7@@QAEXXZ
?GetShortText@CUserCommandContaner@@QBEHIAAVCString@@H@Z
?Find@CUserCommandContaner@@QAEPAVCUserCommandInfo@@I@Z
?GetMouseScrollLines@CApp7@@QAEIH@Z
?GetLongText@CUserCommandContaner@@QBEHIAAVCString@@@Z
?GetToolBarPos@CApp7@@QBEIXZ
?InitProps@CApp7@@QAEHXZ
?IsLogging@CAdminService@@QAEHXZ
?FindSpecialFile@CApp7@@QBEHPBDAAVCString@@0@Z
?ReportEventA@@YAXVCString@@JW4EventType@@000@Z
?m_DataMutex@CTraceInterface@@0VCMutex@@A
?ConvertAllDocModule@CConfigCont@@QAEHP6AHPAVCDocument@@00PAVCMetaDataObj@@@Z@Z
?StopLogging@CAdminService@@QAEJXZ
?UpdateRegistry@CSpecObjectFactory@@UAEHH@Z
?writeMessage@Pipe@@UAEKAAVPacket@@_N@Z
?Register_zlibEngine@CApp7@@QAEHXZ
?RT_ActiveBarcodeLicense@@YAXXZ
?DocID@CConfigCont@@2IA
?classCConfigCont@CConfigCont@@2UCRuntimeClass@@B
?CheckAccess@CRightsContainer@@QAEHIJI@Z
?IsPathBelongsExtFormsDir@@YAHPBDAAH@Z
?SetSingleMode@CWorkBookDoc@@QAEXH@Z
?InsertDescription@CWorkBookDoc@@QAEHXZ
?RemoveMDHolder@CWorkBookDoc@@QAEHXZ
?IsGrantedToRecentList@CApp7@@QAEHXZ
??0CApp7@@QAE@XZ
?OnIdle@CApp7@@UAEHJ@Z
?ProcessWndProcException@CApp7@@MAEJPAVCException@@PBUtagMSG@@@Z
?GetDDFName@CApp7@@UAEPBDXZ
?GetDDSQLFName@CApp7@@UAEPBDXZ
?GetSQLAddrFName@CApp7@@UAEPBDXZ
?GetMDFName@CApp7@@UAEPBDXZ
?GetConfigFName@CApp7@@UAEPBDXZ
?GetLockFName@CApp7@@UAEPBDXZ
?GetDefSpellingFName@CApp7@@UAEPBDXZ
??1CAdminService@@QAE@XZ
?processMessage@PipeLink@@UAEKAAVMessage@@@Z
?messageMap@CApp7@@1UAFX_MSGMAP@@B
??1mutex_heap@@QAE@XZ
??1event_heap@@QAE@XZ
?initialize@Framework@@UAEKPBD@Z
?done@Framework@@UAEXXZ
?stop@Log@@QAEXXZ
??0Pipe@@QAE@XZ
??1Thread@@QAE@XZ
??1Pipe@@QAE@XZ
?run@PipeLink@@UAEKXZ
??0Event@@QAE@_N0K0@Z
?readMessage@Pipe@@UAEKAAVPacket@@_N@Z
?MD5HashValue@CMD5Hashing@@QAEXQAE@Z
?MD5Update@CMD5Hashing@@QAEXPBXI@Z
??0Mutex@@QAE@K_NPBD@Z
??1Mutex@@QAE@XZ
?onEnd@Thread@@MAEXK@Z
?onStart@Thread@@MAEXXZ
??0Thread@@QAE@_N@Z
?unlock@CriticalSection@@QAEXXZ
?lock@CriticalSection@@QAEXXZ

txtedt

?Activate@CMainMessageHandler@@QAEXH@Z
??1CMainMessageHandler@@UAE@XZ
?WriteMessage@CMainMessageHandler@@QAEXPBDW4MessageMarker@@0JHH@Z
?classCMessageView@CMessageView@@2UCRuntimeClass@@B
?WriteError@CMainMessageHandler@@QAEXPBDW4MessageMarker@@0JHH@Z
?ConvertModules@@YAHPAVCDocument@@00PAVCMetaDataObj@@@Z
?WriteMessage@CMainMessageHandler@@QAEXPBDW4MessageMarker@@H@Z
?classCMainMessageHandler@CMainMessageHandler@@2UCRuntimeClass@@B
?Hide@CMainMessageHandler@@QAEXXZ
?ClearAll@CMainMessageHandler@@QAEXXZ
??0CMainMessageHandler@@QAE@XZ
?ShowError@CMainMessageHandler@@QAEHPBDW4MessageMarker@@0JH@Z

mfc42

ord5307
ord3573
ord640
ord2729
ord1200
ord1246
ord3349
ord4427
ord2445
ord4436
ord5283
ord2382
ord4152
ord2879
ord976
ord5012
ord3351
ord5100
ord2390
ord2101
ord4715
ord771
ord497
ord496
ord3700
ord4431
ord2054
ord4439
ord5288
ord1690
ord4742
ord4258
ord768
ord489
ord4948
ord1907
ord4123
ord4076
ord4881
ord3103
ord5063
ord4497
ord4454
ord2119
ord4299
ord3797
ord6197
ord1859
ord4230
ord804
ord298
ord620
ord3729
ord3394
ord4406
ord2587
ord3583
ord2444
ord5248
ord5279
ord6369
ord5234
ord1709
ord2389
ord4121
ord5471
ord4056
ord4364
ord6154
ord6458
ord6880
ord470
ord289
ord5781
ord5794
ord4297
ord4133
ord613
ord755
ord3706
ord536
ord4775
ord291
ord3815
ord2546
ord1576
ord616
ord2616
ord5891
ord6109
ord4774
ord562
ord5789
ord816
ord4538
ord2863
ord3761
ord1644
ord6041
ord4615
ord4451
ord4680
ord4673
ord641
ord2514
ord825
ord4129
ord2764
ord5572
ord2919
ord823
ord800
ord858
ord924
ord1168
ord540
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3361
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord1270
ord1146
ord324
ord2818
ord3092
ord6199
ord922
ord537
ord4710
ord2645
ord2915
ord3097
ord6223
ord535
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord4622
ord4424
ord3681
ord3663
ord815
ord801
ord743
ord4220
ord2584
ord3654
ord2438
ord6375
ord4486
ord2554
ord3922
ord5199
ord2396
ord3346
ord5300
ord4079
ord1176
ord5289
ord5714
ord3738
ord5710
ord5651
ord3616
ord3127
ord5186
ord665
ord955
ord1147
ord354
ord860
ord350
ord939
ord5683
ord1133
ord4159
ord5805
ord1223
ord2233
ord2652
ord5500
ord1218
ord1175
ord6117
ord2817
ord1205
ord2621
ord1669
ord1199
ord4021
ord6402
ord5750
ord2004
ord2393
ord1979
ord5442
ord3318
ord6302
ord940
ord4160
ord6215
ord1203
ord2558
ord2092
ord1233
ord5484
ord986
ord795
ord3803
ord3521
ord1194
ord941
ord913
ord2737
ord4055
ord5731
ord609
ord3237
ord1799
ord614
ord1206
ord2623
ord290
ord4226
ord2486
ord4003
ord539
ord1656
ord1572
ord1601
ord1567
ord268
ord2727
ord2730
ord2754
ord3829
ord1268
ord4221
ord1574
ord6467
ord5296
ord1728
ord6150
ord3785
ord3083
ord446
ord6282
ord6283
ord6055
ord1776
ord5290
ord3402
ord3721
ord4853
ord567
ord2302
ord4234
ord5440
ord6383
ord5450
ord6394
ord398
ord700
ord2411
ord2023
ord4398
ord3582
ord4275
ord5875
ord2859
ord5594
ord692
ord6403
ord2614
ord3522
ord3439
ord2890
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2301
ord2340
ord2370
ord5632
ord5953
ord2642
ord975
ord1779
ord2528
ord1008
ord2515
ord6334
ord4218
ord2578
ord2298
ord2358
ord2575
ord4396
ord3574
ord3874
ord2864
ord4362
ord5088
ord4448
ord4671
ord4681
ord6164
ord3571
ord2763
ord3619
ord1641
ord1640
ord323
ord3626
ord2414
ord5785
ord2566
ord2753
ord5787
ord3869
ord2127
ord2723
ord2391
ord3059
ord4468
ord4303
ord3350
ord812
ord2878
ord4153
ord4077
ord5237
ord2383
ord2649
ord1665
ord5255
ord3496
ord3495
ord1109
ord5284
ord1904
ord1803
ord2867
ord6270
ord4277
ord3072
ord4083
ord4377
ord4457
ord3403
ord2379
ord4413
ord5004
ord4501
ord4216
ord4583
ord4591
ord4905
ord4854
ord5161
ord5162
ord5160
ord4358
ord5287
ord4835
ord3699
ord5871

msvcrt

_setmbcp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
strncpy
fwrite
strstr
fread
fopen
fclose
atoi
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_mbschr
memmove
_mbslen
_stat
strchr
_CxxThrowException
rand
__CxxFrameHandler
time
srand
free
_strdup
malloc
_access
sprintf
setlocale
_mbscmp
_except_handler3
_purecall
_ftol

kernel32

lstrlenA
GetStartupInfoA
GetModuleHandleA
lstrcmpA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
lstrlenW
lstrcpyA
lstrcatA
lstrcmpiA
SetCurrentDirectoryA
lstrcpynA
DeleteFileA
GetModuleFileNameA
GetFullPathNameA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
TlsSetValue
TlsGetValue
WaitForSingleObject
DeleteCriticalSection
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
GetVolumeInformationA
GetComputerNameA
GetVersionExA
GetSystemInfo
InitializeCriticalSection

user32

GetDlgCtrlID
IsWindowVisible
GetMenu
CopyRect
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
IsIconic
DrawTextA
DrawIcon
GetSystemMetrics
GetWindowRect
DrawEdge
GetClientRect
SetRectEmpty
SetTimer
GetWindowTextA
GetWindowTextLengthA
DrawTextExA
GetClassLongA
KillTimer
DrawIconEx
GetSysColor
InflateRect
GetWindow
ScreenToClient
RegisterWindowMessageA
DdeNameService
DdeInitializeA
DdeCreateStringHandleA
DdeUninitialize
DdeFreeStringHandle
DdeCmpStringHandles
DdeFreeDataHandle
DdeCreateDataHandle
DdeUnaccessData
DdeAccessData
UpdateWindow
GetWindowLongA
SendMessageA
CallWindowProcA
GetDesktopWindow
CreateWindowExA
SetClassLongA
DestroyWindow
PostMessageA
MessageBoxA
EnableWindow
SetForegroundWindow
PostQuitMessage
SetActiveWindow
RegisterClipboardFormatA
SetWindowLongA
CreatePopupMenu
AppendMenuA
ClientToScreen
TranslateAcceleratorA
GetFocus
GetParent
GetDC
ReleaseDC
DdeQueryStringA
DdeAddData
DdePostAdvise
TrackPopupMenu
GetSystemMenu
IsMenu
DrawFocusRect
IsCharAlphaNumericA
DrawMenuBar
LoadMenuA
LoadIconA
PtInRect
PeekMessageA
GetCursorPos
OffsetRect
SystemParametersInfoA
RemoveMenu

gdi32

GetTextExtentPoint32A
Rectangle
CreateRectRgnIndirect
CreateFontIndirectA
CreateFontA
PatBlt
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateBitmap
SelectObject
CreateDIBitmap
CreatePatternBrush
DeleteObject
CreateCompatibleDC
GetTextMetricsA
ExtTextOutA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyA

shell32

DragFinish
DragQueryFileA

ole32

CoLockObjectExternal
CoCreateGuid

oleaut32

RegisterActiveObject
VariantInit
VariantClear
RevokeActiveObject
DispGetParam

Exports

Exports

??0CriticalSection@@QAE@XZ
??0Framework@@QAE@ABV0@@Z
??0Framework@@QAE@XZ
??0Log@@QAE@XZ
??0Pipe@@QAE@ABV0@@Z
??0PipeLink@@QAE@ABV0@@Z
??0PipeLink@@QAE@XZ
??0Synchro@@QAE@XZ
??0Thread@@QAE@ABV0@@Z
??0event_heap@@QAE@ABU0@@Z
??0event_heap@@QAE@XZ
??0mutex_heap@@QAE@ABU0@@Z
??0mutex_heap@@QAE@XZ
??1CriticalSection@@QAE@XZ
??1Framework@@QAE@XZ
??1Log@@QAE@XZ
??1Synchro@@QAE@XZ
??4CriticalSection@@QAEAAV0@ABV0@@Z
??4Event@@QAEAAV0@ABV0@@Z
??4Framework@@QAEAAV0@ABV0@@Z
??4Identifiable@@QAEAAV0@ABV0@@Z
??4Log@@QAEAAV0@ABV0@@Z
??4Mutex@@QAEAAV0@ABV0@@Z
??4Pipe@@QAEAAV0@ABV0@@Z
??4PipeLink@@QAEAAV0@ABV0@@Z
??4Synchro@@QAEAAV0@ABV0@@Z
??4Thread@@QAEAAV0@ABV0@@Z
??4event_heap@@QAEAAU0@ABU0@@Z
??4mutex_heap@@QAEAAU0@ABU0@@Z
??BEvent@@QAEPAXXZ
??_7Framework@@6B@
??_7Pipe@@6B@
??_7PipeLink@@6BPipe@@@
??_7PipeLink@@6BThread@@@
??_7Thread@@6B@
??_FEvent@@QAEXXZ
??_FMutex@@QAEXXZ
??_FThread@@QAEXXZ
?getConnectEvent@Pipe@@QAEPAXXZ
?getEventHeap@Framework@@QAEAAUevent_heap@@XZ
?getExitCode@Thread@@QAEKXZ
?getHandle@Thread@@QAEPAXXZ
?getId@Identifiable@@QAEJXZ
?getLog@Framework@@QAEPAVLog@@XZ
?getMutexHeap@Framework@@QAEAAUmutex_heap@@XZ
?getState@Thread@@QAEHXZ
?getStopEvent@Thread@@QAEPAXXZ
?getTLS@Framework@@QAEPAXXZ
?isInitialized@Framework@@QAE_NXZ
?isRunning@Thread@@QAE_NXZ
?isStopped@Thread@@QAE_NXZ
?onError@PipeLink@@UAEXK@Z
?setId@Identifiable@@QAEXJ@Z
?setTLS@Framework@@QAE_NPAX@Z
?setTimeout@Event@@QAEXK@Z
?setTimeout@Mutex@@QAEXK@Z

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

26a8275a5aa14a2179735000b53fb082

Headers

File Characteristics

Imports

frame

type32

br32

bkend

blang

seven

txtedt

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 39KB

_TEXT_HA Size: 68KB - Virtual size: 66KB

.rsrc Size: 12KB - Virtual size: 8KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 39KB

_TEXT_HA
Size: 68KB - Virtual size: 66KB

.rsrc
Size: 12KB - Virtual size: 8KB

.UPX0
Size: 104KB - Virtual size: 252KB