c085a92187e2c7d5fcdc82ed4668134f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c085a92187e2c7d5fcdc82ed4668134f_JaffaCakes118
Size

576KB
MD5

c085a92187e2c7d5fcdc82ed4668134f
SHA1

38aa9c6fde946645d57c6a4d48f7de005711e8c7
SHA256

1a7ff8b17d703d84698d653da808832d3d81b946c5ed606f0e3d4676c1bd99d6
SHA512

cbcfd3038838d4d63568873f6a6750ef27683a4f9271621a86f66b5feb86c725051dbacff2bdcb00ff664338b0a4165f519f011ef0d71a4302c5ffd222290276
SSDEEP

12288:CCy5tfAtuLEl0EccdMpwq6Fp/V2GjsxuNYtXoXHdbHRZ6U+SLfwyM5:YtotuLERcWMpBk/V2GoIOoXdbxZbfwJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
c085a92187e2c7d5fcdc82ed4668134f_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$R0
unpack001/$R2/NSIS.Library.RegTool.v2.$_10_.exe
unpack001/$TEMP/CloudTool.exe
unpack001/$TEMP/LongRADrv.sys
unpack001/$TEMP/LongRADrv2K.sys
unpack001/7zxr.dll
unpack001/LongRADrv.sys
unpack001/LongRADrv2K.sys
unpack001/LongRAShell.exe
unpack001/cloud.exe
unpack001/mycompress.dll
unpack001/uninst.exe
unpack002/LongRADrv.sys
unpack002/LongRADrv2K.sys

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

c085a92187e2c7d5fcdc82ed4668134f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/dirrequest.ini
$PLUGINSDIR/finishpage.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

71b96c20f41c554fe47775469ee75f18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

mfc42

ord561
ord825
ord3953
ord2725
ord1131
ord6467
ord823
ord924
ord860
ord800
ord858
ord4129
ord5683
ord3738
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4424
ord4622
ord4080
ord3079
ord1116
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1168
ord1575
ord1176
ord537

msvcrt

realloc
memset
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
memcpy
_purecall
__CxxFrameHandler
free
malloc
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
memcmp

kernel32

lstrcpyA
LoadLibraryA
GetProcAddress
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
lstrcatA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
LocalFree
LocalAlloc
FindResourceA
InitializeCriticalSection

user32

CharNextA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr
LoadRegTypeLi
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R2/NSIS.Library.RegTool.v2.$_10_.exe
.exe windows:4 windows x86 arch:x86

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/CloudTool.exe
.exe windows:4 windows x86 arch:x86

d05b2b602e175d015996aaa36db8ea83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
GetLastError
CreateMutexA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/LongRADrv.sys
.sys windows:5 windows x86 arch:x86

9d84c537b746ad664460d13cb9164766

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_wnet_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlInitAnsiString
KeDetachProcess
KeAttachProcess
MmCreateMdl
_except_handler3
ObfDereferenceObject
PsLookupProcessByProcessId
RtlFreeUnicodeString
ExDeleteResourceLite
KeSetEvent
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
KeClearEvent
KeWaitForSingleObject
RtlAnsiStringToUnicodeString
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
KeInitializeEvent
ZwQueryVolumeInformationFile
IoAttachDeviceByPointer
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
IoFreeIrp
SeCaptureSubjectContext
memmove
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
ZwFreeVirtualMemory
ExGetPreviousMode
ZwAllocateVirtualMemory
PsGetCurrentThreadId
ProbeForRead
ProbeForWrite
sprintf
ZwQueryValueKey
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
PsSetCreateProcessNotifyRoutine
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
ExFreePoolWithTag
KeSetPriorityThread
KeBugCheck
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/LongRADrv2K.sys
.sys windows:5 windows x86 arch:x86

f18914fc152a1115707d57ce711ac6d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_w2K_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlInitAnsiString
KeDetachProcess
KeAttachProcess
MmCreateMdl
_except_handler3
ObfDereferenceObject
ObReferenceObjectByHandle
PsLookupProcessByProcessId
RtlFreeUnicodeString
ExDeleteResourceLite
KeSetEvent
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
ExAllocatePoolWithTag
KeWaitForSingleObject
KeSetPriorityThread
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
ZwQueryVolumeInformationFile
IoAttachDeviceByPointer
IoGetRelatedDeviceObject
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
IoFreeIrp
SeCaptureSubjectContext
memmove
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
ZwFreeVirtualMemory
ExGetPreviousMode
ZwAllocateVirtualMemory
PsGetCurrentThreadId
ProbeForRead
ProbeForWrite
sprintf
ZwQueryValueKey
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
PsSetCreateProcessNotifyRoutine
ExFreePool
KeBugCheck
KeClearEvent
InterlockedExchange
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zxr.dll
.dll windows:4 windows x86 arch:x86

eff3a1ae69dddb7b3511eacc30ac7fe8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperW
CharUpperA

oleaut32

SysAllocStringByteLen
VariantClear
SysAllocString

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcmp
_purecall
memcpy
memmove
__CxxFrameHandler
free
_CxxThrowException
malloc

kernel32

InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
DeleteCriticalSection
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRADrv.sys
.sys windows:5 windows x86 arch:x86

9d84c537b746ad664460d13cb9164766

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_wnet_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlInitAnsiString
KeDetachProcess
KeAttachProcess
MmCreateMdl
_except_handler3
ObfDereferenceObject
PsLookupProcessByProcessId
RtlFreeUnicodeString
ExDeleteResourceLite
KeSetEvent
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
KeClearEvent
KeWaitForSingleObject
RtlAnsiStringToUnicodeString
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
KeInitializeEvent
ZwQueryVolumeInformationFile
IoAttachDeviceByPointer
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
IoFreeIrp
SeCaptureSubjectContext
memmove
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
ZwFreeVirtualMemory
ExGetPreviousMode
ZwAllocateVirtualMemory
PsGetCurrentThreadId
ProbeForRead
ProbeForWrite
sprintf
ZwQueryValueKey
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
PsSetCreateProcessNotifyRoutine
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
ExFreePoolWithTag
KeSetPriorityThread
KeBugCheck
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRADrv2K.sys
.sys windows:5 windows x86 arch:x86

f18914fc152a1115707d57ce711ac6d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_w2K_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlInitAnsiString
KeDetachProcess
KeAttachProcess
MmCreateMdl
_except_handler3
ObfDereferenceObject
ObReferenceObjectByHandle
PsLookupProcessByProcessId
RtlFreeUnicodeString
ExDeleteResourceLite
KeSetEvent
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
ExAllocatePoolWithTag
KeWaitForSingleObject
KeSetPriorityThread
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
ZwQueryVolumeInformationFile
IoAttachDeviceByPointer
IoGetRelatedDeviceObject
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
IoFreeIrp
SeCaptureSubjectContext
memmove
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
ZwFreeVirtualMemory
ExGetPreviousMode
ZwAllocateVirtualMemory
PsGetCurrentThreadId
ProbeForRead
ProbeForWrite
sprintf
ZwQueryValueKey
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
PsSetCreateProcessNotifyRoutine
ExFreePool
KeBugCheck
KeClearEvent
InterlockedExchange
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRAShell.exe
.exe windows:4 windows x86 arch:x86

2309644bffb9cd0d17a3516a5ba03cdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
LCMapStringW
FlushFileBuffers
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
LCMapStringA
CloseHandle

user32

MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cloud.exe
.exe windows:4 windows x86 arch:x86

36375a8439baf0697dc29ec7fa731015

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIA

ws2_32

WSAResetEvent
WSACloseEvent
htonl
htons
connect
WSASend
WSASetEvent
WSAEventSelect
WSAGetLastError
setsockopt
closesocket
ioctlsocket
WSACreateEvent
listen
bind
getsockname
inet_addr
sendto
recv
send
ntohl
gethostbyname
accept
WSAEnumNetworkEvents
inet_ntoa
WSAWaitForMultipleEvents
socket
WSARecv

winmm

PlaySoundA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mfc42

ord798
ord1997
ord6283
ord6282
ord5465
ord5194
ord533
ord6407
ord926
ord2820
ord3811
ord3181
ord5856
ord4083
ord1871
ord1105
ord1106
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord4424
ord817
ord565
ord2726
ord2393
ord5651
ord3127
ord3616
ord350
ord4226
ord2448
ord6877
ord5683
ord801
ord541
ord6662
ord5572
ord2044
ord5834
ord2370
ord6334
ord802
ord5601
ord6569
ord1086
ord542
ord326
ord324
ord325
ord3706
ord3626
ord2414
ord1641
ord640
ord5785
ord1640
ord323
ord5875
ord3874
ord2859
ord4234
ord755
ord470
ord4287
ord4710
ord2379
ord2645
ord2514
ord6055
ord1776
ord5290
ord3398
ord3733
ord699
ord810
ord397
ord567
ord3303
ord4188
ord3296
ord613
ord4125
ord5789
ord289
ord3914
ord912
ord4000
ord3297
ord4271
ord6008
ord3702
ord773
ord4317
ord2571
ord3754
ord1083
ord501
ord2754
ord4133
ord4297
ord5788
ord472
ord5607
ord2762
ord5600
ord5631
ord3797
ord3938
ord6215
ord1929
ord795
ord2642
ord6199
ord6172
ord4123
ord4330
ord6880
ord6605
ord4275
ord1146
ord1168
ord1175
ord6883
ord6143
ord4204
ord3092
ord2413
ord2024
ord4219
ord2581
ord3402
ord1771
ord6366
ord4401
ord3639
ord4299
ord283
ord2380
ord4124
ord6680
ord6892
ord6673
ord2086
ord2864
ord6377
ord1644
ord6270
ord6379
ord4774
ord3273
ord3353
ord3579
ord438
ord614
ord5344
ord4367
ord4530
ord5685
ord3274
ord439
ord736
ord4523
ord1945
ord4528
ord4542
ord4525
ord5495
ord729
ord2504
ord1706
ord430
ord3610
ord3573
ord656
ord816
ord2714
ord562
ord6385
ord665
ord5186
ord354
ord5442
ord3318
ord3571
ord3721
ord2289
ord4220
ord3654
ord2584
ord2438
ord1176
ord2652
ord1669
ord3711
ord783
ord1233
ord3742
ord818
ord2112
ord6442
ord3089
ord6128
ord3752
ord5981
ord5787
ord3619
ord3693
ord3287
ord5609
ord5681
ord3499
ord2515
ord355
ord3216
ord4042
ord2135
ord1572
ord850
ord2688
ord539
ord4160
ord2827
ord1949
ord3643
ord394
ord696
ord909
ord5628
ord4185
ord4673
ord4274
ord1576
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord2621
ord1134
ord824
ord1232
ord1200
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord426
ord726
ord826
ord1799
ord290
ord3815
ord1194
ord4034
ord2971
ord5759
ord6192
ord5756
ord6186
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord5781
ord2152
ord2567
ord6874
ord6197
ord4284
ord2302
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord4853
ord4376
ord5265
ord2729
ord2730
ord6467
ord2727
ord6449
ord536
ord5710
ord940
ord356
ord923
ord2770
ord2781
ord4058
ord3178
ord922
ord1980
ord668
ord4278
ord2763
ord4129
ord858
ord939
ord941
ord2818
ord2915
ord6394
ord6383
ord5440
ord5450
ord6663
ord4277
ord924
ord4202
ord2764
ord2107
ord1247
ord535
ord2841
ord803
ord540
ord543
ord860
ord3663
ord3584
ord800
ord537
ord823
ord825
ord692
ord6375

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_strupr
isspace
_mbscspn
_setmbcp
_stricmp
_exit
_controlfp
_mbsnbcpy
__p___argc
__p___argv
strncpy
atol
strtol
_mbsspn
_ismbcalpha
rand
srand
sscanf
_purecall
_ftol
__CxxFrameHandler
atoi
strstr
_mbscmp
sprintf
free
malloc
strtoul
atof
memmove
_mbsicmp
fclose
fread
fopen

kernel32

GetCurrentProcess
DuplicateHandle
GetLastError
GetSystemDirectoryA
GetFileAttributesA
SetFileAttributesA
SetThreadPriority
GetFileSize
ReadFile
SetFilePointer
Sleep
CreateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetComputerNameA
CreateFileA
WriteFile
CloseHandle
GetCurrentThreadId
GetTickCount
WideCharToMultiByte
GetDriveTypeA
MoveFileA
OpenProcess
GlobalFree
Module32First
Process32First
CreateToolhelp32Snapshot
Process32Next
CreateDirectoryA
TerminateThread
GetExitCodeThread
RemoveDirectoryA
SetEndOfFile
GetModuleFileNameA
GetShortPathNameA
CreateMutexA
WinExec
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId
GetVersionExA
DeviceIoControl
CompareStringA
FreeLibrary
GetProcAddress
LoadLibraryA
ResumeThread
CreateEventA
WaitForSingleObject
SuspendThread
SetEvent
TerminateProcess
CreateProcessA
MultiByteToWideChar
OutputDebugStringA
SetEnvironmentVariableA
ExpandEnvironmentStringsA
CopyFileA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
GetDiskFreeSpaceA
LocalFree
DeleteFileA
FormatMessageA
LocalLock

user32

SetCursor
IsWindowVisible
OffsetRect
LoadImageA
LoadBitmapA
LoadIconA
FrameRect
SystemParametersInfoA
SetRectEmpty
GetWindowRect
GetDesktopWindow
SetForegroundWindow
CheckMenuItem
CreatePopupMenu
GetCursorPos
EnableMenuItem
GetParent
GetActiveWindow
CopyIcon
CopyImage
GetIconInfo
CreateIconIndirect
TranslateMessage
TrackPopupMenuEx
AppendMenuA
SetParent
DestroyCursor
SetWindowLongA
ClientToScreen
CallWindowProcA
GetClassInfoA
IsWindow
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
GrayStringA
GetSysColor
GetTabbedTextExtentA
RedrawWindow
InflateRect
IsChild
WindowFromPoint
GetMessagePos
SetWindowPos
CopyRect
IntersectRect
UpdateWindow
DrawIconEx
GetKeyState
SetCapture
GetSystemMetrics
SetTimer
GetMessageA
GetCapture
DispatchMessageA
KillTimer
ReleaseCapture
GetFocus
SetFocus
DestroyIcon
SendMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadCursorA
InvalidateRect
ScreenToClient
PtInRect
MessageBoxA
PeekMessageA
EnableWindow
PostMessageA
PostThreadMessageA
ActivateKeyboardLayout
LoadKeyboardLayoutA
UnloadKeyboardLayout
SendMessageTimeoutA
SetWindowRgn
GetClientRect
IsRectEmpty
ReleaseDC
GetDC
SetRect
FindWindowA

gdi32

PatBlt
CreateBitmap
CreatePatternBrush
GetTextMetricsA
BitBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreatePen
CreateFontIndirectA
RoundRect
SetBitmapBits
GetBitmapBits
CreateSolidBrush
SetPixel
Polyline
DeleteObject
GetTextExtentPoint32A
CreateCompatibleDC
SelectObject
CreateRectRgnIndirect
GetObjectA
CombineRgn
CreateRectRgn
OffsetRgn
GetPixel

advapi32

RegEnumKeyW
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
OpenProcessToken
GetTokenInformation
RegOpenKeyExA
RegCreateKeyExA
QueryServiceStatus
RegEnumValueA
RegLoadKeyA
RegUnLoadKeyA
RegEnumKeyA
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
CloseServiceHandle
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegDeleteValueA
RegCloseKey
OpenSCManagerA
ControlService
StartServiceA
CreateServiceA
OpenServiceA
DeleteService

shell32

SHGetFolderPathA
ExtractIconExA
ShellExecuteA
Shell_NotifyIconA
SHChangeNotify

ole32

CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocString
VariantInit
VariantClear

msimg32

TransparentBlt

iphlpapi

GetAdaptersInfo

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 976KB - Virtual size: 975KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mycompress.dll
.dll windows:4 windows x86 arch:x86

8faa08ce18a3d5ab77da6bf288e7ab0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord6467
ord860
ord4274
ord537
ord535
ord5710
ord800
ord924
ord858
ord356
ord2770
ord2781
ord4058
ord3178
ord922
ord2915
ord668
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord600
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
_CxxThrowException
_purecall
_mbscmp
memmove
malloc
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv

kernel32

LocalAlloc
LocalFree
WideCharToMultiByte
MultiByteToWideChar
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
SetFileAttributesW
SetFileAttributesA
CreateFileW
SetFileTime
CloseHandle
AreFileApisANSI
LoadLibraryA
FreeLibrary
GetVersionExA
GetProcAddress
GetLastError

oleaut32

SysAllocString
VariantClear
SysFreeString

Exports

Exports

AddDirToZip
ExtractZipToDir
GetZipUncompressedSize

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LongRADrv.sys
.sys windows:5 windows x86 arch:x86

9d84c537b746ad664460d13cb9164766

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_wnet_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlInitAnsiString
KeDetachProcess
KeAttachProcess
MmCreateMdl
_except_handler3
ObfDereferenceObject
PsLookupProcessByProcessId
RtlFreeUnicodeString
ExDeleteResourceLite
KeSetEvent
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
KeClearEvent
KeWaitForSingleObject
RtlAnsiStringToUnicodeString
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
KeInitializeEvent
ZwQueryVolumeInformationFile
IoAttachDeviceByPointer
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
IoFreeIrp
SeCaptureSubjectContext
memmove
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
ZwFreeVirtualMemory
ExGetPreviousMode
ZwAllocateVirtualMemory
PsGetCurrentThreadId
ProbeForRead
ProbeForWrite
sprintf
ZwQueryValueKey
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
PsSetCreateProcessNotifyRoutine
KeTickCount
KeBugCheckEx
ExAllocatePoolWithTag
ExFreePoolWithTag
KeSetPriorityThread
KeBugCheck
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRADrv2K.sys
.sys windows:5 windows x86 arch:x86

f18914fc152a1115707d57ce711ac6d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_w2K_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlInitAnsiString
KeDetachProcess
KeAttachProcess
MmCreateMdl
_except_handler3
ObfDereferenceObject
ObReferenceObjectByHandle
PsLookupProcessByProcessId
RtlFreeUnicodeString
ExDeleteResourceLite
KeSetEvent
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
ExAllocatePoolWithTag
KeWaitForSingleObject
KeSetPriorityThread
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
ZwQueryVolumeInformationFile
IoAttachDeviceByPointer
IoGetRelatedDeviceObject
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
IoFreeIrp
SeCaptureSubjectContext
memmove
MmMapLockedPagesSpecifyCache
PsGetCurrentProcessId
ZwFreeVirtualMemory
ExGetPreviousMode
ZwAllocateVirtualMemory
PsGetCurrentThreadId
ProbeForRead
ProbeForWrite
sprintf
ZwQueryValueKey
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
PsSetCreateProcessNotifyRoutine
ExFreePool
KeBugCheck
KeClearEvent
InterlockedExchange
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 252KB

.ndata Size: - Virtual size: 344KB

.rsrc Size: 14KB - Virtual size: 14KB

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 446B

71b96c20f41c554fe47775469ee75f18

Headers

File Characteristics

Imports

version

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

Imports

kernel32

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 252KB

.ndata
Size: - Virtual size: 344KB

.rsrc
Size: 14KB - Virtual size: 14KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 446B

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 10KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 9KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 9KB - Virtual size: 9KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 35KB - Virtual size: 34KB