c8d8291609307905e55bb25226d78232_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8d8291609307905e55bb25226d78232_JaffaCakes118
Size

1.2MB
MD5

c8d8291609307905e55bb25226d78232
SHA1

46fd9225f1feb3894ee1938ead4de31eafc780ba
SHA256

35ceba464f1c6a88ab0cfc6a30f4107db5300df47db94663064b988314240ff3
SHA512

3c206966ff72676c46cee0002ee4f5ce476ba743dfc2412312a42ba707f3037217a6bf58517926a485458fd6107e7a787fe48daa46b7debf458c18be8b4916c3
SSDEEP

24576:X4WgprsF7RIKCP8DNb46KPvDHdVjCCaaYd9BpYDbqGSz2XSvkHmNbpU:XSyKKCiKPLdpCdaJOGHivJFU

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/旅馆小黑/FluorineFx.dll
unpack001/旅馆小黑/ICSharpCode.SharpZipLib.dll
unpack001/旅馆小黑/Interop.QuartzTypeLib.dll
unpack001/旅馆小黑/Jayrock.Json.dll
unpack001/旅馆小黑/Jayrock.dll
unpack001/旅馆小黑/Jint.dll
unpack001/旅馆小黑/UpdateOnline.exe
unpack001/旅馆小黑/log4net.dll
unpack001/旅馆小黑/skincrafter.net-vs2005.dll
unpack001/旅馆小黑/对时软件.exe
unpack001/旅馆小黑/旅馆小黑.exe
unpack001/旅馆小黑/运行不了点击这文件.exe

Files

c8d8291609307905e55bb25226d78232_JaffaCakes118
.rar
旅馆小黑/AboutTime.ini
旅馆小黑/FluorineFx.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\Home\[FluorineFx]\Source\FluorineFx\obj\Release\FluorineFx.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 944KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/ICSharpCode.SharpZipLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/Interop.QuartzTypeLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/Jayrock.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Public\Jayrock\rel\rel-0.9.8316\src\Jayrock.Json\obj\Release\Jayrock.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/Jayrock.dll
.dll .js windows:4 windows x86 arch:x86 polyglot

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Public\Jayrock\rel\rel-0.9.8316\src\Jayrock\obj\Release\Jayrock.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/Jint.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/UpdateOnline.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/allCookie.data
旅馆小黑/config.ini
旅馆小黑/log4net.config
.xml
旅馆小黑/log4net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/skincrafter.net-vs2005.dll
.dll windows:4 windows x86 arch:x86

cc59c365bc885f06f0cee2d725f51cae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80

ord3163
ord326
ord783
ord3406
ord3350
ord3989
ord2873
ord3402
ord2532
ord2794
ord3139
ord3799
ord2878
ord3991
ord2876
ord1929
ord5727
ord2367
ord1191
ord5641
ord2264
ord4001
ord4123
ord5640
ord2263
ord3368
ord3012
ord2762
ord3156
ord2531
ord3353
ord3076
ord6007
ord5717
ord564
ord755
ord1092
ord589
ord330
ord3348
ord3596
ord663
ord1489
ord6118
ord299
ord6703
ord426
ord3236
ord4066
ord3022
ord5472
ord6286
ord1211
ord869
ord380
ord3201
ord3401
ord2703
ord5493
ord2306
ord1181
ord2259
ord5563
ord3997
ord5529
ord629
ord5430
ord1439
ord1434
ord301
ord305
ord5320
ord1159
ord2348
ord2271
ord4085
ord5089
ord384
ord667
ord433
ord2346
ord3255
ord1580
ord5331
ord6297
ord317
ord584
ord6759
ord6763
ord274
ord576
ord1090
ord6752
ord3397
ord2370
ord3360
ord765
ord315
ord1037
ord1206
ord1208
ord1098
ord371
ord1917
ord1167
ord1120
ord1201
ord1175
ord1177
ord1209
ord581
ord3140
ord5833
ord3204
ord5427
ord1968
ord3302
ord347
ord1279
ord2079
ord1966
ord602
ord2468
ord5403
ord5433
ord3863
ord3239
ord429
ord722
ord3295
ord530
ord666
ord872
ord6005
ord4115
ord3233
ord423
ord660
ord502
ord3287
ord1425
ord567
ord758
ord5613
ord3684
ord501
ord5642
ord6037
ord5731
ord709
ord907
ord1903
ord2372
ord2368
ord760
ord4244
ord3337
ord5444
ord356
ord6090
ord587
ord2086
ord1545
ord6725
ord5915
ord1620
ord1617
ord3946
ord1402
ord4232
ord5152
ord1908
ord5073
ord6275
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord764
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3164
ord572
ord1063
ord1280
ord3161
ord1934
ord2322
ord1123
ord3210
ord1084
ord866
ord5714
ord3019
ord5466
ord4063
ord3025
ord4069
ord266
ord297
ord265
ord314
ord300
ord310
ord781
ord762
ord304
ord578
ord3934
ord2902
ord876
ord1482
ord784
ord6754
ord1187
ord1185
ord2702

msvcr80

_itow
ceil
_vswprintf
wcschr
_stricmp
strncmp
__RTDynamicCast
strstr
toupper
_purecall
_strnicmp
_wcsnset
__CxxFrameHandler3
wcsstr
memset
mbstowcs
free
malloc
_cexit
__FrameUnwindFilter
wcsncpy
atoi
_CxxThrowException
_except_handler4_common
_unlock
memcpy
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal

kernel32

GetUserDefaultLangID
FindResourceExA
LoadResource
GetLocalTime
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
SetLastError
LoadLibraryA
MulDiv
GetModuleHandleA
LoadLibraryW
GetProcAddress
lstrcpyA
lstrcmpA
FreeLibrary
GlobalAlloc
GlobalFree
FindResourceA
LocalSize
LocalLock
LocalUnlock
lstrlenA
lstrcmpiA
GetCurrentThreadId
GetVersion
GetLastError
RaiseException
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
LocalFree
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringA
Sleep
GlobalUnlock
GlobalLock
SizeofResource
LocalAlloc
LocalReAlloc
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter

user32

SetTimer
KillTimer
GetMessagePos
EnableScrollBar
SetScrollPos
ShowScrollBar
MessageBoxA
GetPropA
GetDC
ShowWindow
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
GetKeyState
SetCapture
UpdateWindow
SetForegroundWindow
TrackPopupMenu
SetWindowsHookExA
CallNextHookEx
WindowFromPoint
GetMenu
AppendMenuA
GetCursorPos
IsWindow
RemovePropA
ReleaseCapture
DrawIconEx
GetWindowDC
LoadIconA
GetWindowTextLengthA
GetMenuState
ReleaseDC
GetMenuItemRect
GetSystemMetrics
IsMenu
RemoveMenu
SetWindowPos
IsWindowVisible
SetRect
ScreenToClient
MapWindowPoints
UnhookWindowsHookEx
GetTopWindow
GetMenuItemInfoA
GetSysColorBrush
GetMenuItemCount
GetWindowLongA
GetWindowRect
OffsetRect
CopyRect
GetWindow
SetCursor
LoadCursorA
GetParent
GetClientRect
SendMessageA
PtInRect
DestroyCursor
PostMessageA
GetClassLongA
SetClassLongA
EnumThreadWindows
GetClassNameA
EnumChildWindows
EnableWindow
LoadBitmapA
GetWindowTextA
GetMenuStringW
GetMenuStringA
GetUpdateRect
UnionRect
SetMenuItemInfoA
GetScrollPos
DrawFrameControl
FillRect
FrameRect
DrawFocusRect
InvertRect
EqualRect
InflateRect
DestroyIcon
GetDlgCtrlID
IntersectRect
SubtractRect
SetFocus
GetNextDlgTabItem
HideCaret
ShowCaret
SetPropA
DrawEdge
GetFocus
SendMessageW
DrawTextW
DrawTextA
SetCaretPos
GetCaretPos
GetScrollInfo
GetSysColor
SetScrollInfo
GetClassInfoA
RegisterClassA
DefWindowProcA
CreateWindowExA
DestroyWindow
CopyImage
GetIconInfo
TrackMouseEvent
DrawStateA
GetWindowTextLengthW
CallWindowProcW
GetSubMenu
GetWindowTextW
GetDlgItem
SystemParametersInfoA
IsIconic
IsZoomed
SetWindowRgn
GetCapture
GetAncestor
PeekMessageA
DispatchMessageA
GetMessageA
GetDCEx
AdjustWindowRectEx
SetWindowLongW
GetSystemMenu
DrawMenuBar
LockWindowUpdate
GetWindowRgn
ClientToScreen
SetRectEmpty
IsRectEmpty
BeginPaint
EndPaint
SetWindowLongA
InvalidateRect
CallWindowProcA
GetActiveWindow
GetDesktopWindow
AdjustWindowRect
GetMenuBarInfo
IsWindowUnicode
GetWindowLongW
IsWindowEnabled
GetForegroundWindow
GetMenuItemID
RedrawWindow

gdi32

GetRgnBox
PathToRegion
WidenPath
EndPath
LineTo
MoveToEx
BeginPath
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleBitmap
ExtSelectClipRgn
SetViewportOrgEx
CreateFontIndirectW
DeleteDC
StretchBlt
GetObjectA
CreateCompatibleDC
SetBkMode
PtInRegion
CreateRectRgnIndirect
ExcludeClipRect
CreateEllipticRgn
CreateRoundRectRgn
CreateFontIndirectA
CreateRectRgn
SetTextColor
SetBkColor
GetTextExtentPointA
GetTextExtentPointW
GetBkColor
GetTextColor
SetBoundsRect
GetPixel
SetWindowOrgEx
SetPixel
SelectClipRgn
BitBlt
GetCurrentObject
GetTextExtentPoint32A
CreatePen
GetViewportOrgEx
Arc
Ellipse
PlayEnhMetaFile
ExtTextOutA
GetTextMetricsA
SetLayout
GetLayout
SetBrushOrgEx
SetStretchBltMode
CombineRgn
DeleteObject
OffsetRgn
GetRegionData
ExtCreateRegion
IntersectClipRect
GetStockObject
SaveDC
RestoreDC
PatBlt
CreateSolidBrush
SetDIBColorTable
GetPaletteEntries
SelectPalette
RealizePalette
CreateBitmap
CreateDIBSection
GetDIBColorTable
CreatePalette
GetDeviceCaps
CreateHalftonePalette
CreatePatternBrush
UnrealizeObject
GetBkMode
GetObjectW
Rectangle

msimg32

TransparentBlt

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

InitializeFlatSB
UninitializeFlatSB
ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_DrawEx

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantInit
SysAllocString
SysFreeString

oleacc

AccessibleObjectFromWindow

gdiplus

GdipDeleteFont
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawString
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipSaveImageToStream
GdipGetImageRawFormat
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipEndContainer
GdipBeginContainer2
GdipMultiplyWorldTransform
GdipReleaseDC
GdipGetDC
GdipTranslateMatrix
GdipMultiplyMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipDeleteMatrix
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdipCloneBrush
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipFree

msvcm80

?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

mscoree

_CorDllMain

Sections

.text
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/对时软件.exe
.exe windows:4 windows x86 arch:x86

fab24e6236b944ad601e2f8dc6827a5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetAutodialHangup
InternetAutodial
InternetGetConnectedState

kernel32

GetTimeZoneInformation
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetSystemTime
TerminateProcess
GetLocalTime
GetStartupInfoA
ExitProcess
RaiseException
GetACP
HeapReAlloc
HeapFree
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapAlloc
GetTickCount
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
HeapSize
FreeEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetFileAttributesA
GetFileTime
GetFileSize
GetCPInfo
SizeofResource
GetOEMCP
WritePrivateProfileStringA
GetProcessVersion
GetCurrentDirectoryA
GlobalFlags
TlsSetValue
TlsGetValue
LocalReAlloc
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
DeleteCriticalSection
TlsFree
GlobalHandle
GetFileType
LocalAlloc
lstrlenA
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
SetSystemTime
GetModuleFileNameA
TlsAlloc
InitializeCriticalSection
GetThreadLocale
GetStringTypeW
GetProfileStringA
GetFullPathNameA
GetVolumeInformationA
UnlockFile
SetEndOfFile
SetFilePointer
LockFile
FlushFileBuffers
CreateFileA
WriteFile
ReadFile
lstrcpynA
GetCurrentProcess
DuplicateHandle
FindNextFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
GetLastError
FormatMessageA
GlobalUnlock
MulDiv
VirtualProtect
LocalFree
SetLastError
FreeLibrary
GlobalFree
LoadLibraryA
LockResource
FindResourceA
LoadResource
GlobalGetAtomNameA
GetVersion
lstrcatA
lstrcpyA
GlobalAddAtomA
GlobalFindAtomA
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
GetDriveTypeA
WideCharToMultiByte
HeapDestroy
SetStdHandle

user32

MessageBeep
CharNextA
CopyAcceleratorTableA
SetRect
LoadCursorA
GetSysColorBrush
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetNextDlgGroupItem
PtInRect
GetClassNameA
CharUpperA
EndDialog
CreateDialogIndirectParamA
WindowFromPoint
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
DestroyMenu
SetWindowContextHelpId
MapDialogRect
GetAsyncKeyState
LoadStringA
MapWindowPoints
GetSysColor
SetActiveWindow
AdjustWindowRectEx
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
GetDC
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetDesktopWindow
GetForegroundWindow
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
wsprintfA
GetClassInfoA
GetMessagePos
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
SetWindowsHookExA
GetParent
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostMessageA
PostQuitMessage
InvalidateRect
UpdateWindow
IsWindow
EnableWindow
LoadMenuA
BringWindowToTop
GetSubMenu
GetCursorPos
GetSystemMetrics
GetClientRect
DrawIcon
KillTimer
SetTimer
SendMessageA
LoadIconA
FindWindowA
GetLastActivePopup
IsIconic
SetForegroundWindow
IntersectRect
OffsetRect
ScreenToClient
UnregisterClassA
HideCaret
DrawFocusRect
ExcludeUpdateRgn
IsWindowUnicode
ShowCaret
DefDlgProcA

gdi32

CreateCompatibleDC
BitBlt
CreateDIBitmap
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutA
TextOutA
Escape
GetTextColor
DPtoLP
LPtoDP
GetBkColor
PatBlt
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
GetTextExtentPointA
ScaleViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetViewportExtEx
SetMapMode
SetBkMode
SelectObject
RestoreDC
GetStockObject
DeleteDC
SaveDC
SetBkColor
SetTextColor
GetObjectA
CreateBitmap
IntersectClipRect
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

Shell_NotifyIconA

comctl32

DestroyPropertySheetPage
PropertySheetA
ord17
CreatePropertySheetPageA

oledlg

ord8

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
VariantChangeType
SysAllocString
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

wsock32

socket
recvfrom
sendto
connect
inet_ntoa
recv
gethostbyname
htonl
htons
ioctlsocket
accept
ntohs
inet_addr
WSAGetLastError
WSASetLastError
WSAStartup
WSACleanup
bind
WSAAsyncSelect
send
closesocket
listen
ntohl

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
旅馆小黑/旅馆小黑.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 642KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
旅馆小黑/旅馆小黑.exe.config
.xml
旅馆小黑/运行不了点击这文件.exe
.exe windows:5 windows x86 arch:x86

c32bbe9fc4a1294318cc1dd7b4d0eea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_VC_Project\小黑医生\Release\小黑医生.pdb

Imports

kernel32

HeapAlloc
HeapFree
RtlUnwind
Sleep
ExitProcess
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrlenA
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
InterlockedDecrement
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
CloseHandle
GlobalUnlock
lstrlenW
WritePrivateProfileStringW
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetModuleHandleW
GetProcAddress
WinExec
Process32NextW
FindResourceW
LoadResource
LockResource
SizeofResource
Process32FirstW
TerminateProcess
CreateToolhelp32Snapshot

user32

RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
LoadCursorW
SetCapture
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
EqualRect
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextW
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
LoadIconW
SendMessageW
IsIconic
GetSystemMetrics
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
DestroyMenu
UnregisterClassW
CharUpperW
AdjustWindowRectEx
GetClientRect
DrawIcon
EnableWindow
PostMessageW
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetForegroundWindow

gdi32

GetStockObject
GetDeviceCaps
GetBkColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetTextColor
CreateBitmap
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectW
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
OffsetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter
CoGetClassObject

oleaut32

SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysFreeString

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 944KB - Virtual size: 941KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 176KB - Virtual size: 173KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 16KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 72KB - Virtual size: 69KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 72KB - Virtual size: 71KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 429KB - Virtual size: 428KB

.rsrc Size: 1024B - Virtual size: 808B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 34KB - Virtual size: 33KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

.text
Size: 944KB - Virtual size: 941KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 176KB - Virtual size: 173KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 72KB - Virtual size: 69KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 429KB - Virtual size: 428KB

.rsrc
Size: 1024B - Virtual size: 808B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 252KB - Virtual size: 250KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 440KB - Virtual size: 436KB

.rdata
Size: 128KB - Virtual size: 126KB

.data
Size: 12KB - Virtual size: 49KB

.rsrc
Size: 308KB - Virtual size: 306KB

.reloc
Size: 36KB - Virtual size: 32KB

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 36KB - Virtual size: 33KB

.text
Size: 642KB - Virtual size: 641KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 512B - Virtual size: 12B