cf2cb2ac0447c9ea3b58fd35e1ee7839_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf2cb2ac0447c9ea3b58fd35e1ee7839_JaffaCakes118
Size

356KB
MD5

cf2cb2ac0447c9ea3b58fd35e1ee7839
SHA1

03bd8d13f96d5ed57b77ac31b80746865464a864
SHA256

fe00f9a45954e34637564dee029ddfa662cfad5abca9af09390d3b8b2135c8c9
SHA512

9d32d61c15cf2f13d7854fefcd9b5954e4a16f8c87419650c80441615a9a30800033dc85f31e0243c06f7e31585501d34e9245e3824d3b67ac916d847816946c
SSDEEP

6144:0k49zFmjNU+HSMXYERP8HFG/mAX0RppZw1yK8lN/2n1/MWwpI07s3DBeNK:0k4pgLHSlRppZYy2Fsy3DBeNK

Score

3^/10

Malware Config

Signatures

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
cf2cb2ac0447c9ea3b58fd35e1ee7839_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/CNNIC/AHOOKNT.DAT
unpack001/$TEMP/CNNIC/CDNHOOK.SYS
unpack001/$TEMP/CNNIC/CdnAux.dll
unpack001/$TEMP/CNNIC/CdnIEHlp.dll
unpack001/$TEMP/CNNIC/CdnIns.dll
unpack001/$TEMP/CNNIC/CdnProt.dll
unpack001/$TEMP/CNNIC/CdnTdns.dll
unpack001/$TEMP/CNNIC/CdnUnkw.dll
unpack001/$TEMP/CNNIC/CodeLib.dll
unpack001/$TEMP/CNNIC/IdnAcc.dll
unpack001/$TEMP/CNNIC/IdnMail.exe
unpack001/$TEMP/CNNIC/capp.exe
unpack001/$TEMP/CNNIC/cdn.dll
unpack001/$TEMP/CNNIC/hookdll.dll
unpack001/$TEMP/CNNIC/idnoe.dll
unpack001/$TEMP/CNNIC/idnol.dll
unpack001/$TEMP/CNNIC/nsp.dll
unpack001/$TEMP/CNNIC/quiet.exe
unpack001/$TEMP/CNNIC/setup.exe
unpack001/$TEMP/CNNIC/zunins.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

cf2cb2ac0447c9ea3b58fd35e1ee7839_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

1f4c4faa2a5228733f7ee5edf40f6693

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
WritePrivateProfileStringA
lstrcpynA
lstrcatA
lstrcpyA
GetPrivateProfileIntA
MultiByteToWideChar
GetModuleHandleA
lstrcmpiA
GlobalFree
GetPrivateProfileStringA
GlobalAlloc

user32

GetWindowLongA
DrawTextA
SetCursor
LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
GetClientRect
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
LoadIconA

gdi32

SetTextColor
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

a75ed4b57a83b633f5cb5d4939d72f27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpyA
lstrcpynA
FreeLibrary
GetModuleHandleA
LoadLibraryA
GetProcAddress
lstrcatA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/CNNIC/AHOOK9X.DAT
$TEMP/CNNIC/AHOOKNT.DAT
.sys windows:5 windows x86 arch:x86

b375d0fe5423b7b989fac875e152dbc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedDecrement
atoi
strstr
sprintf
ZwClose
RtlFreeUnicodeString
KeSetEvent
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwSetInformationFile
wcslen
wcscat
wcscpy
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ExAllocatePoolWithTag
RtlInitUnicodeString
ExfInterlockedInsertTailList
ExFreePool
DbgBreakPoint
RtlFreeAnsiString
strncat
RtlUnicodeStringToAnsiString
ObQueryNameString
KeReleaseMutex
KeWaitForSingleObject
_except_handler3
ObReferenceObjectByHandle
ExGetPreviousMode
ObfDereferenceObject
strncpy
_stricmp
ZwQueryValueKey
KeClearEvent
InterlockedIncrement
IoAllocateWorkItem
IoFreeWorkItem
ZwQueryInformationFile
ZwReadFile
wcsncpy
ZwDeleteKey
RtlDeleteRegistryValue
ZwSetValueKey
ZwEnumerateValueKey
ZwQueryKey
ZwDeleteFile
KeInitializeMutex
ExInitializeNPagedLookasideList
IoRegisterShutdownNotification
KeInitializeEvent
KeInitializeSpinLock
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
NtBuildNumber
IofCompleteRequest
InterlockedExchange
ZwOpenFile
RtlCompareUnicodeString
ExfInterlockedRemoveHeadList
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ObReferenceObjectByName
ZwDeleteValueKey
ZwCreateKey
KeServiceDescriptorTable
strncmp
IoGetCurrentProcess
_strupr
ZwOpenKey
IoQueueWorkItem

hal

KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/CDNHOOK.SYS
.sys windows:4 windows x86 arch:x86

bf5baa836ba77176e3bd3c11dfc9483d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

atoi
strchr
ZwReadFile
ZwQueryInformationFile
sprintf
ZwOpenFile
wcscat
wcscpy
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
strrchr
ZwEnumerateKey
ZwQueryKey
wcschr
wcslen
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
isupper
InterlockedDecrement
KeWaitForSingleObject
KeInitializeEvent
strstr
IoDeleteSymbolicLink
IoCreateSymbolicLink
strncmp
IoGetCurrentProcess
strncpy
IofCompleteRequest
IoDeleteDevice
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoCreateDevice
IoGetDeviceObjectPointer
IoDetachDevice
KeGetCurrentThread
tolower
IoFreeMdl
ExFreePool
MmMapLockedPages
RtlCompareMemory
_local_unwind2
_except_handler3
KeClearEvent
IofCallDriver
ExAllocatePoolWithTag
ObfDereferenceObject
KeSetEvent
IoFreeIrp

hal

KeGetCurrentIrql
KfAcquireSpinLock
ExReleaseFastMutex
ExAcquireFastMutex
KfReleaseSpinLock

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/CDNHOOK.VXD
$TEMP/CNNIC/CdnAux.dll
.dll windows:4 windows x86 arch:x86

34b1afe96129e9bf5d49b02ff1be2fd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
GetSystemDirectoryA
GetSystemDefaultLangID
WideCharToMultiByte
GetEnvironmentStrings
FreeEnvironmentStringsW
RtlUnwind
GetStringTypeW
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsA
LCMapStringW
GetStringTypeA
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
LCMapStringA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance

Exports

Exports

ManagerShortCut
ManagerShortCutEx
UnInstall_OldKw

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/CdnHint.dat
$TEMP/CNNIC/CdnIEHlp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

69d84f9fa8eb23363a24edac63d43b4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrcatA
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
SizeofResource
GetSystemDefaultLangID
GetPrivateProfileIntA
InitializeCriticalSection
GetSystemDirectoryA
GetStringTypeW
GetStringTypeA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapSize
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleA
lstrcpyA
lstrlenA
LoadLibraryA
GetCurrentThreadId
GetProcAddress
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
SetEnvironmentVariableA
DisableThreadLibraryCalls
GetModuleFileNameA
GetPrivateProfileStringA
CompareStringW
RtlUnwind
GetCurrentProcess
LoadResource
InterlockedIncrement
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
CompareStringA
WideCharToMultiByte
FreeLibrary
GetShortPathNameA

user32

GetSystemMetrics
GetWindowRect
SystemParametersInfoA
OffsetRect
PostMessageA
DefWindowProcA
UpdateWindow
SetTimer
GetCursorPos
SetWindowTextA
DrawIconEx
GetWindowDC
LoadImageA
IsWindow
KillTimer
CopyRect
IsRectEmpty
SetWindowRgn
DrawTextA
GetWindowTextA
DrawFrameControl
GetClientRect
SetRectEmpty
ScreenToClient
IsDlgButtonChecked
EndDialog
SetDlgItemTextA
LoadIconA
CheckDlgButton
GetDlgItem
RegisterWindowMessageA
GetActiveWindow
DialogBoxParamA
EnumChildWindows
FindWindowA
SendMessageA
GetWindowTextW
GetClassNameA
GetParent
CharNextA
LoadStringA
ReleaseDC
EndPaint
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
ReleaseCapture
SetCapture
PtInRect
GetDC
InflateRect
BeginPaint
ShowWindow
MoveWindow

gdi32

DeleteDC
ExcludeClipRect
BitBlt
SetWindowOrgEx
GetClipBox
DeleteObject
CreateFontIndirectA
GetObjectA
GetStockObject
StretchBlt
SetStretchBltMode
ExtTextOutA
GetViewportOrgEx
SetViewportOrgEx
CreatePolygonRgn
CreateRectRgn
CombineRgn
EqualRgn
SelectObject
SetBkColor
CreateSolidBrush
OffsetRgn
FrameRgn
SetBkMode
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
RegisterTypeLi
VariantCopy
LoadTypeLi
SysStringLen
VariantClear
VariantChangeType
OleTranslateColor
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr

codelib

ord3
ord7

shlwapi

SHDeleteKeyA

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_SetBkColor
ImageList_GetIconSize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/CdnIns.dll
.dll windows:4 windows x86 arch:x86

1e84a0d284b9ff70d600f2b196893944

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa
sendto
connect
inet_addr
htons
closesocket
gethostbyname
socket
WSAStartup

shlwapi

SHDeleteKeyA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mfc42

ord3079
ord3830
ord4622
ord3825
ord3738
ord561
ord3831
ord4080
ord4424
ord6467
ord823
ord825
ord941
ord860
ord540
ord815
ord800
ord3081
ord2976
ord1168
ord4234
ord6375
ord4274
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord269
ord826
ord600
ord1578
ord1253
ord1570
ord1255
ord1243
ord342
ord1197
ord1577
ord1575
ord1182
ord1116
ord1176

msvcrt

sprintf
rand
srand
_mbscmp
_initterm
strrchr
strstr
time
strchr
_EH_prolog
_mbschr
_strdup
free
__dllonexit
_onexit
_mbsstr
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_mbsicmp
_itoa
__CxxFrameHandler
_strupr

kernel32

TerminateProcess
GetShortPathNameA
GetVersion
WritePrivateProfileStringA
MoveFileExA
lstrlenA
lstrcatA
GetProcAddress
LoadLibraryA
GetVersionExA
GetLastError
GetCurrentProcess
lstrcpynA
lstrcmpiA
FreeLibrary
GetSystemDefaultLangID
GetSystemDirectoryA
GetModuleFileNameA
WinExec
GetPrivateProfileIntA
CopyFileA
GetPrivateProfileStringA
GetVolumeInformationA
LocalFree
LocalAlloc
OpenProcess
CloseHandle

user32

wsprintfA
MessageBoxA
PostMessageA
FindWindowA

advapi32

RegQueryValueExA
RegFlushKey
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA

Exports

Exports

Install

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/CdnProt.dll
.dll windows:4 windows x86 arch:x86

96e7a7e30da1e30a8accf9beebb92067

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
FindFirstFileA
DeleteFileA
GetSystemDirectoryA
GetPrivateProfileIntA
FindClose
GetLastError
WritePrivateProfileStringA
CopyFileA
MoveFileExA
FreeEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetVersionExA
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
RtlUnwind
CloseHandle

advapi32

RegCloseKey
RegSetValueExA
OpenServiceA
DeleteService
RegDeleteKeyA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA

shlwapi

SHDeleteKeyA

Exports

Exports

Prot_Install_ProtectDrv
Prot_Uninstall_ProtectDrv

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/CdnTdns.dll
.dll windows:4 windows x86 arch:x86

ead14d79179e9648d8833ec74bbc426d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
FindClose
FindFirstFileA
GetSystemDirectoryA
HeapFree
GetProcessHeap
DeleteFileA
WritePrivateProfileStringA
MoveFileExA
CopyFileA
CreateEventA
CloseHandle
WaitForMultipleObjects
ResetEvent
CreateFileA
GetLastError
WinExec
LocalAlloc
LocalFree
DeviceIoControl
MultiByteToWideChar
GetModuleFileNameA
GetVersionExA
GetStartupInfoA
GetFileType
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
RtlUnwind
DeleteCriticalSection
GetOEMCP
GetACP
VirtualAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
HeapReAlloc
VirtualFree
HeapCreate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
GetCPInfo
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc

advapi32

OpenSCManagerA
OpenServiceA
QueryServiceConfigA
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegCloseKey

ws2_32

WSCEnableNSProvider
WSCUnInstallNameSpace
WSAEnumNameSpaceProvidersA
WSAGetLastError
WSAStartup
WSALookupServiceBeginA
WSALookupServiceNextA
inet_ntoa
WSALookupServiceEnd
WSACleanup
WSCInstallNameSpace

shlwapi

SHDeleteKeyA

Exports

Exports

Tdns_DnsQueryAndSet
Tdns_Install_Nsp
Tdns_Install_Tdi
Tdns_ServiceThread
Tdns_SetTdiFilter
Tdns_Uninstall_Nsp
Tdns_Uninstall_Tdi

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/CdnUnkw.dll
.dll windows:4 windows x86 arch:x86

8edb912c60879acf30368da1e7495ee7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetShortPathNameA
FindResourceA
GetVersionExA
TerminateProcess
MoveFileExA
DeleteFileA
OpenProcess
CloseHandle
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
WinExec
SetUnhandledExceptionFilter
GetFileType
GetStartupInfoA
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FreeLibrary
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentProcess
SetHandleCount
GetStdHandle
GetStringTypeA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
HeapSize
GetStringTypeW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
RegDeleteValueA

shlwapi

SHDeleteKeyA

Exports

Exports

UnInstall_OldKw

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/Cdnficfg.dat
$TEMP/CNNIC/CodeLib.dll
.dll windows:4 windows x86 arch:x86

82f704c2e83a380e413ac844d62560f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
HeapFree
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetStringTypeA
GetStringTypeW
RtlUnwind
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA

Exports

Exports

ConvertURL
ParseEmailAdr
ParseEmailAdrEx
ParseURL
UrlToGbk
host_toace
host_togbk

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/IdnAcc.dll
.dll windows:4 windows x86 arch:x86

7398442edf0823366515264b2fbc1a74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetStringTypeW
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
GetModuleFileNameA
TlsGetValue
GetACP
GetStringTypeA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind

user32

CallNextHookEx
GetClassNameA
SetWindowTextA
GetDlgCtrlID
GetWindowTextA
SetWindowsHookExA
SendMessageA
UnhookWindowsHookEx

Exports

Exports

StartHook
StopHook

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/IdnMail.exe
.exe windows:4 windows x86 arch:x86

dafccb21657d6f819ab786997c4b9fe1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteValueA
SHDeleteKeyA

mfc42

ord3346
ord5300
ord2396
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord823
ord4159
ord6117
ord2621
ord1134
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1945
ord4273
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord1776
ord5240
ord5290
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord5252
ord4427
ord796
ord674
ord554
ord529
ord366
ord807
ord6000
ord2117
ord4163
ord6625
ord6270
ord1229
ord693
ord4413
ord5823
ord3664
ord3573
ord996
ord1641
ord415
ord715
ord5641
ord3663
ord3626
ord2414
ord1867
ord2866
ord3619
ord816
ord5789
ord562
ord324
ord1168
ord540
ord613
ord289
ord283
ord2754
ord1871
ord1089
ord1146
ord5607
ord2762
ord3922
ord5199
ord2096
ord2408
ord640
ord5785
ord1640
ord323
ord1642
ord2453
ord860
ord1862
ord4220
ord2584
ord3654
ord3701
ord500
ord772
ord2438
ord1176
ord6142
ord2859
ord537
ord2567
ord5788
ord5787
ord5875
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord4129
ord2763
ord4837
ord4277
ord5683
ord2614
ord3920
ord472
ord6194
ord2860
ord2764
ord6877
ord5860
ord3986
ord5572
ord2915
ord3702
ord1083
ord501
ord2920
ord2012
ord2120
ord1175
ord1621
ord4202
ord5856
ord536
ord535
ord2753
ord696
ord1265
ord5642
ord4185
ord5628
ord6467
ord3706
ord2452
ord4023
ord909
ord1816
ord2546
ord3815
ord291
ord1110
ord1842
ord5805
ord4145
ord5484
ord3232
ord1137
ord1140
ord4160
ord2152
ord3643
ord394
ord773
ord5440
ord6383
ord5450
ord6394
ord4055
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord941
ord5710
ord356
ord940
ord859
ord1779
ord2582
ord4402
ord3370
ord3640
ord567
ord2302
ord4224
ord3097
ord3092
ord3996
ord3302
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord5265
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord2554
ord5731
ord2512
ord4274
ord4486
ord6375
ord4499
ord4610
ord4612
ord3021
ord4724
ord4457
ord1133
ord4774
ord2864
ord5053
ord6453
ord2863
ord1644
ord2379
ord2455
ord4710
ord4242
ord4853
ord4234
ord5953
ord6199
ord896
ord825
ord3571
ord2976
ord3831
ord3830
ord3262
ord3081
ord2985
ord3259
ord3136
ord4465
ord5277
ord3147
ord2982
ord5261
ord2124
ord2446
ord3749
ord1727
ord5065
ord2648
ord6376
ord2055
ord384
ord4441
ord686
ord800
ord2818
ord858
ord1576

msvcrt

_setmbcp
_exit
__CxxFrameHandler
strstr
sprintf
strncpy
_mbscmp
_mbsnbcpy
__getmainargs
_acmdln
__dllonexit
_onexit
_controlfp
_XcptFilter
exit
_except_handler3
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

kernel32

lstrcpyA
GetModuleHandleA
HeapAlloc
HeapFree
GetWindowsDirectoryA
GetProcessHeap
DeleteFileA
GlobalAddAtomA
GetComputerNameA
GlobalDeleteAtom
GetCurrentThreadId
GlobalFindAtomA
GetTickCount
MulDiv
SetLastError
FormatMessageA
LocalFree
GetLastError
GetVersionExA
FindResourceA
GetVersion
LockResource
GetSystemDirectoryA
LoadResource
GetPrivateProfileStringA
FreeLibrary
GetPrivateProfileIntA
GetProcAddress
GetSystemDefaultLangID
LoadLibraryA
GetStartupInfoA

user32

SetWindowPos
IsRectEmpty
ClientToScreen
SetWindowLongA
ReleaseDC
IntersectRect
SetWindowsHookExA
UnhookWindowsHookEx
RemovePropA
GetWindowDC
CallWindowProcA
SetPropA
GetWindowLongA
GetClassNameA
CallNextHookEx
GetPropA
InvalidateRect
EndPaint
GetWindowTextA
BeginPaint
SetCursor
CreateCursor
GetDlgItem
PostMessageA
GetIconInfo
GetMenuItemRect
MessageBoxA
SystemParametersInfoA
GetWindowRect
OffsetRect
IsMenu
GetSysColor
LoadBitmapA
IsWindow
SetTimer
CreatePopupMenu
RedrawWindow
FindWindowA
UpdateWindow
EnableWindow
GetFocus
IsChild
MenuItemFromPoint
GetCursorPos
KillTimer
GetMenu
DestroyMenu
GetSystemMenu
SendMessageA
LoadIconA
GetMenuState
LoadMenuA
GetDesktopWindow
GetMenuStringA
InsertMenuA
AppendMenuA
ModifyMenuA
GetMenuDefaultItem
GrayStringA
DrawTextA
TabbedTextOutA
SetRect
GetMessagePos
DrawStateA
GetSystemMetrics
InflateRect
GetClientRect
GetMenuItemCount
GetSubMenu
GetMenuItemID
WindowFromDC
CopyRect
DestroyIcon
SetForegroundWindow
FillRect
GetMenuItemInfoA

gdi32

CreateFontIndirectA
SetPixel
GetPixel
GetNearestColor
GetObjectA
DeleteObject
CreateCompatibleDC
GetTextExtentPoint32A
BitBlt
RoundRect
CreatePen
Rectangle
CreateCompatibleBitmap
PtVisible
TextOutA
ExtTextOutA
RectVisible
CreateRectRgnIndirect
Escape
SetBkColor
CreateRectRgn
SelectClipRgn
SelectObject
GetStockObject
GetDeviceCaps
SetTextColor
CombineRgn
CreateSolidBrush

advapi32

RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
GetUserNameA
RegQueryValueExA
RegCreateKeyA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_AddMasked
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_GetIcon

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/Idnmail.ini
$TEMP/CNNIC/License_CNNIC.txt
$TEMP/CNNIC/capp.exe
.exe windows:4 windows x86 arch:x86

bab839078e4b2f8a58a8ae21c7ae657a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

mfc42

ord5186
ord354
ord3811
ord6385
ord6283
ord6282
ord4277
ord4202
ord535
ord4129
ord2764
ord551
ord2784
ord2818
ord4278
ord2763
ord926
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord5583
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord665
ord1979
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord4627
ord366
ord674
ord1233
ord5252
ord4427
ord1168
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord5300
ord5241
ord5290
ord4441
ord5261
ord3402
ord3698
ord567
ord324
ord2370
ord2302
ord4234
ord6199
ord6334
ord4710
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2393
ord5645
ord3790
ord6153
ord939
ord1138
ord2086
ord765
ord641
ord860
ord540
ord924
ord858
ord537
ord941
ord800
ord2725
ord823
ord6215
ord1105
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord2648
ord2055
ord4353
ord4078
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_mkdir
strrchr
_strupr
__CxxFrameHandler
_controlfp
_setmbcp
_chdir
strstr
_mbsrchr
sprintf
atoi
atol
strncpy
_stricmp

kernel32

lstrcatA
OpenProcess
TerminateProcess
GetShortPathNameA
GetVersion
WritePrivateProfileStringA
MoveFileExA
GetFileSize
SetFilePointer
ReadFile
GetSystemDefaultLangID
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateProcessA
WaitForSingleObject
LoadLibraryA
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
DeleteFileA
FindClose
CreateFileA
DeviceIoControl
GetLastError
FreeLibrary
CloseHandle
GetSystemDirectoryA
GetModuleFileNameA
GetVersionExA
GetModuleHandleA
GetProcAddress
CreateMutexA
WriteFile
WinExec
ReleaseMutex
CopyFileA
GetCurrentProcess
lstrcpynA
lstrcmpiA
GetCurrentProcessId
lstrcpyA
GetTickCount
HeapAlloc
GetProcessHeap
GlobalFree
GlobalAlloc
GetSystemTime
GetStartupInfoA
lstrlenA

user32

wsprintfA
EnableWindow
RegisterWindowMessageA
PostMessageA
MessageBoxA
SendMessageA
FindWindowA
UpdateWindow
KillTimer
SetTimer

advapi32

StartServiceA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA

wsock32

recv
ioctlsocket
closesocket
setsockopt
socket
inet_addr
gethostbyname
gethostname
sendto
send
connect
htons
recvfrom
WSAGetLastError
WSAStartup

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/cdn.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c6cf6c046d0ffbedcba7b8622760a0cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
HeapCreate
lstrlenW
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
DisableThreadLibraryCalls
HeapReAlloc
HeapFree
HeapAlloc
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiA
LoadLibraryExA
DebugBreak

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumValueA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi

shlwapi

SHDeleteKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 809B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/cdnhook.dat
$TEMP/CNNIC/character.dat
$TEMP/CNNIC/hookdll.dll
.dll windows:4 windows x86 arch:x86

31698577280ab84b02ccbcb60982ce5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetModuleFileNameA
SetFilePointer
GetPrivateProfileStringA
GetSystemDirectoryA
GetSystemDefaultLangID
WriteFile
DeleteFileA
CopyFileA
GetVersionExA
ReadFile
CreateFileA
GetFileSize
WritePrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
GetCPInfo
GetACP
FlushFileBuffers
LoadLibraryA
SetStdHandle
GetStringTypeW
GetStringTypeA
VirtualAlloc
VirtualFree
HeapReAlloc
HeapDestroy
GetEnvironmentStringsW
HeapCreate
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
CloseHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetLastError
TlsGetValue
GetOEMCP
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsFree
GetStdHandle
GetFileType
GetLastError
SetHandleCount
FreeEnvironmentStringsW
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

IsWindow
SetWindowsHookExA
SetWindowLongA
UnhookWindowsHookEx
CallNextHookEx
EndDialog
GetClassNameA
CreateDialogParamA
SetDlgItemTextA
FindWindowA
IsDialogMessageA
GetMessageA
DispatchMessageA
PostQuitMessage
TranslateMessage
DestroyWindow
GetDlgItem
GetWindowTextA
GetDlgItemTextA
DialogBoxParamA
CallWindowProcA
ShowWindow
PostMessageA
SendMessageA
MessageBoxA

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

ExecFilter
StartHook
StopHook

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/idnoe.dll
.dll windows:4 windows x86 arch:x86

c25e3a31c12705733bcf8bf08141e071

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
lstrlenA
LocalAlloc
OutputDebugStringA
LocalFree
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
TlsSetValue
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
GetOEMCP
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
GetProcAddress
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetACP
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapReAlloc
IsBadWritePtr
GetCPInfo
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr

user32

SetWindowsHookExA
UnhookWindowsHookEx
SendMessageA
GetClassNameA
GetFocus
CallNextHookEx
SetWindowTextW
FindWindowExA
GetWindowLongA
GetParent

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

codelib

ord6

Exports

Exports

Install
UnInstall

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/idnol.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2d8ae55f81c959357448ad4b8b90c3e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LoadResource
FindResourceA
GetLastError
FreeLibrary
lstrcmpiA
WideCharToMultiByte
lstrcpynA
IsDBCSLeadByte
DisableThreadLibraryCalls
GetModuleFileNameA
GetShortPathNameA
InitializeCriticalSection
LoadLibraryExA
EnterCriticalSection
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LocalFree
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
lstrlenW
InterlockedIncrement
lstrlenA
LocalAlloc
OutputDebugStringA
InterlockedDecrement
HeapDestroy
CloseHandle
DeleteCriticalSection
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
HeapSize
GetEnvironmentStringsW
WriteFile
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCPInfo
GetACP
GetOEMCP

user32

CharNextA

advapi32

RegCreateKeyA
RegFlushKey
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
SysAllocString
SysStringByteLen
LoadRegTypeLi
DispCallFunc
SysAllocStringByteLen
RegisterTypeLi
GetErrorInfo

codelib

ord6

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/nsp.dll
.dll windows:4 windows x86 arch:x86

6040bbb853ebfc1d622e9da8cfd03b10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind

ws2_32

WSAGetLastError

Exports

Exports

NSPCleanup
NSPStartup

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/quiet.exe
.exe windows:4 windows x86 arch:x86

1f43f5f975a1f5499d0f1a83fdd75aaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
lstrcpynA
GetLastError
lstrcatA
GetModuleFileNameA
GetSystemDefaultLangID
LoadLibraryA
GetProcAddress
TerminateProcess
lstrlenA
OpenProcess
WritePrivateProfileStringA
GetModuleHandleA
GetVersion
WriteFile
MoveFileExA
GetSystemDirectoryA
CreateFileA
DeviceIoControl
DeleteFileA
FreeLibrary
WinExec
CloseHandle
GetEnvironmentStrings
GetVersionExA
GetCurrentProcess
GetEnvironmentStringsW
SetHandleCount
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetACP
GetCPInfo
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
HeapReAlloc
VirtualFree
GetOEMCP
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
VirtualAlloc

user32

ExitWindowsEx
MessageBoxA
wsprintfA

advapi32

RegEnumKeyExA
RegDeleteValueA
RegCloseKey
OpenSCManagerA
RegOpenKeyExA
CloseServiceHandle
OpenServiceA
CreateServiceA
ControlService
DeleteService
StartServiceA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegEnumValueA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/CNNIC/setup.exe
.exe windows:4 windows x86 arch:x86

d27b724fcc7c36e8c8d100a2661613f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4079
ord2725
ord5307
ord5289
ord5714
ord5302
ord4698
ord2982
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3147
ord3830
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2621
ord1134
ord3831
ord2396
ord4673
ord1168
ord4234
ord2379
ord755
ord470
ord5300
ord3346
ord3922
ord5199
ord1089
ord2554
ord5731
ord2512
ord4274
ord4486
ord6375
ord1576

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_except_handler3
_onexit
__dllonexit
_exit
_setmbcp

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
ReadFile
SetFilePointer
CloseHandle
CreateFileA
GetModuleHandleA
GetFileSize
GetVersionExA
DeviceIoControl
GetModuleFileNameA
GetStartupInfoA

user32

GetClientRect
GetSystemMetrics
SendMessageA
DrawIcon
IsIconic

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/src.txt
$TEMP/CNNIC/zconfig.dat
$TEMP/CNNIC/zunins.exe
.exe windows:4 windows x86 arch:x86

b13e9ba06b111dbe56833ed0cab69d3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

mfc42

ord6199
ord324
ord825
ord2363
ord4234
ord4055
ord2642
ord3092
ord1779
ord1146
ord1168
ord4710
ord4853
ord4224
ord6334
ord823
ord755
ord470
ord4673
ord4274
ord5953
ord4425
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord3597
ord641
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord2379
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord5265
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord5300
ord5302
ord6375
ord4486
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_initterm
__getmainargs
_setmbcp
_mbsrchr
__CxxFrameHandler
rand
srand
time
_rmdir
_mbsicmp
sprintf
_acmdln
__dllonexit
_onexit
_exit
_XcptFilter
_controlfp
_adjust_fdiv
__setusermatherr
exit

kernel32

GetShortPathNameA
WritePrivateProfileStringA
MoveFileExA
GetModuleFileNameA
GetModuleHandleA
GetFileSize
SetFilePointer
ReadFile
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
DeviceIoControl
Sleep
GetSystemDefaultLangID
GetSystemDirectoryA
WinExec
DeleteFileA
GetVersionExA
GetPrivateProfileIntA
WriteFile
GetWindowsDirectoryA
GetStartupInfoA
GetPrivateProfileStringA
GetVersion

user32

IsIconic
GetSystemMetrics
DrawIcon
wsprintfA
SetFocus
SendMessageA
EnableWindow
GetClientRect
InvalidateRect
BeginPaint
EndPaint
MessageBoxA
PostMessageA
LoadIconA
FindWindowA

gdi32

SetViewportExtEx
CreateSolidBrush
SetMapMode
SetWindowExtEx
SetWindowOrgEx
SetViewportOrgEx
GetStockObject
SelectObject
Polygon
OffsetWindowOrgEx

advapi32

RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/CNNIC/zver.dat
Skins/DefaultSkin/Chinese(Simplified Chinese).xml
.xml
˵.txt

Sharing

General

Malware Config

Signatures

Files

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 159KB

.ndata Size: - Virtual size: 140KB

.rsrc Size: 34KB - Virtual size: 36KB

1f4c4faa2a5228733f7ee5edf40f6693

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 894B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

a75ed4b57a83b633f5cb5d4939d72f27

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 816B

.data Size: - Virtual size: 56B

.reloc Size: 512B - Virtual size: 488B

b375d0fe5423b7b989fac875e152dbc9

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 21KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 7KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

bf5baa836ba77176e3bd3c11dfc9483d

Headers

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 159KB

.ndata
Size: - Virtual size: 140KB

.rsrc
Size: 34KB - Virtual size: 36KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 894B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 816B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 488B

.text
Size: 21KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 7KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 344B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB