d9fd52a152b6f41af66c1e15b9944aab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9fd52a152b6f41af66c1e15b9944aab_JaffaCakes118
Size

2.0MB
MD5

d9fd52a152b6f41af66c1e15b9944aab
SHA1

edc8e818399cd0ef3fc500c4cabe16fc8cd57460
SHA256

230751a1f251d1a0006923a3c11620570f86251a578cd04d4b27e6eb507750a7
SHA512

b1db291024da0e050f8b3bc69db7d8a7f32bd0bca71960fa284814070027cab18f42d4dbefab244ff7aca1224cb0cb52132b30fc4babe31eb302774273242bac
SSDEEP

49152:mpXzEEZdt6VDcRylYe2cL3DkQeFX0cOruLWo7AJYa7uhGGpc:mpXAIdt6V+ncL3DkQSXDOruaVJYouhG9

Score

7^/10

upx aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Processjudger/进程执法官2.5破解版/前程似锦破解版.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Processjudger/进程执法官2.5破解版/tools/StartUpManager.exe	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Processjudger/进程执法官2.5破解版/IPSearcher.dll
unpack001/Processjudger/进程执法官2.5破解版/KProcCheck.dll
unpack001/Processjudger/进程执法官2.5破解版/KProcCheck.sys
unpack001/Processjudger/进程执法官2.5破解版/ProcessProtect.dll
unpack001/Processjudger/进程执法官2.5破解版/psapi.dll
unpack001/Processjudger/进程执法官2.5破解版/tools/PJProtect.exe
unpack001/Processjudger/进程执法官2.5破解版/tools/PJUpdater.exe
unpack001/Processjudger/进程执法官2.5破解版/tools/ProcFindInfo.exe
unpack001/Processjudger/进程执法官2.5破解版/tools/StartUpManager.exe
unpack001/Processjudger/进程执法官2.5破解版/tools/WinPing.exe
unpack001/Processjudger/进程执法官2.5破解版/前程似锦破解版.exe

Files

d9fd52a152b6f41af66c1e15b9944aab_JaffaCakes118
.rar
Processjudger/进程执法官2.5破解版/IPSearcher.dll
.dll windows:4 windows x86 arch:x86

93b974b7813ab8e5b1fe659fe5089a92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsSetValue
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
SetLastError
TlsGetValue
TlsFree
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentThreadId
CloseHandle
TlsAlloc
GetLastError
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
wsprintfA

wsock32

ioctlsocket

Exports

Exports

_GetAddress

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/KProcCheck.dll
.dll windows:4 windows x86 arch:x86

dc75b80d7e38888db16c36f639771028

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityInfo
SetEntriesInAclA
GetUserNameA
GetSecurityInfo
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegCreateKeyA
RegDeleteKeyA

user32

wsprintfA

kernel32

InterlockedExchange
CloseHandle
HeapFree
ReadFile
HeapAlloc
CreateFileA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
LocalFree
GetCurrentProcess
DeleteFileA
CopyFileA
GetFullPathNameA
DeviceIoControl
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetLocalTime
lstrcpyA
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
WriteFile
SetFilePointer
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
Sleep
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile

Exports

Exports

GetHideProcess

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/KProcCheck.sys
.sys windows:5 windows x86 arch:x86

7425a9d8d3dc83be8e11c54691286c9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\KProcCheck\Driver\objfre_w2K_x86\i386\KProcCheck.pdb

Imports

ntoskrnl.exe

KeSetAffinityThread
KeDelayExecutionThread
strncmp
KeServiceDescriptorTable
KeAddSystemServiceTable
IofCompleteRequest
strncpy
KeWaitForSingleObject
IoDeleteDevice
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
PsGetVersion
PsInitialSystemProcess
MmGetPhysicalAddress
MmIsAddressValid
_except_handler3

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 578B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/ModuleData.dll
Processjudger/进程执法官2.5破解版/PJClock.rmd
Processjudger/进程执法官2.5破解版/PJudger.ini
Processjudger/进程执法官2.5破解版/ProcessData.dll
Processjudger/进程执法官2.5破解版/ProcessProtect.dll
.dll windows:4 windows x86 arch:x86

b28859720d5d7eeef96bd9152a4707e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
OpenProcess
GetCurrentProcessId
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ResetEvent
lstrcpyA
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
CreateEventA
CreateProcessA
GetStringTypeA
LCMapStringW
SetEvent
LeaveCriticalSection
WaitForMultipleObjects
CloseHandle
LCMapStringA
MultiByteToWideChar
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
TlsAlloc
TlsFree
SetLastError
TlsGetValue
UnhandledExceptionFilter
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeW

user32

WaitForInputIdle

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

psapi

GetModuleFileNameExA

Exports

Exports

ProcessProtect_AddProcessId
ProcessProtect_GetLastError
ProcessProtect_Init
ProcessProtect_Release
ProcessProtect_RemoveProecessId

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/Projgtips.dll
Processjudger/进程执法官2.5破解版/ServiceData.dll
Processjudger/进程执法官2.5破解版/psapi.dll
.dll windows:5 windows x86 arch:x86

a5329a3aa51dc5375c9f671bd584f453

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
GetSystemInfo
SetProcessWorkingSetSize
GetProcessWorkingSetSize
lstrcpyA
lstrlenA
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
CreateFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
DisableThreadLibraryCalls
GetLastError
GetProcAddress
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LoadLibraryA
InterlockedExchange
FreeLibrary
RaiseException

ntdll

NtSetInformationProcess
NtWriteFile
NtStartProfile
NtSetIntervalProfile
NtCreateProfile
NtAllocateVirtualMemory
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
RtlUnicodeToOemN
DbgPrint
_snprintf
NtStopProfile
NtClose
atoi
_stricmp
wcschr
wcslen
RtlUnwind
NtQueryVirtualMemory
NtQuerySystemInformation
RtlNtStatusToDosError
NtQueryInformationProcess

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/tools/PJProtect.exe
.exe windows:4 windows x86 arch:x86

a699de233c8d4d23cfc0b8da026c0edf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord641
ord2514
ord5943
ord5683
ord2818
ord540
ord537
ord5265
ord4376
ord4853
ord4998
ord5300
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord3521
ord1146
ord1168
ord324
ord4234
ord6215
ord4224
ord6334
ord4710
ord2379
ord755
ord470
ord6453
ord2642
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6052
ord4673
ord1576

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_setmbcp
_stricmp
_strdup
free
__CxxFrameHandler
_adjust_fdiv
printf

kernel32

OpenProcess
GetStartupInfoA
CloseHandle
CreateMutexA
GetModuleHandleA
GetCurrentProcess
GetModuleFileNameA
GetLastError

user32

PostQuitMessage
SendMessageA
GetSystemMetrics
GetClientRect
EnableWindow
IsWindowVisible
IsIconic
PostMessageA
RegisterHotKey
LoadIconA
DrawIcon

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

processprotect

ProcessProtect_Release
ProcessProtect_AddProcessId
ProcessProtect_Init

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/tools/PJUpdater.exe
.exe windows:4 windows x86 arch:x86

532ef250a014bac53a1fef024f863713

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord795
ord800
ord2514
ord5683
ord2818
ord540
ord537
ord5943
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3721
ord1146
ord2985
ord3522
ord1168
ord567
ord324
ord2370
ord2302
ord4234
ord6199
ord6334
ord4710
ord2379
ord755
ord470
ord2575
ord4396
ord3574
ord3573
ord3693
ord609
ord1641
ord3626
ord3663
ord2414
ord4275
ord4284
ord4133
ord5788
ord4297
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5875
ord5789
ord2860
ord5787
ord2754
ord6194
ord6021
ord1640
ord323
ord5785
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord858
ord4673
ord1576

msvcrt

_setmbcp
_strdup
free
__CxxFrameHandler
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__set_app_type
__p__fmode

kernel32

GetLastError
CreateMutexA
lstrlenA
GetModuleHandleA
GetModuleFileNameA
GetStartupInfoA

user32

GrayStringA
DrawTextA
TabbedTextOutA
GetWindowTextA
InflateRect
DrawStateA
InvalidateRect
SetRect
FillRect
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
MessageBoxA

gdi32

Escape
ExtTextOutA
TextOutA
CreateSolidBrush
CreatePen
SelectObject
BitBlt
GetTextExtentPoint32A
RoundRect
GetBkColor
DPtoLP
GetMapMode
LPtoDP
CreateCompatibleDC
CreateCompatibleBitmap
PtVisible
RectVisible

comctl32

_TrackMouseEvent

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/tools/ProcFindInfo.exe
.exe windows:4 windows x86 arch:x86

e280de6e261f71f423658997134c6d92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord795
ord800
ord2514
ord5943
ord2582
ord4402
ord3370
ord3640
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3721
ord1146
ord1168
ord860
ord567
ord540
ord324
ord2370
ord2302
ord4234
ord4224
ord1205
ord2818
ord924
ord5289
ord4129
ord5683
ord5572
ord2919
ord3996
ord4710
ord2379
ord755
ord3079
ord1200
ord6199
ord3092
ord6334
ord2652
ord6907
ord1669
ord3301
ord2642
ord535
ord3998
ord823
ord2575
ord4396
ord3574
ord3573
ord3693
ord609
ord1641
ord3663
ord3626
ord2414
ord4275
ord4284
ord4133
ord5788
ord4297
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5875
ord5789
ord2860
ord5787
ord2754
ord6194
ord1640
ord323
ord5785
ord3825
ord3831
ord3830
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord470
ord5714
ord858
ord4673
ord1576

msvcrt

__CxxFrameHandler
_mbscmp
__dllonexit
_setmbcp
_CxxThrowException
wcslen
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv

kernel32

GetModuleHandleA
FormatMessageA
lstrlenA
LocalAlloc
GetModuleFileNameA
InterlockedDecrement
LocalFree
CreateMutexA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoA

user32

SetRect
DrawStateA
InflateRect
GetWindowTextA
TabbedTextOutA
LoadIconA
DrawTextA
GrayStringA
SendMessageA
FillRect
EnableWindow
InvalidateRect
wsprintfA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon

gdi32

BitBlt
GetTextExtentPoint32A
RoundRect
GetBkColor
DPtoLP
LPtoDP
SelectObject
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateCompatibleDC
CreateSolidBrush
CreatePen

comctl32

_TrackMouseEvent

ole32

OleRun
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
SysAllocString
VariantInit
VariantCopy
SysFreeString
GetErrorInfo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/tools/ProcessDB.mdb
Processjudger/进程执法官2.5破解版/tools/StartUpManager.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Processjudger/进程执法官2.5破解版/tools/WinPing.exe
.exe windows:4 windows x86 arch:x86

5be7f1a4bce235912cec1c0e72925b00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
HeapReAlloc
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize
TerminateProcess
HeapFree
GetProfileStringA
HeapAlloc
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
SizeofResource
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
GetLastError
MulDiv
SetLastError
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalUnlock
GlobalFree
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
lstrcmpA
GetCurrentThread
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
WaitForMultipleObjects
SetEvent
WaitForSingleObject
CreateEventA
GetTickCount
LCMapStringA
Sleep

user32

RegisterClipboardFormatA
PostThreadMessageA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
CharNextA
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SendMessageA
EnableWindow
PostMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
InvalidateRect
CharUpperA
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
KillTimer
SetTimer
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
GetWindowRect
GetClientRect
InflateRect
DrawFocusRect
DefDlgProcA
IsWindowUnicode
LoadIconA
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
GetClassNameA
DestroyMenu
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
GetDC
ReleaseDC
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
GetActiveWindow
GetDlgCtrlID
ValidateRect
GetCursorPos
SetCursor
GetParent

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
MoveToEx
LineTo
DeleteObject
OffsetViewportOrgEx
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
PatBlt
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
Rectangle

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

comctl32

ord17
ImageList_Destroy
ImageList_LoadImageA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
CLSIDFromString
CLSIDFromProgID
StgCreateDocfileOnILockBytes
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
StgOpenStorageOnILockBytes

olepro32

ord253

oleaut32

VariantCopy
VariantClear
SysAllocStringLen
SysFreeString
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime

wsock32

WSAStartup
WSACleanup
WSAGetLastError
select
recvfrom
sendto
socket
gethostbyname
inet_addr
closesocket

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Processjudger/进程执法官2.5破解版/tools/showallfile.reg
Processjudger/进程执法官2.5破解版/wry.dll
Processjudger/进程执法官2.5破解版/前程似锦破解版.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 177KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 194KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 76KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 199KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Processjudger/进程执法官2.5破解版/进程执法官.CHM
.chm

Sharing

General

Malware Config

Signatures

Files

93b974b7813ab8e5b1fe659fe5089a92

Headers

File Characteristics

Imports

kernel32

user32

wsock32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

dc75b80d7e38888db16c36f639771028

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 12KB - Virtual size: 10KB

7425a9d8d3dc83be8e11c54691286c9e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 388B

.data Size: 128B - Virtual size: 56B

INIT Size: 640B - Virtual size: 578B

.reloc Size: 256B - Virtual size: 206B

b28859720d5d7eeef96bd9152a4707e6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

psapi

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.tls Size: 4KB - Virtual size: 12B

.reloc Size: 4KB - Virtual size: 1KB

a5329a3aa51dc5375c9f671bd584f453

Headers

File Characteristics

Imports

kernel32

ntdll

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 1024B - Virtual size: 932B

a699de233c8d4d23cfc0b8da026c0edf

Headers

File Characteristics

Imports

mfc42

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 388B

.data
Size: 128B - Virtual size: 56B

INIT
Size: 640B - Virtual size: 578B

.reloc
Size: 256B - Virtual size: 206B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.tls
Size: 4KB - Virtual size: 12B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 1024B - Virtual size: 932B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 552B

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 424B

.rsrc
Size: 36KB - Virtual size: 32KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 25KB

UPX0
Size: - Virtual size: 512KB

UPX1
Size: 283KB - Virtual size: 284KB

.rsrc
Size: 13KB - Virtual size: 16KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 25KB