db8e1437fdfcefe80963969afe402b83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db8e1437fdfcefe80963969afe402b83_JaffaCakes118
Size

1.5MB
MD5

db8e1437fdfcefe80963969afe402b83
SHA1

3c445c9128a11af51fc8f29db0ce09559468f221
SHA256

96af4404390eaa4f48f54319894dbe2104c6a566fd2d9b649743e0876473924e
SHA512

81c10205c099767dbb3b6ce61d7d63b03acb96580ad5f4f248a46351ecbf24de7483cd7f366e3b789a836f87d02730e0b1bb25464cb2305d8a0f22a6eca6a52f
SSDEEP

24576:baUnZMM4MjQJCjGIitgGD/acuI2MRRNL0JVrlmSHvgTrHaRxFFSliliYLPQO3G:PnWMJTjAghORsl/Y/HaRxHeALnG

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1only/PK2/X.exe
unpack001/1only/PK2/hook.dll
unpack001/1only/WJXSmartFocus221Tmp/WJXHook.dll
unpack001/1only/WJXSmartFocus221Tmp/WJXSmartFocus.exe

Files

db8e1437fdfcefe80963969afe402b83_JaffaCakes118
.rar
1only/PK2/UserData/Skills.Dat
1only/PK2/UserData/decolua.cfg
1only/PK2/UserData/default.cfg
1only/PK2/UserData/oOKiÕmL«iOo.cfg
1only/PK2/VKNT.FON
1only/PK2/X.exe
.exe windows:4 windows x86 arch:x86

52b66d2d2458aa5a068c849bbeee3e0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaVarIdiv
__vbaEnd
__vbaFreeVarList
ord697
_adj_fdiv_m64
ord698
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaError
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
ord300
__vbaI4Abs
ord301
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaFpR4
ord306
ord520
ord307
ord309
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord631
__vbaErase
ord525
__vbaVargVarMove
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
__vbaInputFile
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
__vbaNew2
__vbaInStr
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord613
ord614
__vbaFpI2
__vbaVarLateMemCallLd
__vbaVarCopy
ord616
__vbaFpI4
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaUI1Var
_CIexp
__vbaRecAssign
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1only/PK2/hook.dll
.dll windows:5 windows x86 arch:x86

25c2af4a44eb1b7bd1d95078942c3cdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetCurrentThread
FreeLibrary
LoadLibraryA
GetModuleFileNameA
FlushFileBuffers
CloseHandle
CreateFileA
GetLocaleInfoA
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
SetLastError
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
RaiseException
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
InitializeCriticalSectionAndSpinCount
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

RegisterWindowMessageA
IsWindow
GetWindowThreadProcessId
SetWindowsHookExA
SendMessageA
UnhookWindowsHookEx
SetWindowLongA
CallNextHookEx
CallWindowProcA

Exports

Exports

GetMSG
InjectDll
UnmapDll

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1only/PK2/mscomctl.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

50ccb1d881ea89a41a10cced45c79649

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

19/03/1999, 00:00

Not After

16/04/2000, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
GetDlgItemInt
EndDialog
GetActiveWindow
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
IsWindowEnabled
IsWindowVisible
UnregisterClassA
CharNextA
MessageBoxA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemTextA
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
SetTimer
KillTimer
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 686KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1only/WJXSmartFocus221Tmp/GameData/1.dat
1only/WJXSmartFocus221Tmp/GameData/2.dat
1only/WJXSmartFocus221Tmp/GameData/23.dat
1only/WJXSmartFocus221Tmp/GameData/24.dat
1only/WJXSmartFocus221Tmp/GameData/25.dat
1only/WJXSmartFocus221Tmp/GameData/26.dat
1only/WJXSmartFocus221Tmp/GameData/27.dat
1only/WJXSmartFocus221Tmp/GameData/28.dat
1only/WJXSmartFocus221Tmp/GameData/29.dat
1only/WJXSmartFocus221Tmp/GameData/3.dat
1only/WJXSmartFocus221Tmp/GameData/4.dat
1only/WJXSmartFocus221Tmp/GameData/5.dat
1only/WJXSmartFocus221Tmp/GameData/6.dat
1only/WJXSmartFocus221Tmp/GameData/7.dat
1only/WJXSmartFocus221Tmp/GameData/8.dat
1only/WJXSmartFocus221Tmp/GameData/script.lua
1only/WJXSmartFocus221Tmp/GameData/servers.ini
1only/WJXSmartFocus221Tmp/GameData/transmit.dat
1only/WJXSmartFocus221Tmp/WJXHook.dll
.dll windows:5 windows x86 arch:x86

a5e3d6b5153b089e97fbd11429ecc19a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

RegisterWindowMessageA

Exports

Exports

EjectDll
GetId
InjectDll

Sections

.text
Size: 58KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1only/WJXSmartFocus221Tmp/WJXSmartFocus.exe
.exe windows:5 windows x86 arch:x86

39cf2a9d4e852b27621ac0aa203dc453

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wjxhook

GetId

user32

DefMDIChildProcW

gdi32

CreateRectRgn

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

advapi32

RegEnumValueW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW

ole32

OleLockRunning

oleaut32

VariantInit

ws2_32

closesocket

oleacc

LresultFromObject

gdiplus

GdipGetImagePalette

imm32

ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 565KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1only/interface/AutoAnswer/AutoAnswer.lua
1only/interface/AutoAnswer/Hoadang.lua
.js
1only/interface/AutoAnswer/plugincfg.ini
1only/interface/AutoAnswer/tiku.txt
1only/interface/Compose/Compose.lua
1only/interface/Compose/compose.ini
1only/interface/Compose/plugincfg.ini
1only/interface/Hanhtrang_Ruong/001a/window/itembox.ini
1only/interface/Hanhtrang_Ruong/001a/window/repository.ini
1only/interface/Hanhtrang_Ruong/itembox.lua
1only/interface/Hanhtrang_Ruong/orderbag.lua
1only/interface/Hanhtrang_Ruong/orderbag_compare.lua
1only/interface/Hanhtrang_Ruong/orderbag_logic.lua
1only/interface/Hanhtrang_Ruong/plugincfg.ini
1only/interface/Hanhtrang_Ruong/repository.lua
.js
1only/interface/Hanhtrang_Ruong/throwAway.lua
1only/interface/Preview/PreViewMgr.lua
.js
1only/interface/Preview/base.lua
.js
1only/interface/Preview/plugincfg.ini
1only/interface/Preview/preview.ini
1only/interface/Preview/preview.lua
.js
1only/interface/Tools/001a/window/cover.ini
1only/interface/Tools/001a/window/nopick_setting.ini
1only/interface/Tools/001a/window/popbar.ini
1only/interface/Tools/001a/window/renascencepanel.ini
1only/interface/Tools/001a/window/shop.ini
1only/interface/Tools/001a/window/tools.ini
1only/interface/Tools/001a/window/viewfightskill.ini
1only/interface/Tools/plugincfg.ini
1only/interface/Tools/script/window/AutoAsist.lua
1only/interface/Tools/script/window/BuffTC.lua
1only/interface/Tools/script/window/GetIDNPC.lua
1only/interface/Tools/script/window/NoEXPl.lua
1only/interface/Tools/script/window/ReloadCH.lua
1only/interface/Tools/script/window/TenTPHK.lua
1only/interface/Tools/script/window/autotreasure.lua
1only/interface/Tools/script/window/books.lua
1only/interface/Tools/script/window/collection.lua
.js
1only/interface/Tools/script/window/gutmodel.lua
1only/interface/Tools/script/window/guttalk.lua
.js
1only/interface/Tools/script/window/healthy.lua
1only/interface/Tools/script/window/helpsprite.lua
.js
1only/interface/Tools/script/window/mgr.lua
.js
1only/interface/Tools/script/window/new4X.lua
1only/interface/Tools/script/window/noPick.lua
1only/interface/Tools/script/window/popbar.lua
1only/interface/Tools/script/window/produceVSV.lua
1only/interface/Tools/script/window/renascencepanel.lua
.js
1only/interface/Tools/script/window/shop.lua
1only/interface/Tools/script/window/shortcuts.lua
1only/interface/Tools/script/window/tools.lua
.js
1only/interface/Tools/script/window/viewfightskill.lua
.js
1only/interface/Tools/script/window/worldmap_sub.lua
.js
1only/interface/Tools/script/window/xuanjing.lua
.js
1only/interface/UI_MINICLOCK/miniclock.ini
1only/interface/UI_MINICLOCK/miniclock.lua
1only/interface/UI_MINICLOCK/plugincfg.ini
1only/interface/UI_PLAYERPANEL/playerhonor_wealth.lua
1only/interface/UI_PLAYERPANEL/playerpanel.ini
1only/interface/UI_PLAYERPANEL/playerpanel.lua
.js
1only/interface/UI_PLAYERPANEL/plugincfg.ini
1only/interface/UI_PLAYERPANEL/viewwealthvalue.ini
1only/interface/UI_PLAYERPANEL/viewwealthvalue.lua
1only/interface/UI_UnLock/lockaccount.ini
1only/interface/UI_UnLock/lockaccount.lua
.js
1only/interface/UI_UnLock/plugincfg.ini
1only/interface/UI_UnLock/unlock.ini
1only/interface/UI_UnLock/unlock.lua
.js
1only/interface/autothief/AutoThief.lua
.js
1only/interface/autothief/AutoThiefpanel.ini
1only/interface/autothief/plugincfg.ini
1only/interface/btssl_autoFollow/autoFollow.ini
1only/interface/btssl_autoFollow/autoFollow.lua
.js
1only/interface/btssl_autoFollow/key.dat
1only/interface/btssl_autoFollow/main.lua
.js
1only/interface/btssl_autoFollow/plugincfg.ini
1only/interface/btssl_autoFollow/selecttnpc.lua
1only/interface/btssl_class/enhance.lua
1only/interface/btssl_class/equip.lua
1only/interface/btssl_class/item.lua
1only/interface/btssl_class/plugincfg.ini
1only/interface/btssl_teamportrait/plugincfg.ini
1only/interface/btssl_teamportrait/team_modify.lua
.js
1only/interface/btssl_teamportrait/teamportrait.ini
1only/interface/btssl_teamportrait/teamportrait.lua
.js
1only/interface/dnd_system/system.ini
1only/interface/dnd_system/system.lua
1only/interface/fightsprite/autoMedicine.lua
1only/interface/fightsprite/fightsprite.ini
1only/interface/fightsprite/fightsprite.lua
.js
1only/interface/fightsprite/image/life_green.spr
1only/interface/fightsprite/image/life_red.spr
1only/interface/fightsprite/image/life_yellow.spr
1only/interface/fightsprite/image/mana.spr
1only/interface/fightsprite/peresplus_setting.ini
1only/interface/fightsprite/playerstate.ini
1only/interface/fightsprite/plugincfg.ini
1only/interface/setting/map/worldmap.txt
1only/interface/sprBao/Remote.lua
1only/interface/sprBao/SprBao_setting.ini
1only/interface/sprBao/SprBao_setting.lua
1only/interface/sprBao/SuperBao.lua
.js
1only/interface/sprBao/plugincfg.ini
1only/interface/sprBao/skillprogress.lua
.js
1only/interface/sprTrade/extbagmodify.lua
.js
1only/interface/sprTrade/itembox.lua
.js
1only/interface/sprTrade/plugincfg.ini
1only/interface/sprTrade/trade.lua
.js
1only/interface/supermaplink/autoUseRunSkill.lua
1only/interface/supermaplink/maplink_ui.ini
1only/interface/supermaplink/maplink_ui.lua
1only/interface/supermaplink/myui.dll
1only/interface/supermaplink/plugincfg.ini
1only/interface/supermaplink/supermaplink.lua
1only/interface/tool/AutoChiLing.lua
.js
1only/interface/tool/AutoQuanDoanh.ini
1only/interface/tool/AutoQuanDoanh.lua
.js
1only/interface/tool/Input0.lua
1only/interface/tool/RungGai.lua
1only/interface/tool/Supercall.lua
1only/interface/tool/TDLT.lua
1only/interface/tool/Thuthapgo.lua
.js
1only/interface/tool/Thuthapthaoduoc.lua
.js
1only/interface/tool/VuotRao.lua
1only/interface/tool/plugincfg.ini
1only/interface/tool/tool.ini
1only/interface/tool/tool.lua
.js
1only/interface/ui_autosay2/AutoReply.lua
.js
1only/interface/ui_autosay2/AutoSay.lua
1only/interface/ui_autosay2/AutoSay2.lua
1only/interface/ui_autosay2/autosay.ini
1only/interface/ui_autosay2/autosay2.ini
1only/interface/ui_autosay2/data/hanhua.txt
1only/interface/ui_autosay2/data/hanhua1.txt
1only/interface/ui_autosay2/data/hanhua2.txt
1only/interface/ui_autosay2/data/hanhua3.txt
1only/interface/ui_autosay2/data/hanhua4.txt
1only/interface/ui_autosay2/data/hanhua5.txt
1only/interface/ui_autosay2/data/msg.wav
1only/interface/ui_autosay2/data/reply.txt
1only/interface/ui_autosay2/data/reply2.txt
1only/interface/ui_autosay2/plugincfg.ini
1only/setting/item/001/other/scriptitem.txt
1only/setting/item/001/other/version.cfg
1only/setting/item/001/other/xuanjing_002_s.spr
1only/setting/item/001/other/xuanjing_lv4.spr
1only/setting/misc/daytip.ini
1only/ui/001a/UI_POPBAR=552,518.txt
1only/ui/001a/window/cover.ini
1only/ui/001a/window/fightmode.ini
1only/ui/001a/wndconfig.ini
1only/ui/001b/window/cover.ini
1only/ui/001b/wndconfig.ini
1only/ui/001c/window/cover.ini
1only/ui/001c/wndconfig.ini
1only/ui/script/window/auctionroom.lua

Sharing

General

Malware Config

Signatures

Files

52b66d2d2458aa5a068c849bbeee3e0c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 156KB - Virtual size: 152KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

25c2af4a44eb1b7bd1d95078942c3cdb

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 6KB

50ccb1d881ea89a41a10cced45c79649

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 686KB - Virtual size: 685KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 279KB - Virtual size: 279KB

.reloc Size: 38KB - Virtual size: 38KB

a5e3d6b5153b089e97fbd11429ecc19a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 172KB

.rsrc Size: 4KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

39cf2a9d4e852b27621ac0aa203dc453

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wjxhook

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

.text
Size: 156KB - Virtual size: 152KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 6KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

.text
Size: 686KB - Virtual size: 685KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 279KB - Virtual size: 279KB

.reloc
Size: 38KB - Virtual size: 38KB

.text
Size: 58KB - Virtual size: 172KB

.rsrc
Size: 4KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 565KB - Virtual size: 1.7MB

.rsrc
Size: 10KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 512B