dcbc0cb89ea3ab2aba6e62e1af71f74d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dcbc0cb89ea3ab2aba6e62e1af71f74d_JaffaCakes118
Size

1.2MB
MD5

dcbc0cb89ea3ab2aba6e62e1af71f74d
SHA1

35f0f237e826afc91505500c046e9f5108b18a09
SHA256

586ce6df03b51d7110d86edc182621fa393c14ba1913e2ee86f4a4bea6e7c26f
SHA512

b58f640913b27bd3d4fe641f7f58070423dc04bf62592cb1d696c2a8ecbc3004475f26e55f68e52a104076e6412a8295c97f8affec4467f1990fb56676287c8a
SSDEEP

24576:ELzJy3VXyg8GmhYVHVKvPE62xa6kebanwA8oDyxo0YXdKncoFzbp:dlynPa2E/Nke+nwCyu0hF3p

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/多功能文件查找管理工具5.6/appface.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/多功能文件查找管理工具5.6/appface.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/多功能文件查找管理工具5.6/CALENDAR.OCX
unpack001/多功能文件查找管理工具5.6/CurtButton.ocx
unpack001/多功能文件查找管理工具5.6/ImageOptimizer.ocx
unpack001/多功能文件查找管理工具5.6/appface.dll
unpack001/多功能文件查找管理工具5.6/海天查找.exe

Files

dcbc0cb89ea3ab2aba6e62e1af71f74d_JaffaCakes118
.rar
下载说明.htm
.html .js polyglot
多功能文件查找管理工具5.6/CALENDAR.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

cae704410b2c426ea75e8092d9f7619a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm50

MethCallEngine
ord553
ord631
ord632
EVENT_SINK_AddRef
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord101
ord102
ord103
ord104
ord610
ord105
ord617
ord619
ord542
ord545
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
多功能文件查找管理工具5.6/CurtButton.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c26fcd467874957d85e5a778999057e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
ord518
__vbaStrCat
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaVarDiv
__vbaFPException
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaFpI4
_CIatan
__vbaCastObj
__vbaStrMove
__vbaR8IntI4
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
多功能文件查找管理工具5.6/ImageOptimizer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

71f1311cd1803cd5d76ee5056ef9e07f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
RaiseException
ExitProcess
TerminateProcess
GetLocalTime
HeapReAlloc
GetStdHandle
GetFileType
HeapSize
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
SetHandleCount
GetSystemTime
GetStartupInfoA
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
HeapDestroy
UnmapViewOfFile
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
HeapFree
GetCommandLineA
RtlUnwind
GetProfileIntA
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
CopyFileA
WritePrivateProfileStringA
FindResourceExA
GetOEMCP
GetCPInfo
GetProcessVersion
SizeofResource
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
VirtualFree
HeapCreate
LeaveCriticalSection
GetProcAddress
GlobalAlloc
GlobalReAlloc
GlobalLock
_lwrite
OpenFile
_lclose
LocalAlloc
LocalFree
GlobalHandle
GlobalUnlock
TlsSetValue
EnterCriticalSection
TlsAlloc
TlsFree
DeleteCriticalSection
GetShortPathNameA
InitializeCriticalSection
FormatMessageA
GetFullPathNameA
FindClose
GetVolumeInformationA
FindFirstFileA
SetEndOfFile
DeleteFileA
FlushFileBuffers
UnlockFile
LockFile
lstrcpynA
GetCurrentProcess
DuplicateHandle
SetLastError
GetLastError
MulDiv
GetUserDefaultLCID
IsDBCSLeadByte
lstrcmpA
lstrlenW
GetCurrentThread
GetModuleFileNameA
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
GetVersion
InterlockedIncrement
FreeLibrary
GlobalGetAtomNameA
lstrcatA
GetCurrentThreadId
GlobalFindAtomA
lstrcmpiA
GlobalAddAtomA
GetModuleHandleA
GlobalDeleteAtom
lstrcpyA
LoadResource
LockResource
FindResourceA
CreateFileA
lstrlenA
GlobalSize
GetStringTypeA
CreateFileMappingA
GlobalFree
MapViewOfFile
GetFileSize
CloseHandle
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetStringTypeW
VirtualAlloc

user32

InsertMenuA
DestroyIcon
LoadStringA
GetSysColorBrush
GetDialogBaseUnits
UnregisterClassA
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
SetRect
GrayStringA
TabbedTextOutA
SetRectEmpty
ReleaseCapture
SetCapture
LoadCursorA
PtInRect
RegisterClipboardFormatA
IsRectEmpty
CreateMenu
DestroyMenu
GetDesktopWindow
InflateRect
InvalidateRect
DrawEdge
SetParent
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
LockWindowUpdate
EnumChildWindows
GetClassNameA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
FillRect
GetMenuStringA
LoadIconA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
AdjustWindowRectEx
ScreenToClient
EqualRect
GetClientRect
RemoveMenu
GetTabbedTextExtentA
IsWindowVisible
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
AppendMenuA
GetDCEx
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
wsprintfA
wvsprintfA
DrawTextA
GetDC
ReleaseDC
SendMessageA
LoadBitmapA
EnableWindow
CopyRect
SetFocus
GetFocus
GetMenuState

gdi32

Escape
SaveDC
RestoreDC
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SetWindowExtEx
MoveToEx
GetCurrentPositionEx
CreateRectRgn
ExtTextOutA
TextOutA
CreatePen
CreatePatternBrush
CreateSolidBrush
PatBlt
CreateRectRgnIndirect
CreateFontIndirectA
SetRectRgn
GetTextExtentPoint32A
GetTextMetricsA
CopyMetaFileA
CreateDCA
EnumFontFamiliesExA
UnrealizeObject
GetTextAlign
PtVisible
CombineRgn
RectVisible
CreateMetaFileA
LPtoDP
GetDeviceCaps
CreateBitmap
SetBkColor
GetClipBox
GetNearestPaletteIndex
CreatePalette
GetDIBits
CreateFontA
CreateDIBSection
GetStockObject
Rectangle
SetTextColor
SetBkMode
GdiFlush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SelectPalette
RealizePalette
CreateDIBitmap
DeleteObject
DeleteDC
GetPaletteEntries
GetObjectA
CloseMetaFile
DeleteMetaFile

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegDeleteKeyA
RegQueryValueA
RegCreateKeyExA

shell32

ExtractIconA

comctl32

ord17

ole32

CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
OleDuplicateData
ReadFmtUserTypeStg
StringFromCLSID
CoCreateInstance
ReleaseStgMedium
CreateDataAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoTaskMemFree
OleSaveToStream
CoTaskMemAlloc
CreateDataCache
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
OleLoadFromStream
CreateILockBytesOnHGlobal
ReadClassStm
CoDisconnectObject
CreateOleAdviseHolder

olepro32

ord252
ord250
ord251
ord253

oleaut32

SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysAllocString
LoadRegTypeLi
VariantCopy
VariantChangeType
VariantClear
SysStringByteLen
SysFreeString
LoadTypeLi
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 512KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
多功能文件查找管理工具5.6/appface.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinRemove
SkinStart
SkinThread
SkinWindowSet

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 201KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
多功能文件查找管理工具5.6/findtips.dll
多功能文件查找管理工具5.6/下载说明.htm
.html .js polyglot
多功能文件查找管理工具5.6/使用说明.txt
多功能文件查找管理工具5.6/启动.bmp
多功能文件查找管理工具5.6/海天查找.exe
.exe windows:4 windows x86 arch:x86

b72b92107446da990124636c623d9a66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
IsBadCodePtr
Sleep
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
VirtualAlloc
HeapReAlloc
HeapAlloc
SetUnhandledExceptionFilter
FatalAppExitA
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetHandleCount
GetACP
SetStdHandle
ExitThread
CreateThread
TerminateProcess
GetStdHandle
DebugBreak
HeapValidate
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetSystemTime
GetTimeZoneInformation
SetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwind
lstrcpyW
GetDiskFreeSpaceA
GetTempFileNameA
GetTickCount
FindResourceExA
GlobalSize
SizeofResource
SetErrorMode
OutputDebugStringA
GetProfileIntA
VirtualProtect
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrA
IsBadStringPtrW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
FindNextFileA
GetFileTime
GetFileSize
CreateEventA
SetEvent
WaitForSingleObject
lstrcmpA
GetCurrentThread
FormatMessageA
GetShortPathNameA
GetStringTypeExA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
GlobalLock
GlobalUnlock
MulDiv
SetLastError
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
SuspendThread
ResumeThread
GetThreadPriority
SetThreadPriority
FindResourceA
LoadResource
LockResource
FreeResource
GetVersion
lstrcatA
GetLastError
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetWindowsDirectoryA
CreateDirectoryA
lstrlenA
MultiByteToWideChar
LocalAlloc
LocalFree
GetModuleFileNameA
GetCurrentDirectoryA
RemoveDirectoryA
WinExec
GlobalFree
CreateFileA
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesA
SetFileAttributesA
CloseHandle
CopyFileA
DeleteFileA
GetSystemDirectoryA
ReleaseMutex
OpenMutexA
CreateMutexA
FreeLibrary
LoadLibraryA
GetProcAddress
GetLogicalDriveStringsA
GetDriveTypeA
GlobalAlloc
GetProfileStringA

user32

GrayStringA
GetTabbedTextExtentA
DrawTextA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
ExcludeUpdateRgn
WindowFromDC
GetSysColorBrush
SubtractRect
UnionRect
InflateRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
OemToCharA
CharToOemA
CharNextA
TabbedTextOutA
GetMenuCheckMarkDimensions
LoadBitmapA
SetMenuItemBitmaps
OpenIcon
CloseWindow
PostThreadMessageA
MapDialogRect
GetWindowContextHelpId
SetWindowContextHelpId
SendNotifyMessageA
GetForegroundWindow
SetForegroundWindow
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
GetLastActivePopup
FindWindowA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
GetDesktopWindow
SetCapture
GetActiveWindow
KillTimer
SetTimer
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
ValidateRect
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
ScrollDC
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ClientToScreen
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
GetMenuItemID
SetMenu
GetMenu
EnableWindow
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
SendDlgItemMessageA
GetClientRect
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
UnregisterClassA
DefDlgProcA
IsWindowUnicode
SetWindowLongA
GetMenuState
GetMenuStringA
GetMenuItemInfoA
GetSubMenu
GetWindowThreadProcessId
InsertMenuA
ModifyMenuA
RemoveMenu
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetParent
GetWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetDlgItem
CreateMenu
CreatePopupMenu
IsMenu
DeleteMenu
AppendMenuA
CheckMenuItem
EnableMenuItem
SetMenuDefaultItem
GetMenuDefaultItem
UpdateWindow
GetMenuItemCount
GetWindowTextLengthA
GetWindowTextA
GetKeyState
DestroyWindow
SendMessageA
GetClassNameA
GetDlgCtrlID
IsWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
LoadCursorA
CopyIcon
SetCursor
GetMessagePos
MessageBeep
GetCursorPos
PostMessageA
GetSystemMetrics
SetWindowPos
GetWindowLongA
LoadMenuA
LoadMenuIndirectA
SetMenuContextHelpId
GetMenuContextHelpId
CheckMenuRadioItem
CharUpperA
CreateDialogIndirectParamA
EndDialog
wvsprintfA
PostQuitMessage
TranslateMessage
GetMessageA
LoadStringA
GetClipboardFormatNameA
UnpackDDElParam
DestroyMenu
GetAsyncKeyState
ReleaseCapture
SetCursorPos
DestroyCursor
CopyAcceleratorTableA
GetDialogBaseUnits
LoadAcceleratorsA
TranslateAcceleratorA
ReuseDDElParam
WaitMessage
RegisterClipboardFormatA
DestroyIcon
InSendMessage
IsClipboardFormatAvailable
DrawMenuBar

gdi32

SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
UnrealizeObject
CreatePenIndirect
CreateBrushIndirect
CreateFontIndirectA
CreateFontA
CreateBitmapIndirect
SetBitmapBits
GetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CreateCompatibleBitmap
CreateDiscardableBitmap
CreatePalette
CreateHalftonePalette
GetPaletteEntries
SetPaletteEntries
AnimatePalette
GetNearestPaletteIndex
ResizePalette
CreateRectRgnIndirect
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreatePolyPolygonRgn
CreateRoundRectRgn
PathToRegion
ExtCreateRegion
GetRegionData
SetRectRgn
CombineRgn
EqualRgn
OffsetRgn
GetRgnBox
PtInRegion
RectInRegion
CreateDCA
CreateICA
CreateCompatibleDC
GetBrushOrgEx
SetBrushOrgEx
EnumObjects
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
CreateRectRgn
GetTextColor
GetMapMode
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
Arc
Polyline
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
RoundRect
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
TextOutA
GetTextExtentPoint32A
GetTextAlign
GetTextFaceA
GetTextMetricsA
GetTextCharacterExtra
GetCharWidthA
GetAspectRatioFilterEx
Escape
SetBoundsRect
GetBoundsRect
ResetDCA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetFontData
GetKerningPairsA
GetGlyphOutlineA
StartDocA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
MaskBlt
PlgBlt
SetPixelV
AngleArc
GetArcDirection
PolyPolyline
GetColorAdjustment
GetCurrentObject
GetClipRgn
DeleteObject
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
SelectObject
GetStockObject
CreateDIBitmap
GetDCOrgEx
GetClipBox
GetTextExtentPointA
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
CreateMetaFileA
CloseMetaFile
CreateEnhMetaFileA
CloseEnhMetaFile
ExtTextOutA
DeleteDC
SaveDC
GetStretchBltMode
DeleteMetaFile
EnumFontFamiliesExA
CopyMetaFileA
StretchDIBits
PlayEnhMetaFile
GdiComment
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
GetPath
GetMiterLimit
FlattenPath
FillPath
EndPath
CloseFigure
BeginPath
AbortPath
GetCharWidthFloatA
GetCharABCWidthsFloatA
ExtEscape
DrawEscape
PolyBezier
RestoreDC

comdlg32

PrintDlgA
PageSetupDlgA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
CommDlgExtendedError

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

SetFileSecurityA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegSetValueA
RegEnumKeyA
RegCreateKeyA
RegQueryValueA
GetFileSecurityA
RegSetValueExA

shell32

DragAcceptFiles
SHGetSpecialFolderLocation
SHChangeNotify
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetFileInfoA
ExtractIconA

comctl32

ord17
ImageList_SetImageCount
ImageList_Copy
ord13
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
ord14
ImageList_GetImageCount
ImageList_Add
ImageList_AddMasked
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_SetOverlayImage
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_DragShowNolock
ImageList_GetDragImage
ImageList_DragEnter
ImageList_DragLeave
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ord8

oledlg

ord3
ord7
ord6
ord5
ord9
ord4
ord8

ole32

CreateStreamOnHGlobal
CoGetMalloc
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
OleLockRunning
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleSave
StgIsStorageILockBytes
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
OleIsRunning
OleQueryCreateFromData
OleQueryLinkFromData
OleGetClipboard
OleSetMenuDescriptor
DoDragDrop
OleRegEnumVerbs
OleRegGetMiscStatus
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
GetClassFile
CreateDataAdviseHolder
OleTranslateAccelerator
IsAccelerator
GetRunningObjectTable
CoLockObjectExternal
OleInitialize
ReleaseStgMedium
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
OleRun
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CreateFileMoniker
CreateGenericComposite
CreateItemMoniker
OleFlushClipboard
OleSetClipboard
OleIsCurrentClipboard
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
CreateOleAdviseHolder
OleUninitialize

olepro32

ord253

oleaut32

VarBstrFromCy
SysFreeString
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
DosDateTimeToVariantTime
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantCopy
SysAllocStringByteLen
SysStringByteLen
VarCyFromStr
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SysReAllocStringLen
SysStringLen
LoadTypeLi

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cae704410b2c426ea75e8092d9f7619a

Headers

File Characteristics

Imports

msvbvm50

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: - Virtual size: 4KB

.idata Size: 512B - Virtual size: 324B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

c26fcd467874957d85e5a778999057e8

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 4KB

71f1311cd1803cd5d76ee5056ef9e07f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 512KB - Virtual size: 508KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 44KB - Virtual size: 111KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 40KB - Virtual size: 36KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 368KB

UPX1 Size: 201KB - Virtual size: 204KB

.rsrc Size: 3KB - Virtual size: 4KB

b72b92107446da990124636c623d9a66

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 156KB - Virtual size: 155KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 324B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 512KB - Virtual size: 508KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 44KB - Virtual size: 111KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 40KB - Virtual size: 36KB

UPX0
Size: - Virtual size: 368KB

UPX1
Size: 201KB - Virtual size: 204KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 88KB - Virtual size: 104KB

.idata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 364KB - Virtual size: 363KB

.reloc
Size: 88KB - Virtual size: 87KB