de13c1ecbc773fb555bb48f97035a66a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de13c1ecbc773fb555bb48f97035a66a_JaffaCakes118
Size

2.5MB
MD5

de13c1ecbc773fb555bb48f97035a66a
SHA1

bb1c008938d7d4990433f56cfdb5eedd132f86fb
SHA256

2db0b842d3c10ba4c1f139cab927dbc26fd7b2f423a9b36f9c08924aaeb4c01e
SHA512

4eeb733b53ab9c193c15372c2e151b86dafd52aaafd1a7f71a207f5b0e236e3043536152e6056ac77ba959187e702516ae8110c52203cf1865689732aa4f5a53
SSDEEP

49152:Yf9I7wRZ98P5/wB9fboH6BnaM8sVoZ+km8AhsfnZgcq/:ou7wRXY5IjboakM8sVoZ+jsS5/

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
de13c1ecbc773fb555bb48f97035a66a_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/advsplash.dll
unpack001/$SYSDIR/BCLW32.DLL
unpack001/$SYSDIR/WINPPLB.dll
unpack001/$SYSDIR/WinPort.dll
unpack001/$SYSDIR/Winppla.dll
unpack001/POS58/pos58_2000_xp/I386/RASDD.DLL
unpack001/POS58/pos58_2000_xp/I386/RASDDUI.DLL
unpack001/POS58/pos58_2000_xp/POS58.DLL
unpack001/mpdisk.exe
unpack001/uninst.exe
unpack001/update.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

de13c1ecbc773fb555bb48f97035a66a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

1f4c4faa2a5228733f7ee5edf40f6693

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
WritePrivateProfileStringA
lstrcpynA
lstrcatA
lstrcpyA
GetPrivateProfileIntA
MultiByteToWideChar
GetModuleHandleA
lstrcmpiA
GlobalFree
GetPrivateProfileStringA
GlobalAlloc

user32

GetWindowLongA
DrawTextA
SetCursor
LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
GetClientRect
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
LoadIconA

gdi32

SetTextColor
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/advsplash.dll
.dll windows:4 windows x86 arch:x86

41e025c99a5f731479582ce64a2527f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeKillEvent
timeSetEvent
PlaySoundA

kernel32

GetVersion
lstrcpyA
GlobalAlloc
lstrcatA
GetProcAddress
GlobalFree
lstrcpynA
GetModuleHandleA

user32

IsWindow
PostMessageA
DefWindowProcA
CreateWindowExA
UnregisterClassA
DispatchMessageA
BeginPaint
GetClientRect
wsprintfA
EnumDisplaySettingsA
SetWindowRgn
GetMessageA
DestroyWindow
EndPaint
SystemParametersInfoA
LoadImageA
LoadCursorA
RegisterClassA
SetWindowLongA
SetWindowPos

gdi32

BitBlt
DeleteDC
GetDIBits
SelectObject
CreateCompatibleDC
CombineRgn
CreateRectRgn
GetObjectA
DeleteObject

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/BCLW32.DLL
.dll windows:4 windows x86 arch:x86

6af904140697ae3556e8a49ab1996229

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcmpA
lstrcpyA
_lwrite
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
OpenFile
_lclose
lstrlenA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
GetACP
MulDiv
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapFree
HeapAlloc
GetStringTypeA
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
ExitProcess
TerminateProcess
GetCurrentProcess
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
CloseHandle
GetOEMCP
IsBadCodePtr
IsBadWritePtr
FreeEnvironmentStringsW
GetEnvironmentStringsW
DisableThreadLibraryCalls
WriteFile
GetLastError
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
HeapReAlloc
HeapSize
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
RaiseException
FlushFileBuffers

user32

ReleaseDC
GetDC
GetDesktopWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

gdi32

SelectObject
GetTextExtentPointA
GetDIBits
SelectPalette
RealizePalette
LPtoDP
SaveDC
GetViewportExtEx
GetWindowExtEx
SetMapMode
RestoreDC
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
Ellipse
BitBlt
Polygon
CreatePen
StretchBlt
GetObjectA
GetStockObject
DeleteObject
GetMapMode
PatBlt
CreateFontIndirectA
GetDeviceCaps
GetTextFaceA
GetCharABCWidthsA
SetTextAlign
TextOutA
GetTextAlign
SetTextColor
CreateSolidBrush

Exports

Exports

BuildMaxicodeData
BuildMaxicodeShippingData
CreateBarCode
CreateBarCodeIndirect
DeleteBarCode
DrawBarCodeToClipboard
DrawBarCodeToFile
DrawBarCodeToHDC
GetBarCodeSize
_BuildMaxicodeData@24
_BuildMaxicodeShippingData@64
_CreateBarCode@68
_CreateBarCodeIndirect@4
_DeleteBarCode@4
_DrawBarCodeToClipboard@20
_DrawBarCodeToFile@28
_DrawBarCodeToHDC@28
_GetBarCodeSize@16
_LibMain@16

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/WINPPLB.dll
.dll windows:4 windows x86 arch:x86

1f036c7408a1693b0a838f23591b334b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winport

_PortClose_Entry@0
_CloseProcessDlg@0
_OpenProcessDlg@0
_PortOpen_Entry@40
_PortSerialSet_Entry@28
_PortWrite_Entry@16
_PortTimeSet_Entry@20

bclw32

_CreateBarCodeIndirect@4
_DrawBarCodeToFile@28
_DeleteBarCode@4

kernel32

GetCPInfo
GetOEMCP
GetProcessVersion
FreeLibrary
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
GetCommandLineA
RaiseException
HeapSize
GetACP
GetTimeZoneInformation
ExitProcess
TerminateProcess
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFlags
lstrcmpA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalAlloc
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThreadId
CreateFileA
HeapDestroy
LocalFree
ReadFile
CloseHandle
GetFileTime
GetFileSize
GetFileAttributesA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
MultiByteToWideChar
LoadLibraryA
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetCurrentProcess
DuplicateHandle
GetLastError
GlobalLock
GlobalUnlock
GetModuleHandleA
GetProcAddress
SetLastError
lstrcpynA
lstrlenA
HeapCreate
LCMapStringA

user32

LoadBitmapA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
LoadCursorA
GetSysColorBrush
PostQuitMessage
DestroyMenu
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
CreateWindowExA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
LoadStringA
GetLastActivePopup
SetFocus
EnableWindow
IsWindowEnabled
SetWindowPos
SetWindowLongA
GetDlgItem
GetFocus
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetSystemMetrics
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
MessageBoxA
SetWindowTextA
GetWindowTextA
GetClassNameA
GetWindowLongA
GetParent

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
GetTextExtentPoint32A
CreateFontIndirectA
Ellipse
CreatePenIndirect
CreateBrushIndirect
GetBitmapBits
GetObjectA
CreateDCA
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
MoveToEx
LineTo
GetStockObject
PatBlt
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
StretchDIBits

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
EnumPrintersA

comctl32

ord17

Exports

Exports

B_Bar2d_Maxi
B_Bar2d_PDF417
B_Bar2d_PDF417_ABar
B_ClosePrn
B_CreatePrn
B_Define_Date
B_Define_Time
B_Del_Form
B_Del_Pcx
B_Draw_Box
B_Draw_Diagonal
B_Draw_Ellipse
B_Draw_Line
B_Error_Reporting
B_Get_DLL_Version
B_Get_DLL_VersionA
B_Get_Graphic_ColorBMP
B_Get_Graphic_ColorBMP_Mem
B_Get_Pcx
B_Initial_Setting
B_Load_Pcx
B_Open_ChineseFont
B_Print_Form
B_Print_Form_Save
B_Print_MCopy
B_Print_Out
B_Print_Out_ARGOBAR
B_Prn_Barcode
B_Prn_Barcode_ARGOBAR
B_Prn_Barcode_Form
B_Prn_Configuration
B_Prn_Text
B_Prn_Text_ARGOBAR
B_Prn_Text_Chinese
B_Prn_Text_Form
B_Prn_Text_TrueType
B_Prn_Text_TrueType_ABar
B_Prn_Text_TrueType_W
B_Select_Option
B_Select_Option2
B_Select_Symbol
B_Set_BMPSave
B_Set_Backfeed
B_Set_Darkness
B_Set_DebugDialog
B_Set_Direction
B_Set_FlashMemory
B_Set_Form
B_Set_Form_New
B_Set_Labgap
B_Set_Labwidth
B_Set_Originpoint
B_Set_PrinterDC
B_Set_Prncomport
B_Set_Prncomport_PC
B_Set_ProcessDlg
B_Set_Speed
Bar2d_Maxi
Bar2d_PDF417
ClosePrn
CreatePrn
Del_Form
Del_Pcx
Draw_Box
Draw_Line
Error_Reporting
Get_Pcx
Initial_Setting
Load_Pcx
Open_ChineseFont
Print_Form
Print_MCopy
Print_Out
Prn_Barcode
Prn_Configuration
Prn_Text
Prn_Text_Chinese
Prn_Text_TrueType
Select_Option
Select_Symbol
Set_Backfeed
Set_Darkness
Set_Direction
Set_Form
Set_Labgap
Set_Labwidth
Set_Originpoint
Set_Prncomport
Set_Speed

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/WinPort.dll
.dll windows:4 windows x86 arch:x86

f6863bb03bfdb6d6d98dec20d97f12a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetOEMCP
WritePrivateProfileStringA
GlobalFlags
GetCPInfo
FileTimeToLocalFileTime
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
FileTimeToSystemTime
CreateThread
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
ExitProcess
GetEnvironmentVariableA
TerminateProcess
MulDiv
GetModuleHandleA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCommState
SetCommState
SetEvent
GetProcessVersion
GetFileAttributesA
GetFileTime
GetFileSize
LocalReAlloc
SetErrorMode
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
lstrcmpA
LocalAlloc
GlobalAlloc
SetThreadPriority
GetCurrentThread
SuspendThread
GetVersion
ResumeThread
FreeLibrary
GlobalGetAtomNameA
lstrcatA
GetCurrentThreadId
GetVersionExA
GlobalDeleteAtom
ReadFile
GlobalAddAtomA
GlobalFindAtomA
HeapDestroy
WaitForSingleObject
SetLastError
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
HeapCreate
VirtualFree
GetEnvironmentStringsW
CreateEventA
OutputDebugStringA
SetCommTimeouts
CreateFileA
CloseHandle
ExitThread
ClearCommError
GetOverlappedResult
GetLastError
WriteFile

user32

SetMenuItemBitmaps
IsDialogMessageA
SetWindowTextA
ShowWindow
EnableMenuItem
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetCursorPos
ValidateRect
CheckMenuItem
TranslateMessage
ReleaseDC
GetDC
PostQuitMessage
SetCursor
UnregisterClassA
LoadCursorA
GetSysColorBrush
GetClassNameA
PtInRect
ClientToScreen
GetMessageA
TabbedTextOutA
DrawTextA
GrayStringA
DestroyMenu
AdjustWindowRectEx
GetClientRect
CopyRect
IsWindowVisible
GetTopWindow
GetCapture
DispatchMessageA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetLastActivePopup
MessageBoxA
LoadStringA
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
GetParent
GetFocus
IsWindowEnabled
IsWindow
SetFocus
GetSystemMetrics
CharUpperA
UpdateWindow
SetActiveWindow
PeekMessageA
SendMessageA
EnableWindow
KillTimer
SetTimer
PostMessageA
wsprintfA
LoadIconA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
GetSubMenu
WinHelpA
GetClassInfoA
GetMessagePos
UnhookWindowsHookEx

gdi32

SetTextColor
SetBkColor
GetObjectA
CreateBitmap
GetDeviceCaps
DeleteObject
SelectObject
GetStockObject
DeleteDC
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
GetClipBox

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

_CloseErrorDlg@0
_CloseProcessDlg@0
_DebugMessage@4
_OpenErrorDlg@0
_OpenProcessDlg@0
_PortClose_Entry@0
_PortOpen_Entry@40
_PortRead_Entry@8
_PortSerialSet_Entry@28
_PortTimeSet_Entry@20
_PortWrite_Entry@16
_ReadDataWaiting@0
_SetFilter_PathEntry@8

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Winppla.dll
.dll windows:4 windows x86 arch:x86

e6753436fec72b7e5831bef0d2bdd60f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winport

_PortClose_Entry@0
_CloseProcessDlg@0
_OpenProcessDlg@0
_PortOpen_Entry@40
_PortSerialSet_Entry@28
_PortWrite_Entry@16
_PortTimeSet_Entry@20

bclw32

_CreateBarCodeIndirect@4
_DrawBarCodeToFile@28
_DeleteBarCode@4

kernel32

GetCPInfo
GetOEMCP
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
GetCommandLineA
RaiseException
HeapSize
GetACP
GetTimeZoneInformation
ExitProcess
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeLibrary
GetProcessVersion
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFlags
lstrcmpA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalAlloc
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThreadId
CreateFileA
LocalFree
ReadFile
CloseHandle
GetFileTime
GetFileSize
GetFileAttributesA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
MultiByteToWideChar
LoadLibraryA
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetLastError
GlobalLock
GlobalUnlock
GetModuleHandleA
GetProcAddress
SetLastError
lstrlenA
LCMapStringW
LCMapStringA
SetHandleCount

user32

LoadBitmapA
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
LoadCursorA
GetSysColorBrush
PostQuitMessage
DestroyMenu
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
DestroyWindow
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
LoadStringA
GetLastActivePopup
SetFocus
EnableWindow
IsWindowEnabled
SetWindowPos
SetWindowLongA
GetDlgItem
GetParent
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetSystemMetrics
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
MessageBoxA
GetWindowTextA
GetWindowLongA
PtInRect
GetFocus

gdi32

GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
GetTextExtentPoint32A
CreateFontIndirectA
Ellipse
CreatePenIndirect
CreateBrushIndirect
GetBitmapBits
GetObjectA
CreateDCA
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
MoveToEx
LineTo
PatBlt
SetDIBits
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
StretchDIBits

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
EnumPrintersA

comctl32

ord17

Exports

Exports

A_Bar2d_DataMatrix
A_Bar2d_Maxi
A_Bar2d_Maxi_Ori
A_Bar2d_PDF417
A_Bar2d_PDF417_ABar
A_Bar2d_PDF417_Ori
A_Clear_Memory
A_ClosePrn
A_CreatePrn
A_Del_Graphic
A_Draw_Box
A_Draw_Diagonal
A_Draw_Ellipse
A_Draw_Line
A_Feed_Label
A_Get_DLL_Version
A_Get_DLL_VersionA
A_Get_Graphic
A_Get_Graphic_ColorBMP
A_Get_Graphic_ColorBMP_Mem
A_Initial_Setting
A_Load_Graphic
A_Open_ChineseFont
A_Print_Form
A_Print_Out
A_Print_Out_ARGOBAR
A_Prn_Barcode
A_Prn_Barcode_ARGOBAR
A_Prn_Text
A_Prn_Text_ARGOBAR
A_Prn_Text_Chinese
A_Prn_Text_TrueType
A_Prn_Text_TrueType_ABar
A_Prn_Text_TrueType_W
A_Set_BMPSave
A_Set_Backfeed
A_Set_Cutting
A_Set_Darkness
A_Set_DebugDialog
A_Set_Feed
A_Set_FlashMemory
A_Set_Form
A_Set_Gap
A_Set_LabelVer
A_Set_Logic
A_Set_Margin
A_Set_PrinterDC
A_Set_Prncomport
A_Set_Prncomport_PC
A_Set_ProcessDlg
A_Set_Sensor_Mode
A_Set_Speed
A_Set_Syssetting
A_Set_Unit
Bar2d_Maxi
Bar2d_PDF417
Clear_Memory
ClosePrn
CreatePrn
Del_Graphic
Draw_Box
Draw_Line
Feed_Label
Get_Graphic
Get_Graphic_ColorBMP
Initial_Setting
Load_Graphic
Print_Form
Print_Out
Prn_Barcode
Prn_Text
Prn_Text_TrueType
Set_Backfeed
Set_Cutting
Set_Darkness
Set_Feed
Set_Form
Set_Margin
Set_Sensor_Mode
Set_Speed
Set_Syssetting
Set_Unit

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/spltmp.bmp
POS58/pos58_2000_xp/I386/RASDD.DLL
.dll windows:4 windows x86 arch:x86

16b1ce6b969ef2e7aab46ebd16479a6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

win32k.sys

FONTOBJ_pxoGetXform
EngAcquireSemaphore
EngCreateSemaphore
EngSetLastError
EngFindImageProcAddress
EngLoadImage
EngGetPrinterDataFileName
EngLoadModule
EngGetDriverName
EngFreeModule
EngUnloadImage
EngDeletePalette
EngCreatePalette
HT_Get8BPPFormatPalette
EngAssociateSurface
EngMarkBandingSurface
EngCreateBitmap
EngDeleteSurface
EngMulDiv
EngGetPrinterData
EngWritePrinter
EngEraseSurface
EngFindResource
EngBitBlt
EngWideCharToMultiByte
STROBJ_bEnum
FLOATOBJ_DivLong
FLOATOBJ_MulLong
FONTOBJ_pifi
EngReleaseSemaphore
EngTextOut
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
FONTOBJ_cGetGlyphs
EngUnlockSurface
EngLockSurface
FLOATOBJ_GetLong
FLOATOBJ_AddFloat
FLOATOBJ_DivFloat
FLOATOBJ_Neg
FLOATOBJ_LessThanLong
FLOATOBJ_GreaterThanLong
FLOATOBJ_EqualLong
XFORMOBJ_iGetFloatObjXform
EngEnumForms
EngGetLastError
EngGetForm
XLATEOBJ_cGetPalette
EngStretchBlt
EngCopyBits
FONTOBJ_vGetInfo
XFORMOBJ_bApplyXform
EngAllocMem
EngFreeMem
EngMultiByteToWideChar
EngGetCurrentCodePage
EngMultiByteToUnicodeN
EngMapModule

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
POS58/pos58_2000_xp/I386/RASDDUI.DLL
.dll windows:4 windows x86 arch:x86

3180822ddb6f5d103eda1274d2cb8af4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

user32

wsprintfW
EnableWindow
LoadStringW
GetWindowLongW
DialogBoxParamW
EndDialog
GetWindowRect
ShowWindow
CallNextHookEx
GetDC
ReleaseDC
UnhookWindowsHookEx
PostMessageW
WinHelpW
LoadCursorW
SetWindowsHookExW
GetDlgItemTextW
SetCursor
SendMessageW
InvalidateRect
GetDlgItem
SendDlgItemMessageW
SetDlgItemTextW
SetWindowLongW

gdi32

SelectObject
GetTextExtentPoint32W
EnumFontFamiliesW

kernel32

CloseHandle
MapViewOfFile
SetErrorMode
FindFirstFileW
FreeResource
FindResourceW
LoadLibraryExW
LockResource
SizeofResource
LoadResource
lstrlenW
WriteFile
lstrcpynW
DeleteFileW
MoveFileW
GetFileSize
ReadFile
GlobalFree
GlobalAlloc
VirtualFree
LCMapStringW
VirtualAlloc
LCMapStringA
HeapReAlloc
LoadLibraryW
GetModuleFileNameW
InitializeCriticalSection
HeapCreate
DeleteCriticalSection
HeapDestroy
SetLastError
HeapFree
GetLastError
HeapAlloc
GetACP
GetProfileIntW
MultiByteToWideChar
FindClose
FindNextFileW
LocalFree
WideCharToMultiByte
UnmapViewOfFile
LeaveCriticalSection
SetFilePointer
CreateFileW
EnterCriticalSection
CreateFileMappingW
GetCurrentThreadId
LocalAlloc
GetProcAddress
FreeLibrary
GetFileAttributesW
LoadLibraryA

winspool.drv

GetPrinterDriverDirectoryW
OpenPrinterW
GetPrinterW
GetPrinterDataW
SetPrinterDataW
GetPrinterDriverW
ClosePrinter
EnumFormsW
AddFormW
GetFormW
WritePrinter

Exports

Exports

DevQueryPrintEx
DllInitialize
DrvAdvancedDocumentProperties
DrvCleanup
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentProperties
DrvDocumentPropertySheets
DrvPrinterEvent
DrvUpgradePrinter
PrinterProperties

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
POS58/pos58_2000_xp/I386/RASDDUI.HLP
POS58/pos58_2000_xp/OEMSETUP.INF
POS58/pos58_2000_xp/POS58.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

bInitProc

Sections

.text
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
POS58/pos58_2000_xp/readme.txt
POS58/pos58_win98/DMCOLOR.DLL
POS58/pos58_win98/ICONLIB.DLL
POS58/pos58_win98/POS58.drv
POS58/pos58_win98/UNIDRV.DLL
POS58/pos58_win98/UNIDRV.HLP
POS58/pos58_win98/pos58.inf
POS58/pos58_win98/readme.txt
data.dat
mpdisk.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 688KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 46KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mpdisk.ini
readme.chm
.chm
uninst.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
update.dll
update.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 184KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 13KB - Virtual size: 16KB

1f4c4faa2a5228733f7ee5edf40f6693

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 894B

41e025c99a5f731479582ce64a2527f4

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 132B

.reloc Size: 512B - Virtual size: 406B

6af904140697ae3556e8a49ab1996229

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 40KB - Virtual size: 54KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

1f036c7408a1693b0a838f23591b334b

Headers

File Characteristics

Imports

winport

bclw32

kernel32

user32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 13KB - Virtual size: 16KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 894B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 132B

.reloc
Size: 512B - Virtual size: 406B

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 40KB - Virtual size: 54KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 30KB

.reloc
Size: 16KB - Virtual size: 14KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 12KB - Virtual size: 22KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 343KB - Virtual size: 343KB

.reloc
Size: 1KB - Virtual size: 1KB