df8681785279583f7596a0dceb6dead7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df8681785279583f7596a0dceb6dead7_JaffaCakes118
Size

881KB
MD5

df8681785279583f7596a0dceb6dead7
SHA1

f54d35bb87cf3c9369a20de0727160c1324116eb
SHA256

02468c3a5a0ff71806a498312d00aea471757a8649d0ce909be836bd9e707004
SHA512

950514e801bf0d4acf4824f029f81cb667754d3843df8d3c2e7879516bbea72d203bbe285e3f7f70593db0e206c8060b929c78ecd2e2547fc9008c004c65d933
SSDEEP

12288:QioknIQ84hLZwFPb81YNdy/LNB4YP7HlzQf31kdD60QJVYIy8JINlb8TSn1tgXCj:5oqd1+VbNNE/LjB+Myo8gJ8TSn1+XCj

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ysmgrsetup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/LogonEx.dll
unpack002/uninst.exe
unpack003/$PLUGINSDIR/System.dll
unpack002/ysmgr.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/ysmgrsetup.exe	nsis_installer_1
static1/unpack001/ysmgrsetup.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

df8681785279583f7596a0dceb6dead7_JaffaCakes118
.rar
ysmgrsetup.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
LogonEx.dll
.dll windows:4 windows x86 arch:x86

0c9b7c1483d4781c30012778296c6268

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord2854
ord861
ord2371
ord858
ord4272
ord2810
ord4124
ord2756
ord1165
ord538
ord4294
ord3087
ord2859
ord535
ord3871
ord5977
ord6195
ord6191
ord6051
ord1768
ord4418
ord3737
ord818
ord567
ord4270
ord3792
ord3658
ord3614
ord3621
ord755
ord2406
ord2444
ord5785
ord1634
ord6168
ord5871
ord470
ord6211
ord6871
ord1088
ord2114
ord556
ord823
ord5286
ord2362
ord4219
ord6330
ord6193
ord6376
ord4831
ord925
ord6597
ord4269
ord6371
ord4229
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord3948
ord2717
ord6466
ord6868
ord5869
ord283
ord4282
ord942
ord941
ord2606
ord1173
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord3793
ord5276
ord4347
ord6370
ord5157
ord1115
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord800
ord825
ord324
ord540
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4480
ord4435
ord2506
ord4704
ord4992
ord4847
ord4370
ord2078
ord5261

msvcrt

wcstok
wcslen
isalnum
_vsnprintf
_wtol
wcscmp
wcsncpy
_CxxThrowException
free
_initterm
_except_handler3
_strlwr
strncat
??1type_info@@UAE@XZ
__dllonexit
malloc
_wtoi
_ftol
__CxxFrameHandler
wcsncmp
_onexit
_adjust_fdiv

kernel32

LocalFree
WideCharToMultiByte
WritePrivateProfileStringW
lstrlenW
GetLastError
GetModuleFileNameW
GetPrivateProfileIntW
FreeLibrary
LoadLibraryW
GetProcAddress
CreateDirectoryW
GetPrivateProfileStringW
FindResourceW
SizeofResource
LoadResource
LockResource
GetTempPathW
CreateFileW
WriteFile
CloseHandle
lstrlenA
MultiByteToWideChar
LocalAlloc

user32

PostMessageW
GetParent
LoadCursorW
ReleaseDC
SetWindowLongW
GetWindowLongW
GetWindowRect
GetDC
EnableWindow
MessageBoxW
SetCursor
InvalidateRect
GetClientRect
SendMessageW
PtInRect
IsWindowVisible
ScreenToClient
GetCursorPos
mouse_event
SetCursorPos
LoadStringW
FillRect
CopyRect
RegisterClassW
GetClassInfoW

gdi32

CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyW

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

shlwapi

PathCombineW
PathAppendW
PathFileExistsW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipDrawImagePointsI
GdipReleaseDC
GdipDeleteGraphics

wininet

InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetOpenW
InternetReadFile
HttpAddRequestHeadersW
InternetConnectW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios

Exports

Exports

DrawSkin
GetLicense
InitEx
InitGDI
Logon
TestSkin
UnInitEx
UninitGDI
UpdateNotify

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/logon.png
.png
data/sys.cfg
oem/update/skin.cfg
oem/update/skin.png
.png
skin/default/about.png
.png
skin/default/skin.cfg
skin/default/skin.png
.png
skin/gg1/skin.cfg
skin/gg1/skin.png
.png
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ysmgr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1fd0a1592ba8c6a5c73c7e25c36ecd86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileW
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
DefineDosDeviceW
QueryDosDeviceW
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
ReleaseMutex
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
SetUnhandledExceptionFilter
ExitProcess
TlsFree
TlsAlloc
GetVersion
GetCommandLineA
ResumeThread
HeapReAlloc
ExitThread
TlsGetValue
TlsSetValue
CreateThread
RaiseException
RtlUnwind
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
CreateMutexW
HeapAlloc
HeapFree
WideCharToMultiByte
GetTempFileNameW
SetFilePointer
SetEvent
CreateEventW
WaitForSingleObject
GetPrivateProfileStructW
WritePrivateProfileStructW
MoveFileExW
WritePrivateProfileSectionW
MoveFileW
Sleep
GetDriveTypeW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetFullPathNameW
SetLastError
lstrcpynW
RemoveDirectoryW
CreateDirectoryW
WriteFile
SuspendThread
TerminateThread
GetLogicalDriveStringsW
CreateFileW
CreateFileA
GetFileSize
ReadFile
FindFirstFileW
FindNextFileW
FindClose
GetWindowsDirectoryW
CloseHandle
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
FreeResource
GetLocalTime
DeleteFileW
ExpandEnvironmentStringsW
GetVersionExW
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
FreeLibrary
GlobalAddAtomW
GlobalDeleteAtom
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
GetLastError
DisableThreadLibraryCalls
GetCurrentProcess
FlushInstructionCache
CompareStringW
InterlockedDecrement
OutputDebugStringW
DebugBreak
InterlockedIncrement
lstrcmpiW
lstrlenW
lstrcpyW
GetFileAttributesW
SetFileAttributesW
GetPrivateProfileStringW
lstrlenA
GetFileType

user32

DefWindowProcW
UpdateWindow
InvalidateRect
ReleaseCapture
FindWindowExW
SendMessageTimeoutW
ChangeDisplaySettingsW
CharUpperW
InsertMenuW
SetMenuItemBitmaps
DefDlgProcW
IsWindowVisible
GetSysColorBrush
SetRectEmpty
GetMenu
CreateMenu
DrawEdge
InflateRect
ClientToScreen
CreatePopupMenu
InsertMenuItemW
GetMenuItemCount
LoadIconW
DrawIcon
CharLowerW
IsDlgButtonChecked
EnableWindow
ShowWindow
MoveWindow
wsprintfW
MonitorFromPoint
GetMonitorInfoW
LoadMenuW
FindWindowW
GetSubMenu
DeleteMenu
CheckMenuItem
SetForegroundWindow
TrackPopupMenu
DestroyMenu
DestroyIcon
GetDlgItem
SetWindowTextW
CheckDlgButton
GetWindowLongW
SendMessageW
BeginPaint
EndPaint
EndDialog
GetActiveWindow
CopyRect
RegisterClassW
GetClassInfoW
EnumDisplaySettingsW
LoadBitmapW
WindowFromPoint
MessageBoxW
GetCapture
SetCapture
SetFocus
PtInRect
DestroyWindow
IsWindow
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetDesktopWindow
AdjustWindowRectEx
GetSystemMetrics
LoadImageW
PostMessageW
KillTimer
RegisterHotKey
UnregisterHotKey
SetTimer
CallWindowProcW
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
FillRect
ReleaseDC
GetDC
DrawTextW
OffsetRect
GetDlgCtrlID
LoadStringW
CharNextW
wvsprintfW
CreateWindowExW
GetClassNameW
SetWindowLongW
LoadCursorW
GetWindowTextLengthW
GetWindowTextW
GetCursorPos
ScreenToClient
SetCursor
GetParent

gdi32

CreateFontW
StretchBlt
GetBkColor
CreatePen
Rectangle
CreateSolidBrush
SetBkMode
SetTextColor
BitBlt
DeleteDC
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
GetStockObject
DeleteObject
CreateFontIndirectW
GetObjectW
CreateCompatibleDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ord162
SHChangeNotify
ShellExecuteW
Shell_NotifyIconW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ExtractIconExW
DragQueryFileW
SHGetSpecialFolderPathA
ord62
ShellExecuteExW
SHGetMalloc
SHGetDesktopFolder

ole32

CoInitialize
CLSIDFromString
CoCreateInstance
CoCreateGuid
CreateStreamOnHGlobal
ReleaseStgMedium
CreateBindCtx

oleaut32

VariantInit
VariantClear
SysStringLen
SysAllocString
DispCallFunc
SysFreeString

atl

ord37
ord11
ord40
ord31
ord10
ord21
ord16
ord57
ord44
ord43
ord35
ord48

comctl32

ImageList_ReplaceIcon
ord17
ImageList_SetBkColor
PropertySheetW
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_Add
ImageList_AddMasked
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_LoadImageW
ImageList_GetImageInfo
ImageList_GetIcon
_TrackMouseEvent

rpcrt4

UuidToStringW
RpcStringFreeW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
PathAppendA
PathFindExtensionW
PathFindFileNameW
PathCombineW

netapi32

Netbios

wininet

HttpAddRequestHeadersW
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionW
InternetGetConnectedState

psapi

GetModuleFileNameExW

Exports

Exports

DllCanUnloadNow
DllCommand
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 28KB - Virtual size: 28KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

0c9b7c1483d4781c30012778296c6268

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcp60

shlwapi

gdiplus

wininet

version

netapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 168KB - Virtual size: 164KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 168KB - Virtual size: 164KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 232KB - Virtual size: 231KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 32KB - Virtual size: 37KB

.share
Size: 4KB - Virtual size: 8B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 20KB - Virtual size: 19KB