f0aad3aa520d3bcacb84fed59b04a3ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0aad3aa520d3bcacb84fed59b04a3ea_JaffaCakes118
Size

389KB
MD5

f0aad3aa520d3bcacb84fed59b04a3ea
SHA1

adeefbf71ff73fc06b9307ac8b5f17a33db5ee20
SHA256

db3d7cb43e44409c31acd6146cbba4212aaf4b0ba27113fc255613de83b54b50
SHA512

b7745bb3c1d3e91f7d541046c0e603eaf3fcd9510edd5851fb18b73e344f014fc08cef992b73caa733d70f4a0cbec9a0df8b33ff2bd88718cfbc5823e81ebad7
SSDEEP

6144:7GyR9Zu41VwiuoB32vOuCpWMJu9bWKFl5mRP4ymSYTBPIuD+nIDumg+13ayMqitp:6A9j12rUm2bWsn+5mRPjjY3CIjjw6M1

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/纯于刷淘宝宝贝收藏软件/TbViewer.exe
unpack001/纯于刷淘宝宝贝收藏软件/xupdate.dll
unpack001/纯于刷淘宝宝贝收藏软件/xupdate.exe
unpack001/纯于刷淘宝宝贝收藏软件/纯于刷淘宝宝贝收藏软件.exe

Files

f0aad3aa520d3bcacb84fed59b04a3ea_JaffaCakes118
.rar
使用说明.url
极速软件下载.url
.url
纯于刷淘宝宝贝收藏软件/TbViewer.exe
.exe windows:4 windows x86 arch:x86

bb99b3eaa446c649fd049dd45b514ade

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord5284
ord4437
ord2446
ord4428
ord796
ord554
ord529
ord402
ord807
ord6000
ord2117
ord4457
ord5255
ord4501
ord2379
ord3472
ord1168
ord6822
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord4078
ord5240
ord2385
ord5281
ord4441
ord3748
ord1725
ord6671
ord6813
ord5861
ord2764
ord6143
ord6805
ord801
ord800
ord541
ord6199
ord3495
ord2818
ord540
ord535
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord6215
ord986
ord411
ord4159
ord6117
ord2621
ord1134
ord824
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord5102
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5241
ord5280
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord2725
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord5710
ord860
ord1228
ord6877
ord3337
ord3811
ord6283
ord6282
ord858
ord537
ord941
ord3447
ord3196
ord6449
ord2727
ord6467
ord2730
ord2729
ord4881
ord6597
ord6478
ord6514
ord6800
ord6658
ord6197
ord3797
ord5037
ord5260
ord3005
ord2135
ord4720
ord539
ord6591
ord6807
ord6650
ord4432
ord2884
ord6699
ord2614
ord6876
ord4129
ord6710
ord4203
ord940
ord6883
ord4277
ord4278
ord926
ord6663
ord2391
ord2127
ord3869
ord4246
ord1859
ord976
ord5254
ord674
ord825
ord401
ord4427
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2445
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4436
ord4837
ord3798
ord1665
ord2649
ord5283
ord4353
ord6374
ord5163
ord2382
ord5237
ord4407
ord1776
ord4077
ord6055
ord4152
ord2878
ord2879
ord3403
ord5472
ord5012
ord3351
ord4303
ord4467
ord5104
ord5100
ord3059
ord2390
ord2723
ord2101
ord5101
ord4245
ord1858
ord4283
ord823
ord1576

msvcrt

__CxxFrameHandler
_mbsicmp
_setmbcp
_CxxThrowException
atoi
srand
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
rand
time
_mbscmp
isalnum
_controlfp

kernel32

MultiByteToWideChar
lstrlenA
SetErrorMode
GetModuleHandleA
LocalFree
GetLastError
GetVersionExA
GetProcAddress
VirtualProtect
LoadLibraryA
GetStartupInfoA
InterlockedDecrement

user32

SystemParametersInfoA
KillTimer
SetTimer
PostMessageA
EnableWindow
MessageBoxIndirectW
IsWindow
GetClientRect
AdjustWindowRectEx
GetAsyncKeyState
UpdateWindow
GetKeyState

ole32

CoTaskMemAlloc

oleaut32

SysAllocString
SysAllocStringLen
VariantInit
VariantClear
SysFreeString

wininet

InternetSetOptionA

winmm

mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
mixerGetLineControlsA
mixerSetControlDetails
mixerGetControlDetailsA
mixerClose

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
纯于刷淘宝宝贝收藏软件/checkcode
纯于刷淘宝宝贝收藏软件/config.dat
纯于刷淘宝宝贝收藏软件/u.ini
纯于刷淘宝宝贝收藏软件/xupdate.dll
.dll windows:4 windows x86 arch:x86

6a6270c3ba9049ec5b87ff242a7e0bca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4234
ord6195
ord4287
ord6215
ord3996
ord2862
ord2097
ord4160
ord2863
ord4710
ord2379
ord755
ord470
ord4376
ord6199
ord2818
ord2642
ord6907
ord3998
ord860
ord1105
ord2614
ord861
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord823
ord6467
ord941
ord4204
ord858
ord940
ord5710
ord2302
ord5683
ord537
ord1997
ord1228
ord5465
ord798
ord5194
ord533
ord922
ord4277
ord6883
ord2763
ord6143
ord5861
ord6283
ord6282
ord2764
ord3811
ord825
ord324
ord540
ord541
ord384
ord567
ord1168
ord1146
ord641
ord800
ord801
ord686
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord693
ord609
ord795
ord765
ord3640
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3370
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord1776
ord4078
ord6055
ord2582
ord3698
ord3402
ord4407
ord3721
ord3574
ord4396
ord2575
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4129
ord5265

msvcrt

remove
_stricmp
_mbsicmp
fopen
fread
fclose
_itoa
sprintf
_mbsstr
_mbsnbcpy
gmtime
malloc
free
calloc
_ftol
atoi
__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

kernel32

LocalFree
GetModuleFileNameA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
WriteFile
CreateDirectoryA
DosDateTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
InterlockedExchange
ResumeThread
WinExec
LocalAlloc
DeleteFileA
SetFileAttributesA
GetFileAttributesA
SetFileTime

user32

SetTimer
AppendMenuA
LoadIconA
SendMessageA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
KillTimer
PostMessageA
EnableWindow
wsprintfA

urlmon

URLDownloadToFileA

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

shlwapi

StrFormatByteSizeA

wininet

DeleteUrlCacheEntry

Exports

Exports

ShowUpdateDlg

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
纯于刷淘宝宝贝收藏软件/xupdate.exe
.exe windows:4 windows x86 arch:x86

b9908afb62b67f3276328c5e7e2001cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord4079
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2621
ord1134
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord1168
ord941
ord1576
ord858
ord540
ord4129
ord5683
ord4277
ord537
ord2818
ord825
ord535
ord3830
ord800

msvcrt

_setmbcp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
strncpy
_mbsicmp
__CxxFrameHandler
_initterm
_except_handler3
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetLastError
CreateSemaphoreA
GetStartupInfoA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
纯于刷淘宝宝贝收藏软件/纯于刷淘宝宝贝收藏软件.exe
.exe windows:4 windows x86 arch:x86

f1f7f84dc71e776b2a9ed8073c686ef8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6215
ord926
ord941
ord5981
ord2582
ord4402
ord3370
ord3640
ord686
ord693
ord384
ord3996
ord2862
ord2097
ord2820
ord6907
ord3998
ord3301
ord6696
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord3748
ord1725
ord3619
ord3663
ord3626
ord2414
ord6805
ord4277
ord5240
ord6111
ord5148
ord3089
ord2379
ord3521
ord1168
ord6453
ord6402
ord2575
ord4396
ord3574
ord609
ord537
ord6675
ord6888
ord3610
ord656
ord1146
ord2086
ord4287
ord4538
ord683
ord2763
ord3631
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord5284
ord4437
ord4428
ord796
ord554
ord529
ord402
ord807
ord1105
ord6000
ord2117
ord4457
ord5255
ord4413
ord4501
ord1768
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord5054
ord3447
ord3196
ord3472
ord551
ord6883
ord5861
ord1175
ord6007
ord3286
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord986
ord411
ord4159
ord6117
ord2621
ord1134
ord824
ord2814
ord5216
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord5710
ord3353
ord3579
ord426
ord726
ord826
ord2725
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord6822
ord6808
ord5281
ord6813
ord3495
ord3880
ord3425
ord3054
ord3227
ord3408
ord3758
ord3584
ord543
ord803
ord3522
ord6403
ord1948
ord5303
ord4699
ord5715
ord565
ord817
ord2726
ord4226
ord1106
ord3573
ord1641
ord4275
ord6449
ord2727
ord6467
ord2730
ord2729
ord4881
ord6597
ord6478
ord6514
ord6800
ord6658
ord6197
ord3797
ord5037
ord5260
ord3005
ord2135
ord4720
ord539
ord6591
ord6807
ord6650
ord4432
ord6699
ord4204
ord6143
ord6880
ord6241
ord4786
ord2864
ord556
ord809
ord6762
ord2860
ord2859
ord1088
ord2122
ord2393
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord755
ord470
ord6307
ord521
ord413
ord4400
ord3630
ord682
ord3706
ord640
ord2450
ord5678
ord4133
ord4297
ord5788
ord472
ord283
ord5786
ord5736
ord1640
ord323
ord2740
ord2801
ord2587
ord4406
ord3729
ord804
ord4267
ord4505
ord5440
ord6383
ord5450
ord6394
ord3361
ord2652
ord922
ord1669
ord5875
ord613
ord289
ord6358
ord4284
ord538
ord2764
ord1228
ord940
ord5683
ord1997
ord5465
ord798
ord5194
ord533
ord5356
ord4202
ord4299
ord6172
ord5873
ord2754
ord2567
ord389
ord3229
ord6059
ord5808
ord5204
ord6385
ord5572
ord2919
ord1848
ord4243
ord6242
ord832
ord548
ord6672
ord4278
ord6663
ord923
ord711
ord6876
ord541
ord6877
ord924
ord939
ord801
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord535
ord3874
ord4123
ord2614
ord6334
ord1200
ord6282
ord6283
ord858
ord3337
ord4129
ord4853
ord4710
ord3092
ord2642
ord2818
ord6199
ord4234
ord2302
ord2370
ord2289
ord2301
ord6640
ord2362
ord324
ord567
ord540
ord860
ord3811
ord641
ord795
ord793
ord800
ord3721
ord4424
ord3402
ord2446
ord5261
ord4441
ord5290
ord2385
ord5241
ord4078
ord3719
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4376
ord5265
ord5254
ord674
ord825
ord401
ord4427
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2445
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4436
ord4837
ord3798
ord1665
ord2649
ord5283
ord4353
ord6374
ord5163
ord2382
ord5237
ord4407
ord1776
ord4077
ord6055
ord4152
ord2878

msvcrt

_tzset
_mbscmp
_mbsicmp
atoi
time
_setmbcp
__CxxFrameHandler
_snprintf
_splitpath
realloc
toupper
_purecall
tolower
isspace
ispunct
isprint
isgraph
iscntrl
__isascii
isalpha
strncmp
malloc
calloc
gmtime
_mbsnbcpy
_mbsstr
mktime
sscanf
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
isxdigit
isdigit
islower
isupper
strncpy
_vsnprintf
rename
_stricmp
_beginthreadex
fopen
fread
fclose
_itoa
sprintf
_mbsnbicmp
isalnum
memchr
_strdup
atof
_ftol
rand
srand
_access
_mbsrchr
free
memmove
_controlfp

kernel32

LoadLibraryA
GetProcAddress
GetModuleFileNameA
WritePrivateProfileStringA
WinExec
WaitForSingleObject
GlobalDeleteAtom
GlobalAddAtomA
GetPrivateProfileIntA
Sleep
lstrlenA
TerminateProcess
OpenProcess
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
WideCharToMultiByte
lstrcpyA
CreateDirectoryA
GetModuleHandleA
LocalFree
SetErrorMode
SetFileAttributesA
GetFileAttributesA
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
WriteFile
SetFilePointer
GetFileSize
GetFileType
DuplicateHandle
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
DosDateTimeToFileTime
SetFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
GetFileInformationByHandle
GetLastError
CreateSemaphoreA
CloseHandle
GetPrivateProfileStringA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcess
CreateFileA
GetLocalTime
MultiByteToWideChar
GetSystemTime
CreateEventA
GlobalFree
MulDiv
LockResource
SizeofResource
LoadResource
FindResourceA
DeleteFileA
SetEvent
ResetEvent

user32

RedrawWindow
SendMessageA
GetPropA
SetPropA
DrawEdge
GetWindowTextA
DrawFocusRect
SetCursor
LoadCursorA
SetParent
GetTopWindow
GetFocus
SetFocus
DrawTextA
CopyRect
FillRect
InvalidateRect
EnableWindow
PtInRect
GetDC
ReleaseDC
InflateRect
GetClassNameA
GetParent
GetWindowRect
IsWindow
GetClientRect
AdjustWindowRectEx
GetAsyncKeyState
GetKeyState
SetRect
GetSysColor
EmptyClipboard
SetClipboardData
OpenClipboard
CloseClipboard
PostMessageA
UpdateWindow
RegisterWindowMessageA
LoadMenuA
GetSubMenu
SetMenuDefaultItem
GetCursorPos
SetTimer
PostQuitMessage
KillTimer
LoadIconA
RegisterHotKey
UnregisterHotKey
IsWindowVisible
SetForegroundWindow

gdi32

CreateSolidBrush
CreateRectRgnIndirect
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A

advapi32

RegCreateKeyA
RegDeleteKeyA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

_TrackMouseEvent

ole32

CoCreateGuid
CoInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoUninitialize

olepro32

ord251

oleaut32

SysFreeString
VariantClear

urlmon

URLDownloadToFileA
ObtainUserAgentString

msvcp60

??0_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??_7runtime_error@std@@6B@
??1_Lockit@std@@QAE@XZ

netapi32

Netbios

wininet

HttpQueryInfoA
DeleteUrlCacheEntry

imagehlp

MapFileAndCheckSumA

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 1020KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb99b3eaa446c649fd049dd45b514ade

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ole32

oleaut32

wininet

winmm

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 20KB - Virtual size: 16KB

6a6270c3ba9049ec5b87ff242a7e0bca

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

urlmon

msvcp60

shlwapi

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 4KB

b9908afb62b67f3276328c5e7e2001cb

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 384B

.rsrc Size: 8KB - Virtual size: 4KB

f1f7f84dc71e776b2a9ed8073c686ef8

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

urlmon

msvcp60

netapi32

wininet

imagehlp

Exports

Exports

Sections

.text Size: 1020KB - Virtual size: 1017KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 20KB - Virtual size: 16KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 384B

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 1020KB - Virtual size: 1017KB

.rdata
Size: 208KB - Virtual size: 206KB

.data
Size: 32KB - Virtual size: 38KB

.rsrc
Size: 140KB - Virtual size: 136KB