ef231faf788baf8916461b24b64b923b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef231faf788baf8916461b24b64b923b_JaffaCakes118
Size

3.0MB
MD5

ef231faf788baf8916461b24b64b923b
SHA1

38ebfe71fdca77c703a04b3ba758618f100ac431
SHA256

3c94d8a067fa15302c730a2878f428c5b1b967292863f2c1bd097825e53f1923
SHA512

95783d5d3ed9a2382bea669030c67648fb206db14ac1d91ac5da935f82dbc3ebd1cd6b67b56abd6edeb29dfa902df00a58ecdc52f646ded0a6f3c528406b2d76
SSDEEP

49152:WLz1LNSXJE4onF0wvtM9NCOwBcec3dbsCPpeU4Ydu1jw8hAMDrhkrnWhXHVcv2BB:CzxNS5cFBVBDcBDRIYd0jw8A2rirWhyg

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/bingyu528/bin/CCTVPlayer.ocx	acprotect
static1/unpack001/bingyu528/bin/CCTVUpdateInstall.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bingyu528/bin/CCTVPlayer.ocx	upx
static1/unpack001/bingyu528/bin/CCTVUpdateInstall.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx
unpack001/bingyu528/tools/TCP.exe
unpack001/bingyu528/tools/clear.exe
unpack001/bingyu528/冰鱼电视.exe

Files

ef231faf788baf8916461b24b64b923b_JaffaCakes118
.rar
bingyu528/bin/CCTVPlayer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:50:c3:e6:fa:00:fb:18:17:06:d5:44:58:ec:32:d8:d8:52:a8:bf
Signer

Actual PE Digest

59:50:c3:e6:fa:00:fb:18:17:06:d5:44:58:ec:32:d8:d8:52:a8:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 592KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 327KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bingyu528/bin/CCTVUpdateInstall.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1d
Signer

Actual PE Digest

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bingyu528/bin/Reli_CCTV.dll
.dll regsvr32 windows:4 windows x86 arch:x86

234a7f75662eed7a2e485258ba39e3ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:66:61:36:f0:f0:3b:99:69:f8:70:d9:ac:2c:1a:fd:1d:69:a5:7f
Signer

Actual PE Digest

76:66:61:36:f0:f0:3b:99:69:f8:70:d9:ac:2c:1a:fd:1d:69:a5:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\hjoost\builds\cctv\bin\lite_release\Reli_CCTV_dll.pdb

Imports

gdiplus

GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipGetDC
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteBrush
GdipReleaseDC
GdipCreateFromHWND
GdipCreateBitmapFromGraphics
GdipSetEmpty
GdipDeleteRegion
GdipImageRotateFlip
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipFree
GdipSetSmoothingMode
GdipFillEllipse
GdipCloneBrush
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromGdiDib
GdipSetClipRegion
GdipDrawImageI
GdipCreateRegion
GdipDrawString
GdipCreateTexture
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipIsVisibleRegionRectI
GdipFillRectangleI
GdipCreatePen1
GdipCombineRegionRegion
GdipDeleteFont
GdipCombineRegionRectI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreateLineBrushFromRectI
GdipGraphicsClear
GdipDrawRectangleI
GdiplusStartup
GdiplusShutdown

wininet

InternetCanonicalizeUrlW
HttpSendRequestW
InternetSetStatusCallbackW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetReadFileExA
InternetCloseHandle
InternetGetLastResponseInfoW
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetOpenW
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
CreateUrlCacheEntryW
CommitUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetQueryDataAvailable

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

kernel32

LoadLibraryExW
EnterCriticalSection
lstrcmpiW
FindNextFileW
WideCharToMultiByte
MoveFileExW
GetTempPathW
GetTempFileNameW
LockResource
CreateMutexW
CreateEventW
FindFirstFileW
CreateThread
FindClose
CopyFileW
CreateFileW
CloseHandle
WriteFile
Sleep
CreateDirectoryW
WaitForSingleObject
DeleteFileW
GetCurrentThreadId
GetTickCount
SetEvent
UnmapViewOfFile
Module32NextW
GetCurrentProcessId
Process32FirstW
Process32NextW
MulDiv
MapViewOfFile
GetCurrentProcess
FlushInstructionCache
LocalAlloc
SetLastError
LocalFree
GetLongPathNameW
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Module32FirstW
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedCompareExchange
GetProcessHeap
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
FindResourceW
IsValidCodePage
RtlUnwind
SetHandleCount
GetFileType
GetLastError
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
ReadFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
SetFilePointerEx
QueueUserWorkItem
GetUserDefaultLangID
GetThreadPriority
CreateSemaphoreW
ReleaseSemaphore
lstrcpynW
lstrcmpW
FindResourceExW
CreateFileMappingW
DuplicateHandle
TryEnterCriticalSection
FreeResource
CreateProcessW
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
LoadResource
InterlockedDecrement
SizeofResource
SetCurrentDirectoryW
InterlockedIncrement
GetSystemDirectoryW
QueryPerformanceFrequency
SetThreadPriority
SetThreadExecutionState
LoadLibraryW
GetLocalTime
GetVersionExW
WaitForMultipleObjects
ResetEvent
lstrlenW
GetModuleFileNameW
HeapFree
GetModuleHandleW
MultiByteToWideChar
HeapAlloc
HeapDestroy
SetThreadLocale
HeapCreate
RaiseException
DeleteCriticalSection
GetThreadLocale
LeaveCriticalSection
FreeLibrary
InitializeCriticalSection
GetOEMCP
GetStartupInfoA

user32

GetKeyState
GetWindowRect
EndDialog
GetDC
OffsetRect
PostThreadMessageW
DispatchMessageW
FillRect
GetFocus
FrameRect
InflateRect
IsWindow
SetWindowLongW
UnregisterClassA
PtInRect
UnionRect
CallWindowProcW
SetWindowRgn
IntersectRect
EqualRect
EndPaint
BeginPaint
DestroyWindow
DialogBoxParamW
TranslateMessage
GetMessageW
PostMessageW
SetTimer
CreateWindowExW
DefWindowProcW
RegisterClassW
PostQuitMessage
GetCursorPos
GetDlgItem
SendNotifyMessageW
LoadCursorW
GetParent
GetClientRect
GetWindow
SetFocus
CopyRect
SystemParametersInfoW
GetClassInfoExW
IsWindowVisible
SetWindowPos
GetWindowLongW
RegisterClassExW
UpdateWindow
ShowWindow
GetActiveWindow
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
MoveWindow
SetParent
EnumDisplaySettingsW
InvalidateRect
MapWindowPoints
ReleaseDC
SetRect
RegisterWindowMessageW
GetQueueStatus
GetWindowThreadProcessId
BringWindowToTop
IsRectEmpty
GetKeyboardState
FindWindowW
WaitForInputIdle
GetClassNameW
TrackMouseEvent
SetForegroundWindow
ScreenToClient
ShowCursor
SetCapture
DrawTextW
IsChild
ReleaseCapture
SetCursor
CloseWindow
CharNextW
KillTimer
SendMessageW

gdi32

BitBlt
SelectClipRgn
IntersectClipRect
CreateDIBSection
CreateCompatibleDC
SetTextColor
DeleteObject
SetBkMode
GetDeviceCaps
GetStockObject
CreateFontW
DeleteDC
CreateRectRgnIndirect
SaveDC
SetViewportOrgEx
RestoreDC
SetWindowOrgEx
SetMapMode
LPtoDP
CreateDCW
CreateFontIndirectW
CreateSolidBrush
CreateDIBPatternBrush
SetBkColor
SelectObject

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoGetMalloc
GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
CoFreeUnusedLibraries
CoInitialize
CLSIDFromString
CLSIDFromProgID
CreateOleAdviseHolder
WriteClassStm
OleRegEnumVerbs
OleRegGetMiscStatus
OleSaveToStream
OleLoadFromStream
OleRegGetUserType
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

UnRegisterTypeLi
VariantClear
VariantInit
VariantChangeType
SysStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreatePropertyFrame
RegisterTypeLi
SafeArrayAccessData
LoadRegTypeLi
GetErrorInfo
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayUnaccessData
SysFreeString
VarUI4FromStr
LoadTypeLi
SysAllocString

winmm

timeKillEvent
timeBeginPeriod
timeEndPeriod
timeSetEvent
waveOutClose
waveOutSetVolume
waveOutGetVolume
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutReset
waveOutOpen
timeGetTime

msimg32

TransparentBlt

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

ws2_32

gethostbyname
recv
ntohl
htonl
closesocket
WSAGetLastError
send
ntohs
inet_addr
htons
socket
connect
setsockopt

Exports

Exports

CheckOccupy
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HelperEntry

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bingyu528/bin/cmp.js
.js
bingyu528/bin/cmp.swf
bingyu528/bin/config.xml
bingyu528/bin/dvdSk.DLL
.zip
black.png
.png
bt_close.png
.png
bt_fullscreen.png
.png
bt_list.png
.png
bt_mute.png
.png
bt_next.png
.png
bt_play.png
.png
bt_prev.png
.png
bt_stop.png
.png
console.png
.png
list.png
.png
progress_thumb.png
.png
progress_track.png
.png
scrollbar_button.png
.png
scrollbar_thumb.png
.png
scrollbar_track.png
.png
skin.xml
volume_thumb.png
.png
volume_track.png
.png
bingyu528/bin/qkdvdDM.ocx
.html .js polyglot
bingyu528/bin/qkdvdHDM.ocx
.html .js polyglot
bingyu528/bin/qkdvdJC.ocx
.html .js polyglot
bingyu528/bin/qkdvdM.ocx
.html .js polyglot
bingyu528/bin/qkdvdT.ocx
.html .js polyglot
bingyu528/bin/qkdvdpR.ocx
.html .js polyglot
bingyu528/bin/wmp.js
.js
bingyu528/main.ocx
.html
bingyu528/tools/TCP.exe
.exe windows:4 windows x86 arch:x86

617755220d6939714467e4e4bfbcd5ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
TerminateProcess
HeapAlloc
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
SetErrorMode
GetCurrentProcess
FlushFileBuffers
WriteFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
lstrcmpiW
WritePrivateProfileStringW
GlobalFindAtomW
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
GetVersionExA
InterlockedDecrement
FreeResource
GlobalAddAtomW
GetLastError
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
lstrlenW
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
GetLocaleInfoW
LoadLibraryW
GetProcAddress
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
FreeLibrary
GetSystemDirectoryW
GetFileAttributesW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapDestroy

user32

DestroyMenu
GetSysColorBrush
LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
wsprintfW
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
GetSysColor
GetSystemMetrics
LoadIconW
EnableWindow
GetClientRect
IsIconic
SendMessageW
DrawIcon
GetPropW

gdi32

RectVisible
PtVisible
DeleteObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
CreateBitmap
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW

comctl32

ord17

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bingyu528/tools/clear.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bingyu528/冰鱼电视.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.textbss
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25Certificate

Extended Key Usages

Key Usages

59:50:c3:e6:fa:00:fb:18:17:06:d5:44:58:ec:32:d8:d8:52:a8:bfSigner

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 592KB

UPX1 Size: 327KB - Virtual size: 328KB

.rsrc Size: 32KB - Virtual size: 36KB

Headers

File Characteristics

Sections

.text Size: 556KB - Virtual size: 553KB

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 40KB - Virtual size: 74KB

.rsrc Size: 56KB - Virtual size: 54KB

.reloc Size: 40KB - Virtual size: 39KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25Certificate

Extended Key Usages

Key Usages

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1dSigner

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 29KB - Virtual size: 32KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

234a7f75662eed7a2e485258ba39e3ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25Certificate

Extended Key Usages

Key Usages

76:66:61:36:f0:f0:3b:99:69:f8:70:d9:ac:2c:1a:fd:1d:69:a5:7fSigner

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

59:50:c3:e6:fa:00:fb:18:17:06:d5:44:58:ec:32:d8:d8:52:a8:bf
Signer

UPX0
Size: - Virtual size: 592KB

UPX1
Size: 327KB - Virtual size: 328KB

.rsrc
Size: 32KB - Virtual size: 36KB

.text
Size: 556KB - Virtual size: 553KB

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 40KB - Virtual size: 74KB

.rsrc
Size: 56KB - Virtual size: 54KB

.reloc
Size: 40KB - Virtual size: 39KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1d
Signer

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

76:66:61:36:f0:f0:3b:99:69:f8:70:d9:ac:2c:1a:fd:1d:69:a5:7f
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

_TEXT64
Size: 4KB - Virtual size: 1KB

.rdata
Size: 416KB - Virtual size: 413KB

.data
Size: 48KB - Virtual size: 2.2MB

.rsrc
Size: 176KB - Virtual size: 173KB

.reloc
Size: 108KB - Virtual size: 106KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 135KB - Virtual size: 136KB

.aspack
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 22KB - Virtual size: 24KB

.textbss
Size: - Virtual size: 1.8MB

.text
Size: 5KB - Virtual size: 8KB

.data
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB