fb1c4d5483aa09004b7d965f514cc569_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb1c4d5483aa09004b7d965f514cc569_JaffaCakes118
Size

1.2MB
MD5

fb1c4d5483aa09004b7d965f514cc569
SHA1

285e13863bf00e25185b89e937c64d11bba177c4
SHA256

0d1020967e6d1a74e557ef37d8d1e59ba80ffcb3af325dd55dea1a446e1e9f1b
SHA512

0fe84f27e8a74429550698bca58a38440a1328faa3229634f467c80f4ae267f0e949d02d6754659274943cd90597e20dad23bf3f38cf39f14546e678543ebf6c
SSDEEP

24576:KDq/FgRMWZ1w2dTe98+vmx425BJlcOTFNHC1SswcBNZy5:csFgDO2dTe98Tx4kBJeI9C19fBzQ

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/PC Washer/Keygen.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PC Washer/ACleaner.exe
unpack001/PC Washer/AttUpdate.exe
unpack001/PC Washer/FileWipe.exe
unpack001/PC Washer/Keygen.exe
unpack002/out.upx
unpack001/PC Washer/PC Turbo Memory.exe
unpack001/PC Washer/ScanEngine.dll
unpack001/PC Washer/UninstApp.exe
unpack001/PC Washer/WipeDisk.exe
unpack001/PC Washer/ZeroRemover.exe

Files

fb1c4d5483aa09004b7d965f514cc569_JaffaCakes118
.rar
PC Washer/ACleaner.exe
.exe windows:4 windows x86 arch:x86

5d14d7f974e797ed4168de7e279d9e91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

scanengine

GetVirInfoDbDate
RemoveTrojan
IfisTrojan
LoadVirInfoDb

mfc42

ord4129
ord2763
ord4277
ord5683
ord2567
ord5788
ord2614
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3619
ord6194
ord2864
ord2096
ord2408
ord5860
ord807
ord2920
ord2012
ord4163
ord2120
ord554
ord1644
ord5572
ord2919
ord939
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord4396
ord3574
ord809
ord556
ord4275
ord4284
ord5053
ord4774
ord5981
ord6270
ord3874
ord5289
ord289
ord2122
ord6358
ord1088
ord6197
ord283
ord2582
ord4402
ord3370
ord3640
ord3996
ord2862
ord6675
ord6888
ord6907
ord3998
ord4204
ord2860
ord1105
ord3790
ord4278
ord5861
ord924
ord922
ord923
ord1200
ord6283
ord6282
ord3797
ord2915
ord2448
ord5710
ord6929
ord5875
ord665
ord354
ord2044
ord5834
ord2642
ord3092
ord4224
ord3097
ord1768
ord2301
ord6334
ord6662
ord559
ord5862
ord3698
ord6648
ord5608
ord2370
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord1979
ord5442
ord3318
ord5186
ord3880
ord3425
ord3054
ord3227
ord3408
ord861
ord1601
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord4710
ord540
ord537
ord858
ord800
ord5953
ord535
ord4234
ord2302
ord825
ord324
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3654
ord2584
ord4220
ord1862
ord500
ord3701
ord772
ord1574
ord1099
ord686
ord384
ord6143
ord2764
ord6883
ord6877
ord1175
ord860
ord3811
ord3337
ord2818
ord541
ord2379
ord692
ord693
ord6880
ord2086
ord6215
ord4299
ord470
ord755
ord323
ord1640
ord1641
ord5785
ord2405
ord640
ord926
ord6199
ord567
ord1168
ord1146
ord3721
ord3402
ord5290
ord1776
ord6055
ord609
ord765
ord2414
ord801
ord812
ord3626
ord3663
ord1134
ord2621
ord5943
ord795
ord815
ord561
ord3738
ord4424
ord4622
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord6927
ord5714
ord613
ord1576

msvcrt

_strlwr
_strupr
_CxxThrowException
_controlfp
_except_handler3
__set_app_type
__p__fmode
_fcloseall
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
strstr
strchr
sscanf
atoi
_mbsstr
remove
rename
fread
fwrite
_mbsicmp
fopen
fprintf
fclose
strrchr
_mbsnbcpy
_mbscmp
memmove
_ftol
wcslen
wcscpy
malloc
free
sprintf
exit
__CxxFrameHandler
_setmbcp
??1type_info@@UAE@XZ
__p__commode

kernel32

GetStartupInfoA
GetModuleHandleA
InterlockedDecrement
GetLongPathNameA
GetSystemDirectoryA
Process32First
GetPriorityClass
Process32Next
CreateToolhelp32Snapshot
Module32First
Module32Next
OpenProcess
GetProcAddress
GetDiskFreeSpaceExA
lstrcatA
WinExec
lstrcpyA
LoadLibraryA
FreeLibrary
GetWindowsDirectoryA
GetTempPathA
GetCurrentProcess
CreateFileA
GetFileSize
SetFileAttributesA
DeleteFileA
LocalFree
ExitProcess
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
GetDriveTypeA
SetCurrentDirectoryA
GetModuleFileNameA
CloseHandle
TerminateThread
Sleep
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
CopyFileA
MoveFileExA
FindFirstFileA
FindNextFileA
FindClose
GetLastError
CreateDirectoryA
MultiByteToWideChar

user32

CreateIconIndirect
DrawStateA
OffsetRect
InflateRect
DrawFocusRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
MessageBoxA
MessageBeep
SetCapture
RedrawWindow
ReleaseCapture
IsMenu
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
PtInRect
SetWindowLongA
IsWindow
CopyIcon
GetIconInfo
LoadImageA
FrameRect
PostQuitMessage
LoadCursorA
UpdateWindow
FlashWindow
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
KillTimer
GetWindowRect
IsIconic
GetSystemMetrics
GetClientRect
EnableWindow
DrawIcon
LoadBitmapA
SendMessageA
LoadIconA
SetTimer
SetWindowPos
PeekMessageA

gdi32

SetBkColor
CreateBitmap
Pie
SetDIBitsToDevice
BitBlt
CreateCompatibleDC
GetDeviceCaps
GetBkMode
CreatePen
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleBitmap
GetTextExtentPoint32W
GetTextExtentPoint32A
Ellipse
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
SetPixel
GetPixel
GetObjectA
PtVisible
RectVisible
PatBlt
TextOutA
ExtTextOutA
Escape
Rectangle
GetStockObject
CreateFontA
SetTextColor
StretchBlt

advapi32

RegSetKeySecurity
RegQueryValueExA
RegOpenKeyExA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
GetUserNameA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity

shell32

SHFileOperationA
SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SysFreeString

msvcirt

?open@ifstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??0ifstream@@QAE@XZ
??_Dofstream@@QAEXXZ
??1ofstream@@UAE@XZ
?close@ofstream@@QAEXXZ
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@E@Z
??6ostream@@QAEAAV0@PBD@Z
?open@ofstream@@QAEXPBDHH@Z
??0ofstream@@QAE@XZ
??1ifstream@@UAE@XZ
?get@istream@@IAEAAV1@PADHH@Z
_mtlock
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
_mtunlock
??_Difstream@@QAEXXZ

winmm

PlaySoundA

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache

shlwapi

SHDeleteKeyA

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC Washer/Alert.wav
PC Washer/AttUpdate.exe
.exe windows:4 windows x86 arch:x86

b7b5c648123d0d3a878d182650889114

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetGetConnectedState
InternetReadFile

winmm

timeGetTime

mfc42

ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord692
ord2514
ord5943
ord2621
ord1134
ord541
ord801
ord1175
ord537
ord535
ord6199
ord926
ord800
ord858
ord2642
ord3092
ord2818
ord540
ord1105
ord348
ord823
ord3790
ord2393
ord690
ord5207
ord389
ord6883
ord6143
ord1771
ord6366
ord5300
ord2024
ord4219
ord2581
ord6055
ord1776
ord4401
ord5290
ord3402
ord3639
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord1576
ord4425
ord3597
ord1146
ord1168
ord567
ord324
ord2302
ord4234
ord1768
ord4710
ord2379
ord755
ord470
ord3663
ord2448
ord5710
ord4129
ord2764
ord6929
ord6927
ord860
ord665
ord354
ord2044
ord5834
ord5450
ord6394
ord5440
ord6383
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord2413
ord4627

msvcrt

_mbscmp
fflush
fopen
fwrite
fclose
strrchr
__p___argc
exit
_controlfp
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_mbsicmp
__CxxFrameHandler
_setmbcp
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
sprintf

kernel32

WaitForSingleObject
CloseHandle
WaitForMultipleObjects
CreateProcessA
GetModuleFileNameA
lstrlenA
GetModuleHandleA
GetStartupInfoA
SetEvent
CopyFileA
DeleteFileA

user32

UpdateWindow
SendDlgItemMessageA
SetDlgItemTextA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
SendMessageA
FlashWindow
SetWindowPos

msvcirt

_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock
??_Difstream@@QAEXXZ
?close@ifstream@@QAEXXZ
??1ios@@UAE@XZ
??1ifstream@@UAE@XZ
?open@ifstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??0ifstream@@QAE@XZ

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC Washer/CleanPlugin/7-Zip Compression
PC Washer/CleanPlugin/ACDSee History
PC Washer/CleanPlugin/AOL Bart
PC Washer/CleanPlugin/AOL Instant Messenger
PC Washer/CleanPlugin/AOL Spool
PC Washer/CleanPlugin/AbsoluteFTP History
PC Washer/CleanPlugin/Acrobat Reader 5 History
PC Washer/CleanPlugin/Acrobat Reader History
PC Washer/CleanPlugin/Ad-aware 6 History
PC Washer/CleanPlugin/Ad-aware SE
PC Washer/CleanPlugin/Adaptec Easy CD Creator History
PC Washer/CleanPlugin/Adaptec's Audio CD
PC Washer/CleanPlugin/AddSoft Log Files
PC Washer/CleanPlugin/AddWeb 3
PC Washer/CleanPlugin/Adobe Photoshop History
PC Washer/CleanPlugin/Adobe Photoshop History
PC Washer/CleanPlugin/Advanced MP3 Catalog
PC Washer/CleanPlugin/BitTorrent History
PC Washer/CleanPlugin/Bitcomet History
PC Washer/CleanPlugin/Borland Delphi v7 History
PC Washer/CleanPlugin/CuteFTP History
PC Washer/CleanPlugin/Disk Explorer Professional 3 History
PC Washer/CleanPlugin/Diskeeper History
PC Washer/CleanPlugin/DivX Player History
PC Washer/CleanPlugin/Download Accelerator History
PC Washer/CleanPlugin/Easy CD History
PC Washer/CleanPlugin/Ebay Toolbar History
PC Washer/CleanPlugin/FlashFXP History
PC Washer/CleanPlugin/Foxmail History
PC Washer/CleanPlugin/GetRight History
PC Washer/CleanPlugin/Google Deskbar History
PC Washer/CleanPlugin/Google Toolbar History
PC Washer/CleanPlugin/Graphic Workshop Pro History
PC Washer/CleanPlugin/HLSW History
PC Washer/CleanPlugin/HyperSnap 5 History
PC Washer/CleanPlugin/ICQ 2003a History
PC Washer/CleanPlugin/KMPlayer
PC Washer/CleanPlugin/LeapFTP History
PC Washer/CleanPlugin/MSN Messenger History
PC Washer/CleanPlugin/MSN Toolbar History
PC Washer/CleanPlugin/Macromedia Dreamweaver MX History
PC Washer/CleanPlugin/Macromedia Firework MX History
PC Washer/CleanPlugin/Macromedia Flash MX History
PC Washer/CleanPlugin/McAfee Virus Scan History
PC Washer/CleanPlugin/Media Player Recently History
PC Washer/CleanPlugin/Microsoft Imaging History
PC Washer/CleanPlugin/Microsoft Netmeeting History
PC Washer/CleanPlugin/Microsoft Office 2000 History
PC Washer/CleanPlugin/Microsoft Office 2007
PC Washer/CleanPlugin/Microsoft Office 97 History
PC Washer/CleanPlugin/Microsoft Office InfoPath 2003
PC Washer/CleanPlugin/Microsoft Office XP History
PC Washer/CleanPlugin/Microsoft Photo Editor History
PC Washer/CleanPlugin/Microsoft Publisher 2000 History
PC Washer/CleanPlugin/Microsoft Visual C++ 6
PC Washer/CleanPlugin/Microsoft Word 2000 History
PC Washer/CleanPlugin/Microsoft Word Backup Files History
PC Washer/CleanPlugin/Microsoft Works 4
PC Washer/CleanPlugin/NetAnts History
PC Washer/CleanPlugin/NetCaptor
PC Washer/CleanPlugin/NetCaptor History
PC Washer/CleanPlugin/Norton Anti-Virus History
PC Washer/CleanPlugin/Norton Firewal History
PC Washer/CleanPlugin/Norton Internet Security History
PC Washer/CleanPlugin/NotePad Plus
PC Washer/CleanPlugin/Notepad2
PC Washer/CleanPlugin/Outlook Express 5,6 History
PC Washer/CleanPlugin/Paint History
PC Washer/CleanPlugin/PhotoDraw 2000 History
PC Washer/CleanPlugin/PhotoImpact Viewer History
PC Washer/CleanPlugin/PhotoImpactHistory
PC Washer/CleanPlugin/PowerDVD History
PC Washer/CleanPlugin/RealNetworks Real Download History
PC Washer/CleanPlugin/RealOne & RealPlayer History
PC Washer/CleanPlugin/Roxio Easy CD Creator History
PC Washer/CleanPlugin/Ulead GIF Animator History
PC Washer/CleanPlugin/Ulead Photo ExpressHistory
PC Washer/CleanPlugin/UltraEdit History
PC Washer/CleanPlugin/WinAce History
PC Washer/CleanPlugin/WinISO History
PC Washer/CleanPlugin/WinRAR History
PC Washer/CleanPlugin/WinZip History
PC Washer/CleanPlugin/Winamp History
PC Washer/CleanPlugin/Windows Log
PC Washer/CleanPlugin/Windows Network History
PC Washer/CleanPlugin/Windows XP Prefech History
PC Washer/CleanPlugin/Wordpad History
PC Washer/CleanPlugin/Yahoo! Messenger History
PC Washer/CleanPlugin/Yahoo! Player History
PC Washer/CleanPlugin/Zone Alarm History
PC Washer/English.ini
PC Washer/FileWipe.exe
.exe windows:4 windows x86 arch:x86

ac6de491f9e62e8597d59dc2ce129da9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord537
ord2764
ord2452
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord5290
ord5277
ord3402
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord609
ord567
ord4275
ord2379
ord5053
ord5981
ord6880
ord6197
ord283
ord2915
ord5710
ord6283
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord640
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord765
ord693
ord2514
ord5943
ord1134
ord1168
ord2582
ord4402
ord3370
ord3640
ord5265
ord4376
ord4998
ord6052
ord1775
ord4425
ord3597
ord4407
ord3698
ord324
ord2302
ord4234
ord4710
ord755
ord470
ord2818
ord6907
ord3301
ord2642
ord3092
ord4224
ord3996
ord2862
ord3452
ord2515
ord355
ord801
ord541
ord5861
ord922
ord923
ord538
ord5280
ord2448
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord5834
ord3706
ord3742
ord812
ord818
ord1270
ord1232
ord559
ord6144
ord2152
ord6453
ord6215
ord3089
ord6605
ord2380
ord5781
ord6119
ord2754
ord3797
ord816
ord562
ord5862
ord2860
ord3619
ord1641
ord858
ord2614
ord5788
ord2414
ord4129
ord5875
ord3626
ord3571
ord4297
ord4133
ord940
ord5572
ord1146
ord2096
ord2864
ord2405
ord5785
ord323
ord1640
ord2621
ord2859
ord823
ord3663
ord1862
ord825
ord500
ord3701
ord772
ord540
ord860
ord535
ord800
ord686
ord3346
ord384
ord1576

msvcrt

__p__fmode
free
malloc
__CxxFrameHandler
_mbscmp
sprintf
atoi
strtoul
_mbsicmp
rand
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
_except_handler3
_controlfp
_setmbcp

kernel32

GetModuleHandleA
MulDiv
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
HeapFree
SetFileAttributesA
GetFileSize
DeleteFileA
GetModuleFileNameA
MultiByteToWideChar
CreateFileA
WriteFile
CloseHandle
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

DestroyIcon
SystemParametersInfoA
CopyRect
FillRect
SetRect
InflateRect
PtInRect
ChildWindowFromPointEx
SetWindowRgn
GetWindowPlacement
GetCursorPos
ScreenToClient
IsWindow
GetClassInfoA
DefWindowProcA
LoadCursorA
KillTimer
IsIconic
DrawIcon
SetWindowPos
SetTimer
LoadIconA
PeekMessageA
PostQuitMessage
EnableWindow
GetSystemMetrics
IsRectEmpty
LoadImageA
GetIconInfo
DrawStateA
OffsetRect
GetClientRect
GetWindowRect
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageA
GetSubMenu
GetSysColor

gdi32

GetStockObject
CreateRectRgn
FrameRgn
FillRgn
OffsetRgn
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
GetTextMetricsA
StretchBlt
GetTextColor
GetObjectA
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32A
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
GetDeviceCaps

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

DragFinish
SHGetFileInfoA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
DragQueryFileA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent

winmm

PlaySoundA

msvcirt

?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
_mtlock

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC Washer/Help.chm
.chm
PC Washer/Keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC Washer/Nt.flt
PC Washer/PC Turbo Memory.exe
.exe windows:4 windows x86 arch:x86

4f74bf489afa3e21dda483c713ccbd69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
PlaySoundA

kernel32

GetStartupInfoA
InterlockedDecrement
LocalAlloc
GetSystemDirectoryA
Process32First
Process32Next
CreateToolhelp32Snapshot
Module32First
Module32Next
TerminateProcess
TerminateThread
GetProcessTimes
OpenProcess
SetProcessWorkingSetSize
LocalFree
GetCurrentProcess
GetPriorityClass
SetPriorityClass
GetModuleHandleA
VirtualAlloc
VirtualFree
GetSystemInfo
GlobalMemoryStatus
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetLastError
GetModuleFileNameA
Sleep
WaitForSingleObject
lstrcatA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
MulDiv
lstrcpyA
GetProcAddress
GetCurrentThreadId
CloseHandle
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
WinExec
MultiByteToWideChar

imagehlp

MapFileAndCheckSumA

user32

RedrawWindow
SetWindowLongA
DefWindowProcA
GetCursorPos
SetTimer
RegisterHotKey
UnhookWindowsHookEx
ReleaseCapture
FrameRect
LoadImageA
DrawIcon
CreateIconIndirect
DrawStateA
OffsetRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCapture
GetParent
GetNextDlgTabItem
IsMenu
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
DrawEdge
SetRect
MessageBeep
ScreenToClient
PtInRect
SetCursor
GetMenuItemInfoA
SendMessageA
wsprintfA
GetDesktopWindow
MessageBoxA
EnableWindow
GetClientRect
FillRect
IsWindow
CopyIcon
LoadCursorA
IsRectEmpty
UpdateWindow
ShowWindow
FindWindowA
RegisterWindowMessageA
CloseClipboard
EmptyClipboard
OpenClipboard
LoadIconA
KillTimer
SetWindowPos
IsIconic
UnregisterHotKey
FindWindowExA
GetClassInfoA
SetWindowRgn
ChildWindowFromPointEx
SetForegroundWindow
EnableMenuItem
SetMenuDefaultItem
GetIconInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

mfc42

ord1601
ord861
ord3408
ord3227
ord3054
ord3425
ord3880
ord1871
ord3302
ord2362
ord2294
ord3998
ord922
ord3996
ord5861
ord3301
ord6663
ord4278
ord5862
ord562
ord816
ord6119
ord2380
ord6605
ord3089
ord6453
ord6144
ord559
ord1232
ord1270
ord812
ord2107
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord825
ord2302
ord4234
ord3706
ord3663
ord3573
ord3626
ord755
ord2414
ord1641
ord283
ord470
ord535
ord4277
ord5953
ord800
ord858
ord537
ord540
ord4710
ord3619
ord939
ord941
ord2818
ord4129
ord2764
ord860
ord4204
ord801
ord926
ord924
ord6883
ord6143
ord541
ord823
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord4424
ord3640
ord686
ord567
ord384
ord693
ord2642
ord3092
ord6199
ord2862
ord2096
ord6907
ord609
ord793
ord4224
ord1099
ord1574
ord772
ord3701
ord500
ord1862
ord4220
ord2584
ord3654
ord2438
ord6142
ord4083
ord2863
ord5606
ord2859
ord3571
ord3693
ord5875
ord2763
ord5683
ord2567
ord5788
ord2614
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord6194
ord1640
ord323
ord5785
ord2405
ord2864
ord1175
ord2408
ord5860
ord1576
ord807
ord2920
ord2012
ord2120
ord554
ord4163
ord1644
ord1146
ord5572
ord2919
ord940
ord5787
ord4133
ord4297
ord1621
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord4396
ord3402
ord3574
ord809
ord556
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord6358
ord1088
ord6197
ord3716
ord790
ord2301
ord6334
ord6111
ord394
ord696
ord400
ord702
ord4191
ord5634
ord5628
ord3435
ord3441
ord2754
ord3742
ord818
ord2152
ord1233
ord3721
ord795
ord2860
ord3797
ord2915
ord1200
ord2448
ord5710
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord5834
ord1105
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord656
ord616
ord5943
ord2621
ord1134
ord3584
ord543
ord803
ord2652
ord1669
ord1168
ord3719
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2289
ord2370
ord6282
ord6215
ord3337
ord3811
ord4476
ord6170
ord5781
ord3097
ord2841

msvcrt

wcslen
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
_CxxThrowException
_setmbcp
_onexit
__dllonexit
?terminate@@YAXXZ
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__CxxFrameHandler
atoi
atol
_mbscmp
sprintf
free
malloc
wcscpy
_initterm
_ftol
memmove
_mbsnbcpy
_except_handler3
_mbsicmp
_mbsstr
strrchr
exit
__p___argc
__p___argv
strtoul
rand

gdi32

RectVisible
PatBlt
TextOutA
ExtTextOutA
Escape
Rectangle
GetStockObject
SetBkColor
GetBkColor
DPtoLP
PtVisible
LPtoDP
CreateFontA
CreatePolygonRgn
Polygon
Arc
Pie
CreateRectRgn
FrameRgn
OffsetRgn
CombineRgn
GetTextMetricsA
StretchBlt
GetTextColor
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateSolidBrush
CreatePen
GetBkMode
GetDeviceCaps
GetObjectA
CreateFontIndirectA
FillRgn
CreateRoundRectRgn
GetMapMode

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

shell32

SHGetFileInfoA
ExtractIconA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

comctl32

ImageList_Draw
ImageList_GetIcon
ImageList_Remove
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_AddMasked

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData

msvcirt

_mtlock
?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?endl@@YAAAVostream@@AAV1@@Z
?close@ofstream@@QAEXXZ
??1ofstream@@UAE@XZ
??_Dofstream@@QAEXXZ
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
??0ofstream@@QAE@XZ
?open@ofstream@@QAEXPBDHH@Z

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC Washer/Readme.txt
PC Washer/ScanEngine.dll
.dll windows:4 windows x86 arch:x86

5f695823318794db6fd5b3478e8cd2f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1979
ord5186
ord4202
ord6385
ord5773
ord6877
ord3337
ord3811
ord3953
ord2725
ord1176
ord1575
ord5442
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord941
ord939
ord1200
ord4204
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6883
ord6143
ord5861
ord801
ord541
ord6383
ord5440
ord6394
ord5450
ord5834
ord2818
ord2044
ord537
ord354
ord3790
ord665
ord860
ord6927
ord6929
ord2764
ord4129
ord5710
ord535
ord2448
ord858
ord540
ord800
ord3663
ord823
ord1168
ord1116

msvcrt

fclose
_mbscmp
sscanf
strstr
fprintf
free
malloc
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CxxFrameHandler
fopen
fseek
fread
fwrite
rename
_mbsicmp
strrchr
sprintf

kernel32

WinExec
Sleep
GetWindowsDirectoryA
DeleteFileA
FindFirstFileA
FindClose
SetFileAttributesA
GetTempPathA
CopyFileA
SetFilePointer
GetSystemDirectoryA
lstrlenA
TerminateProcess
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
LocalFree
FreeLibrary
Process32First
GetPriorityClass
Process32Next
GetVersionExA
CreateToolhelp32Snapshot
Module32First
Module32Next
OpenProcess
LoadLibraryA
GetProcAddress
CreateFileA
CloseHandle
ReadFile
GetLastError
GetShortPathNameA
MoveFileExA
GetCurrentProcessId
MoveFileA
CreateDirectoryA
LocalAlloc
GetModuleFileNameA
GetFileSize

user32

GetDesktopWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
SetEntriesInAclA
SetSecurityInfo
RegSetValueExA
RegEnumKeyExA
ControlService
OpenServiceA
DeleteService
CloseServiceHandle
OpenSCManagerA
RegEnumValueA

shell32

SHGetSpecialFolderPathA

msvcirt

_mtlock
?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
?openprot@filebuf@@2HB
??0ifstream@@QAE@XZ
??_Difstream@@QAEXXZ
??1ios@@UAE@XZ
??1ifstream@@UAE@XZ
?close@ifstream@@QAEXXZ
?open@ifstream@@QAEXPBDHH@Z

Exports

Exports

GetUpdateInfoDbDate
GetVirInfoDbDate
IfisTrojan
IfisTrojanII
LoadVirInfoDb
RemoveTrojan
SetQuickScan
SetSlowScan
UpdateVirInfoDb

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PC Washer/Source.ini
PC Washer/UninstApp.exe
.exe windows:4 windows x86 arch:x86

09459ae39b89e817f3e469a272d2e657

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord686
ord616
ord795
ord693
ord2514
ord5943
ord2621
ord1134
ord6283
ord4129
ord6282
ord4277
ord4202
ord6648
ord2764
ord3790
ord1146
ord1168
ord2582
ord4402
ord3370
ord3640
ord5265
ord4376
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord2411
ord2023
ord4218
ord5300
ord4398
ord3582
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3721
ord567
ord384
ord324
ord2302
ord4234
ord3996
ord2862
ord2096
ord4710
ord3706
ord3573
ord3626
ord3663
ord2414
ord1641
ord283
ord755
ord470
ord801
ord4204
ord541
ord6907
ord3998
ord5953
ord2642
ord3092
ord4224
ord5981
ord6905
ord3098
ord3097
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord540
ord2614
ord858
ord6883
ord537
ord535
ord800
ord2818
ord2578
ord825
ord1576

msvcrt

_setmbcp
_strlwr
__CxxFrameHandler
strstr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_controlfp

kernel32

WinExec
GetStartupInfoA
GetModuleHandleA

user32

IsIconic
SetWindowLongA
GetWindowLongA
EnableWindow
GetSystemMetrics
GetClientRect
DrawIcon
FillRect
SendMessageA
LoadIconA

gdi32

CreateRoundRectRgn
FillRgn

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA

shell32

ShellExecuteA
SHGetFileInfoA

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_ReplaceIcon

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC Washer/Url.ini
PC Washer/Version.ini
PC Washer/VirInfo.db
PC Washer/Vista.flt
PC Washer/WipeDisk.exe
.exe windows:4 windows x86 arch:x86

4cff264a1ea4aabf6307f35f26ce3d11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord686
ord765
ord693
ord2514
ord5943
ord2621
ord1134
ord541
ord801
ord5861
ord6143
ord2582
ord4402
ord3370
ord3640
ord5265
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord4698
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3698
ord1146
ord1168
ord567
ord384
ord324
ord2302
ord4234
ord3996
ord2862
ord2096
ord4710
ord2379
ord755
ord470
ord800
ord5953
ord2818
ord540
ord2764
ord4202
ord858
ord2642
ord3092
ord4224
ord1105
ord6907
ord6883
ord3998
ord4376
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5241
ord4673
ord1576

msvcrt

_except_handler3
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_setmbcp
__CxxFrameHandler
__set_app_type

kernel32

GetDriveTypeA
DeleteFileA
CloseHandle
WriteFile
Sleep
GetDiskFreeSpaceExA
GetVolumeInformationA
GetModuleHandleA
GetStartupInfoA
CreateFileA

user32

SendMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
KillTimer
SetTimer
EnableWindow
LoadIconA

comctl32

ImageList_ReplaceIcon

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC Washer/ZFilters.ini
PC Washer/ZeroRemover.exe
.exe windows:4 windows x86 arch:x86

2ea33ea92f9c8594ee3df046cb2d188b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord283
ord2582
ord4402
ord3370
ord3640
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord641
ord324
ord693
ord2302
ord4234
ord4710
ord5678
ord3998
ord4853
ord6675
ord4204
ord1105
ord3790
ord1168
ord4278
ord5861
ord924
ord922
ord6055
ord1200
ord2448
ord5710
ord6929
ord6927
ord665
ord354
ord2044
ord5834
ord6199
ord926
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord3996
ord4224
ord3698
ord765
ord6215
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord5943
ord2621
ord1134
ord5953
ord2862
ord755
ord470
ord6907
ord1768
ord2086
ord3301
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord2575
ord6394
ord5450
ord6383
ord5440
ord472
ord1195
ord2753
ord2452
ord536
ord5856
ord4202
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3619
ord3596
ord5864
ord6061
ord5571
ord5579
ord923
ord5736
ord3654
ord2584
ord4220
ord1862
ord500
ord3701
ord772
ord1574
ord1099
ord686
ord384
ord6143
ord2764
ord6883
ord6877
ord537
ord1175
ord860
ord3811
ord3337
ord2818
ord535
ord825
ord540
ord541
ord800
ord6888
ord801
ord1576

msvcrt

_setmbcp
__CxxFrameHandler
sprintf
free
malloc
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
strrchr
fclose
fprintf
fopen
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
ExitProcess
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
GetDriveTypeA
SetCurrentDirectoryA
GetModuleFileNameA
GetVolumeInformationA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
CopyFileA
MoveFileExA
FindFirstFileA
FindNextFileA
FindClose
GetLastError
CreateDirectoryA
GetStartupInfoA

user32

DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
ReleaseDC
GetMenuStringA
GetSysColorBrush
LoadBitmapA
FillRect
TabbedTextOutA
IsIconic
DrawIcon
UpdateWindow
DrawIconEx
DestroyIcon
GetMenuItemInfoA
SetRect
CreateMenu
DrawEdge
MessageBoxA
PeekMessageA
PostQuitMessage
LoadIconA
EnableWindow
GetSubMenu
DestroyCursor
GetSysColor
CopyRect
SystemParametersInfoA
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
GetWindowLongA
SendMessageA
GrayStringA

gdi32

TextOutA
ExtTextOutA
Escape
GetStockObject
CreateFontA
SetBkColor
CreateBitmap
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetDeviceCaps
GetBkMode

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegEnumValueA

shell32

ShellExecuteA
ShellExecuteExA
SHFileOperationA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw
_TrackMouseEvent

msvcirt

?close@ifstream@@QAEXXZ
_mtlock
?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
??0ofstream@@QAE@XZ
?open@ofstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?endl@@YAAAVostream@@AAV1@@Z
?close@ofstream@@QAEXXZ
??1ofstream@@UAE@XZ
??_Dofstream@@QAEXXZ
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
??_Difstream@@QAEXXZ

winmm

PlaySoundA

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC Washer/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

5d14d7f974e797ed4168de7e279d9e91

Headers

File Characteristics

Imports

scanengine

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcirt

winmm

wininet

shlwapi

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

b7b5c648123d0d3a878d182650889114

Headers

File Characteristics

Imports

wininet

winmm

mfc42

msvcrt

kernel32

user32

msvcirt

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 192KB - Virtual size: 191KB

ac6de491f9e62e8597d59dc2ce129da9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

winmm

msvcirt

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 100KB - Virtual size: 99KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 64KB

UPX1 Size: 36KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 30KB - Virtual size: 30KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 192KB - Virtual size: 191KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 100KB - Virtual size: 99KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 8KB

CODE
Size: 30KB - Virtual size: 30KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 34KB - Virtual size: 34KB

.text
Size: 248KB - Virtual size: 244KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 20KB - Virtual size: 441KB

.rsrc
Size: 520KB - Virtual size: 518KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 104KB - Virtual size: 103KB