fbf01d79b65fb4cbbc3d56516e40ebc6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbf01d79b65fb4cbbc3d56516e40ebc6_JaffaCakes118
Size

1.7MB
MD5

fbf01d79b65fb4cbbc3d56516e40ebc6
SHA1

645eb5bdfe4f3cae00439ac232c051dc77e29e25
SHA256

ec383107eadb44a6648369fa881432695f85c307f1ee025c3742241e99cc5a8b
SHA512

57760fbbb5545457346606c0131add1f9fb1a50f1c35b0589965b9da31e794192f3c49ebddcff1c3bb4a4acdfd19ccd7f948e87cb96684e5850627af1d32106b
SSDEEP

49152:iH9h0Rhzw2Fk4P6IS26E/XHNBh2Vs2+nct3:iH9YVwHY3NST+nct3

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ColdFear.WidescreenFix/dinput8.dll
unpack001/ColdFear.WidescreenFix/scripts/ColdFear.WidescreenFix.asi
unpack001/ColdFear.WidescreenFix/scripts/modupdater.asi

Files

fbf01d79b65fb4cbbc3d56516e40ebc6_JaffaCakes118
.zip
ColdFear.WidescreenFix/dinput8.dll
.dll regsvr32 windows:6 windows x86 arch:x86

3485941b9c07c36afc8165274ceb6a47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\Ultimate-ASI-Loader\bin\x86\Release\dinput8.pdb

Imports

kernel32

HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesW
WriteFile
CloseHandle
SetUnhandledExceptionFilter
GetLastError
CreateEventA
CreateEventW
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetCurrentThreadId
GetStartupInfoW
GetSystemInfo
VirtualQuery
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetModuleHandleExA
HeapAlloc
LockResource
SizeofResource
FindResourceW
GetShortPathNameA
GetStartupInfoA
GetPrivateProfileIntW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
CreateDirectoryW
CancelIo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
CreateMutexW
CreateThread
GetSystemTime
LoadLibraryExW
SystemTimeToFileTime
WriteConsoleW
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
LoadResource
SetLastError
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
HeapReAlloc
GetModuleHandleExW
ReadFile
InterlockedFlushSList
RtlUnwind
RaiseException
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetCPInfo
DecodePointer
EncodePointer
AreFileApisANSI
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
WideCharToMultiByte
FormatMessageW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx

user32

GetWindowThreadProcessId
EnumWindows
GetDesktopWindow
GetWindowRect
SetDlgItemTextW
EndDialog
DialogBoxParamW
SetWindowPos
wsprintfW
FindWindowW
ShowCursor
SetForegroundWindow
ReleaseDC
GetDC
MessageBoxW
GetDlgItemTextW
SetWindowTextW

gdi32

GetDeviceCaps

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree
CoCreateInstance

d3d9

Direct3DCreate9

dbghelp

SymFromAddr
MiniDumpWriteDump
StackWalk64
SymSetOptions
SymCleanup
SymInitialize

ws2_32

recvfrom
recv
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
send
getsockopt
getpeername
ioctlsocket
connect
closesocket
bind
getsockname
__WSAFDIsSet
sendto
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAGetOverlappedResult
WSARecv
WSARecvFrom
WSAResetEvent
select
WSASend
WSASendTo
WSASetEvent
WSAWaitForMultipleEvents
htonl
accept

Exports

Exports

AcquireDDThreadLock
AppCacheCheckManifest
AppCacheCloseHandle
AppCacheCreateAndCommitFile
AppCacheDeleteGroup
AppCacheDeleteIEGroup
AppCacheDuplicateHandle
AppCacheFinalize
AppCacheFreeDownloadList
AppCacheFreeGroupList
AppCacheFreeIESpace
AppCacheFreeSpace
AppCacheGetDownloadList
AppCacheGetFallbackUrl
AppCacheGetGroupList
AppCacheGetIEGroupList
AppCacheGetInfo
AppCacheGetManifestUrl
AppCacheLookup
CloseDriver
CommitUrlCacheEntryA
CommitUrlCacheEntryBinaryBlob
CommitUrlCacheEntryW
CompleteCreateSysmemSurface
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryExW
CreateUrlCacheEntryW
CreateUrlCacheGroup
D3D11CoreCreateDevice
D3D11CoreCreateLayeredDevice
D3D11CoreGetLayeredDeviceSize
D3D11CoreRegisterLayers
D3D11CreateDevice
D3D11CreateDeviceAndSwapChain
D3DKMTCloseAdapter
D3DKMTCreateAllocation
D3DKMTCreateContext
D3DKMTCreateDevice
D3DKMTCreateSynchronizationObject
D3DKMTDestroyAllocation
D3DKMTDestroyContext
D3DKMTDestroyDevice
D3DKMTDestroySynchronizationObject
D3DKMTEscape
D3DKMTGetContextSchedulingPriority
D3DKMTGetDeviceState
D3DKMTGetDisplayModeList
D3DKMTGetMultisampleMethodList
D3DKMTGetRuntimeData
D3DKMTGetSharedPrimaryHandle
D3DKMTLock
D3DKMTOpenAdapterFromHdc
D3DKMTOpenResource
D3DKMTPresent
D3DKMTQueryAdapterInfo
D3DKMTQueryAllocationResidency
D3DKMTQueryResourceInfo
D3DKMTRender
D3DKMTSetAllocationPriority
D3DKMTSetContextSchedulingPriority
D3DKMTSetDisplayMode
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetGammaRamp
D3DKMTSetVidPnSourceOwner
D3DKMTSignalSynchronizationObject
D3DKMTUnlock
D3DKMTWaitForSynchronizationObject
D3DKMTWaitForVerticalBlankEvent
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
D3DParseUnknownCommand
D3DPerformance_BeginEvent
D3DPerformance_EndEvent
D3DPerformance_GetStatus
D3DPerformance_SetMarker
DDGetAttachedSurfaceLcl
DDInternalLock
DDInternalUnlock
DSoundHelp
DebugSetLevel
DebugSetMute
DefDriverProc
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
Direct3D9EnableMaximizedWindowedModeShim
Direct3DCreate8
Direct3DCreate9
Direct3DCreate9Ex
Direct3DShaderValidatorCreate9
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW
DirectInput8Create
DirectInputCreateA
DirectInputCreateEx
DirectInputCreateW
DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DispatchAPICall
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
DrawDibBegin
DrawDibChangePalette
DrawDibClose
DrawDibDraw
DrawDibEnd
DrawDibGetBuffer
DrawDibGetPalette
DrawDibOpen
DrawDibProfileDisplay
DrawDibRealize
DrawDibSetPalette
DrawDibStart
DrawDibStop
DrawDibTime
DriverCallback
DrvGetModuleHandle
EnableFeatureLevelUpgrade
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetDDSurfaceLocal
GetDeviceID
GetDriverModuleHandle
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetOLEThunkData
GetOpenFileNamePreview
GetOpenFileNamePreviewA
GetOpenFileNamePreviewW
GetProxyDllInfo
GetSaveFileNamePreviewA
GetSaveFileNamePreviewW
GetSurfaceFromDC
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryBinaryBlob
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpCloseDependencyHandle
HttpDuplicateDependencyHandle
HttpEndRequestA
HttpEndRequestW
HttpGetServerCredentials
HttpGetTunnelSocket
HttpIsHostHstsEnabled
HttpOpenDependencyHandle
HttpOpenRequestA
HttpOpenRequestW
HttpPushClose
HttpPushEnable
HttpPushWait
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
HttpWebSocketClose
HttpWebSocketCompleteUpgrade
HttpWebSocketQueryCloseStatus
HttpWebSocketReceive
HttpWebSocketSend
HttpWebSocketShutdown
ICClose
ICCompress
ICCompressorChoose
ICCompressorFree
ICDecompress
ICDraw
ICDrawBegin
ICGetDisplayFormat
ICGetInfo
ICImageCompress
ICImageDecompress
ICInfo
ICInstall
ICLocate
ICMThunk32
ICOpen
ICOpenFunction
ICRemove
ICSendMessage
ICSeqCompressFrame
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetConvertUrlFromWireToWideChar
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetFreeCookies
InternetFreeProxyInfoList
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieEx2
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetProxyForUrl
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieEx2
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
MCIWndCreate
MCIWndCreateA
MCIWndCreateW
MCIWndRegisterClass
MarketplaceDoesContentIdMatch
NotifyCallbackData
OpenAdapter10
OpenAdapter10_2
OpenDriver
PSGPError
PSGPSampleTexture
ParseX509EncodedCertificateForListBoxEntry
PlaySound
PlaySoundA
PlaySoundW
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
ReadUrlCacheEntryStreamEx
RegisterSpecialCase
RegisterUrlCacheNotification
ReleaseDDThreadLock
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SendDriverMessage
SetAppCompatData
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
StretchDIB
TitleExport_XMarketplaceConsumeAssets
TitleExport_XPresenceUnsubscribe
TitleExport_XUserEstimateRankForRating
TitleExport_XUserFindUsers
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlCacheCheckEntriesExist
UrlCacheCloseEntryHandle
UrlCacheContainerSetEntryMaximumAge
UrlCacheCreateContainer
UrlCacheFindFirstEntry
UrlCacheFindNextEntry
UrlCacheFreeEntryInfo
UrlCacheFreeGlobalSpace
UrlCacheGetContentPaths
UrlCacheGetEntryInfo
UrlCacheGetGlobalCacheSize
UrlCacheGetGlobalLimit
UrlCacheReadEntryStream
UrlCacheReloadSettings
UrlCacheRetrieveEntryFile
UrlCacheRetrieveEntryStream
UrlCacheServer
UrlCacheSetGlobalLimit
UrlCacheUpdateEntryExtraData
UrlZonesDetach
ValidatePixelShader
ValidateVertexShader
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
VideoForWindowsVersion
WOW32DriverCallback
WOW32ResolveMultiMediaHandle
WOWAppExit
XCancelOverlapped
XCloseHandle
XContentCreateEnumerator
XContentCreatePackage
XContentGetMarketplaceCounts
XContentRetrieveOffersByDate
XCreateSocket
XCustomGetCurrentGamercard
XCustomGetLastActionPress
XCustomGetLastActionPressEx
XCustomRegisterDynamicActions
XCustomSetAction
XCustomSetDynamicActions
XCustomUnregisterDynamicActions
XEnumerate
XEnumerateBack
XFriendsCreateEnumerator
XGetOverlappedExtendedError
XGetOverlappedResult
XHVCreateEngine
XInviteGetAcceptedInfo
XInviteSend

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ColdFear.WidescreenFix/scripts/ColdFear.WidescreenFix.asi
.dll windows:6 windows x86 arch:x86

44e8a116f5982ffce1f934d70ab12765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\widescreenfixespack\data\ColdFear.WidescreenFix\scripts\ColdFear.WidescreenFix.pdb

Imports

kernel32

CreateThread
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExA
GetProcAddress
LoadLibraryW
WaitForSingleObject
SetWaitableTimer
Sleep
GetCurrentProcess
VirtualProtect
GetModuleHandleA
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
CloseHandle
CreateWaitableTimerW
GetModuleHandleW
GetLastError
FormatMessageW
WideCharToMultiByte
RaiseException
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW

user32

GetMonitorInfoW
GetDesktopWindow
MonitorFromWindow

Exports

Exports

InitializeASI

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ColdFear.WidescreenFix/scripts/ColdFear.WidescreenFix.ini
ColdFear.WidescreenFix/scripts/modupdater.asi
.dll windows:6 windows x86 arch:x86

a64c24ac24cf774b70ef1e782a428d3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\modupdater\bin\Release\modupdater.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetModuleHandleExW
lstrcmpW
WritePrivateProfileStringA
MoveFileW
FileTimeToSystemTime
CreateFileW
ReadFile
SetFilePointer
WriteFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
GetProcAddress
Sleep
SleepEx
GetModuleHandleA
ExpandEnvironmentStringsA
GetTickCount64
WaitForSingleObjectEx
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
FormatMessageA
GetFileSizeEx
InterlockedPopEntrySList
GetModuleHandleExA
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleFileNameW
GetModuleFileNameA
CreateThread
ExitProcess
GetCurrentProcessId
GetCurrentProcess
SetLastError
GetLastError
GetFileAttributesW
FindNextFileW
FindFirstFileW
DeleteFileW
CreateDirectoryW
CloseHandle
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
HeapSize
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateFileA
FindNextFileA
FindClose
InterlockedPushEntrySList
ReleaseSemaphore
GetTimeFormatW
GetDateFormatW
HeapAlloc
GetACP
HeapFree
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFullPathNameW
DeleteTimerQueueTimer
ExitThread
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RtlUnwind
RaiseException
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
FormatMessageW
WideCharToMultiByte
DuplicateHandle
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
TryEnterCriticalSection
MultiByteToWideChar
GetStringTypeW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
InterlockedFlushSList

user32

EnumWindows
SwitchToThisWindow
SendMessageA
GetWindowThreadProcessId

advapi32

CryptEncrypt
AccessCheck
DuplicateToken
GetFileSecurityW
MapGenericMask
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
OpenProcessToken

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

rstrtmgr

RmGetList
RmRegisterResources
RmEndSession
RmStartSession
RmShutdown

comctl32

ord345

wldap32

ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

crypt32

CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore

ws2_32

bind
send
recv
WSASetLastError
connect
getsockname
socket
WSAGetLastError
WSACleanup
WSAStartup
closesocket
getpeername
getsockopt
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
htonl
ntohl
select
__WSAFDIsSet

Sections

.text
Size: 843KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3485941b9c07c36afc8165274ceb6a47

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

d3d9

dbghelp

ws2_32

Exports

Exports

Sections

.text Size: 349KB - Virtual size: 348KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 6KB - Virtual size: 589KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 20KB - Virtual size: 19KB

44e8a116f5982ffce1f934d70ab12765

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

a64c24ac24cf774b70ef1e782a428d3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

rstrtmgr

comctl32

wldap32

crypt32

ws2_32

Sections

.text Size: 843KB - Virtual size: 843KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 11KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 349KB - Virtual size: 348KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 6KB - Virtual size: 589KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 843KB - Virtual size: 843KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 11KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB