fd79836c324c6054236dc019289d9fab_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd79836c324c6054236dc019289d9fab_JaffaCakes118
Size

3.4MB
MD5

fd79836c324c6054236dc019289d9fab
SHA1

d5f050d83e409d3c5de85d9e4dd516c87f43e2ea
SHA256

e08c3626a1c31d7d41230206b82c57827140827dc766dfbeb5f14722bfe2c7c3
SHA512

6ec61f773f140382250c8bf5cc71d9efd5834ad80a1c4b57c84b574e4d3cc10257c18eb568ffb837be68b7ce1d0fd1b7c6a44ec7ab5b660e5318f5923b67006b
SSDEEP

98304:Kxs/uhewPaq/qYHSIU9dpN9idqGBeaRwOWu/+4H:Us/8spdpNS93wO1/vH

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hjqq_V3.6.1_crsky.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/Config.exe
unpack002/Hujiao.dll
unpack002/SonicUI.dll
unpack002/msimg32.dll
unpack002/patcher
unpack002/uninst.exe
unpack002/QQ.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Hjqq_V3.6.1_crsky.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

fd79836c324c6054236dc019289d9fab_JaffaCakes118
.rar
Hjqq_V3.6.1_crsky.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Config.exe
.exe windows:4 windows x86 arch:x86

d5e1ef0baec9a8cc8993049e45852d3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Program\Soho\CybomaQQ\Config\Release\Config.pdb

Imports

kernel32

GetProcAddress
GetCommandLineA
LoadLibraryA
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
RtlUnwind
ExitProcess
RaiseException
GetModuleHandleA
GetStartupInfoA
GetVersionExA
HeapAlloc
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
VirtualQuery
InitializeCriticalSection

user32

EndDialog
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
EndPaint
PostQuitMessage
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hujiao.dll
.dll windows:4 windows x86 arch:x86

280db42aecbdf29f0bbc4ca7b71aae43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Program\Soho\CybomaQQ\Cyboma\Release\Cyboma.pdb

Imports

kernel32

VirtualProtect
WriteProcessMemory
VirtualAlloc
VirtualFree
CreateEventA
VirtualQuery
WaitForSingleObject
TerminateThread
SetEvent
ResetEvent
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FreeLibrary
GetCurrentProcess
FlushInstructionCache
HeapAlloc
InterlockedDecrement
InterlockedIncrement
MulDiv
GetProcessHeap
HeapFree
LCMapStringW
CreateMutexA
FindFirstFileA
FindNextFileA
FindClose
SetFileAttributesA
MoveFileExA
GlobalAlloc
GlobalLock
lstrcpyW
GlobalUnlock
OpenProcess
ReadProcessMemory
LoadLibraryA
lstrcmpiA
CompareStringA
CompareStringW
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetLastError
lstrcmpA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetCurrentDirectoryA
SetEnvironmentVariableA
GetCommandLineA
lstrcpyA
lstrlenA
lstrcatA
lstrlenW
lstrcmpiW
MultiByteToWideChar
OpenFileMappingA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
Sleep
WideCharToMultiByte
OutputDebugStringA
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
IsBadWritePtr
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
TerminateProcess
ExitThread
HeapSize
IsBadReadPtr
HeapReAlloc
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleFileNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetEnvironmentVariableA
GetPrivateProfileIntA
CreateFileA
GetLocalTime
GetFileTime
CloseHandle
DeleteFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
CopyFileA
GetDriveTypeA
GetSystemInfo
CreateProcessA
CreateThread
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
GetFullPathNameA
DuplicateHandle
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GetCurrentThread
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentProcessId
GlobalDeleteAtom
lstrcmpW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFree
FormatMessageA
LocalFree
SetLastError
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
SuspendThread
GetThreadContext
ResumeThread
VirtualQueryEx
VirtualProtectEx

user32

RegisterHotKey
IsWindow
ShowWindow
EnumWindows
UnregisterHotKey
LoadIconA
GetClassNameA
InflateRect
PtInRect
DrawTextA
ClientToScreen
wsprintfA
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableA
CharNextA
RedrawWindow
FillRect
IsChild
GetFocus
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthA
RegisterWindowMessageA
GetClassInfoExA
KillTimer
SetTimer
GetWindow
GetWindowTextA
SetMenuItemInfoA
CreateDialogParamA
DialogBoxParamA
DefWindowProcA
TrackMouseEvent
LoadCursorA
RegisterClassExA
CreateWindowExA
SetForegroundWindow
IsDialogMessageA
UnhookWindowsHookEx
PostQuitMessage
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSysColorBrush
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetKeyState
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
CopyRect
GetWindowPlacement
SystemParametersInfoA
RegisterClassA
GetClassInfoA
AdjustWindowRectEx
GetMenu
MapWindowPoints
GetWindowThreadProcessId
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
GetClassLongA
GetCapture
WinHelpA
TabbedTextOutA
DrawTextExA
GrayStringA
DestroyMenu
SetWindowTextA
EnableWindow
GetDesktopWindow
SetFocus
PeekMessageA
LoadMenuA
GetSubMenu
GetCursorPos
TrackPopupMenu
InvalidateRect
EndDialog
DestroyIcon
GetClientRect
DrawIconEx
LoadImageA
BeginPaint
EndPaint
SendInput
GetDlgCtrlID
FindWindowExA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
FindWindowA
GetSystemMetrics
SubtractRect
MessageBoxA
EqualRect
SendMessageA
CallNextHookEx
SetWindowsHookExA
GetMessageA
TranslateMessage
DispatchMessageA
SetRect
SetPropA
SetActiveWindow
IsIconic
PostMessageA
SetWindowPos
GetDC
ReleaseDC
MoveWindow
GetWindowRect
GetParent
ScreenToClient
UpdateWindow
GetDlgItem
DestroyWindow
GetPropA
SetWindowLongA
RemovePropA
CallWindowProcA
UnregisterClassA
IsWindowVisible
GetWindowLongA
PostThreadMessageA

gdi32

CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
SetBkColor
ExtTextOutA
GetPixel
CreateBitmap
GetClipBox
SaveDC
RestoreDC
SetMapMode
GetDeviceCaps
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetObjectA
GetStockObject
SetTextColor

comdlg32

GetOpenFileNameA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
OleLockRunning
OleUninitialize
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc

oleaut32

VariantChangeType
SysFreeString
VariantClear
SysAllocString
VariantInit
SysAllocStringLen
SysStringLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi

comctl32

ord17

shlwapi

StrStrW
StrStrA
PathIsDirectoryA
PathFileExistsA

iphlpapi

SendARP

psapi

GetModuleInformation

ws2_32

inet_addr
setsockopt
recvfrom
htonl
connect
send
getpeername
ntohl
ntohs
gethostname
WSASend
sendto
inet_ntoa
getsockname
gethostbyname
htons
WSAStartup
socket
ioctlsocket
closesocket

dbghelp

ImageDirectoryEntryToData

oleacc

LresultFromObject
CreateStdAccessibleObject

rpcrt4

UuidToStringA
RpcStringFreeA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

wininet

InternetSetStatusCallback
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetCreateUrlA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA

Exports

Exports

DoConfig
IsCyboRunning
LoadQQ
ReportData

Sections

.text
Size: 532KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP.dat
Images/test.gif
.gif
SonicUI.dll
.dll windows:4 windows x86 arch:x86

74221c16baa74dd71b258ced7a9ccc64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Program\LocalSrc\SonicUI_src\SonicUI\Release\SonicUI.pdb

Imports

kernel32

GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetModuleHandleA
GetProcAddress
IsBadReadPtr
lstrcpyA
FindResourceA
LoadResource
SizeofResource
FreeResource
LockResource
IsBadCodePtr
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrlenA
lstrcmpiA
lstrcmpiW
CompareStringA
CompareStringW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
ReadProcessMemory
VirtualQueryEx
LocalFree
lstrcpynA
FormatMessageA
SetLastError
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpA
GlobalFlags
CloseHandle
GetCurrentThreadId
lstrcmpW
lstrcatA
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
CreateFileA
RtlUnwind
ExitProcess
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
HeapSize
TerminateProcess
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetStdHandle
SetEnvironmentVariableA
WriteProcessMemory
VirtualProtectEx

user32

AdjustWindowRectEx
GetMenu
SetForegroundWindow
MapWindowPoints
LoadIconA
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
GetClassInfoExA
GetCapture
WinHelpA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
DestroyMenu
PostQuitMessage
GetSubMenu
GetMenuItemCount
GetClassInfoA
RegisterClassA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetDlgItem
ModifyMenuA
EnableMenuItem
CheckMenuItem
MoveWindow
GetActiveWindow
WindowFromPoint
BeginPaint
EndPaint
GetPropA
RemovePropA
GetParent
SetPropA
ValidateRect
UpdateLayeredWindow
SetLayeredWindowAttributes
ShowWindow
IsWindowVisible
GetWindowRect
ClientToScreen
GetWindow
InvalidateRect
SetClassLongA
EqualRect
GetCursorPos
GetUpdateRect
LoadCursorA
RegisterClassExA
GetWindowLongA
GetLayeredWindowAttributes
CallWindowProcA
TrackMouseEvent
SetWindowLongA
GetClassLongA
DefWindowProcA
SetTimer
ReleaseCapture
SetCapture
ScreenToClient
IsWindow
IntersectRect
OffsetRect
WindowFromDC
GetClientRect
GetDesktopWindow
GetDC
GetMenuItemID
GetMenuState
UnregisterClassA
GetSysColorBrush
GetSysColor
GetSystemMetrics
ReleaseDC
PostMessageA
CopyRect
PtInRect
DestroyWindow
CreateWindowExA
SetWindowPos
SendMessageA
SetRect
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
GetDlgCtrlID
GetFocus
SetWindowTextA
GetClassNameA
GetWindowTextA
MessageBoxA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadBitmapA

gdi32

GetBkMode
SetBkMode
CreatePen
MoveToEx
LineTo
SetTextColor
TextOutA
GetTextExtentExPointA
GetTextExtentPoint32A
CreateFontIndirectA
SetMapMode
SetStretchBltMode
RestoreDC
SaveDC
GetClipBox
CreateBitmap
ExtSelectClipRgn
RealizePalette
GetDIBits
CreateRectRgnIndirect
GetStockObject
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
RectVisible
PtVisible
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
ExtTextOutA
SetBkColor
StretchBlt
CombineRgn
CreateRectRgn
SetDIBitsToDevice
GetObjectA
GetCurrentObject

shell32

SHCreateDirectoryExA
ShellExecuteA

ole32

CreateStreamOnHGlobal

oleaut32

VariantClear
OleLoadPicture
VariantChangeType
VariantInit

msimg32

AlphaBlend
TransparentBlt

comctl32

ord17
InitCommonControlsEx

shlwapi

PathFileExistsA

winmm

timeKillEvent
timeSetEvent

oleacc

CreateStdAccessibleObject
LresultFromObject

dbghelp

ImageDirectoryEntryToData

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

GetSonicUI

Sections

.text
Size: 464KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserData/UserExtension
UserData/UserInfo
Version.ini
mar
msimg32.dll
.dll windows:4 windows x86 arch:x86

8070b8b77306c55ee711159236577a12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
GetEnvironmentVariableA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
patcher
.exe windows:4 windows x86 arch:x86

6493cb688fd049c6279aa57afe5f984d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Program\Soho\CybomaQQ\CybomaQQ\Release\CybomaQQ.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize

user32

EndDialog
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
EndPaint
PostQuitMessage
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 12KB - Virtual size: 11KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

d5e1ef0baec9a8cc8993049e45852d3e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 10KB

280db42aecbdf29f0bbc4ca7b71aae43

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 532KB - Virtual size: 530KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 20KB - Virtual size: 165KB

.rsrc
Size: 132KB - Virtual size: 130KB

.reloc
Size: 40KB - Virtual size: 38KB

.text
Size: 464KB - Virtual size: 462KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 12KB - Virtual size: 29KB

.reloc
Size: 32KB - Virtual size: 28KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 10KB