0200b0ae3a29723f6e583e0176f5ca82_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0200b0ae3a29723f6e583e0176f5ca82_JaffaCakes118
Size

1.2MB
MD5

0200b0ae3a29723f6e583e0176f5ca82
SHA1

1b8ea6499bd7def114b8d42da1728d06c91c5cd5
SHA256

ef287c84613bac14274548cd7a0237b912cb26dbeb3448468f29a6174d204cd2
SHA512

e150b41da7019e2a51ed53b57c5d951e39c3972b38a02c255883fb86fa5f23e0c44d2fdc860629f6aca817559811a7ec076e3498fe900ac7da8632bec2977c86
SSDEEP

24576:E5VcGFJMAwLDiE8l1iiJcvkU6NnDnjWpInqyaNJyT18zT:8cGFJMAwfio+VNRnhafA10

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
0200b0ae3a29723f6e583e0176f5ca82_JaffaCakes118
unpack001/$PLUGINSDIR/CloseFlvDownload.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/IEBar/Uninstall.exe
unpack002/$PLUGINSDIR/CloseFlvDownload.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack001/IEBar/xbietb.dll
unpack001/QQDownloader(xmlbar).exe
unpack001/updater.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/IEBar/Uninstall.exe	nsis_installer_1
static1/unpack001/IEBar/Uninstall.exe	nsis_installer_2

Files

0200b0ae3a29723f6e583e0176f5ca82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CloseFlvDownload.dll
.dll windows:4 windows x86 arch:x86

5a2fbc5fed91418c2dcf57ddcc8d0b47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
InitializeCriticalSection
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
Sleep
GetProcAddress
SetErrorMode
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyA
LoadLibraryExA
GlobalFree
LoadLibraryA
GetCPInfo
HeapFree
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadReadPtr
IsBadCodePtr
GetOEMCP

user32

GetClassNameA
CharNextA
RegisterWindowMessageA
PostMessageA
EnumWindows
SendMessageTimeoutA
IsWindow

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

Exports

Exports

CloseApp

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
IEBar/Uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CloseFlvDownload.dll
.dll windows:4 windows x86 arch:x86

5a2fbc5fed91418c2dcf57ddcc8d0b47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
InitializeCriticalSection
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
Sleep
GetProcAddress
SetErrorMode
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyA
LoadLibraryExA
GlobalFree
LoadLibraryA
GetCPInfo
HeapFree
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadReadPtr
IsBadCodePtr
GetOEMCP

user32

GetClassNameA
CharNextA
RegisterWindowMessageA
PostMessageA
EnumWindows
SendMessageTimeoutA
IsWindow

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

Exports

Exports

CloseApp

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
IEBar/config/Chinese Simplified/XBIEBar.xml
.xml
IEBar/config/defaults/XBIEBar.xml
.xml
IEBar/config/defaults/xmlbar.bmp
IEBar/xbietb.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2bf6d6c98402b1a4cd59a2e91adf05bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindExtensionA

urlmon

URLDownloadToFileA

kernel32

SetErrorMode
LoadLibraryExA
GetSystemInfo
GetModuleFileNameA
CloseHandle
CreateFileA
SizeofResource
LoadResource
FindResourceA
LocalFree
FormatMessageA
lstrcmpiA
CompareStringA
CompareStringW
GetStringTypeExA
GetSystemTimeAsFileTime
GlobalLock
GlobalUnlock
IsDBCSLeadByte
GlobalAlloc
lstrcpynA
lstrcatA
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileAttributesA
GetFileSize
GetFileTime
DuplicateHandle
WriteFile
FindClose
FindFirstFileA
DeleteFileA
MoveFileA
GetTempFileNameA
GetTempPathA
CreateDirectoryA
Sleep
GetTickCount
InterlockedExchange
lstrcpyA
InterlockedIncrement
DisableThreadLibraryCalls
MulDiv
CreateProcessA
GetCurrentProcessId
GetSystemDefaultLangID
GetUserDefaultLCID
LCMapStringA
LCMapStringW
InterlockedCompareExchange
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
GetCurrentDirectoryA
GetDriveTypeA
GetOEMCP
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
GetCPInfo
ExitProcess
GetCommandLineA
GetFullPathNameA
GetTimeZoneInformation
VirtualQuery
VirtualAlloc
VirtualProtect
HeapReAlloc
RtlUnwind
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
QueryPerformanceCounter
lstrcmpA
GetCurrentThreadId
FreeLibrary
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InterlockedDecrement
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetUserDefaultLangID
GetACP
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA

user32

LoadStringA
GetComboBoxInfo
TranslateMessage
SetActiveWindow
ShowWindow
CreateAcceleratorTableA
SetWindowPos
RedrawWindow
GetDlgItem
DestroyAcceleratorTable
IsChild
GetWindow
BeginPaint
EndPaint
GetDesktopWindow
UnregisterClassA
IsWindow
SendMessageA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
DestroyWindow
DrawTextA
SetMenuItemInfoA
SetWindowLongA
GetWindowLongA
GetWindowRect
ScreenToClient
MapWindowPoints
InvalidateRgn
GetClientRect
SetCapture
ReleaseCapture
CharNextA
WaitForInputIdle
GetWindowThreadProcessId
DispatchMessageA
AppendMenuA
MoveWindow
GetDC
CreatePopupMenu
TrackPopupMenu
FrameRect
DrawFrameControl
InflateRect
DrawEdge
OffsetRect
GetSysColor
FillRect
GetSysColorBrush
GetMenuItemInfoA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetSystemMetrics
RegisterWindowMessageA
IsWindowVisible
CallWindowProcA
GetKeyState
SetFocus
GetMessagePos
SystemParametersInfoA
SetRectEmpty
ReleaseDC
GetWindowDC
GetFocus
DefWindowProcA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
DestroyMenu
LoadImageA
CopyRect
SetCursor
LoadCursorA
wsprintfA
GetParent
InvalidateRect
UpdateWindow
GetClassNameA

gdi32

GetObjectA
SelectObject
DeleteDC
CreateFontIndirectA
SetBkMode
SetBrushOrgEx
SetBkColor
SetTextColor
CreatePatternBrush
CreateBitmap
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
CreateDIBSection
GetStockObject
CreateSolidBrush
GetTextExtentPointA
GetDeviceCaps
DeleteObject

advapi32

RegEnumValueA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA

shell32

SHGetMalloc
SHGetPathFromIDListA

ole32

OleInitialize
StringFromGUID2
CoTaskMemRealloc
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance
StringFromCLSID
CoTaskMemFree
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
RegisterDragDrop
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayLock
SafeArrayUnlock
SysStringLen
SafeArrayRedim
SysStringByteLen
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetUBound
SafeArrayGetLBound
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
DispCallFunc
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
SafeArrayGetDim
SafeArrayCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServer2
DllUnregisterServer
DllUnregisterServer2

Sections

.text
Size: 288KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQDownloader(xmlbar).exe
.exe windows:4 windows x86 arch:x86

9d781394f5d62f5354ac168d58e9a641

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCpyW
StrStrIW

kernel32

LCMapStringW
LoadLibraryA
InterlockedCompareExchange
FileTimeToSystemTime
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetCurrentDirectoryW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
UnhandledExceptionFilter
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringA
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetUnhandledExceptionFilter
GetModuleFileNameA
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
VirtualQuery
VirtualAlloc
VirtualProtect
GetFullPathNameW
GetCPInfo
CreateThread
ExitThread
GetTimeZoneInformation
GetModuleHandleA
DeleteFileA
SetConsoleCtrlHandler
GetDateFormatA
GetTimeFormatA
HeapReAlloc
RtlUnwind
GetVersionExA
GetStringTypeExW
GetStringTypeExA
GetUserDefaultLCID
lstrcpynA
GetWindowsDirectoryW
CreateDirectoryW
GetTempPathW
DuplicateHandle
GetFileTime
SetEndOfFile
UnlockFile
LockFile
LocalFree
OutputDebugStringW
GetSystemInfo
TerminateThread
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
FormatMessageW
ExitProcess
WaitForSingleObject
CreateFileA
CreateMutexW
CreatePipe
GetStartupInfoW
TerminateProcess
RemoveDirectoryW
CopyFileW
ReadFile
MoveFileW
GetSystemDefaultLangID
GetUserDefaultLangID
GlobalSize
CreateProcessW
lstrcatW
WinExec
Sleep
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
SizeofResource
FlushFileBuffers
GetFileAttributesW
GetFileSize
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileW
WriteFile
lstrcmpiW
GetTempFileNameW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrcmpW
lstrcpyW
GlobalHandle
SetLastError
GetCurrentThreadId
GetModuleHandleW
GlobalLock
GlobalReAlloc
lstrcpynW
LoadResource
LockResource
lstrlenA
LoadLibraryExW
GetTickCount
FindResourceW
lstrlenW
GlobalAlloc
LoadLibraryW
FreeLibrary
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
SetErrorMode
InterlockedExchange
GlobalUnlock
GlobalFree
MulDiv
DeleteFileW
FileTimeToLocalFileTime
FindFirstFileA
HeapSize

user32

SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
LoadBitmapW
IsRectEmpty
DrawStateW
SetWindowRgn
SetWindowsHookExW
GetClassInfoW
RegisterClassW
GetMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
CreatePopupMenu
SetMenuDefaultItem
OpenClipboard
EmptyClipboard
CloseClipboard
GetAsyncKeyState
SetParent
FrameRect
RemoveMenu
EnableMenuItem
DrawIcon
ModifyMenuW
FindWindowExW
DrawAnimatedRects
GetWindowThreadProcessId
IsMenu
ChangeClipboardChain
GetClassLongW
SetClassLongW
DrawFrameControl
DrawIconEx
OffsetRect
MoveWindow
IsWindowVisible
LoadImageW
MessageBeep
GetTopWindow
SetDlgItemTextW
EndDialog
GetCursorPos
ChildWindowFromPoint
IsDlgButtonChecked
CheckDlgButton
PtInRect
IsWindowEnabled
DrawFocusRect
DrawEdge
InflateRect
GetDlgCtrlID
GetCapture
UpdateWindow
GetSysColorBrush
MapDialogRect
SetWindowContextHelpId
GetNextDlgTabItem
CreateAcceleratorTableW
GetActiveWindow
IsDialogMessageW
SendMessageTimeoutW
FindWindowW
LoadMenuW
SetForegroundWindow
GetForegroundWindow
LockWindowUpdate
TrackPopupMenu
EnumChildWindows
EnumWindows
GetDialogBaseUnits
KillTimer
GetKeyState
SetWindowLongW
GetWindowLongW
PostMessageW
GetMenu
GetSystemMenu
SetWindowPos
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
ShowWindow
EnableWindow
SendDlgItemMessageW
GetDlgItem
GetMenuItemID
GetMenuStringW
GetMenuState
GetMonitorInfoW
IntersectRect
RegisterClipboardFormatW
GetDlgItemInt
SetDlgItemInt
CopyIcon
LoadIconW
GetAncestor
IsIconic
IsZoomed
LoadStringA
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
SetWindowPlacement
GetLastActivePopup
GetWindowPlacement
SetClipboardViewer
SendMessageW
AdjustWindowRectEx
GetSystemMetrics
GetClassNameW
RedrawWindow
DestroyAcceleratorTable
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
FillRect
SetCapture
ReleaseCapture
DialogBoxParamW
IsWindow
MapWindowPoints
SystemParametersInfoW
GetWindow
GetParent
SetCursor
LoadCursorW
PostQuitMessage
DestroyWindow
AppendMenuW
GetClassInfoExW
wsprintfW
DestroyIcon
UnhookWindowsHookEx
DestroyMenu
DestroyCursor
LoadStringW
CharNextW
DrawTextW
SetTimer
UnregisterClassW
DefWindowProcW
TrackPopupMenuEx
GetSubMenu
CallWindowProcW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterClassExW
RegisterWindowMessageW
GetDC
ReleaseDC
BringWindowToTop
GetWindowDC
DialogBoxIndirectParamW
CreateDialogIndirectParamW
CreateWindowExW
GetSysColor
CreateDialogParamW
ExitWindowsEx

gdi32

SetStretchBltMode
StretchBlt
CreateRoundRectRgn
ExcludeClipRect
CreateEllipticRgnIndirect
SetBrushOrgEx
RestoreDC
SaveDC
PatBlt
CreateBitmap
CreatePatternBrush
SetViewportOrgEx
CreateFontW
GetClipBox
LPtoDP
DPtoLP
GetMapMode
GetBkColor
SetWindowOrgEx
SetMapMode
SetTextAlign
TextOutW
SetPixel
LineTo
MoveToEx
SelectClipRgn
CreateDIBSection
GetCurrentObject
RoundRect
SetBkColor
ExtTextOutW
CreatePen
Rectangle
SetTextColor
SetBkMode
CreateRectRgnIndirect
CombineRgn
FillRgn
GetStockObject
GetObjectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
CreateSolidBrush
DeleteObject
CreateFontIndirectW
GetTextMetricsW
SelectObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegDeleteKeyW

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHAppBarMessage
Shell_NotifyIconW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHGetDesktopFolder
SHGetFileInfoW

ole32

CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
RevokeDragDrop
ReleaseStgMedium
CoCreateGuid
CoTaskMemRealloc
CoInitialize
CoUninitialize
OleGetClipboard
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
RegisterDragDrop

oleaut32

VariantInit
SysFreeString
SafeArrayLock
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
VarUI4FromStr
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen

winmm

PlaySoundW
timeGetTime

comctl32

ImageList_Destroy
ord17
ImageList_Draw
_TrackMouseEvent
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Create
ImageList_ReplaceIcon
ImageList_AddMasked
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_GetImageCount
ImageList_Remove

wininet

InternetSetOptionW
InternetCloseHandle
HttpOpenRequestA
InternetOpenW
InternetConnectW
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersA

urlmon

URLDownloadToFileW
CoInternetGetSession

ws2_32

htonl
recv
send
htons
WSAStartup
WSACleanup
gethostbyname
inet_addr
closesocket
accept
bind
listen
getaddrinfo
ioctlsocket
select
freeaddrinfo
WSAAddressToStringA
getsockname
socket
connect
setsockopt
WSAGetLastError
ntohl

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/Domain.ini
config/FlvRules.ini
config/Type.ini
config/mediaplayer.swf
config/swfobject.js
.js
language/Arabic.lng
language/Chinese Simplified.lng
language/Chinese Traditional.lng
language/Czech.lng
language/Dutch.lng
language/English.lng
language/French.lng
language/German.lng
language/Italian.lng
language/Japanese.lng
language/Korean.lng
language/Polish.lng
language/Portuguese.lng
language/Russian.lng
language/Spanish.lng
language/Swedish.lng
sounds/jobdone.wav
updater.exe
.exe windows:4 windows x86 arch:x86

f3402643574ef66c4a0492a56e18bc01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
GetSystemTimeAsFileTime
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
GetVersionExA
GetCPInfo
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
VirtualQuery
SetEndOfFile
UnlockFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LockFile
GetModuleFileNameA
TerminateProcess
HeapSize
VirtualProtect
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentDirectoryW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
lstrcpynA
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFileAttributesW
GetSystemInfo
SetLastError
ExitProcess
GetCurrentProcessId
GetCommandLineW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrcatA
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesA
CreateDirectoryA
lstrcmpiA
lstrcpyA
CreateFileA
MulDiv
GlobalUnlock
GlobalLock
lstrcpynW
GetOEMCP
LoadLibraryA
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleW
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
RemoveDirectoryW
CreateFileW
CloseHandle
DeleteFileW
MoveFileW
GetFileSize
SetFilePointer
WriteFile
ReadFile
GetSystemDefaultLangID
GetUserDefaultLangID
CreateProcessW
lstrlenA
MultiByteToWideChar
lstrcatW
WinExec
LoadLibraryExW
WideCharToMultiByte
SetErrorMode
FreeLibrary
GetProcAddress
GlobalAlloc
GetTickCount
Sleep
GetLastError
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
lstrcpyW
lstrlenW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
lstrcmpW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentProcess
FlushInstructionCache
FindClose
FindFirstFileW
FindNextFileW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
QueryPerformanceCounter
GetFullPathNameW

user32

SetClipboardData
EnumWindows
CopyIcon
DialogBoxParamW
GetMonitorInfoW
GetAsyncKeyState
TrackPopupMenu
IsZoomed
IsIconic
GetSystemMenu
CreateDialogIndirectParamW
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
GetWindowTextLengthW
GetWindowTextW
EndPaint
BeginPaint
DrawFocusRect
GetCursorPos
ScreenToClient
GetCapture
ReleaseCapture
SetCapture
SetCursor
GetTopWindow
GetMenu
DestroyCursor
GetMenuState
IsMenu
GetMenuStringW
GetMenuItemID
TranslateMessage
PostMessageW
SetTimer
GetClientRect
MapWindowPoints
GetDlgItem
EnableWindow
SetWindowTextW
EndDialog
KillTimer
GetFocus
GetForegroundWindow
SetFocus
GetSubMenu
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SendMessageTimeoutW
DestroyWindow
GetSysColorBrush
RegisterClassExW
GetClassInfoExW
LoadCursorW
wsprintfW
CreateWindowExW
GetClassLongW
SetClassLongW
IsWindowVisible
ShowWindow
GetWindowRect
OffsetRect
SystemParametersInfoW
CallWindowProcW
CharNextW
DefWindowProcW
TrackPopupMenuEx
SendMessageW
GetWindow
GetParent
UpdateWindow
SetMenuItemInfoW
GetMenuItemInfoW
ModifyMenuW
GetMenuItemCount
FrameRect
CreatePopupMenu
OpenClipboard
DestroyMenu
EmptyClipboard
CloseClipboard
SetMenuDefaultItem
AppendMenuW
ClientToScreen
LoadBitmapW
InflateRect
GetSysColor
GetWindowDC
ReleaseDC
GetDC
GetSystemMetrics
DrawTextW
DrawEdge
DrawStateW
DrawFrameControl
FillRect
SetWindowsHookExW
SetWindowRgn
RedrawWindow
InvalidateRect
GetClassNameW
UnhookWindowsHookEx
SetWindowLongW
SetWindowPos
IsWindow
IsWindowEnabled
GetWindowLongW
LoadImageW
DestroyIcon
DrawIconEx
UnregisterClassW
GetActiveWindow

gdi32

DeleteDC
SetBkColor
SetTextColor
PatBlt
BitBlt
SetBrushOrgEx
SelectObject
SetBkMode
SelectClipRgn
MoveToEx
LineTo
ExtTextOutW
StretchBlt
GetTextExtentPoint32W
CreateCompatibleDC
CreateDIBSection
CreatePen
CreateSolidBrush
CreateFontIndirectW
CreateRectRgnIndirect
GetDeviceCaps
SetStretchBltMode
CombineRgn
CreateEllipticRgnIndirect
CreateRoundRectRgn
ExcludeClipRect
DPtoLP
DeleteObject
CreatePatternBrush
CreateBitmap
CreateCompatibleBitmap
GetStockObject
GetObjectW
Rectangle

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW

shell32

ShellExecuteExW
SHFileOperationW
SHGetFileInfoW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid

oleaut32

VarUI4FromStr
OleLoadPicture
SysFreeString
VarBstrCmp
VariantInit
VariantClear
SysAllocString

comctl32

ImageList_GetIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_Draw
ImageList_DrawIndirect
CreateStatusWindowW
ImageList_GetImageCount
ImageList_Remove
ImageList_Create
ImageList_AddMasked
_TrackMouseEvent
InitCommonControlsEx

wininet

InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
HttpAddRequestHeadersA
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetConnectW
InternetOpenW
HttpOpenRequestA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 28KB

5a2fbc5fed91418c2dcf57ddcc8d0b47

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 288KB - Virtual size: 284KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 32KB - Virtual size: 29KB