07b365bb96d659020ccd594373fd6639_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07b365bb96d659020ccd594373fd6639_JaffaCakes118
Size

968KB
MD5

07b365bb96d659020ccd594373fd6639
SHA1

81f8fbcbf19e8584ba1caf19077fe398237249fe
SHA256

ac82e255b04b5e7174b58583ca4a97d804e4b3e1b567be5c41d799757767f79d
SHA512

752f91cba879c0b0f49b3e16c8469b3cba4fc1c93cfde6d6c4d1cfe3f6ea6482ed2556b1f0ab0d5bc085f75eaf03e05a4756ed015d956dc9ab53bb991206e2e9
SSDEEP

24576:SOqr4MjfT97L7oxtl1R8q2JgGsnTirs6b07bHmPa48q+:SAmf5sxtl1R8JJg72XI7LmPaQ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
07b365bb96d659020ccd594373fd6639_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/HaoZip.exe
unpack001/HaoZipC.exe
unpack001/HaoZipLoader.exe
unpack001/HaoZipShell.dll
unpack001/HaoZipUpdate.exe

Files

07b365bb96d659020ccd594373fd6639_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/option.ini
HaoZip.exe
.exe windows:4 windows x86 arch:x86

c51dd2ec7061241d0771ea482e2e1dda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\rczip\trunk\bin\win32\release_tiny\pdb\HaoZip.pdb

Imports

kernel32

WritePrivateProfileStringW
GetSystemDefaultLangID
GetPrivateProfileStringW
GetModuleFileNameW
LoadLibraryExW
FormatMessageW
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
DosDateTimeToFileTime
ResumeThread
SetEndOfFile
SetFileTime
WriteFile
GetFileSize
SetFilePointer
ReadFile
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
GetTempPathW
GetFullPathNameW
GetTempFileNameW
MoveFileExW
GetWindowsDirectoryW
SearchPathW
GetLongPathNameW
GetSystemDirectoryW
MoveFileW
GetLocalTime
GetComputerNameW
GetVersionExW
SystemTimeToTzSpecificLocalTime
LoadResource
LockResource
MulDiv
ExpandEnvironmentStringsW
EnumResourceNamesW
WideCharToMultiByte
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLogicalDriveStringsW
GetVolumeInformationW
GetDiskFreeSpaceW
OpenEventW
GetDiskFreeSpaceExW
GetCPInfoExW
EnumSystemCodePagesW
EnumResourceLanguagesW
EndUpdateResourceW
SizeofResource
BeginUpdateResourceW
UpdateResourceW
FindResourceExW
EnumResourceTypesW
MultiByteToWideChar
GetACP
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
CreateProcessW
GetExitCodeProcess
CreatePipe
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
SetFileAttributesW
RemoveDirectoryW
FindResourceW
LoadLibraryW
FreeLibrary
GetCurrentProcessId
GetProcessTimes
FileTimeToLocalFileTime
FileTimeToSystemTime
ReleaseSemaphore
CreateSemaphoreW
Sleep
lstrlenW
lstrcmpiW
CompareStringW
ReadProcessMemory
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
InterlockedDecrement
InterlockedIncrement
GlobalSize
GetTickCount
LoadLibraryA
GetProcAddress
TerminateThread
WaitForSingleObject
ResetEvent
GetDriveTypeW
FreeResource
GetFileTime
GlobalFree
FindNextFileW
GetCurrentDirectoryW
CopyFileW
GetCurrentThreadId
RaiseException
FlushInstructionCache
GetCurrentProcess
SetLastError
CreateDirectoryW
LocalFree
LocalAlloc
GlobalAlloc
GlobalUnlock
GlobalLock
GetModuleHandleW
SetCurrentDirectoryW
SetErrorMode
InterlockedExchange
DeleteFileW
FindCloseChangeNotification
FindFirstChangeNotificationW
LeaveCriticalSection
EnterCriticalSection
GetLastError
CreateFileW
FindClose
FindFirstFileW
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
CloseHandle
WaitForMultipleObjects
CreateFileMappingW
GetFileAttributesW

user32

WindowFromPoint
EqualRect
GetWindowDC
PtInRect
DestroyWindow
EndPaint
BeginPaint
GetMenu
RegisterClipboardFormatW
EmptyClipboard
SetClipboardData
GetWindowLongW
IsWindowVisible
GetWindowRect
PostQuitMessage
GetActiveWindow
EnableWindow
GetParent
MoveWindow
IsWindowEnabled
MessageBoxW
wsprintfW
PostThreadMessageW
UnregisterClassA
PostMessageW
DialogBoxParamW
SetWindowLongW
SetFocus
GetFocus
CreateDialogParamW
UpdateWindow
EndDialog
LoadBitmapW
RedrawWindow
ScreenToClient
CreateWindowExW
SetPropW
GetPropW
SetWindowPos
SystemParametersInfoW
CallWindowProcW
GetClassLongW
GetWindowTextW
SetTimer
SwitchToThisWindow
DefWindowProcW
GetClientRect
GetCapture
GetWindow
KillTimer
GetCursorPos
TrackPopupMenu
ReleaseCapture
GetDlgCtrlID
FillRect
SetCapture
SetParent
MapWindowPoints
IsChild
RegisterClassW
ChangeClipboardChain
SetClipboardViewer
GetSystemMetrics
IsRectEmpty
SetMenuItemInfoW
GetMenuItemRect
CheckMenuItem
GetMenuState
ExitWindowsEx
DrawTextW
FindWindowExW
ShowCursor
FrameRect
CopyRect
CreateIconIndirect
GetIconInfo
CopyIcon
DeleteMenu
ScrollWindowEx
SetScrollPos
GetSysColorBrush
SetScrollInfo
ClientToScreen
GetScrollInfo
GetMenuItemInfoW
GetSubMenu
DrawStateW
DrawIconEx
InflateRect
GetMenuItemCount
DrawFrameControl
TrackPopupMenuEx
InsertMenuItemW
CheckRadioButton
CheckDlgButton
GetDlgItemInt
MessageBeep
SetDlgItemInt
RegisterClassExW
GetClassInfoExW
MonitorFromPoint
GetMonitorInfoW
GetCursor
GetTopWindow
SetDlgItemTextW
LoadStringW
EnumWindows
DrawFocusRect
SetRectEmpty
OffsetRect
GetWindowTextLengthW
CharNextW
GetWindowThreadProcessId
GetDC
DrawTextExW
GetDesktopWindow
GetClipboardData
CloseClipboard
CreatePopupMenu
OpenClipboard
CreateMenu
EnableMenuItem
CheckMenuRadioItem
AppendMenuW
IsMenu
DestroyMenu
SetMenu
GetKeyState
ReleaseDC
BringWindowToTop
SendDlgItemMessageW
SetWindowTextW
GetDlgItem
DestroyIcon
SetForegroundWindow
ShowWindow
IsIconic
DispatchMessageW
TranslateMessage
GetMessageW
GetClassNameW
IsDialogMessageW
SetCursor
LoadCursorW
LoadImageW
GetSysColor
InvalidateRect
SendMessageW
IsWindow
LoadIconW

gdi32

Ellipse
SetPixel
CreatePatternBrush
GetPixel
CreateBitmap
BitBlt
CreateFontIndirectW
ExcludeClipRect
MoveToEx
GetStockObject
GetObjectW
ExtTextOutW
SetBkColor
SetTextColor
StretchBlt
SelectObject
DeleteDC
GetClipBox
PathToRegion
TextOutW
EndPath
BeginPath
FillPath
CreatePen
CreateCompatibleBitmap
GetBkColor
SetViewportOrgEx
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
SetBkMode
PatBlt
LineTo
SetROP2
Rectangle
DeleteObject
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
ChooseFontW

advapi32

RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
GetUserNameW
RegQueryValueExA

shell32

SHFileOperationW
ShellExecuteW
ord155
SHGetFileInfoW
SHGetDesktopFolder
ord74
DragQueryFileW
DragFinish
Shell_NotifyIconW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ord28
FindExecutableW
SHChangeNotify

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
RevokeDragDrop
DoDragDrop
RegisterDragDrop
CoUninitialize
CoInitialize
OleRun
CoCreateInstance
ReleaseStgMedium

oleaut32

GetErrorInfo
VariantClear

shlwapi

AssocQueryStringW
StrStrIW
StrRetToBufW
SHAutoComplete
PathIsRelativeW

msimg32

TransparentBlt

msvcr80

memchr
__iob_func
_fileno
_isatty
_wcsupr
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
abort
__uncaught_exception
_calloc_crt
isupper
___lc_handle_func
___lc_codepage_func
islower
__pctype_func
__crtLCMapStringA
_get_osplatform
_wfsopen
wcstombs_s
_fsopen
_invoke_watson
setlocale
__CxxFrameHandler3
_CxxThrowException
_wchmod
feof
_wfopen_s
fread
strcpy_s
_wcsnicmp
_splitpath_s
_stricmp
_localtime64_s
iswascii
setvbuf
ungetc
fgetc
toupper
iswpunct
ispunct
fflush
fgetpos
fsetpos
fwrite
fputc
fseek
_recalloc
strcmp
memmove
swprintf_s
rand
srand
_wrename
_errno
towlower
_vsnwprintf_s
_mktime64
__RTDynamicCast
malloc
wcscpy_s
_snwprintf
wcscmp
_wtof
_wtoi
memcmp
abs
free
strcpy
wcscpy
wcscat
wcsncmp
_time64
_purecall
wcsncpy_s
swscanf
sscanf
memcpy
memset
_itow
_beginthreadex
strlen
??0exception@std@@QAE@XZ
_waccess
_endthreadex
??_V@YAXPAX@Z
memcpy_s
_rotl
towupper
_wcsicmp
_localtime64
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_vswprintf
??2@YAPAXI@Z
wcschr
wcsncpy
??0exception@std@@QAE@ABQBD@Z
wcslen
_invalid_parameter_noinfo
memmove_s
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
fclose
wcsrchr

comctl32

ImageList_Create
ImageList_GetIconSize
CreatePropertySheetPageW
DestroyPropertySheetPage
_TrackMouseEvent
CreateStatusWindowW
InitCommonControlsEx
PropertySheetW
ord8
ImageList_GetIcon
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_LoadImageW
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HaoZipC.exe
.exe windows:4 windows x86 arch:x86

0187e922614d6328579e4284cf5bd745

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\rczip\trunk\bin\win32\release_tiny\pdb\HaoZipC.pdb

Imports

kernel32

GetCommandLineW
GetSystemDefaultLangID
GetModuleHandleW
GetLastError
GetVersionExW
LoadLibraryW
FreeLibrary
CloseHandle
GetProcAddress
OpenProcess
SetLastError
CreateFileW
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
LocalFree
GetModuleFileNameW
GetPrivateProfileStringW
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose
FindNextFileW
CreateMutexW
ReleaseMutex
WaitForSingleObject
WriteFile
GetStdHandle
DosDateTimeToFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetFileTime
SetEndOfFile
SetFilePointer
GetFileSize
FileTimeToSystemTime
ReadFile
GetFullPathNameW
GetTempFileNameW
GetLongPathNameW
SearchPathW
MoveFileW
MoveFileExW
lstrlenW
GetTempPathW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime

user32

MessageBoxW
LoadStringW
IsWindow

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
SHFileOperationW

ole32

CoTaskMemFree

msvcr80

ungetc
_controlfp_s
_invoke_watson
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
memchr
??1bad_cast@std@@UAE@XZ
memcpy_s
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
free
??1exception@std@@UAE@XZ
_cexit
memset
??0exception@std@@QAE@ABQBD@Z
strlen
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
sprintf_s
_purecall
??3@YAXPAX@Z
strcspn
??_V@YAXPAX@Z
localeconv
_invalid_parameter_noinfo
wcslen
memmove_s
memcpy
_time64
_splitpath_s
_stricmp
memmove
__RTDynamicCast
__iob_func
_fileno
_isatty
_vsnwprintf_s
_errno
srand
rand
signal
malloc
towupper
wcschr
towlower
_CxxThrowException
__CxxFrameHandler3
fgetwc
fputwc
ungetwc
fflush
setvbuf
??0exception@std@@QAE@XZ
fgetc
fwrite
fgetpos
fseek
fsetpos
fclose
setlocale
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtGetStringTypeW
__crtLCMapStringW
_create_locale
_ui64toa_s
_free_locale
_malloc_crt
__pctype_func
__uncaught_exception
_calloc_crt
abort
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HaoZipLoader.exe
.exe windows:4 windows x86 arch:x86

809ae753f9f1e103a08c521a2bb16a4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\rczip\trunk\bin\win32\release_tiny\pdb\HaoZipLoader.pdb

Imports

kernel32

GetSystemDefaultLangID
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
OpenProcess
CloseHandle
GetVersionExW
GetPrivateProfileStringW
GetFileAttributesW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetModuleFileNameW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFullPathNameW
lstrlenW
GetTempFileNameW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcr80

_amsg_exit
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
memmove_s
_adjust_fdiv
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
memcpy_s
wcslen
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
strlen
??2@YAPAXI@Z
memcpy
??_V@YAXPAX@Z
memset
_splitpath_s
_stricmp
wcschr
towlower
free
malloc
_CxxThrowException
__CxxFrameHandler3
_invalid_parameter_noinfo
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HaoZipShell.dll
.dll windows:4 windows x86 arch:x86

4005f392ba8cfc1228862a8ae3212e17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\rczip\trunk\bin\win32\release_tiny\pdb\HaoZipShell.pdb

Imports

kernel32

GetLastError
GetModuleHandleW
SetFilePointer
ReadFile
CreateFileW
FindResourceW
CreateDirectoryW
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
FindClose
FindNextFileW
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FormatMessageW
LocalFree
DeleteFileW
lstrlenW
GetFullPathNameW
GetTempFileNameW
GetFileSize
WaitForSingleObject
CreateMutexW
ReleaseMutex
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetFileAttributesW
GetVersionExW
OpenProcess
LoadLibraryW
CloseHandle
GetProcAddress
GetCurrentDirectoryW
FreeLibrary
GetSystemTimeAsFileTime

user32

LoadStringW
wsprintfW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenCurrentUser
RegDeleteValueW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize

msvcr80

__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_CxxThrowException
towlower
??3@YAXPAX@Z
memcpy_s
memmove_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
wcslen
??2@YAPAXI@Z
strlen
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
memset
_splitpath_s
_stricmp
memcpy
??_V@YAXPAX@Z
_vsnwprintf_s
_errno
wcschr
towupper

shlwapi

SHDeleteKeyW

Exports

Exports

Initialize
Install
Register
SetResFileName
Uninstall
Update
Upgrade

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipUpdate.exe
.exe windows:4 windows x86 arch:x86

63e70110f0c2a62a835a6aa872efb043

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\rczip\trunk\bin\win32\release_tiny\pdb\HaoZipUpdate.pdb

Imports

kernel32

GetTickCount
CompareStringW
CopyFileW
MoveFileW
WaitForSingleObject
CloseHandle
LoadLibraryW
GetCurrentDirectoryW
ResumeThread
FileTimeToSystemTime
GetFileAttributesW
GetACP
WideCharToMultiByte
DeleteFileW
CreateDirectoryW
SetFileAttributesW
RemoveDirectoryW
GetSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
SetFilePointer
ReadFile
CreateFileW
SetEndOfFile
SetFileTime
GetFileSize
WriteFile
GetFullPathNameW
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
InterlockedIncrement
GetLongPathNameW
FindClose
FindNextFileW
FindFirstFileW
LocalFree
FormatMessageW
GetComputerNameW
SetPriorityClass
DeviceIoControl
GetVersionExW
GetSystemDefaultLangID
ExpandEnvironmentStringsW
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
OpenProcess
GetVersionExA
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetLocaleInfoA
GetThreadLocale
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
RaiseException
FlushInstructionCache
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetPrivateProfileStringW
lstrcmpiW
GetCurrentProcess
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
LoadLibraryA
InitializeCriticalSection
GetCurrentThreadId
Sleep
GetLastError
CreateMutexW
lstrlenW
InterlockedExchange
DeleteCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
EnterCriticalSection
MultiByteToWideChar
SetLastError
InterlockedDecrement
InterlockedCompareExchange

user32

SetWindowPos
UnregisterClassA
GetWindow
SetRectEmpty
SystemParametersInfoW
GetWindowRect
GetClientRect
GetParent
IsWindow
SetForegroundWindow
GetSystemMenu
IsMenu
LoadImageW
EndDialog
GetSystemMetrics
ModifyMenuW
GetWindowLongW
DestroyMenu
LoadIconW
PtInRect
GetDC
DrawTextW
InvalidateRect
ReleaseDC
DialogBoxParamW
PostQuitMessage
IsWindowEnabled
GetCursorPos
ScreenToClient
MapWindowPoints
CallWindowProcW
IsWindowVisible
GetClassNameW
LoadCursorW
RegisterClassExW
TrackPopupMenu
GetMenuDefaultItem
LoadMenuW
SetMenuDefaultItem
DestroyIcon
GetClassInfoExW
RegisterWindowMessageW
GetSubMenu
LoadStringW
SetCursor
GetActiveWindow
SetDlgItemTextW
ReleaseCapture
GetWindowTextW
GetDlgCtrlID
GetCapture
SetTimer
IsIconic
DrawFocusRect
SetCapture
KillTimer
FillRect
GetFocus
IsDialogMessageW
GetWindowTextLengthW
GetSysColor
UpdateWindow
SetFocus
EndPaint
BeginPaint
CreateWindowExW
OffsetRect
SetWindowTextW
GetDlgItem
SendMessageW
SetWindowLongW
CharNextW
DefWindowProcW
MessageBoxW
DestroyWindow
CreateDialogParamW
ShowWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
GetStockObject
DeleteObject
GetObjectW

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyW
GetUserNameW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderLocation
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

_TrackMouseEvent
InitCommonControlsEx

msvcr80

??1exception@std@@UAE@XZ
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_CxxThrowException
swprintf_s
_splitpath_s
_stricmp
_vswprintf
strncpy
swscanf_s
vswprintf_s
memcmp
_vswprintf_c_l
_localtime64_s
strcmp
memmove
memcpy
rand
srand
_time64
_errno
towlower
towupper
wcschr
_beginthreadex
_vsnwprintf_s
_wtoi
??0exception@std@@QAE@XZ
strlen
_invalid_parameter_noinfo
_purecall
wcscpy_s
?what@exception@std@@UBEPBDXZ
memmove_s
??_V@YAXPAX@Z
memcpy_s
_recalloc
wcsncpy_s
wcslen
??0exception@std@@QAE@ABV01@@Z
free
??2@YAPAXI@Z
malloc
??0exception@std@@QAE@ABQBD@Z
memset
??3@YAXPAX@Z
_controlfp_s

wininet

HttpEndRequestW
HttpOpenRequestW
HttpSendRequestExW
InternetConnectW
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
InternetWriteFile
InternetOpenUrlW
InternetReadFile

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.1MB

.rsrc Size: 18KB - Virtual size: 17KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

c51dd2ec7061241d0771ea482e2e1dda

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

msvcr80

comctl32

version

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 261KB - Virtual size: 261KB

.data Size: 35KB - Virtual size: 48KB

.rsrc Size: 103KB - Virtual size: 103KB

0187e922614d6328579e4284cf5bd745

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

msvcr80

version

Sections

.text Size: 219KB - Virtual size: 218KB

.rdata Size: 48KB - Virtual size: 48KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.1MB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 261KB - Virtual size: 261KB

.data
Size: 35KB - Virtual size: 48KB

.rsrc
Size: 103KB - Virtual size: 103KB

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 17KB - Virtual size: 16KB