0cdfc88adb912bc860a1e87b8fc6b4b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0cdfc88adb912bc860a1e87b8fc6b4b3_JaffaCakes118
Size

1.3MB
MD5

0cdfc88adb912bc860a1e87b8fc6b4b3
SHA1

727e3ee4029d13eed6014b49e3c9b72b29a2a7a4
SHA256

35dafd0cec32601221cd881d9197f79c50f77e03963c1b97feec91eab8eaf1bd
SHA512

32b1ead2f8fb9f84419d8871f59a98d95ca4bdbf7c3dc5d2191c57accd0f41946937a1f4f36573b743655bc75dfb9bf99e3cae2f8c32be4502ae3e34c21775a8
SSDEEP

24576:qnb0xryeLDpL5DV+j8RX668ODBQb7cD751FvLQGVGm+QZePc3Ip:Ab0xtvpLr+j8ffqYB1Fvdz+HU36

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Analyzer.dll
unpack001/dat/et.exe
unpack001/sqlite3.dll
unpack001/造梦西游3修改器2.1.exe

Files

0cdfc88adb912bc860a1e87b8fc6b4b3_JaffaCakes118
.zip
Analyzer.dll
.dll windows:4 windows x86 arch:x86

5818ee545c9776c1981f747e13331bd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

socket
WSAGetLastError
WSAStartup
gethostname
recvfrom
WSAIoctl
WSACleanup
closesocket
bind
gethostbyname

mfc42

ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord4129
ord823
ord6877
ord2763
ord5710
ord4079
ord541
ord6662
ord1622
ord5861
ord6883
ord6283
ord6282
ord5683
ord4202
ord939
ord941
ord6930
ord6928
ord926
ord940
ord6876
ord1158
ord6805
ord5572
ord2915
ord2784
ord5856
ord859
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord537
ord2818
ord860
ord2764
ord6663
ord4278
ord4277
ord2614
ord924
ord922
ord535
ord825
ord540
ord858
ord800
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord801

msvcrt

isalnum
wcslen
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_mbsnbcpy
atol
_mbsstr
_atoi64
memmove
strstr
_mbschr
calloc
printf
isspace
free
_ultoa
malloc
_errno
sprintf
strtok
strtoul
srand
sscanf
_ftol
rand
floor
time
localtime
strftime
_mbstok
strchr
strncpy
atoi
strrchr
_mbsicmp
_mbscmp
__CxxFrameHandler
_mbsnbcmp

kernel32

GetLastError
CreateThread
WaitForSingleObject
GetExitCodeThread
TerminateThread
CloseHandle
GetPrivateProfileIntA
GetPrivateProfileStringA
GetSystemTime
Sleep
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetLocalTime
LocalFree
LocalAlloc
SetEvent
GetModuleFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

wininet

HttpAddRequestHeadersA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetSetOptionA
InternetAttemptConnect
HttpQueryInfoA

Exports

Exports

GetAnalyzerError
GetComponentVersion
GetMultiVersionTrueUrlWithReferer
GetMultiVersionTrueUrlWithReferer2
GetMultiVideoInPage
GetPlaylistContent
GetPlaylistItems
GetTrueUrl
GetTrueUrlByIdentifier
GetTrueUrlByIdentifierWithReferer
GetTrueUrlWithReferer
InitAnalyzer
IsDontSupportUrl
IsPlaylist
NeedReAnalyze
SetBrowser
UpdatePatternByString
UpdateRefererPatternByString

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d9softע.txt
dat/dbghelp.dll
.dll windows:5 windows x86 arch:x86

42cfa6142c38112bdaffa05fb22db82e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/12/2009, 00:00

Not After

02/12/2011, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:06:42:2f:55:47:b1:2c:86:c9:26:b1:f4:7d:8c:1d:80:5c:58:86
Signer

Actual PE Digest

25:06:42:2f:55:47:b1:2c:86:c9:26:b1:f4:7d:8c:1d:80:5c:58:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

__dllonexit
_wcsicmp
wcsncpy
wcscmp
wcsncmp
__CxxFrameHandler
_wsplitpath
_wcsnicmp
towlower
__unDName
fclose
wcstol
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
_mbsnbcpy
fflush
_iob
_wmakepath
wcsrchr
wcscpy
_wcsdup
ftell
_wgetenv
_mbsicmp
_access
_fullpath
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_onexit
_chsize
_close
_get_osfhandle
_open_osfhandle
_winminor
_winmajor
_mbscmp
_memicmp
wcsncat
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
time
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
_strnicmp
isxdigit
wcslen
sprintf
strrchr
strncpy
_except_handler3
_splitpath
_stricmp
strchr
_lseeki64
wprintf

kernel32

GetFileType
Sleep
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateFileMappingW
LCMapStringW
GetDriveTypeW
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
GetDriveTypeA
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemInfo
GetVersionExW
GetProcessHeap
SuspendThread
ResumeThread
GetThreadContext
VirtualQueryEx
LoadLibraryW
TerminateThread
SetEndOfFile
GetThreadSelectorEntry
MapViewOfFileEx
FlushViewOfFile
TlsSetValue
CreateThread

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dat/et.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqlite3.dll
.dll windows:4 windows x86 arch:x86

3fb7e18f0e023692cd6e1ac0aa0d0508

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strncmp

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 720B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
造梦西游3修改器2.1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\项目\域名劫持\setup2\BHOSETUP\BHOSETUP\obj\Release\BHOSETUP.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ھ.url

Sharing

General

Malware Config

Signatures

Files

5818ee545c9776c1981f747e13331bd3

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

advapi32

ole32

msvcp60

wininet

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 325KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 156KB - Virtual size: 161KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 52KB - Virtual size: 48KB

42cfa6142c38112bdaffa05fb22db82e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02Certificate

Extended Key Usages

Key Usages

25:06:42:2f:55:47:b1:2c:86:c9:26:b1:f4:7d:8c:1d:80:5c:58:86Signer

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

version

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 569KB - Virtual size: 568KB

.data Size: 13KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 40KB - Virtual size: 40KB

Headers

File Characteristics

Sections

.text Size: 512KB - Virtual size: 509KB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 64KB - Virtual size: 187KB

.rsrc Size: 24KB - Virtual size: 24KB

3fb7e18f0e023692cd6e1ac0aa0d0508

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 412KB

.data Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 720B

.edata Size: 6KB - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.stab Size: 5KB - Virtual size: 4KB

.stabstr Size: 5KB - Virtual size: 5KB

.text
Size: 328KB - Virtual size: 325KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 156KB - Virtual size: 161KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 48KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

25:06:42:2f:55:47:b1:2c:86:c9:26:b1:f4:7d:8c:1d:80:5c:58:86
Signer

.text
Size: 569KB - Virtual size: 568KB

.data
Size: 13KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 40KB - Virtual size: 40KB

.text
Size: 512KB - Virtual size: 509KB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 64KB - Virtual size: 187KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 412KB - Virtual size: 412KB

.data
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 720B

.edata
Size: 6KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.stab
Size: 5KB - Virtual size: 4KB

.stabstr
Size: 5KB - Virtual size: 5KB

.text
Size: 324KB - Virtual size: 323KB

.rsrc
Size: 43KB - Virtual size: 48KB

.reloc
Size: 512B - Virtual size: 12B