098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118
Size

1.6MB
MD5

098ac0abecc4ef0b1523053dda3cd4dd
SHA1

d85fbf81cbe371f80a50966cf509b732e7d0fa36
SHA256

74be6c40d1f22f291dd504e97570c7c678ce9e46e32dfd94c94126de75ae21cd
SHA512

e2aa57a1c483ac726527acc35ae82727839600d1c60be63c7cc01337427e2e90652020126fb23f834256416113ad5fdf4dba48df75f62163c0473458851a20ce
SSDEEP

24576:2c5YG52ob3weTAASN0mX/odwVbYM63xSe1QvyVkEwMD8FumJrVK25YadBP4l6:2UjTwe8Ag0mgdw6Se1QvyVvwr9yaXP4M

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/exdll.dll
unpack001/AutoUpdate.dll
unpack001/CaiHong.dll
unpack001/CaiHong.exe
unpack001/Reporter.dll
unpack001/msimg32.dll
unpack001/uninstall.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/exdll.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_1

Files

098ac0abecc4ef0b1523053dda3cd4dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36276e7c12820586c6f4cfea7e3f74d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallQQ.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/exdll.dll
.dll windows:4 windows x86 arch:x86

0fbd870a9df4bb2f47d2ec7da8a6cabf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
OpenProcess
lstrcmpiA
CloseHandle
Process32First
CreateToolhelp32Snapshot
GlobalFree
lstrcpyA
MultiByteToWideChar
Process32Next
FlushFileBuffers
ReadFile
SetStdHandle
GetStringTypeW
GetStringTypeA
GlobalAlloc
lstrcpynA
GetCurrentThreadId
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
SetFilePointer
LoadLibraryA
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
WriteFile
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
TerminateThread
WaitForSingleObject
Sleep
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
GetVersionExA
HeapAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
InterlockedExchange
VirtualQuery
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapFree
SetUnhandledExceptionFilter
GetCurrentProcess
SetHandleCount

user32

MessageBoxA
wsprintfA
KillTimer
GetDlgItem
SendMessageA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetWindowPos
ShowWindow
SetTimer

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoUninitialize
CoInitialize
CoCreateGuid

rpcrt4

UuidToStringA
RpcStringFreeA

netapi32

Netbios

ws2_32

connect
closesocket
recv
send
WSACleanup
WSAStartup
setsockopt
getsockopt
__WSAFDIsSet
select
WSAGetLastError
htons
ioctlsocket
socket
gethostbyname
inet_addr

wininet

InternetCrackUrlA

Exports

Exports

CreateSessionId
IsQQInstall
IsQQRunning
KillAllQQProcess
QQKillTimer
QQSetTimer
Report
ReportData
SendUrl
SetProxyConfig
SetReportConfig
myFunction

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/image.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
AutoUpdate.dll
.dll windows:4 windows x86 arch:x86

ed7d48ed2a544f202d37c48f66dec8cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Administrator\桌面\2.6\AutoUpdate\Release\AutoUpdate.pdb

Imports

kernel32

LocalFree
lstrcpynA
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
lstrcpyA
GetVolumeInformationA
GetFullPathNameA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
lstrlenA
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpA
lstrcatA
GetModuleHandleA
GetFileAttributesA
GlobalFlags
lstrcmpW
FreeLibrary
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapFree
GetCommandLineA
HeapReAlloc
HeapSize
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
OutputDebugStringA
lstrcmpiA
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetSystemTime
SetCurrentDirectoryA
GetTickCount
GetCurrentThreadId
SetEvent
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
DeleteFileA
CreateThread
CreateEventA
WaitForSingleObject
OpenThread
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
GetFileTime
CreateDirectoryA
CreateMutexA
GetLastError
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
MoveFileExA
FindNextFileA
FindClose
CreateFileA
CloseHandle
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LeaveCriticalSection
GetVersionExA

user32

SetPropA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
SetForegroundWindow
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowPos
SetWindowLongA
GetPropA
SetWindowsHookExA
CallNextHookEx
GetKeyState
ValidateRect
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetFocus
GetClassNameA
GetWindowTextA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
PostThreadMessageA
DialogBoxParamA
PostMessageA
SetWindowTextA
MoveWindow
GetClientRect
GetDlgItem
SendMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
EndDialog
GetSystemMetrics
GetWindowRect
GetMessageA
PeekMessageA
RemovePropA
CharUpperA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessagePos
GetMessageTime
LoadIconA
MapWindowPoints
DispatchMessageA

comctl32

ord17

shlwapi

PathFindFileNameA
PathIsDirectoryA
PathFileExistsA
PathStripToRootA
PathIsUNCA

rpcrt4

RpcStringFreeA
UuidToStringA

iphlpapi

SendARP

wininet

InternetSetStatusCallback
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetCreateUrlA

ws2_32

gethostname
gethostbyname

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

CreateBitmap
GetStockObject
DeleteDC
SetViewportExtEx
ScaleWindowExtEx
OffsetViewportOrgEx
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
SetWindowExtEx
ScaleViewportExtEx
GetDeviceCaps
Escape
SelectObject
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

ole32

CoCreateGuid

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

CheckUpdate
CleanupAutoUpdate
CreateCfgFile
DoPatch
DoUpdateMessageBox
StartupAutoUpdate

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CaiHong.dat
CaiHong.dll
.dll windows:4 windows x86 arch:x86

a5f1341784da68500d6b5a1051234981

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\svc_src\SvnTemp2.7\UIInject\Release\UIInject.pdb

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetEnvironmentVariableA
Thread32First
Thread32Next
GetPrivateProfileStringA
LCMapStringW
OpenProcess
ReadProcessMemory
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
CreateMutexA
MoveFileExA
GetCurrentThreadId
CreateEventA
ResetEvent
CreateThread
OpenEventA
SetEvent
GetTickCount
DisableThreadLibraryCalls
GetLastError
lstrcmpiA
lstrcmpiW
lstrlenW
MultiByteToWideChar
GetVersion
FreeLibrary
LoadLibraryA
SetCurrentDirectoryA
OpenThread
WaitForSingleObject
Sleep
OutputDebugStringA
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringA
UnhandledExceptionFilter
GetEnvironmentStringsW
GetCommandLineA
lstrcpynA
SetFileAttributesA
DeleteFileA
GetModuleFileNameA
SetEnvironmentVariableA
CreateProcessA
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentDirectoryA
lstrlenA
lstrcatA
WinExec
lstrcpyA
CreateDirectoryA
CopyFileA
GetModuleHandleA
GetProcAddress
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsBadWritePtr
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetCurrentProcessId
GetPrivateProfileIntA
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
QueryPerformanceCounter
TerminateProcess
HeapSize
HeapReAlloc
IsBadReadPtr
HeapFree
HeapAlloc
GetSystemInfo
RtlUnwind
ExitProcess
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
GetCurrentProcess
VirtualAlloc
SetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateThread
VirtualQuery
VirtualFree
InterlockedDecrement
VirtualProtect
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetSystemTime
MulDiv
LocalFree
FormatMessageA
GlobalFree
RaiseException
GlobalFlags
InterlockedIncrement
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
lstrcmpA

user32

GrayStringA
GetDC
IntersectRect
GetMenuItemCount
GetMenuItemID
GetMenuState
IsWindowEnabled
PtInRect
GetSysColorBrush
GetLastActivePopup
GetWindowPlacement
IsIconic
SystemParametersInfoA
OffsetRect
RegisterClassA
GetClassInfoA
AdjustWindowRectEx
GetMenu
GetKeyState
MapWindowPoints
PeekMessageA
LoadIconA
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
GetClassInfoExA
GetCapture
WinHelpA
RegisterWindowMessageA
ValidateRect
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
DestroyMenu
DrawTextExA
FindWindowA
CopyImage
WindowFromDC
GetDlgCtrlID
GetWindow
UnhookWindowsHookEx
GetCursorPos
SetFocus
MapVirtualKeyA
GetKeyNameTextA
GetWindowTextA
EnableWindow
SetWindowTextA
LoadStringA
RemovePropA
CallWindowProcA
SetPropA
GetPropA
PostQuitMessage
CreateWindowExA
CreateDialogParamA
GetClassLongA
SetCursor
DefWindowProcA
TrackMouseEvent
UnregisterClassA
LoadCursorA
RegisterClassExA
SetWindowRgn
LoadMenuA
ClientToScreen
SetMenuItemInfoA
TrackPopupMenu
GetSubMenu
EqualRect
SetWindowsHookExA
SetWindowLongA
SetLayeredWindowAttributes
SetRect
FindWindowExA
GetParent
GetFocus
DrawFocusRect
MessageBoxA
SetWindowPos
GetClientRect
FillRect
CopyRect
DestroyWindow
KillTimer
InvalidateRect
GetSysColor
SendMessageA
SetTimer
SetForegroundWindow
IsWindowVisible
GetWindowLongA
GetWindowThreadProcessId
GetClassNameA
UnregisterHotKey
RegisterHotKey
IsWindow
ShowWindow
EnumWindows
PostThreadMessageA
CheckDlgButton
BeginPaint
GetDlgItem
DrawTextA
TabbedTextOutA
GetAsyncKeyState
CallNextHookEx
DispatchMessageA
TranslateMessage
GetMessageA
ScreenToClient
EndPaint
DialogBoxParamA
GetWindowRect
GetSystemMetrics
MoveWindow
EndDialog
PostMessageA
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
ReleaseDC
GetWindowDC
SendInput
SetClassLongA

gdi32

SetBkMode
SetTextAlign
ExtTextOutA
CreateSolidBrush
CreateRectRgn
CombineRgn
CreatePen
MoveToEx
LineTo
GetTextColor
GetBkColor
GetObjectA
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
SelectObject
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
GetPixel
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
GetStockObject
StretchBlt
GetBitmapBits
SetBitmapBits
GetCurrentObject
GetDeviceCaps

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
Shell_NotifyIconW

ole32

CoCreateGuid
CreateStreamOnHGlobal

comctl32

ord17
InitCommonControlsEx

shlwapi

PathFileExistsA
PathIsDirectoryA

dbghelp

ImageDirectoryEntryToData

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
WSASocketA
ioctlsocket
select
recvfrom
socket
connect
WSASend
closesocket
getsockname
gethostname
gethostbyname
getpeername
ntohl
ntohs
send
inet_addr
htons
htonl
sendto

oleacc

CreateStdAccessibleObject
LresultFromObject

rpcrt4

UuidToStringA
RpcStringFreeA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

oleaut32

OleLoadPicture
VariantInit
VariantChangeType
VariantClear

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

HandleLoadRet
LoadQQ
_CallWndProc@12
_FuncInit@4

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CaiHong.exe
.exe windows:4 windows x86 arch:x86

861e6d8041918670611caf53fadec996

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\桌面\2.7\Starter\ReleaseStarter.pdb

Imports

kernel32

WaitForSingleObject
OpenThread
WinExec
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetModuleFileNameA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
VirtualAlloc
ExitProcess
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
VirtualQuery
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
InitializeCriticalSection

user32

PeekMessageA
SetTimer
EndDialog
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
EndPaint
PostQuitMessage
KillTimer
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostThreadMessageA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Config.ini
Reporter.dll
.dll windows:4 windows x86 arch:x86

46cc02335cf5398097798c0e61eb2c99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\Shc\UIInject\HttpDownloader\Release\HttpDownloader.pdb

Imports

kernel32

TerminateThread
EnterCriticalSection
Sleep
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateThread
InitializeCriticalSection
CompareStringW
CompareStringA
CloseHandle
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
ReadFile
SetStdHandle
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualAlloc
VirtualProtect
MultiByteToWideChar
SetFilePointer
RtlUnwind
ExitProcess
RaiseException
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
InterlockedExchange
VirtualQuery
FatalAppExitA
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
SetEnvironmentVariableA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateGuid

ws2_32

setsockopt
gethostname
closesocket
recv
send
htons
inet_addr
gethostbyname
socket
ioctlsocket
connect
WSAGetLastError
select
__WSAFDIsSet
getsockopt

wininet

InternetCrackUrlA

rpcrt4

UuidToStringA
RpcStringFreeA

iphlpapi

SendARP

Exports

Exports

CreateSessionId
ReportData
ReportData2
SetProxyConfig
SetReportConfig

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Res/FaceImg/1.gif
Res/FaceImg/10.gif
Res/FaceImg/11.gif
Res/FaceImg/12.gif
Res/FaceImg/13.gif
Res/FaceImg/14.gif
Res/FaceImg/15.gif
Res/FaceImg/2.gif
Res/FaceImg/3.gif
Res/FaceImg/4.gif
.gif
Res/FaceImg/5.gif
Res/FaceImg/6.GIF
Res/FaceImg/7.gif
Res/FaceImg/8.gif
Res/FaceImg/9.gif
Update.ini
Version.ini
mdic.dat
msimg32.dll
.dll windows:4 windows x86 arch:x86

75c7669e7fca8c431d69833f5cef87ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrlenA
GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prefix.txt
uninstall.exe
.exe windows:4 windows x86 arch:x86

36276e7c12820586c6f4cfea7e3f74d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DiaoCha.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/exdll.dll
.dll windows:4 windows x86 arch:x86

0fbd870a9df4bb2f47d2ec7da8a6cabf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
OpenProcess
lstrcmpiA
CloseHandle
Process32First
CreateToolhelp32Snapshot
GlobalFree
lstrcpyA
MultiByteToWideChar
Process32Next
FlushFileBuffers
ReadFile
SetStdHandle
GetStringTypeW
GetStringTypeA
GlobalAlloc
lstrcpynA
GetCurrentThreadId
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
SetFilePointer
LoadLibraryA
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
WriteFile
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
TerminateThread
WaitForSingleObject
Sleep
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
GetVersionExA
HeapAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
InterlockedExchange
VirtualQuery
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapFree
SetUnhandledExceptionFilter
GetCurrentProcess
SetHandleCount

user32

MessageBoxA
wsprintfA
KillTimer
GetDlgItem
SendMessageA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetWindowPos
ShowWindow
SetTimer

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoUninitialize
CoInitialize
CoCreateGuid

rpcrt4

UuidToStringA
RpcStringFreeA

netapi32

Netbios

ws2_32

connect
closesocket
recv
send
WSACleanup
WSAStartup
setsockopt
getsockopt
__WSAFDIsSet
select
WSAGetLastError
htons
ioctlsocket
socket
gethostbyname
inet_addr

wininet

InternetCrackUrlA

Exports

Exports

CreateSessionId
IsQQInstall
IsQQRunning
KillAllQQProcess
QQKillTimer
QQSetTimer
Report
ReportData
SendUrl
SetProxyConfig
SetReportConfig
myFunction

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
version.txt

Sharing

General

Malware Config

Signatures

Files

36276e7c12820586c6f4cfea7e3f74d2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 27KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

0fbd870a9df4bb2f47d2ec7da8a6cabf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

netapi32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 5KB

ed7d48ed2a544f202d37c48f66dec8cf

Headers

File Characteristics

PDB Paths

Imports

kernel32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 400B

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 536KB - Virtual size: 532KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 16KB - Virtual size: 167KB

.share
Size: 4KB - Virtual size: 672B

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 40KB - Virtual size: 37KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB