0c0536a21f01d68eb8d03928abe44914_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c0536a21f01d68eb8d03928abe44914_JaffaCakes118
Size

753KB
MD5

0c0536a21f01d68eb8d03928abe44914
SHA1

ab57803bd962d47baee07f253aceecb4bc35f664
SHA256

020a7fc90c69bda49e8d923fa80803ce1545de2de59f2460fc372bbb1d8c0498
SHA512

8b3a5c566de36d32233348705e77ea2bca76c619092938e8cc42a3a36ddbdd1ed9625ee8cf0b3d896829204c9df3ccafdff01412211618e81384ca1bf356e50f
SSDEEP

12288:j6wbtadwsRPH0v6NjwHVGT8pihtc3UMlelmKZoSw/ZvB09X24d0put6wbtazPH0y:j6w8wsRPQEcVu8KtAXeoSEZvBQTd0puk

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/DLLDownLoader120308.dll
unpack001/$PLUGINSDIR/DLLWaitForKillProgram.dll
unpack001/$PLUGINSDIR/DLLWebCount120207.dll
unpack001/$PLUGINSDIR/ExAddPage20120308.dll
unpack001/$PLUGINSDIR/FILEDownPlug120308.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/LiveChk20120308.dll
unpack001/$PLUGINSDIR/SetHoldDate3.dll
unpack001/$PLUGINSDIR/processes_second.dll
unpack001/$PLUGINSDIR/stack.dll
unpack001/ancamcorder.exe
unpack001/ancamcorderupdate.exe
unpack001/xvid/driver/xvidcore.dll
unpack001/xvid/driver/xvidvfw.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

0c0536a21f01d68eb8d03928abe44914_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:74:d9:37:78:84:64:82:59:b4:bd:65:fa:2a:02:1f
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

01/09/2011, 00:00

Not After

31/08/2013, 23:59

Subject

CN=(주)이비즈네트웍스,O=(주)이비즈네트웍스,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLDownLoader120308.dll
.dll windows:4 windows x86 arch:x86

2be5c75b54508e5f9ce230cd7d1c100a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3346
ord3831
ord2554
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1243
ord2396
ord5199
ord1089
ord3922
ord5731
ord3830
ord2512
ord4486
ord6375
ord3825
ord4274
ord6467
ord1578
ord600
ord269
ord826

msvcrt

sprintf
__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
atoi

kernel32

LocalFree
lstrcpyA
GlobalFree
GetTempPathA
GetPrivateProfileStringA
LocalAlloc

user32

wsprintfA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

Exports

Exports

DownLoader
myFunction

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWaitForKillProgram.dll
.dll windows:4 windows x86 arch:x86

2e92645153848ef99816d61ac6e2a921

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalFree
lstrcpyA
LocalFree
LocalAlloc

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord6375
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1243
ord6467
ord4274
ord2982
ord269
ord826
ord600
ord1578

msvcrt

_strupr
toupper
??1type_info@@UAE@XZ
_onexit
__dllonexit
_EH_prolog
__CxxFrameHandler

user32

wsprintfA
MessageBoxA

Exports

Exports

DLLWaitForKillProcess
myFunction

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWebCount120207.dll
.dll windows:4 windows x86 arch:x86

20f16464083ccb9be4a9dc460a3ddbad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord3922
ord3738
ord561
ord825
ord815
ord1199
ord1247
ord690
ord1988
ord2393
ord800
ord5207
ord860
ord6059
ord389
ord540
ord941
ord823
ord939
ord858
ord922
ord6112
ord1176
ord5731
ord2512
ord2554
ord4486
ord6375
ord4424
ord4274
ord1243
ord6467
ord1578
ord600
ord826
ord269

msvcrt

_EH_prolog
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CxxFrameHandler

kernel32

LocalFree
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
LocalAlloc

user32

wsprintfA
MessageBoxA

wsock32

WSAStartup
WSACleanup

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile

Exports

Exports

DLLInstallCheck
DLLWebCount
SocketCount
WebCount
myFunction

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExAddPage20120308.dll
.dll windows:4 windows x86 arch:x86

a31423df96accd7f6a5fcbbc3f31973a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord823
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5281
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1725
ord5260
ord2446
ord6614
ord5277
ord6691
ord4627
ord2396
ord4486
ord6514
ord6800
ord4284
ord2233
ord3610
ord6055
ord5290
ord3402
ord3721
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5241
ord5280
ord3749
ord1727
ord5261
ord2124
ord4425
ord3597
ord795
ord800
ord641
ord567
ord540
ord324
ord656
ord2302
ord4234
ord858
ord5651
ord3127
ord3616
ord3663
ord665
ord5572
ord5442
ord2915
ord3318
ord353
ord922
ord4129
ord5683
ord537
ord1168
ord6199
ord3092
ord6805
ord6215
ord4299
ord2864
ord4710
ord755
ord470
ord2379
ord4047
ord2086
ord2867
ord6242
ord6467
ord765
ord3698
ord3742
ord818
ord4275
ord535
ord6320
ord3571
ord3626
ord2414
ord1768
ord640
ord5785
ord1641
ord1146
ord1640
ord323
ord1105
ord2614
ord861
ord3811
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord5199
ord1089
ord3922
ord5731
ord2512
ord4432
ord2554
ord600
ord826
ord269
ord6375
ord6478
ord4274
ord1116

msvcrt

_onexit
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv
_EH_prolog
_ftol
__CxxFrameHandler
__dllonexit

kernel32

LocalFree
ResumeThread
GetTempPathA
lstrcpyA
GlobalFree
LocalAlloc

user32

wsprintfA
DispatchMessageA
LoadBitmapA
OffsetRect
GetParent
FindWindowExA
SendMessageA
EnableWindow
InvalidateRect
PostMessageA
ShowWindow
IsWindowVisible
GetMessageA
IsDialogMessageA
TranslateMessage
GetClientRect

gdi32

BitBlt
CreateCompatibleDC

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

shlwapi

StrFormatByteSizeA

Exports

Exports

showPage
sponPage

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FILEDownPlug120308.dll
.dll windows:4 windows x86 arch:x86

1b6303fba3c09e3c12e1f0a7f2cc93ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
RtlUnwind

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Exports

Exports

Download

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LiveChk20120308.dll
.dll windows:4 windows x86 arch:x86

61d7250d1f0e49e7d8f5ab4e906c3bf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
GlobalFree
lstrcpyA
lstrcpynA
FindFirstFileA
FindClose
GetTempPathA
GlobalAlloc
DeleteFileA
LCMapStringW
LCMapStringA
CloseHandle
GetLastError
SetFilePointer
GetStdHandle
DeleteCriticalSection
WriteFile
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
SetStdHandle
ExitProcess
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
RtlUnwind
GetCurrentThreadId
TlsSetValue
SetLastError
TlsGetValue
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

user32

wsprintfA
MessageBoxA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

Exports

Exports

LiveChker
myFunction

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISPromotionEx.ini
$PLUGINSDIR/SetHoldDate3.dll
.dll windows:4 windows x86 arch:x86

64043ebf9d5bf4e8ead17ce6db58991e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapAlloc
HeapFree
HeapSize
FlushFileBuffers
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
WriteFile
GetCurrentProcess
GetOEMCP
GetCPInfo
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GlobalFlags
lstrcmpiA
lstrcmpA
GetLastError
SetLastError
GetVersion
GetModuleFileNameA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetCurrentThreadId
CloseHandle
GlobalLock
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
lstrcpynA
lstrcpyA
HeapReAlloc
GlobalFree

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

comctl32

ord17

user32

LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
PostQuitMessage
DestroyMenu
PostMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetDlgItem
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetLastActivePopup
IsWindowEnabled
MessageBoxA
EnableWindow
SetFocus
GetFocus
GetParent
GetWindowTextA
SetWindowsHookExA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetMenu
LoadIconA
PeekMessageA
CallNextHookEx
GetKeyState
SendMessageA
DispatchMessageA
UnhookWindowsHookEx
UnregisterClassA
LoadStringA
GetMenuItemID
GetWindowLongA
GetClassNameA
GetMenuItemCount
GetSubMenu
GetMenuState

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Exports

Exports

??0CSetHoldDate2@@QAE@XZ
??4CSetHoldDate2@@QAEAAV0@ABV0@@Z
?fnSetHoldDate2@@YAHXZ
?nSetHoldDate2@@3HA
SetHoldData
SetHoldDate2

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ancamcorder_lincese_2.0.txt
$PLUGINSDIR/installoption.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/processes_second.dll
.dll windows:4 windows x86 arch:x86

522ca24d77f428ea710f83ca6b5d4867

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Nsis\플러그인\processes\setup-processes\src\Debug\processes.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
OpenProcess
TerminateProcess
GlobalFree
lstrcpyA
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DebugBreak
RaiseException
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
GetCurrentProcess
ExitProcess
GetModuleHandleA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLastError
GetLastError
GetCurrentThread
IsBadWritePtr
IsBadReadPtr
HeapValidate
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
UnhandledExceptionFilter
RtlUnwind
HeapAlloc
GetProcessHeap
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
VirtualQuery
InterlockedExchange
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
FlushFileBuffers
GetTimeZoneInformation
SetEnvironmentVariableA

user32

FindWindowA
UpdateWindow
GetDesktopWindow
wsprintfA

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/stack.dll
.dll windows:4 windows x86 arch:x86

55ae76a2cfe164921f566c03cfbba5ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcmpiA
lstrcpyA
lstrcpynA
GlobalUnlock
lstrcatA
GlobalLock
lstrlenA

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
wsprintfA
SendMessageA
GetDlgItem
EndDialog
DialogBoxParamA

Exports

Exports

_Debug
_Unload
_dll_clear
_dll_create
_dll_delete
_dll_delete_range
_dll_destroy
_dll_exchange
_dll_insert
_dll_move
_dll_move_range
_dll_push_sort
_dll_push_sort_int
_dll_read
_dll_reverse_range
_dll_size
_dll_sort_all
_dll_sort_all_int
_dll_write
_ns_clear
_ns_pop_front
_ns_push_back
_ns_push_front
_ns_read
_ns_size
_ns_write

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ancamcorder.exe
.exe windows:4 windows x86 arch:x86

f0124ce976a7e22f9380711dbdc19949

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord6805
ord4299
ord1768
ord6197
ord4710
ord6055
ord1776
ord5290
ord3402
ord3610
ord823
ord1146
ord1168
ord567
ord2302
ord6380
ord2379
ord3619
ord1641
ord755
ord470
ord3571
ord3626
ord3663
ord640
ord2405
ord2414
ord6172
ord5875
ord5785
ord1640
ord323
ord6710
ord6453
ord2863
ord6378
ord4284
ord4220
ord2584
ord3654
ord5981
ord2438
ord6270
ord1175
ord1644
ord1200
ord3097
ord5953
ord5710
ord4129
ord5683
ord858
ord6877
ord2575
ord4396
ord3574
ord3573
ord6741
ord6508
ord609
ord3092
ord3874
ord3337
ord3811
ord3089
ord4476
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord3317
ord2587
ord4406
ord3394
ord3738
ord804
ord2086
ord6785
ord613
ord289
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord4837
ord6847
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord6614
ord6691
ord4432
ord6478
ord6514
ord6800
ord2233
ord539
ord6814
ord2452
ord2859
ord2450
ord6699
ord1601
ord1871
ord809
ord556
ord4275
ord2754
ord6358
ord1088
ord2122
ord3721
ord795
ord3797
ord5789
ord2860
ord6880
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord4853
ord4376
ord5265
ord860
ord924
ord6199
ord2642
ord2915
ord5572
ord535
ord1134
ord2621
ord537
ord2818
ord2864
ord6215
ord2514
ord656
ord641
ord825
ord561
ord540
ord2614
ord815
ord6867
ord800
ord5731
ord2512
ord2554
ord4486
ord6375
ord3729
ord4274
ord1576

msvcrt

_stricmp
_setmbcp
__CxxFrameHandler
_splitpath
_mbscmp
atol
atoi
_mbsnbcpy
_ftol
_beginthreadex
sprintf
free
wcscmp
malloc
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

GetVersion
CreateFileA
WriteFile
FindFirstFileA
FindClose
QueryPerformanceCounter
QueryPerformanceFrequency
HeapCreate
HeapAlloc
GetTickCount
WaitForSingleObject
HeapFree
HeapDestroy
CreateEventA
CreateThread
CloseHandle
GetVersionExA
GetPrivateProfileStringA
GetProcAddress
GetPrivateProfileIntA
WritePrivateProfileStringA
Sleep
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
CreateMutexA
GetLastError
ReleaseMutex
GetStartupInfoA

user32

LoadBitmapA
FillRect
GetDesktopWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetSysColor
DrawFocusRect
OffsetRect
DrawEdge
GetCapture
SetWindowRgn
ReleaseCapture
GetNextDlgGroupItem
RegisterWindowMessageA
GetSystemMetrics
LoadIconA
LoadCursorA
EnableWindow
FindWindowA
GetLastActivePopup
BringWindowToTop
GetDC
GetCursorInfo
ClientToScreen
WindowFromPoint
ScreenToClient
ChildWindowFromPointEx
MessageBoxA
LoadMenuA
GetSubMenu
SetMenuDefaultItem
SetForegroundWindow
EnableMenuItem
SetWindowPos
GetSystemMenu
SendMessageA
GetClientRect
PeekMessageA
GetParent
SetRect
PostQuitMessage
AppendMenuA
GetWindowLongA
SetCursor
PtInRect
GetCursorPos
GetWindowRect
PostMessageA
SetTimer
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
ExitWindowsEx
LoadImageA
InvalidateRect
DrawIcon
IsIconic
ReleaseDC
LoadAcceleratorsA
SetWindowTextA
IsWindow
KillTimer
RedrawWindow
SetWindowLongA
TranslateAcceleratorA

gdi32

SelectClipRgn
CombineRgn
GetPixel
GetStockObject
GetBitmapBits
CreateDCA
DeleteObject
CreateDIBSection
GetDIBits
GetObjectA
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateRectRgn
CreateFontA
BitBlt

comdlg32

GetSaveFileNameA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA

comctl32

_TrackMouseEvent

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString

wininet

HttpOpenRequestA
InternetOpenA
InternetConnectA
HttpSendRequestA

shlwapi

PathCompactPathA

winmm

waveInGetNumDevs
waveInGetDevCapsA

avifil32

AVIMakeCompressedStream
AVIFileExit
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileRelease
AVIStreamRelease
AVIFileInit

dsound

ord6

msimg32

AlphaBlend

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ancamcorder.ini
ancamcorderupdate.exe
.exe windows:4 windows x86 arch:x86

860daf4b78482998048c9ed38647af39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord561
ord825
ord815
ord3663
ord3626
ord641
ord800
ord795
ord2414
ord686
ord765
ord609
ord2514
ord2621
ord1134
ord540
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3571
ord3619
ord1146
ord1168
ord384
ord567
ord2302
ord6805
ord6199
ord858
ord6215
ord4299
ord4160
ord2863
ord1768
ord5943
ord4224
ord2379
ord755
ord470
ord2820
ord3811
ord535
ord860
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord926
ord537
ord356
ord2642
ord2862
ord2096
ord2123
ord6442
ord3738
ord1641
ord1105
ord939
ord941
ord690
ord1988
ord2393
ord5207
ord389
ord922
ord924
ord4129
ord2764
ord2818
ord4278
ord2614
ord861
ord3610
ord656
ord4275
ord3398
ord3733
ord810
ord4271
ord2864
ord3303
ord3914
ord6008
ord4000
ord3297
ord3290
ord823
ord1929
ord3573
ord3797
ord1200
ord923
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord6614
ord6691
ord4432
ord6478
ord6514
ord6800
ord4284
ord2233
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2116
ord4673
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_setmbcp
__CxxFrameHandler
sprintf
atoi
fclose
fopen
_mbscmp
malloc
_ftol
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateProcessA
GetVersionExA
GetModuleHandleA
GetStartupInfoA
WaitForSingleObject
ResumeThread
CreateDirectoryA
GetCommandLineA
GetModuleFileNameA
GetLastError
CreateMutexA
lstrlenA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
OpenMutexA
GetTempPathA
RemoveDirectoryA
DeleteFileA

user32

SetWindowLongA
MessageBeep
IsWindowVisible
SetCursor
LoadCursorA
EnableWindow
KillTimer
SetTimer
GetSysColor
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
InvalidateRect
GetSystemMenu
AppendMenuA
wsprintfA
ScreenToClient
SendMessageA
FindWindowA
LoadIconA
GetParent
LoadBitmapA
SetFocus
GetMessagePos

gdi32

CreateFontA
CreateSolidBrush

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

comctl32

ImageList_AddMasked

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

shlwapi

PathRemoveFileSpecA
StrFormatByteSizeA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xvid/driver/Uninstall.exe.nsis
xvid/driver/install.bat
xvid/driver/xvid.inf
xvid/driver/xvidcore.dll
.dll windows:4 windows x86 arch:x86

056097a1b0cb00b2dfa4e81b830e30bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
WaitForSingleObject
CloseHandle
Sleep
GetSystemInfo
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
WriteFile
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileA
ReadFile
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile

Exports

Exports

xvid_decore
xvid_encore
xvid_global
xvid_plugin_2pass1
xvid_plugin_2pass2
xvid_plugin_dump
xvid_plugin_lumimasking
xvid_plugin_psnr
xvid_plugin_single
xvid_plugin_ssim

Sections

.text
Size: 516KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xvid/driver/xvidvfw.dll
.dll windows:5 windows x86 arch:x86

c5cb7741b3fc29c20102a88de7ac926b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17
PropertySheetA

winmm

DefDriverProc

kernel32

HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
MultiByteToWideChar
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
FreeResource
GetFileSize
lstrcpyA
WriteFile
ReadFile
lstrlenA
GetLastError
FreeLibrary
LCMapStringW
lstrcmpiA
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
OutputDebugStringA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleHandleA
SetHandleCount
GetFileType

user32

SendDlgItemMessageA
CreateDialogParamA
KillTimer
GetDC
GetWindowRect
SetTimer
InvalidateRect
DestroyWindow
GetDesktopWindow
CreateWindowExA
SetWindowPos
LoadCursorA
SetClassLongA
DialogBoxParamA
CheckDlgButton
MessageBoxA
IsDlgButtonChecked
CheckRadioButton
EnableWindow
GetWindowLongA
EndDialog
SetWindowLongA
EnumChildWindows
SetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
GetDlgItem
GetDlgItemInt
wsprintfA
GetDlgCtrlID
LoadStringA
GetParent
SendMessageA

gdi32

GetTextAlign
SetTextAlign
TextOutA
SelectObject
SetBkColor
GetTextMetricsA
SetBkMode
SetTextColor
GetObjectA
CreateFontIndirectA
GetStockObject
SetDIBitsToDevice

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA

Exports

Exports

Configure
DriverProc

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

3b:74:d9:37:78:84:64:82:59:b4:bd:65:fa:2a:02:1fCertificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 22KB - Virtual size: 21KB

2be5c75b54508e5f9ce230cd7d1c100a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

urlmon

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 5KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 4KB - Virtual size: 518B

2e92645153848ef99816d61ac6e2a921

Headers

File Characteristics

Imports

kernel32

mfc42

msvcrt

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 4KB - Virtual size: 544B

20f16464083ccb9be4a9dc460a3ddbad

Headers

File Characteristics

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

3b:74:d9:37:78:84:64:82:59:b4:bd:65:fa:2a:02:1f
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 5KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 518B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 4KB - Virtual size: 544B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 568B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 132KB - Virtual size: 128KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB