2e293b12a29aa9e1f97194f0562f0159_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e293b12a29aa9e1f97194f0562f0159_JaffaCakes118
Size

975KB
MD5

2e293b12a29aa9e1f97194f0562f0159
SHA1

4b64ac81c79ad9cb0f5998134c974e8d85e06f4c
SHA256

956f2beb5dd6d31b201c94ec03cec5ad1842d0f641f959e65a3371f1eb85b7a3
SHA512

c4f992b491034bd2d07190a41ebf21efdfedab194bf6bb6b3d64627ebe8468adc04718e2350428dbaa60f30b339321c5c186b52a08f3d0bcc103bd78f5a81fa9
SSDEEP

24576:7ma6LPVBs5S3kRKQ95qMI7WJgwOZrJs5wn7/pl4NoLb7jyic/ns+i:qhbadRr9Ql7VPDf1lOmbyies+i

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
2e293b12a29aa9e1f97194f0562f0159_JaffaCakes118
unpack001/$PLUGINSDIR/CloseFlvDownload.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/FLVDownloader(xmlbar).exe
unpack001/IEBar/Uninstall.exe
unpack002/$PLUGINSDIR/CloseFlvDownload.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack001/IEBar/xbietb.dll
unpack001/updater.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/IEBar/Uninstall.exe	nsis_installer_1
static1/unpack001/IEBar/Uninstall.exe	nsis_installer_2

Files

2e293b12a29aa9e1f97194f0562f0159_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Video Downloader(xmlbar)/appdata/mediaplayer.swf
$APPDATA/Video Downloader(xmlbar)/appdata/swfobject.js
.js
$PLUGINSDIR/CloseFlvDownload.dll
.dll windows:4 windows x86 arch:x86

5a2fbc5fed91418c2dcf57ddcc8d0b47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
InitializeCriticalSection
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
Sleep
GetProcAddress
SetErrorMode
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyA
LoadLibraryExA
GlobalFree
LoadLibraryA
GetCPInfo
HeapFree
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadReadPtr
IsBadCodePtr
GetOEMCP

user32

GetClassNameA
CharNextA
RegisterWindowMessageA
PostMessageA
EnumWindows
SendMessageTimeoutA
IsWindow

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

Exports

Exports

CloseApp

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
FLVDownloader(xmlbar).exe
.exe windows:4 windows x86 arch:x86

3b9a91ee5b7d500332a73cbf22cdc68c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW
StrCpyW

kernel32

LCMapStringW
LoadLibraryA
InterlockedCompareExchange
RtlUnwind
HeapReAlloc
LCMapStringA
GetStringTypeExW
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
DeleteFileA
GetModuleHandleA
GetFullPathNameW
GetTimeZoneInformation
GetCPInfo
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
VirtualQuery
GetStringTypeA
GetStringTypeW
TlsAlloc
TlsFree
TlsSetValue
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetModuleFileNameA
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetUserDefaultLCID
GetFileTime
SetEndOfFile
UnlockFile
LockFile
TerminateThread
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
FormatMessageW
LocalFree
OutputDebugStringW
DuplicateHandle
GetStartupInfoA
UnhandledExceptionFilter
lstrcpynA
GetWindowsDirectoryW
CreateDirectoryW
GetTempPathW
GetSystemInfo
ExitProcess
WaitForSingleObject
CreateFileA
GetTempFileNameW
CreateMutexW
GetSystemDefaultLangID
GetUserDefaultLangID
GlobalSize
lstrcatW
WinExec
Sleep
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
SizeofResource
GetFileAttributesW
GetFileSize
SetFilePointer
MoveFileW
CreatePipe
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCurrentDirectoryW
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetOEMCP
SetStdHandle
GetDriveTypeA
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStartupInfoW
CreateProcessW
ReadFile
TerminateProcess
RemoveDirectoryW
FlushFileBuffers
DeleteFileW
GetSystemTimeAsFileTime
GlobalHandle
GetCurrentProcessId
CreateFileW
WriteFile
CloseHandle
SetLastError
FindResourceW
LoadResource
LockResource
GlobalReAlloc
LoadLibraryW
FreeLibrary
GetCurrentThreadId
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrcmpW
MulDiv
GetLastError
GlobalAlloc
GlobalLock
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetTickCount
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
GlobalUnlock
GlobalFree
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpynW
lstrcmpiW
lstrlenW
lstrcpyW
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
RaiseException
TlsGetValue
GetVersionExA

user32

GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
SetWindowPlacement
GetLastActivePopup
GetWindowPlacement
BringWindowToTop
EnumWindows
ExitWindowsEx
IsZoomed
IsIconic
GetAncestor
LoadIconW
CopyIcon
SetDlgItemInt
GetDlgItemInt
RegisterClipboardFormatW
IntersectRect
GetMonitorInfoW
GetMenuState
GetMenuStringW
GetMenuItemID
TrackPopupMenu
DrawAnimatedRects
IsMenu
SetClipboardViewer
GetSystemMenu
PostQuitMessage
LockWindowUpdate
GetForegroundWindow
LoadMenuW
FindWindowW
SendMessageTimeoutW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
CreatePopupMenu
SetMenuDefaultItem
AppendMenuW
LoadBitmapW
IsRectEmpty
DrawStateW
SetWindowRgn
GetClassInfoW
RegisterClassW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
GetAsyncKeyState
OpenClipboard
EmptyClipboard
CloseClipboard
SetParent
FrameRect
EnableMenuItem
DrawIcon
ModifyMenuW
ChangeClipboardChain
GetNextDlgTabItem
GetActiveWindow
IsDialogMessageW
FindWindowExW
DialogBoxParamW
CreateDialogIndirectParamW
GetSubMenu
TrackPopupMenuEx
DestroyMenu
SetForegroundWindow
GetWindowThreadProcessId
MapDialogRect
SetWindowContextHelpId
DialogBoxIndirectParamW
GetWindowDC
SetWindowsHookExW
GetClassLongW
SetClassLongW
DrawFrameControl
DrawIconEx
OffsetRect
IsWindowVisible
LoadImageW
MessageBeep
GetTopWindow
LoadStringW
SetDlgItemTextW
EnableWindow
ChildWindowFromPoint
IsDlgButtonChecked
CheckDlgButton
ClientToScreen
PtInRect
IsWindowEnabled
GetSysColorBrush
DrawEdge
GetSystemMetrics
InflateRect
SetTimer
UpdateWindow
wsprintfW
CharNextW
RedrawWindow
DestroyAcceleratorTable
IsChild
GetDesktopWindow
InvalidateRgn
GetSysColor
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
DestroyIcon
ShowWindow
AdjustWindowRectEx
SendDlgItemMessageW
KillTimer
MoveWindow
GetMenu
PostMessageW
GetDialogBaseUnits
CreateAcceleratorTableW
GetKeyState
EndPaint
BeginPaint
GetFocus
DrawFocusRect
FillRect
GetCursorPos
ScreenToClient
GetCapture
ReleaseCapture
SetFocus
SetCapture
SetCursor
DestroyWindow
GetDlgCtrlID
CallWindowProcW
GetClassNameW
ReleaseDC
GetDC
DefWindowProcW
UnregisterClassW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsWindow
GetDlgItem
GetParent
InvalidateRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
CreateWindowExW
SetWindowLongW
SendMessageW
DestroyCursor
DrawTextW
UnhookWindowsHookEx
EndDialog
EnumChildWindows

gdi32

SetStretchBltMode
StretchBlt
SetBrushOrgEx
RestoreDC
SaveDC
PatBlt
CreateBitmap
CreatePatternBrush
CombineRgn
FillRgn
SetViewportOrgEx
CreateFontW
GetClipBox
LPtoDP
DPtoLP
GetMapMode
SelectObject
GetObjectW
DeleteObject
DeleteDC
CreateFontIndirectW
SetTextColor
SetBkMode
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetStockObject
CreateSolidBrush
Rectangle
CreatePen
ExtTextOutW
SetBkColor
RoundRect
GetCurrentObject
GetTextExtentPoint32W
GetTextMetricsW
CreateDIBSection
SelectClipRgn
MoveToEx
LineTo
SetPixel
CreateEllipticRgnIndirect
ExcludeClipRect
CreateRoundRectRgn
CreateRectRgnIndirect
SetMapMode
SetWindowOrgEx
GetBkColor
TextOutW
SetTextAlign

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

LookupPrivilegeValueW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken

shell32

SHAppBarMessage
Shell_NotifyIconW
SHGetDesktopFolder
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW

ole32

OleGetClipboard
OleInitialize
OleUninitialize
StringFromGUID2
CoTaskMemAlloc
RevokeDragDrop
ReleaseStgMedium
CoCreateGuid
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
OleLockRunning
RegisterDragDrop
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal

oleaut32

SafeArrayRedim
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
VarUI4FromStr
VarBstrCmp
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreate

winmm

timeGetTime

comctl32

ImageList_GetIcon
ImageList_GetIconSize
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ord17
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_GetImageCount
ImageList_Remove

wininet

InternetSetOptionW
HttpOpenRequestA
InternetCloseHandle
InternetOpenW
InternetConnectW
HttpQueryInfoW
InternetReadFile
HttpAddRequestHeadersA
HttpSendRequestW

urlmon

URLDownloadToFileW
CoInternetGetSession

ws2_32

closesocket
WSAGetLastError
recv
send
htons
gethostbyname
inet_addr
WSACleanup
WSAStartup
socket
connect
setsockopt
htonl
ntohl

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 1004KB - Virtual size: 1001KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IEBar/Uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CloseFlvDownload.dll
.dll windows:4 windows x86 arch:x86

5a2fbc5fed91418c2dcf57ddcc8d0b47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
InitializeCriticalSection
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
Sleep
GetProcAddress
SetErrorMode
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyA
LoadLibraryExA
GlobalFree
LoadLibraryA
GetCPInfo
HeapFree
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadReadPtr
IsBadCodePtr
GetOEMCP

user32

GetClassNameA
CharNextA
RegisterWindowMessageA
PostMessageA
EnumWindows
SendMessageTimeoutA
IsWindow

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

Exports

Exports

CloseApp

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
IEBar/config/Chinese Simplified/XBIEBar.xml
.xml
IEBar/config/defaults/XBIEBar.xml
.xml
IEBar/config/defaults/xmlbar.bmp
IEBar/xbietb.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2bf6d6c98402b1a4cd59a2e91adf05bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindExtensionA

urlmon

URLDownloadToFileA

kernel32

SetErrorMode
LoadLibraryExA
GetSystemInfo
GetModuleFileNameA
CloseHandle
CreateFileA
SizeofResource
LoadResource
FindResourceA
LocalFree
FormatMessageA
lstrcmpiA
CompareStringA
CompareStringW
GetStringTypeExA
GetSystemTimeAsFileTime
GlobalLock
GlobalUnlock
IsDBCSLeadByte
GlobalAlloc
lstrcpynA
lstrcatA
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileAttributesA
GetFileSize
GetFileTime
DuplicateHandle
WriteFile
FindClose
FindFirstFileA
DeleteFileA
MoveFileA
GetTempFileNameA
GetTempPathA
CreateDirectoryA
Sleep
GetTickCount
InterlockedExchange
lstrcpyA
InterlockedIncrement
DisableThreadLibraryCalls
MulDiv
CreateProcessA
GetCurrentProcessId
GetSystemDefaultLangID
GetUserDefaultLCID
LCMapStringA
LCMapStringW
InterlockedCompareExchange
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
GetCurrentDirectoryA
GetDriveTypeA
GetOEMCP
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
GetCPInfo
ExitProcess
GetCommandLineA
GetFullPathNameA
GetTimeZoneInformation
VirtualQuery
VirtualAlloc
VirtualProtect
HeapReAlloc
RtlUnwind
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
QueryPerformanceCounter
lstrcmpA
GetCurrentThreadId
FreeLibrary
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InterlockedDecrement
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetUserDefaultLangID
GetACP
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA

user32

LoadStringA
GetComboBoxInfo
TranslateMessage
SetActiveWindow
ShowWindow
CreateAcceleratorTableA
SetWindowPos
RedrawWindow
GetDlgItem
DestroyAcceleratorTable
IsChild
GetWindow
BeginPaint
EndPaint
GetDesktopWindow
UnregisterClassA
IsWindow
SendMessageA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
DestroyWindow
DrawTextA
SetMenuItemInfoA
SetWindowLongA
GetWindowLongA
GetWindowRect
ScreenToClient
MapWindowPoints
InvalidateRgn
GetClientRect
SetCapture
ReleaseCapture
CharNextA
WaitForInputIdle
GetWindowThreadProcessId
DispatchMessageA
AppendMenuA
MoveWindow
GetDC
CreatePopupMenu
TrackPopupMenu
FrameRect
DrawFrameControl
InflateRect
DrawEdge
OffsetRect
GetSysColor
FillRect
GetSysColorBrush
GetMenuItemInfoA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetSystemMetrics
RegisterWindowMessageA
IsWindowVisible
CallWindowProcA
GetKeyState
SetFocus
GetMessagePos
SystemParametersInfoA
SetRectEmpty
ReleaseDC
GetWindowDC
GetFocus
DefWindowProcA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
DestroyMenu
LoadImageA
CopyRect
SetCursor
LoadCursorA
wsprintfA
GetParent
InvalidateRect
UpdateWindow
GetClassNameA

gdi32

GetObjectA
SelectObject
DeleteDC
CreateFontIndirectA
SetBkMode
SetBrushOrgEx
SetBkColor
SetTextColor
CreatePatternBrush
CreateBitmap
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
CreateDIBSection
GetStockObject
CreateSolidBrush
GetTextExtentPointA
GetDeviceCaps
DeleteObject

advapi32

RegEnumValueA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA

shell32

SHGetMalloc
SHGetPathFromIDListA

ole32

OleInitialize
StringFromGUID2
CoTaskMemRealloc
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance
StringFromCLSID
CoTaskMemFree
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
RegisterDragDrop
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayLock
SafeArrayUnlock
SysStringLen
SafeArrayRedim
SysStringByteLen
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetUBound
SafeArrayGetLBound
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
DispCallFunc
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
SafeArrayGetDim
SafeArrayCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServer2
DllUnregisterServer
DllUnregisterServer2

Sections

.text
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/FlvRules.ini
config/Type.ini
language/Chinese Simplified.lng
language/English.lng
updater.exe
.exe windows:4 windows x86 arch:x86

f3402643574ef66c4a0492a56e18bc01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
GetSystemTimeAsFileTime
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
GetVersionExA
GetCPInfo
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
VirtualQuery
SetEndOfFile
UnlockFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LockFile
GetModuleFileNameA
TerminateProcess
HeapSize
VirtualProtect
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentDirectoryW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
lstrcpynA
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFileAttributesW
GetSystemInfo
SetLastError
ExitProcess
GetCurrentProcessId
GetCommandLineW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrcatA
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesA
CreateDirectoryA
lstrcmpiA
lstrcpyA
CreateFileA
MulDiv
GlobalUnlock
GlobalLock
lstrcpynW
GetOEMCP
LoadLibraryA
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleW
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
RemoveDirectoryW
CreateFileW
CloseHandle
DeleteFileW
MoveFileW
GetFileSize
SetFilePointer
WriteFile
ReadFile
GetSystemDefaultLangID
GetUserDefaultLangID
CreateProcessW
lstrlenA
MultiByteToWideChar
lstrcatW
WinExec
LoadLibraryExW
WideCharToMultiByte
SetErrorMode
FreeLibrary
GetProcAddress
GlobalAlloc
GetTickCount
Sleep
GetLastError
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
lstrcpyW
lstrlenW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
lstrcmpW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentProcess
FlushInstructionCache
FindClose
FindFirstFileW
FindNextFileW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
QueryPerformanceCounter
GetFullPathNameW

user32

SetClipboardData
EnumWindows
CopyIcon
DialogBoxParamW
GetMonitorInfoW
GetAsyncKeyState
TrackPopupMenu
IsZoomed
IsIconic
GetSystemMenu
CreateDialogIndirectParamW
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
GetWindowTextLengthW
GetWindowTextW
EndPaint
BeginPaint
DrawFocusRect
GetCursorPos
ScreenToClient
GetCapture
ReleaseCapture
SetCapture
SetCursor
GetTopWindow
GetMenu
DestroyCursor
GetMenuState
IsMenu
GetMenuStringW
GetMenuItemID
TranslateMessage
PostMessageW
SetTimer
GetClientRect
MapWindowPoints
GetDlgItem
EnableWindow
SetWindowTextW
EndDialog
KillTimer
GetFocus
GetForegroundWindow
SetFocus
GetSubMenu
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SendMessageTimeoutW
DestroyWindow
GetSysColorBrush
RegisterClassExW
GetClassInfoExW
LoadCursorW
wsprintfW
CreateWindowExW
GetClassLongW
SetClassLongW
IsWindowVisible
ShowWindow
GetWindowRect
OffsetRect
SystemParametersInfoW
CallWindowProcW
CharNextW
DefWindowProcW
TrackPopupMenuEx
SendMessageW
GetWindow
GetParent
UpdateWindow
SetMenuItemInfoW
GetMenuItemInfoW
ModifyMenuW
GetMenuItemCount
FrameRect
CreatePopupMenu
OpenClipboard
DestroyMenu
EmptyClipboard
CloseClipboard
SetMenuDefaultItem
AppendMenuW
ClientToScreen
LoadBitmapW
InflateRect
GetSysColor
GetWindowDC
ReleaseDC
GetDC
GetSystemMetrics
DrawTextW
DrawEdge
DrawStateW
DrawFrameControl
FillRect
SetWindowsHookExW
SetWindowRgn
RedrawWindow
InvalidateRect
GetClassNameW
UnhookWindowsHookEx
SetWindowLongW
SetWindowPos
IsWindow
IsWindowEnabled
GetWindowLongW
LoadImageW
DestroyIcon
DrawIconEx
UnregisterClassW
GetActiveWindow

gdi32

DeleteDC
SetBkColor
SetTextColor
PatBlt
BitBlt
SetBrushOrgEx
SelectObject
SetBkMode
SelectClipRgn
MoveToEx
LineTo
ExtTextOutW
StretchBlt
GetTextExtentPoint32W
CreateCompatibleDC
CreateDIBSection
CreatePen
CreateSolidBrush
CreateFontIndirectW
CreateRectRgnIndirect
GetDeviceCaps
SetStretchBltMode
CombineRgn
CreateEllipticRgnIndirect
CreateRoundRectRgn
ExcludeClipRect
DPtoLP
DeleteObject
CreatePatternBrush
CreateBitmap
CreateCompatibleBitmap
GetStockObject
GetObjectW
Rectangle

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW

shell32

ShellExecuteExW
SHFileOperationW
SHGetFileInfoW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid

oleaut32

VarUI4FromStr
OleLoadPicture
SysFreeString
VarBstrCmp
VariantInit
VariantClear
SysAllocString

comctl32

ImageList_GetIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_Draw
ImageList_DrawIndirect
CreateStatusWindowW
ImageList_GetImageCount
ImageList_Remove
ImageList_Create
ImageList_AddMasked
_TrackMouseEvent
InitCommonControlsEx

wininet

InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
HttpAddRequestHeadersA
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetConnectW
InternetOpenW
HttpOpenRequestA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 18KB

5a2fbc5fed91418c2dcf57ddcc8d0b47

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

3b9a91ee5b7d500332a73cbf22cdc68c

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

comctl32

wininet

urlmon

ws2_32

version

Sections

.text Size: 1004KB - Virtual size: 1001KB

.rdata Size: 304KB - Virtual size: 302KB

.data Size: 24KB - Virtual size: 32KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1004KB - Virtual size: 1001KB

.rdata
Size: 304KB - Virtual size: 302KB

.data
Size: 24KB - Virtual size: 32KB

.rsrc
Size: 196KB - Virtual size: 195KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 288KB - Virtual size: 285KB