2fb4237defeaf2d5f2cc18a01a38ec43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fb4237defeaf2d5f2cc18a01a38ec43_JaffaCakes118
Size

1.9MB
MD5

2fb4237defeaf2d5f2cc18a01a38ec43
SHA1

2d92d5a129d5326bf14ba67bedfffe474fcbf584
SHA256

e28ede78b921bd7a1a6848352aeb88058f09f30884b453db5989d446fc1d1286
SHA512

b4dff26cc381e2bb0cb59d8389503a509305337533002e91e792ad9e755db21a10d9ad93b34fce0af321b73de847f4af70753900d351fb225855e7175cb6b85f
SSDEEP

49152:CmZZjZia56rXWZ4FFmi1801LOhNjPP8O7bZtvsgfxoSdIBYwEVm9pfOlg6/JeKEk:b0Rri4FFmiCKYj5/HkIwJ9A2Lk

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MPGDLL.DLL
unpack001/PATCHW32.DLL
unpack001/RAUNINST.EXE
unpack001/REGISTER.DAT
unpack001/REGISTER.EXE
unpack001/UNINSTAP.EXE
unpack001/WOLSETUP.EXE
unpack001/Wolapi.dll
unpack001/ra95.dat
unpack001/ra95.exe
unpack001/uninst.exe

Files

2fb4237defeaf2d5f2cc18a01a38ec43_JaffaCakes118
.rar
EXPAND.MIX
EXPAND2.MIX
HIRES1.MIX
LAUNCHER.BMP
LAUNCHER.CFG
LORES1.MIX
MPGDLL.DLL
.dll windows:4 windows x86 arch:x86

0883292b6a01b17b1e447f424e6ddf51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetEnvironmentStrings
MultiByteToWideChar
RtlUnwind
GetStringTypeW
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeA
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
LCMapStringA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Exports

Exports

_MpgPause@0
_MpgPlay@16
_MpgResume@0
_MpgSetCallback@8

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NL.CFG
PATCHW32.DLL
.dll windows:1 windows x86 arch:x86

c6b6d156385e9ecd31855031c2252ce9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
OemToCharA
PeekMessageA
TranslateMessage
DispatchMessageA
wvsprintfA

advapi32

GetFileSecurityW
SetFileSecurityW

kernel32

SetFileApisToOEM
WideCharToMultiByte
CreateProcessA
MultiByteToWideChar
GetVersion
SetEnvironmentVariableA
CreateMutexA
CloseHandle
SetFileApisToANSI
ReleaseMutex
AreFileApisANSI
WaitForSingleObject
GetDiskFreeSpaceA
CreateFileMappingA
GetFileSize
CreateFileA
CreateFileW
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
SetFilePointer
GetVolumeInformationA
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileA
FindNextFileA
FileTimeToDosDateTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileAttributesA
SetFileAttributesW
SetFileTime
GetFileAttributesA
GetFileAttributesW
GetShortPathNameW
GetFullPathNameW
GetShortPathNameA
GetFullPathNameA
RaiseException
DeleteFileW
GetCPInfo
GetTimeZoneInformation
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetLocalTime
GetLastError
RemoveDirectoryW
RemoveDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
RtlUnwind
ExitProcess
GetEnvironmentStrings
GetCommandLineA
FileTimeToSystemTime
GetDriveTypeW
GetDriveTypeA
SetStdHandle
GetFileType
ReadFile
DeleteFileA
MoveFileW
MoveFileA
GetCurrentDirectoryW
GetLogicalDrives
SetEnvironmentVariableW
SetCurrentDirectoryW
CreateDirectoryW
CreateDirectoryA
WriteFile
VirtualFree
VirtualAlloc
GetProcAddress
FlushFileBuffers
GetStdHandle
GetStartupInfoA
GetACP
GetOEMCP

Exports

Exports

RTPatchApply32@12
RTPatchSetAttribGet@8
RTPatchSetAttribSet@8
RTPatchSetCreate@8
RTPatchSetDelete@8
RTPatchSetDirWalk@8
RTPatchSetOpen@8
RTPatchSetRename@8

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 225B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RAUNINST.EXE
.exe windows:1 windows x86 arch:x86

ea5bb8d6dbc2c02684ad43ebbbaadb51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
CreateProcessA
DeleteFileA
EnterCriticalSection
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
RemoveDirectoryA
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile

user32

DispatchMessageA
EnumThreadWindows
LoadStringA
MessageBoxA
PeekMessageA
TranslateMessage

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
REGISTER.DAT
.exe windows:1 windows x86 arch:x86

e5099e54339280e630d21169dff8d312

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ole32

CoCreateInstance
CoInitialize
CoUninitialize

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
EnterCriticalSection
ExitProcess
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentThreadId
GetDateFormatA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemInfo
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEvent
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WideCharToMultiByte
WriteFile
lstrcpyA
lstrlenA

wsock32

WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncSelect
WSACancelAsyncRequest
WSACleanup
WSAGetLastError
WSAStartup
accept
closesocket
connect
htonl
htons
inet_addr
inet_ntoa
listen
ntohl
ntohs
recv
recvfrom
send
sendto
setsockopt
socket
bind

gdi32

CreateFontIndirectA
DeleteObject
GetObjectA
GetStockObject
SelectObject
SetBkColor
SetBkMode
TextOutA

user32

BringWindowToTop
CheckDlgButton
CopyRect
CreateDialogParamA
CreateWindowExA
DdeAccessData
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeDisconnect
DdeInitializeA
DdeNameService
DdeQueryStringA
DdeUnaccessData
DdeUninitialize
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
EnumDisplaySettingsA
EnumThreadWindows
FindWindowA
GetClientRect
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetLastActivePopup
GetMessageA
GetNextDlgTabItem
GetSysColor
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
IsDlgButtonChecked
IsWindowVisible
KillTimer
LoadCursorA
LoadIconA
LoadStringA
MessageBoxA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow

Exports

Exports

@CommBufferClass@$bctr$qiiii
@CommBufferClass@$bdtr$qv
@CommBufferClass@Add_Delay$qul
@CommBufferClass@Avg_Response_Time$qv
@CommBufferClass@Get_Receive$qi
@CommBufferClass@Get_Send$qi
@CommBufferClass@Init$qv
@CommBufferClass@Init_Send_Queue$qv
@CommBufferClass@Max_Response_Time$qv
@CommBufferClass@Queue_Receive$qpvit1i
@CommBufferClass@Queue_Send$qpvit1i
@CommBufferClass@Reset_Response_Time$qv
@CommBufferClass@UnQueue_Receive$qpvpiit1t2
@CommBufferClass@UnQueue_Send$qpvpiit1t2
@ListenerClass@$bctr$qp13ProtocolClass
@ListenerClass@$bctr$qv
@ListenerClass@$bdtr$qv
@ListenerClass@Close_Socket$qv
@ListenerClass@Create_Window$qv
@ListenerClass@Destroy_Window$qv
@ListenerClass@Open_Socket$qus
@ListenerClass@Register$qp13ProtocolClass
@ListenerClass@Start_Listening$qpvii
@ListenerClass@Stop_Listening$qv
@ListenerClass@Window_Proc$qqspvuiuil
@ReliableCommClass@$bctr$qi
@ReliableCommClass@$bctr$qp13ProtocolClassi
@ReliableCommClass@$bdtr$qv
@ReliableCommClass@Close_Socket$qv
@ReliableCommClass@Connect$qp13ListenerClass
@ReliableCommClass@Connect$qpvii
@ReliableCommClass@Create_Window$qv
@ReliableCommClass@Destroy_Window$qv
@ReliableCommClass@Disconnect$qv
@ReliableCommClass@Local_Long$qul
@ReliableCommClass@Local_Short$qus
@ReliableCommClass@Network_Long$qul
@ReliableCommClass@Network_Short$qus
@ReliableCommClass@Open_Socket$qv
@ReliableCommClass@Register$qp13ProtocolClass
@ReliableCommClass@Send$qv
@ReliableCommClass@Window_Proc$qqspvuiuil
@UnreliableCommClass@$bctr$qipvii
@UnreliableCommClass@$bctr$qp13ProtocolClassipvii
@UnreliableCommClass@$bdtr$qv
@UnreliableCommClass@Close_Socket$qv
@UnreliableCommClass@Create_Window$qv
@UnreliableCommClass@Destroy_Window$qv
@UnreliableCommClass@Open_Socket$qus
@UnreliableCommClass@Register$qp13ProtocolClass
@UnreliableCommClass@Resolve_Address$qv
@UnreliableCommClass@Send$qv
@UnreliableCommClass@Set_Default_Destination$qpvii
@UnreliableCommClass@Window_Proc$qqspvuiuil
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
REGISTER.EXE
.exe windows:4 windows x86 arch:x86

ee47e05430554b64112645cf7847420e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
FindFirstFileA
FindClose
WriteFile
ReadFile
GetModuleFileNameA
WaitForSingleObject
CreateProcessA
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
GlobalAlloc
GlobalUnlock
FindNextFileA
CreateFileA
GetTimeZoneInformation
GetSystemTime
CompareStringA
SetEndOfFile
CompareStringW
SetStdHandle
SetFilePointer
GetStringTypeA
IsBadCodePtr
GetStringTypeW
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
FlushFileBuffers
VirtualFree
VirtualAlloc
HeapDestroy
GetFileType
HeapCreate
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
CloseHandle
GetLocalTime
DeleteFileA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetOEMCP
GetACP
UnhandledExceptionFilter
LCMapStringA
GetCPInfo
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetEnvironmentVariableA
SetCurrentDirectoryA
LCMapStringW
MultiByteToWideChar
GetVersion
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

InvalidateRect
GetClientRect
SetForegroundWindow
ShowWindow
DestroyWindow
CreateDialogParamA
PostQuitMessage
UpdateWindow
SendMessageA
GetDlgItem
EndPaint
ReleaseDC
GetDC
MessageBoxA
BeginPaint
SetWindowTextA
LoadStringA
ExitWindowsEx
GetMessageA
DispatchMessageA
PeekMessageA
TranslateMessage
EndDialog
DialogBoxParamA
SendDlgItemMessageA

gdi32

CreateDIBitmap
RealizePalette
SelectPalette
CreatePalette
DeleteDC
StretchBlt
SetStretchBltMode
GetObjectA
SelectObject
CreateCompatibleDC
DeleteObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

ShellExecuteA

comctl32

ord17

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UNINSTAP.EXE
.exe windows:1 windows x86 arch:x86

a5fc4375954662abeb412d63be079338

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegCloseKey
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CreateFileA
CreateProcessA
DeleteFileA
EnterCriticalSection
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
RemoveDirectoryA
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile

gdi32

CreateSolidBrush
DeleteObject
RealizePalette
SelectPalette
SetBkColor
SetBrushOrgEx
SetTextColor
UnrealizeObject

user32

ClientToScreen
CreateWindowExA
DefWindowProcA
DialogBoxParamA
DispatchMessageA
EndDialog
EnumThreadWindows
FindWindowA
GetClientRect
GetDC
GetDesktopWindow
GetDlgItem
GetMessageA
GetSysColor
GetSystemMetrics
InvalidateRect
LoadCursorA
LoadIconA
LoadStringA
MessageBoxA
MoveWindow
PeekMessageA
PostQuitMessage
RegisterClassA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetForegroundWindow
SetWindowTextA
ShowWindow
TranslateMessage

Exports

Exports

@Continue_Dlg_Procedure$qqsp6HWND__uiuil
@Dialog_Box_Proc$qqsp6HWND__uiuil
@Wnd_Proc$qqsp6HWND__uiuil
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WOLAPI.MIX
WOLAPI.WAR
WOLSETUP.EXE
.exe windows:4 windows x86 arch:x86

78ac702730cbccec1117860fa9324154

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GlobalFree
GlobalUnlock
GetUserDefaultLangID
GlobalLock
GlobalAlloc
GetVersionExA
SetFileAttributesA
CopyFileA
GetWindowsDirectoryA
DeleteFileA
GetDriveTypeA
CloseHandle
CreateFileA
RemoveDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
CreateDirectoryA
GetModuleHandleA
SetFilePointer
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
WideCharToMultiByte
FormatMessageA
LocalFree
GetProcAddress
Sleep
FreeLibrary
VirtualAlloc
GetFileType
GetLastError
MultiByteToWideChar
FindFirstFileA
FindNextFileA
ExitProcess
GetVersion
HeapFree
GetCurrentDirectoryA
HeapSize
HeapAlloc
HeapReAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
TerminateProcess
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileA
GetFullPathNameA
GetStartupInfoA
GetCommandLineA

user32

DefWindowProcA
MoveWindow
GetMessageA
SetDlgItemTextA
MessageBoxA
PostMessageA
DispatchMessageA
TranslateMessage
GetDlgItem
SetWindowTextA
SetFocus
SendMessageA
GetWindowTextA
EndDialog
GetWindowRect
GetDC
ReleaseDC
UpdateWindow
LoadIconA
ShowWindow
BeginPaint
EndPaint
DialogBoxParamA
PostQuitMessage
CreateWindowExA
IsIconic
SetForegroundWindow
LoadCursorA
RegisterClassExA
LoadStringA
FindWindowA

gdi32

GetDeviceCaps

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Wolapi.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1a2ef1d94ce2673fbf04632711caf3b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
SuspendThread
DuplicateHandle
GetCurrentThread
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameA
GetTempPathA
DeleteFileA
MoveFileA
DisableThreadLibraryCalls
lstrlenW
InterlockedIncrement
CreateThread
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
lstrcpyA
lstrcatA
CloseHandle
ExitThread
WriteFile
Sleep
CreateFileA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
lstrlenA
FreeEnvironmentStringsW
SetFilePointer
FreeEnvironmentStringsA
RtlUnwind
UnhandledExceptionFilter
ReadFile
ExitProcess
TlsGetValue
TerminateProcess
TlsFree
TlsAlloc
SetLastError
GetCommandLineA
IsBadCodePtr
SetUnhandledExceptionFilter
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
HeapFree
GetSystemTimeAsFileTime
HeapReAlloc
GetCurrentThreadId
SetEndOfFile
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
HeapAlloc
GetVersion
GetModuleHandleA
GetLocalTime
TlsSetValue
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
HeapSize
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
GetSystemTime

user32

TranslateMessage
UnregisterClassA
DispatchMessageA
SetWindowLongA
PeekMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
RegisterClassA
CharNextA
GetWindowLongA
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid

oleaut32

LoadTypeLi
RegisterTypeLi
SysFreeString
SysAllocString
VarUI4FromStr

wsock32

WSAStartup
inet_addr
getsockname
gethostname
accept
WSAGetLastError
WSASetLastError
connect
htons
socket
setsockopt
bind
listen
ioctlsocket
gethostbyname
select
closesocket
shutdown
__WSAFDIsSet
recv
getpeername
inet_ntoa
WSAAsyncGetHostByName
ntohl
WSACancelAsyncRequest
WSACleanup
htonl
send

winmm

timeGetTime

Exports

Exports

?PatchCallBack@@YGPAXIPAX@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ra95.dat
.exe windows:1 windows x86 arch:x86

7ca66c340fe1e54e5bb15ae9574db2ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateDIBitmap
CreatePalette
DeleteObject
GetDIBits
GetDeviceCaps
GetNearestPaletteIndex
GetObjectA
GetStockObject
GetSystemPaletteEntries
RealizePalette
SelectPalette

shell32

FindExecutableA
ShellExecuteA

ole32

CoCreateInstance
OleInitialize
OleUninitialize

advapi32

RegCloseKey
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueA
RegQueryValueExA
RegSetValueExA

kernel32

ClearCommBreak
ClearCommError
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
EscapeCommFunction
FileTimeToDosDateTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommModemStatus
GetCommState
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThread
GetDriveTypeA
GetExitCodeProcess
GetFileInformationByHandle
GetFileSize
GetFileTime
GetLastError
GetModuleFileNameA
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetSystemDirectoryA
GetSystemTime
GetThreadContext
GetVersion
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
OpenFile
OutputDebugStringA
PurgeComm
ReadFile
ResetEvent
SetCommBreak
SetCommState
SetCommTimeouts
SetCurrentDirectoryA
SetErrorMode
SetFilePointer
SetFileTime
SetPriorityClass
SetThreadPriority
SetupComm
Sleep
TerminateThread
WriteFile
_lclose
_llseek
_lread
_lwrite
lstrcpyA
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteFileA
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCPInfo
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetTimeZoneInformation
GetVersion
LoadLibraryA
LocalFileTimeToFileTime
ReadConsoleInputA
ReadFile
ReleaseMutex
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryA
SetErrorMode
SetEvent
SetFilePointer
SetStdHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleA
WriteFile

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent

user32

CreateWindowExA
DefWindowProcA
DialogBoxParamA
DispatchMessageA
GetActiveWindow
GetMessageA
GetSystemMetrics
LoadIconA
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
RegisterWindowMessageA
SetFocus
ShowCursor
ShowWindow
TranslateMessage
UpdateWindow
wsprintfA
ClipCursor
DdeAccessData
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeDisconnect
DdeInitializeA
DdeNameService
DdeQueryStringA
DdeUnaccessData
DdeUninitialize
DefWindowProcA
DispatchMessageA
FindWindowA
GetAsyncKeyState
GetCursorPos
GetDC
GetKeyState
GetMessageA
GetTopWindow
LoadCursorA
MapVirtualKeyA
MessageBoxA
PeekMessageA
PostMessageA
ReleaseDC
SendMessageA
SetCursor
SetForegroundWindow
ShowCursor
ShowWindow
ToAscii
TranslateMessage
WaitForInputIdle

mpgdll

_MpgPause@0
_MpgPlay@16
_MpgResume@0
_MpgSetCallback@8

ddraw

DirectDrawCreate

dsound

DirectSoundCreate

wsock32

ntohs
WSAAsyncGetHostByName
ioctlsocket
WSAAsyncGetHostByAddr
accept
WSAGetLastError
sendto
recvfrom
gethostbyname
gethostname
bind
htons
socket
setsockopt
getsockopt
WSAStartup
WSACancelAsyncRequest
WSAAsyncSelect
closesocket
WSACleanup
inet_addr
ntohl
htonl

Exports

Exports

W?Windows_Procedure$n(pnvuiuil)l

Sections

AUTO
Size: 1.9MB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 234KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 808KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 138KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ra95.exe
.exe windows:4 windows x86 arch:x86

e72c5092640c02858f387930f0611919

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
FindFirstFileA
FindClose
WriteFile
ReadFile
GetModuleFileNameA
WaitForSingleObject
CreateProcessA
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
GlobalAlloc
GlobalUnlock
FindNextFileA
CreateFileA
GetTimeZoneInformation
GetSystemTime
CompareStringA
SetEndOfFile
CompareStringW
SetStdHandle
SetFilePointer
GetStringTypeA
IsBadCodePtr
GetStringTypeW
SetUnhandledExceptionFilter
IsBadWritePtr
IsBadReadPtr
FlushFileBuffers
VirtualFree
VirtualAlloc
HeapDestroy
GetFileType
HeapCreate
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
CloseHandle
GetLocalTime
DeleteFileA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetOEMCP
GetACP
UnhandledExceptionFilter
LCMapStringA
GetCPInfo
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetEnvironmentVariableA
SetCurrentDirectoryA
LCMapStringW
WideCharToMultiByte
GetVersion
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

InvalidateRect
GetClientRect
SetForegroundWindow
ShowWindow
DestroyWindow
CreateDialogParamA
PostQuitMessage
UpdateWindow
SendMessageA
GetDlgItem
EndPaint
ReleaseDC
GetDC
MessageBoxA
BeginPaint
SetWindowTextA
LoadStringA
ExitWindowsEx
GetMessageA
DispatchMessageA
PeekMessageA
TranslateMessage
EndDialog
DialogBoxParamA
SendDlgItemMessageA

gdi32

CreateDIBitmap
RealizePalette
SelectPalette
CreatePalette
DeleteDC
StretchBlt
SetStretchBltMode
GetObjectA
SelectObject
CreateCompatibleDC
DeleteObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

ShellExecuteA

comctl32

ord17

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ra95.lcf
readme99.doc
.rtf .doc
uninst.exe
.exe windows:4 windows x86 arch:x86

75a1a21714b729351bf3950493b817b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FillRect
ReleaseDC
GetDC
EndPaint
BeginPaint
EndDialog
SetWindowTextA
SetDlgItemTextA
LoadBitmapA
GetSystemMetrics
SetWindowPos
UpdateWindow
ShowWindow
DestroyWindow
wsprintfA
SendMessageA
OemToCharA
MessageBoxA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
SetTimer
PeekMessageA
IsWindow
IsDialogMessageA
TranslateMessage
DispatchMessageA
KillTimer
DialogBoxParamA
CharLowerA
GetClientRect
LoadStringA
MessageBeep
CreateDialogParamA
CharUpperA
CharToOemA
CharPrevA
PostQuitMessage
DefWindowProcA
GetDlgItem
GetWindowTextA
InvalidateRect
IsWindowVisible
SetFocus
EnableWindow
PostMessageA
CharNextA
InflateRect
ScreenToClient
GetWindowRect
SetRectEmpty
ExitWindowsEx
FindWindowA
RegisterWindowMessageA
DdeGetData
DdeFreeDataHandle
DdeConnect
DdeClientTransaction
DdeGetLastError
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
DdeInitializeA
DdeCreateStringHandleA
GetClassInfoA
GetWindowLongA
GetWindow
GetClassNameA
GetSysColor
SetRect

gdi32

SetPixel
DeleteObject
GetTextExtentPointA
GetSystemPaletteEntries
CreatePalette
CreateDIBitmap
CreateBitmap
SetBkColor
CreatePen
MoveToEx
LineTo
CreateCompatibleBitmap
SaveDC
CreateSolidBrush
GetStockObject
Rectangle
RestoreDC
GetDeviceCaps
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SelectPalette
RealizePalette
GetObjectA

kernel32

lstrcmpiA
GetFileSize
SetFileTime
LocalFileTimeToFileTime
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetStdHandle
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
ExitProcess
HeapCreate
GetLocalTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
GlobalHandle
GlobalCompact
GlobalReAlloc
GetCurrentDirectoryA
_llseek
FileTimeToLocalFileTime
lstrcmpA
FlushFileBuffers
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
MoveFileExA
GetPrivateProfileStringA
GetTickCount
GetModuleFileNameA
lstrcpyA
IsDBCSLeadByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersion
GlobalFree
GlobalUnlock
FreeResource
_lclose
_hwrite
OpenFile
lstrcatA
GetWindowsDirectoryA
GlobalLock
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
GetSystemInfo
SetErrorMode
GetLastError
Sleep
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
FindFirstFileA
lstrlenA
WinExec
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetProfileSectionA
WriteProfileStringA
WritePrivateProfileSectionA
WriteProfileSectionA
GetSystemDirectoryA
CreateFileA
FileTimeToDosDateTime
GetCurrentThread
GetFileTime
_lwrite
_lread
DosDateTimeToFileTime
CloseHandle
GetCurrentProcess
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
MoveFileA
GetFileAttributesA
RemoveDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetDiskFreeSpaceA
CreateDirectoryA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

RegCloseKey
RegDeleteValueA
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
RegEnumValueA
RegConnectRegistryA
InitializeSecurityDescriptor
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
AllocateAndInitializeSid
SetSecurityDescriptorOwner
RegCreateKeyExA
FreeSid

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDList

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0883292b6a01b17b1e447f424e6ddf51

Headers

File Characteristics

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

c6b6d156385e9ecd31855031c2252ce9

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 106KB

.bss Size: - Virtual size: 11KB

.rdata Size: 512B - Virtual size: 225B

.data Size: 17KB - Virtual size: 17KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 289B

.rsrc Size: 1024B - Virtual size: 728B

.reloc Size: 9KB - Virtual size: 8KB

ea5bb8d6dbc2c02684ad43ebbbaadb51

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 44KB

.data Size: 9KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 29KB - Virtual size: 32KB

.reloc Size: 2KB - Virtual size: 4KB

e5099e54339280e630d21169dff8d312

Headers

File Characteristics

Imports

ole32

advapi32

kernel32

wsock32

gdi32

user32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 92KB

.data Size: 61KB - Virtual size: 80KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 8KB

.edata Size: 3KB - Virtual size: 4KB

.rsrc Size: 166KB - Virtual size: 168KB

.reloc Size: 6KB - Virtual size: 8KB

ee47e05430554b64112645cf7847420e

Headers

File Characteristics

Imports

kernel32

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 107KB - Virtual size: 106KB

.bss
Size: - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 225B

.data
Size: 17KB - Virtual size: 17KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 289B

.rsrc
Size: 1024B - Virtual size: 728B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 41KB - Virtual size: 44KB

.data
Size: 9KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 29KB - Virtual size: 32KB

.reloc
Size: 2KB - Virtual size: 4KB

.text
Size: 88KB - Virtual size: 92KB

.data
Size: 61KB - Virtual size: 80KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 8KB

.edata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 166KB - Virtual size: 168KB

.reloc
Size: 6KB - Virtual size: 8KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 38KB - Virtual size: 40KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 40KB - Virtual size: 39KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 32KB - Virtual size: 29KB

.reloc
Size: 8KB - Virtual size: 7KB