3d2d3e2b9e5d4cfb27bb9e6d4f2a1cf3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d2d3e2b9e5d4cfb27bb9e6d4f2a1cf3_JaffaCakes118
Size

957KB
MD5

3d2d3e2b9e5d4cfb27bb9e6d4f2a1cf3
SHA1

9b947db9ad61f78835abf910bdaea3817970721b
SHA256

42dd7aa099f311eb3809964b398833e5ffe08a0d3fa8aaa33abc33e3a026ef17
SHA512

7379809e72543840d0aaf2afa9559e5cfdef34922014719d1d09937aa75f578d6e73de05d9a55cc2398069c7f3f5dfa5e7510a26da165fc392232481cea7825d
SSDEEP

24576:SiEf2FMR2TFbrLAgF8V/an4cn8o8VpbIn:vnFMqpuVS4cnFw5S

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/360Safe_2.00(1.0.1.1037)/360Safe/uninst.exe	upx
static1/unpack001/360Safe_2.00(1.0.1.1037)/360Safe/修复工具.exe	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/360Safe.exe
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/360rpt.exe
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/AntiActi.dll
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/AntiAdwa.dll
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/AntiEng.dll
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/CleanHis.dll
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/LeakCheck.dll
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/kabaload.exe
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/live.dll
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/rptup.dll
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/safelive.exe
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/uninst.exe
unpack002/out.upx
unpack001/360Safe_2.00(1.0.1.1037)/360Safe/修复工具.exe
unpack003/out.upx

Files

3d2d3e2b9e5d4cfb27bb9e6d4f2a1cf3_JaffaCakes118
.rar
360Safe_2.00(1.0.1.1037)/360Safe/360Safe.exe
.exe windows:4 windows x86 arch:x86

4fc2b33fff0b701a0295730c34bfa5e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord804
ord4267
ord4284
ord3089
ord3573
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord6442
ord4853
ord3698
ord765
ord2370
ord2302
ord6334
ord324
ord4234
ord4710
ord4476
ord3880
ord3425
ord3054
ord5934
ord3810
ord537
ord2642
ord928
ord2645
ord2860
ord6907
ord823
ord6453
ord3708
ord781
ord5981
ord3092
ord2111
ord6199
ord941
ord6134
ord1768
ord3920
ord6880
ord2582
ord4402
ord3370
ord3640
ord693
ord539
ord6877
ord665
ord1979
ord6385
ord3873
ord5186
ord354
ord2108
ord4243
ord6242
ord6696
ord5572
ord2915
ord5678
ord3693
ord5788
ord5787
ord283
ord2450
ord6762
ord3302
ord6172
ord3293
ord3910
ord5148
ord5873
ord3729
ord2405
ord535
ord6605
ord1175
ord939
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord4124
ord861
ord1232
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord4133
ord4297
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord2119
ord6785
ord922
ord924
ord926
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord3286
ord2080
ord6007
ord2813
ord472
ord4400
ord3630
ord682
ord2408
ord3301
ord3337
ord3811
ord538
ord3721
ord795
ord2116
ord6888
ord6675
ord4406
ord2754
ord5789
ord2380
ord2099
ord1146
ord6197
ord2864
ord470
ord2753
ord755
ord3996
ord3998
ord2100
ord2096
ord2862
ord384
ord818
ord686
ord3742
ord4407
ord2614
ord858
ord1576
ord2818
ord860
ord2725
ord1134
ord1205
ord2621
ord6438
ord6215
ord815
ord561
ord3738
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2078
ord3874
ord5875
ord323
ord2859
ord1640
ord1641
ord5785
ord640
ord2122
ord540
ord4160
ord800
ord2379
ord4275
ord1793
ord2414
ord3663
ord3626
ord825
ord567
ord556
ord1168
ord609
ord809
ord3572
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2574
ord3619
ord3571
ord3574
ord4299
ord2575

msvcrt

_controlfp
__set_app_type
_setmbcp
__CxxFrameHandler
strrchr
strchr
_stricmp
_snprintf
free
malloc
_except_handler3
fclose
fprintf
fseek
_strnicmp
fgets
rewind
fopen
fwrite
rand
srand
time
_mbsstr
_ftol
strstr
isalpha
isspace
_mbscmp
atoi
strtok
strncpy
sprintf
wcsncpy
wcslen
_strlwr
strncat
_beginthreadex
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
isdigit

kernel32

LoadResource
LockResource
GetCurrentProcess
CopyFileA
MoveFileExA
GetSystemDirectoryA
GetWindowsDirectoryA
SetFileAttributesA
GetEnvironmentVariableA
FindFirstFileA
SizeofResource
GetVersionExA
GetShortPathNameA
FreeLibrary
LoadLibraryA
GetProcAddress
DeleteFileA
CreateMutexA
GetLastError
GetModuleFileNameA
CloseHandle
CreateToolhelp32Snapshot
GetStartupInfoA
FindResourceA
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
WaitForSingleObject
CreateThread
GetTickCount
ReadFile
GetFileSize
CreateFileA
WideCharToMultiByte
lstrlenW
LoadLibraryExA
SetErrorMode
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcmpA
FlushInstructionCache
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
DeviceIoControl
Sleep
WinExec
WriteFile
GetLocalTime
GetPrivateProfileStringA
GetPrivateProfileIntA
OutputDebugStringA
WritePrivateProfileStringA
MulDiv
CreateDirectoryA
GetPrivateProfileSectionA
IsBadReadPtr
GetTempPathA
GetModuleHandleA
TerminateProcess
OpenProcess
GetProcessHeap
FindClose
Process32First
Process32Next

user32

TranslateMessage
DispatchMessageA
PeekMessageA
GetSystemMetrics
ScreenToClient
DestroyIcon
SetFocus
GetDC
BeginPaint
EndPaint
GetDlgItem
GetSysColor
CallWindowProcA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
RegisterClassExA
MoveWindow
CreateWindowExA
LoadStringA
LoadCursorA
SetCursor
GetWindowLongA
SetWindowLongA
OffsetRect
FillRect
DrawTextA
SetWindowTextA
DrawIconEx
SystemParametersInfoA
FrameRect
GetWindowDC
ReleaseDC
KillTimer
LoadBitmapA
InvalidateRgn
SetTimer
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ExitWindowsEx
wsprintfA
IsWindow
PtInRect
GetParent
PostMessageA
FindWindowA
ShowWindow
SetForegroundWindow
UpdateWindow
SetWindowRgn
SetRect
MessageBoxExA
GrayStringA
TabbedTextOutA
LoadMenuA
GetSubMenu
EnableWindow
InvalidateRect
CopyRect
GetClientRect
SendMessageA
SetCapture
LoadIconA
CharNextA
IsWindowVisible
EqualRect
SetClassLongA
GetWindowTextLengthA
GetWindowRect
GetWindowTextA
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
DestroyWindow
GetClassNameA
SetWindowPos
GetFocus
IsChild
DrawFrameControl
GetWindow

gdi32

CreateRoundRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetStockObject
GetDeviceCaps
DeleteDC
GetTextColor
CreatePen
Rectangle
GetTextExtentPoint32A
CreateSolidBrush
CreateFontA
GetObjectA
SelectObject
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
RoundRect

comdlg32

GetSaveFileNameA

advapi32

CloseServiceHandle
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
QueryServiceStatus
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
ControlService
AdjustTokenPrivileges
StartServiceA
RegEnumValueA
RegOpenKeyExA
RegFlushKey
RegEnumKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA
SHGetFileInfoA

comctl32

ImageList_Draw
ImageList_GetIconSize
_TrackMouseEvent
ImageList_ReplaceIcon

ole32

CreateStreamOnHGlobal
OleInitialize
OleLockRunning
CoCreateGuid
CoGetMalloc
CoCreateInstance
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
OleUninitialize
CoTaskMemAlloc
CoUninitialize

olepro32

ord253
ord251

oleaut32

SysFreeString
SysAllocString
VariantClear
LoadRegTypeLi
SysAllocStringLen
SysStringLen

urlmon

URLDownloadToFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathAppendA
PathFileExistsA
StrStrIA
SHDeleteKeyA
SHDeleteValueA
SHGetValueA
SHSetValueA

wininet

HttpAddRequestHeadersA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetOpenA
InternetReadFile
InternetGetConnectedState

ws2_32

htons
WSCDeinstallProvider
WSAStartup
WSACleanup
htonl

netapi32

Netbios

Sections

.text
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/360rpt.exe
.exe windows:4 windows x86 arch:x86

fc21e85d72e2e9b84fb3c08ae189466f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIA

mfc42

ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3572
ord809
ord609
ord1168
ord556
ord567
ord825
ord3663
ord3626
ord2414
ord1793
ord4275
ord2379
ord800
ord4160
ord540
ord2122
ord640
ord5785
ord1641
ord1640
ord2859
ord323
ord5875
ord3874
ord2078
ord3573
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3259
ord1146
ord641
ord6199
ord2754
ord823
ord6197
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord1576
ord5714
ord4622
ord3738
ord561
ord815
ord765
ord795
ord2621
ord1134
ord2725
ord3721
ord3698
ord2302
ord755
ord470
ord4299
ord6215
ord2818
ord537
ord535
ord860
ord4853
ord6453
ord324
ord4234
ord4710
ord6442
ord5787
ord472
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2574
ord3619
ord3571
ord3574
ord2575
ord3597
ord5289

msvcrt

_controlfp
_except_handler3
__set_app_type
_setmbcp
__p__commode
__CxxFrameHandler
_snprintf
strrchr
_ftol
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__fmode

kernel32

GetStartupInfoA
GetModuleHandleA
GetCommandLineA
CloseHandle
GetLastError
CreateMutexA
CreateThread
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary

user32

DrawIconEx
GetWindowRect
PtInRect
PostMessageA
IsIconic
GetSystemMetrics
DrawIcon
FindWindowA
SetWindowPos
SetForegroundWindow
LoadIconA
EnableWindow
InvalidateRect
CopyRect
GetClientRect
SendMessageA
LoadBitmapA

gdi32

Rectangle
CreateSolidBrush
CreateFontA
GetObjectA
SelectObject
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject

comctl32

_TrackMouseEvent

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/AntiActi.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2975368cb51bd6034ea6a0ba8e400275

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
OpenFile
GetModuleFileNameA
CloseHandle

msvcrt

fclose
fread
??2@YAPAXI@Z
ftell
fseek
fopen
sprintf
??3@YAXPAX@Z
free
malloc
__dllonexit
_onexit
_initterm
_adjust_fdiv

shlwapi

SHGetValueA
SHDeleteValueA
SHSetValueA
PathFindFileNameA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

DllRegisterServer
DllUnregisterServer
ExecuteAxIMM
GetAxIMMCount
GetAxIMMList
InitAxIMM
UnInitAxIMM

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 959B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/AntiAdwa.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2ad4520dd3a2595e90df4efedfa0e4cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
GetTempFileNameA
GetTickCount
GetTempPathA
DebugBreak
OutputDebugStringA
FreeLibrary
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
LockResource
SizeofResource
LoadResource
FindResourceA
MoveFileExA
WaitForSingleObject
CreateProcessA
GetEnvironmentVariableA
FindNextFileA
SearchPathA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
lstrcpynA
WritePrivateProfileStringA
CreateDirectoryA
MultiByteToWideChar
FindClose
SetFileAttributesA
GetLocalTime
InterlockedIncrement
SetFilePointer
WriteFile
GetShortPathNameA
GetCurrentProcessId
lstrlenA
RemoveDirectoryA
InterlockedDecrement
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
LocalFree
OpenFile
GetFileTime
CloseHandle
GetWindowsDirectoryA
GetSystemDirectoryA
DeleteFileA
InitializeCriticalSection
GetLastError
WideCharToMultiByte

user32

LoadStringA
SendMessageA
IsWindow
wvsprintfA
CharNextA

advapi32

SetNamedSecurityInfoA
QueryServiceStatus
ControlService
DeleteService
RegOpenKeyA
RegCloseKey
GetUserNameA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetExplicitEntriesFromAclA
DeleteAce
OpenServiceA
OpenSCManagerA
RegEnumKeyA
CreateServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoGetMalloc
CoInitialize
StringFromCLSID
CLSIDFromString

oleaut32

SysAllocString
LoadRegTypeLi
SysStringLen
SysFreeString

shlwapi

SHGetValueA
SHDeleteKeyA
StrTrimA
StrStrIA
SHSetValueA
PathAppendA
PathIsDirectoryA
StrChrA
PathFileExistsA
SHDeleteValueA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

__dllonexit
fseek
fprintf
realloc
_strnicmp
_except_handler3
fopen
fwrite
fclose
_mbslwr
srand
rand
_ismbcdigit
wcslen
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
_mbsstr
memmove
strncpy
strchr
_stricmp
??2@YAPAXI@Z
malloc
strrchr
free
__CxxFrameHandler
strtok
atoi
_snprintf
rewind
fgets
_purecall

ws2_32

WSCDeinstallProvider

Exports

Exports

AdLib_Debug
AdLib_Init
DllRegisterServer
DllUnregisterServer
KillAdware

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/AntiEng.dll
.dll windows:4 windows x86 arch:x86

15c1f4485efcd50666e05861384d8d35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
CloseHandle
GetCurrentProcess
TerminateProcess
OpenProcess
CreateProcessA
InterlockedIncrement
DebugBreak
OutputDebugStringA
GetFileTime
OpenFile
GetEnvironmentVariableA
FindNextFileA
LoadLibraryA
MultiByteToWideChar
SetFileAttributesA
WaitForSingleObject
WideCharToMultiByte
lstrlenW
GetTickCount
GetSystemTime
GlobalMemoryStatus
DeviceIoControl
CreateFileA
Sleep
ReadFile
GetFileSize
GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
ReadProcessMemory
UnmapViewOfFile
GetACP
MapViewOfFile
CreateFileMappingA
FlushFileBuffers
WriteFile
DeleteFileA
MoveFileExA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
SearchPathA
GetTempPathA
ExpandEnvironmentStringsA
VirtualQuery
GetModuleFileNameA
GetCurrentDirectoryA
GetLongPathNameA
GetShortPathNameA
FindFirstFileA
LocalFree
FindClose
GetFileAttributesA
GetVersionExA
GetWindowsDirectoryA
lstrlenA
GetSystemDirectoryA
InterlockedDecrement
GetLastError

user32

IsWindow
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
CharLowerA
wsprintfA
LoadStringA
wvsprintfA
CharNextA

advapi32

OpenProcessToken
GetExplicitEntriesFromAclA
DeleteAce
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegEnumValueA
RegFlushKey
RegOpenKeyExA
GetUserNameA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
ControlService
QueryServiceStatus
OpenServiceA
DeleteService
SetNamedSecurityInfoA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetPathFromIDListA

ole32

CoGetMalloc
StringFromCLSID

shlwapi

SHEnumValueA
SHSetValueA
SHDeleteKeyA
StrStrIA
SHDeleteValueA
SHGetValueA

msvcrt

_lseek
__CxxFrameHandler
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
_ismbcspace
_mbsstr
strncmp
vsprintf
_strdup
memmove
strncat
_strlwr
_mbsnbcmp
isalnum
fputs
time
ctime
localtime
_mbscmp
sprintf
_wcsicmp
fopen
rewind
fgets
_strnicmp
fseek
fprintf
fclose
_except_handler3
atoi
_ismbcdigit
wcslen
atol
_stricmp
_read
_close
_tell
_snprintf
??2@YAPAXI@Z
strrchr
strchr
strncpy
strstr
_mbsnbcpy
free
malloc
_open

ws2_32

WSCGetProviderPath
WSCEnumProtocols

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetReadFile
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA

netapi32

Netbios

Exports

Exports

ADDebug
EngCount
EngGetGroup
EngGetNext
EngGetReport
EngInit
EngLoad
EngPost
EngRemove

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/CleanHis.dll
.dll regsvr32 windows:4 windows x86 arch:x86

66ab4648b0f36a193053f1b73f5a8113

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetSystemDirectoryA
GetShortPathNameA
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
FindNextFileA
GetCurrentProcess
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
WritePrivateProfileSectionA
FindFirstFileA
FindClose
GetVersionExA

user32

EmptyClipboard
OpenClipboard
CloseClipboard

advapi32

RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
RegGetKeySecurity
RegCloseKey
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegQueryValueExA
GetUserNameA
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcrt

_initterm
_adjust_fdiv
malloc
free
_mbslwr
_mbsstr
_snprintf
_stricmp
??2@YAPAXI@Z
strncpy
sprintf
??3@YAXPAX@Z

wininet

DeleteUrlCacheEntry
UnlockUrlCacheEntryFile
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

shlwapi

SHSetValueA
SHDeleteKeyA
SHGetValueA
PathAppendA
SHDeleteValueA
StrStrIA

Exports

Exports

DllRegisterServer
HSGetCmdCount
HSGetItem
HSPurgeHistory

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/LeakCheck.dll
.dll windows:4 windows x86 arch:x86

6c7a9a555d3ccb9274814fe4b460430a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
CreateFileA
InterlockedIncrement
InterlockedDecrement
lstrlenA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
lstrlenW
MultiByteToWideChar
GetShortPathNameA
SetFilePointer
GetModuleFileNameA
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDefaultUILanguage
WaitForSingleObject
GetLastError
GetExitCodeProcess
CreateProcessA
CreateThread
GetVersionExA
WideCharToMultiByte
lstrcmpiA
WriteFile
GetTempPathA
GetModuleHandleA
CloseHandle

user32

CharNextA
LoadStringA
PostMessageA
IsWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathAppendA
PathIsDirectoryA
PathFileExistsA
SHGetValueA
SHEnumKeyExA
SHEnumValueA

wininet

InternetReadFile
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetOpenA
InternetCloseHandle
HttpSendRequestA

msvcrt

_adjust_fdiv
_initterm
malloc
_mbschr
memmove
realloc
_itoa
printf
free
_purecall
??2@YAPAXI@Z
memcpy
_mbsrchr
_mbsicmp
_mbsstr
memset
atoi
__CxxFrameHandler
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/LibActi.dat
360Safe_2.00(1.0.1.1037)/360Safe/LibDefa.dat
360Safe_2.00(1.0.1.1037)/360Safe/LibRun.dat
360Safe_2.00(1.0.1.1037)/360Safe/LibSpywa.dat
360Safe_2.00(1.0.1.1037)/360Safe/LibSrv.dat
360Safe_2.00(1.0.1.1037)/360Safe/LibTask.dat
360Safe_2.00(1.0.1.1037)/360Safe/LibUp.ini
360Safe_2.00(1.0.1.1037)/360Safe/Libclsid.dat
360Safe_2.00(1.0.1.1037)/360Safe/WinSockLSP.reg
360Safe_2.00(1.0.1.1037)/360Safe/WinSockLSPIFSL.reg
360Safe_2.00(1.0.1.1037)/360Safe/kabaload.exe
.exe windows:4 windows x86 arch:x86

743616d65368784c380135cd318b70a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetSetFilePointer
HttpQueryInfoA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetOpenA

shlwapi

SHGetValueA
SHSetValueA

mfc42

ord4424
ord3619
ord809
ord1168
ord556
ord825
ord3663
ord3626
ord2414
ord1793
ord4275
ord2379
ord5290
ord800
ord4160
ord540
ord2122
ord3571
ord640
ord5785
ord1641
ord1640
ord2859
ord323
ord5875
ord3874
ord2078
ord2574
ord3402
ord3572
ord567
ord609
ord2818
ord823
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord4627
ord6199
ord2754
ord2645
ord860
ord6442
ord6215
ord2642
ord858
ord4234
ord537
ord1146
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord765
ord795
ord2725
ord3698
ord3721
ord2302
ord4710
ord755
ord470
ord4299
ord4853
ord1576
ord6453
ord535
ord6197
ord3742
ord818
ord2864
ord3573
ord324
ord6172
ord5787
ord472
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord641
ord5953

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
rename
_ftol
atoi
strrchr
_except_handler3
strcpy
strcat
strlen
_setmbcp
memset
__CxxFrameHandler
_snprintf

kernel32

GetFileSize
DeleteFileA
WriteFile
FindClose
FindFirstFileA
GetModuleHandleA
GetStartupInfoA
SetFilePointer
CreateMutexA
GetModuleFileNameA
MultiByteToWideChar
GetLastError
CreateFileA
CreateThread
CloseHandle

user32

LoadCursorA
PtInRect
GetWindowRect
DrawIconEx
SetCursor
ShowWindow
IsIconic
DrawIcon
LoadIconA
FindWindowA
PostMessageA
EqualRect
SetClassLongA
GetParent
GetWindowLongA
SetWindowPos
SetForegroundWindow
EnableWindow
InvalidateRect
CopyRect
GetClientRect
SendMessageA
LoadBitmapA
GetSystemMetrics

gdi32

CreateSolidBrush
Rectangle
GetStockObject
CreateFontA
GetObjectA
SelectObject
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateFontIndirectA

advapi32

RegOpenKeyA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/libleak.dat
360Safe_2.00(1.0.1.1037)/360Safe/links.ini
360Safe_2.00(1.0.1.1037)/360Safe/live.dll
.dll regsvr32 windows:4 windows x86 arch:x86

36b07169ccf84ac334a4296eab7cdc0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueW
SHGetValueW
StrStrIA
PathFileExistsA
SHDeleteValueA
SHGetValueA
SHSetValueA
SHDeleteKeyA

kernel32

lstrcatA
lstrcpyA
GetTempFileNameA
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
ReadFile
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
GetACP
GetCurrentProcess
CreateThread
SetEvent
WriteFile
WaitForMultipleObjects
ResetEvent
CreateEventA
DeviceIoControl
MoveFileExA
CopyFileA
CreateDirectoryA
GetEnvironmentVariableA
GetSystemTime
LoadLibraryExA
SetErrorMode
LockResource
SizeofResource
LoadResource
FindResourceA
lstrlenA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetShortPathNameA
GetModuleHandleA
lstrlenW
CloseHandle
GetLastError
CreateMutexA
GetTickCount
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetExitCodeThread
WaitForSingleObject
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
WinExec
InterlockedDecrement
LocalFree
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
HeapDestroy

user32

SetWindowLongA
SetWindowLongW
IsWindowUnicode
CallWindowProcA
IsWindow
CallWindowProcW
GetCapture
GetDC
GetMessagePos
GetSysColor
ReleaseDC
SetCapture
ReleaseCapture
LoadCursorA
SetCursor
BeginPaint
GetWindowTextA
GetClientRect
DrawTextA
EndPaint
GetDesktopWindow
ExitWindowsEx
SetDlgItemTextA
KillTimer
RemovePropA
GetDlgItem
EnableWindow
GetPropA
InvalidateRect
CheckDlgButton
IsDlgButtonChecked
EndDialog
SetPropA
GetWindowRect
ScreenToClient
SetTimer
LoadStringA
SetWindowTextA
DialogBoxParamA
SendMessageA
GetForegroundWindow
FindWindowA
SetForegroundWindow
ShowWindow
FindWindowExA
PostMessageA
wsprintfA
GetAncestor

gdi32

DeleteDC
GetObjectA
CreateFontIndirectA
GetPixel
SelectObject
SetTextColor
GetNearestColor
SetBkColor
CreateBitmap
Rectangle
CreateSolidBrush
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
BitBlt
DeleteObject

advapi32

RegOpenKeyExA
RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoTaskMemFree
StringFromCLSID
OleUninitialize
CoCreateInstance
StringFromIID
CoGetMalloc
OleInitialize

oleaut32

SysAllocString
SysFreeString
LoadTypeLi
RegisterTypeLi
VariantClear
SysStringLen
LoadRegTypeLi

urlmon

URLDownloadToFileA

msvcrt

time
sprintf
strncpy
strstr
_except_handler3
strchr
strrchr
sscanf
strcmp
free
__CxxFrameHandler
_beginthreadex
malloc
_mbsstr
strcpy
memset
strlen
_snprintf
wcslen
??2@YAPAXI@Z
memcpy
_purecall
memcmp
fclose
fseek
fopen
strcat
_ftol
memmove
atol
_mbscmp
_mbsnbcpy
_mbsnbcmp
_strlwr
strncat
_strnicmp
fgets
rewind
_CxxThrowException
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
fprintf
_stricmp
_itoa

wininet

HttpQueryInfoA
InternetSetStatusCallback
InternetCloseHandle
InternetCrackUrlA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetGetConnectedState
InternetReadFile

setupapi

SetupIterateCabinetA

netapi32

Netbios

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

Action
ActionEx
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IShareO
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/rptup.dll
.dll windows:4 windows x86 arch:x86

218025134308ac27fbb2d29988484d5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetModuleFileNameA
FindClose
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteFileA
GetPrivateProfileStringA
GetLastError
ReadFile
FileTimeToSystemTime
FileTimeToDosDateTime
SetFilePointer
GetFileInformationByHandle
GetFileType
DuplicateHandle
GetCurrentProcess
WriteFile
SystemTimeToFileTime
GetLocalTime

user32

PostMessageA

shlwapi

PathIsDirectoryA
PathFileExistsA

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpAddRequestHeadersA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetSetOptionA

msvcrt

_stricmp
_adjust_fdiv
_initterm
_onexit
__dllonexit
_tzset
mktime
_ftol
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr
malloc
free
_splitpath
_except_handler3
_mbsstr
__CxxFrameHandler
_snprintf

Exports

Exports

GetInfo
UpLoadFile
UpLoadFileEx

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/safelive.exe
.exe windows:4 windows x86 arch:x86

abc4290dcac27daaa9b57bbdcd5fb865

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
CreateMutexA
GetStartupInfoA
GetModuleHandleA
CloseHandle
GetLastError
GetModuleFileNameA
LoadLibraryA

user32

PostQuitMessage
DestroyWindow
SetTimer
DefWindowProcA
CreateWindowExA
TranslateMessage
DispatchMessageA
GetMessageA
RegisterClassExA

ole32

CoUninitialize
CoInitialize

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
_snprintf

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/uninst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/修复工具.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360Safe_2.00(1.0.1.1037)/360Safe/注册信息.html.url
.url
360Safe_2.00(1.0.1.1037)/360Safe/注册码.txt
360Safe_2.00(1.0.1.1037)/360Safe/落伍下载.html.url
.url

Sharing

General

Malware Config

Signatures

Files

4fc2b33fff0b701a0295730c34bfa5e4

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

urlmon

version

shlwapi

wininet

ws2_32

netapi32

Sections

.text Size: 324KB - Virtual size: 320KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 208KB - Virtual size: 205KB

fc21e85d72e2e9b84fb3c08ae189466f

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 40KB - Virtual size: 38KB

2975368cb51bd6034ea6a0ba8e400275

Headers

File Characteristics

Imports

kernel32

msvcrt

shlwapi

version

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 959B

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 4KB - Virtual size: 302B

2ad4520dd3a2595e90df4efedfa0e4cf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

msvcrt

ws2_32

Exports

Exports

.text
Size: 324KB - Virtual size: 320KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 208KB - Virtual size: 205KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 40KB - Virtual size: 38KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 959B

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 4KB - Virtual size: 302B

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 40KB - Virtual size: 51KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1014B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB