41732d8c77c20dfffe0b147caa376089_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

41732d8c77c20dfffe0b147caa376089_JaffaCakes118
Size

2.3MB
MD5

41732d8c77c20dfffe0b147caa376089
SHA1

04d5519d18811d8b7a1adf8c7e2506e4b77be7d7
SHA256

01c4a41e47df92563be75ffcd1abd3878010d3d34257c1b0893862ec1cbf16cc
SHA512

2a3cdaf59e95ff367ebd1daa2bd3d4cc9d093e8e97e8b00a2a598a0e620421183231000a0deb0df5359400d8bd2169c1c5e9784b58138e327dd29f54ce200b91
SSDEEP

49152:64cuLtR+zerU435LwCwCWXen01Q6//6g4cfkkEBINVEHDVlmX:6jEuirxwJCWn/6kfkiAbmX

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
41732d8c77c20dfffe0b147caa376089_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/SysMon.dll
unpack001/SysMon.exe
unpack001/SysMonFTPUploader.exe
unpack001/SysMonSMTPSender.exe
unpack001/SysMonScrCap.exe
unpack001/SysMonUninstaller.exe
unpack001/xcacls.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

41732d8c77c20dfffe0b147caa376089_JaffaCakes118
.exe windows:4 windows x86 arch:x86

48815f256b99e9e5b31546e652c07562

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
CheckDlgButton
SetCursor
LoadCursorA
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Logs/SysMonAggregatedLog.xsl
.xml
Logs/SysMonAllDaySysMonApplications.xsl
.xml
Logs/SysMonAllDaySysMonClipboardMonitor.xsl
.xml
Logs/SysMonAllDaySysMonFileMonitor.xsl
.xml
Logs/SysMonAllDaySysMonKeyLogger.xsl
.xml
Logs/SysMonAllDaySysMonLogonLogoff.xsl
.xml
Logs/SysMonAllDaySysMonMessenger.xsl
.xml
Logs/SysMonAllDaySysMonPrinterMonitor.xsl
.xml
Logs/SysMonAllDaySysMonScreenShot.xsl
.xml
Logs/SysMonAllDaySysMonWeb.xsl
.xml
Logs/SysMonApplications.xsl
.xml
Logs/SysMonClipboardMonitor.xsl
.xml
Logs/SysMonFileMonitor.xsl
.xml
Logs/SysMonGlobalLog.xsl
.xml
Logs/SysMonKeyLogger.xsl
.xml
Logs/SysMonKeybk.bmp
Logs/SysMonLogonLogoff.xsl
.xml
Logs/SysMonMessenger.xsl
.xml
Logs/SysMonPrinterMonitor.xsl
.xml
Logs/SysMonScreenShot.xsl
.xml
Logs/SysMonWeb.xsl
.xml
Logs/TestEmail.xml
.xml
Logs/TestReport.xml
.xml
SysMon.dll
.dll windows:4 windows x86 arch:x86

fa587d8a53143c15b39210826cc87bc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\ask 4.5\ASK_DLL\ASK\Release\ASK.pdb

Imports

winspool.drv

DocumentPropertiesA
EnumJobsA
OpenPrinterA
ClosePrinter

user32

DestroyMenu
ShowWindow
IsWindowVisible
LoadIconA
wsprintfA
CharUpperA
EqualRect
CopyRect
GetKeyState
GetWindowLongA
EnumChildWindows
OpenClipboard
GetClipboardData
CloseClipboard
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
GetAsyncKeyState
GetCursorPos
GetForegroundWindow
GetWindowThreadProcessId
SendMessageA
FindWindowA
RegisterWindowMessageA
SendMessageTimeoutA
EnumWindows
GetClassNameA
GetWindowTextA
FindWindowExA
GetWindow
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetActiveWindow
CallNextHookEx
SetWindowsHookExA
SetCursor
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetSystemMetrics
UnhookWindowsHookEx
UnregisterClassA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorA
SetWindowTextA
PtInRect
GetWindowRect
GetDlgCtrlID
ClientToScreen
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongA
CallWindowProcA
DefWindowProcA
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenu

kernel32

SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileSize
GetFileTime
GetModuleHandleA
GlobalDeleteAtom
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
WaitForSingleObject
GlobalAddAtomA
GetCurrentProcessId
DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GetModuleFileNameW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
InterlockedIncrement
GlobalGetAtomNameA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GetVersionExA
lstrcmpW
SystemTimeToFileTime
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
SetStdHandle
GetFileType
ExitProcess
HeapSize
GetACP
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GlobalFree
GlobalAlloc
FormatMessageA
RaiseException
LocalFree
LocalAlloc
VerLanguageNameA
lstrcpynA
GetModuleFileNameA
IsBadReadPtr
IsBadWritePtr
GetDriveTypeA
lstrlenW
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
FindNextFileA
FindClose
lstrlenA
CreateFileA
ReadDirectoryChangesW
ReadProcessMemory
OpenProcess
CloseHandle
FindFirstFileA
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetLastError
GetExitCodeThread
TerminateThread
InterlockedDecrement
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
WideCharToMultiByte
LoadResource
LockResource
CreateFileW
SizeofResource
FindResourceA
InterlockedCompareExchange
GlobalFindAtomA

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
GetDeviceCaps

comdlg32

GetFileTitleA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathFileExistsA
PathRemoveFileSpecA
PathStripToRootA
PathIsRelativeA
PathAppendA

ole32

CoInitialize
CoUninitialize

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString

ws2_32

WSACleanup
WSAStartup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

rdl

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SysMon.exe
.exe windows:4 windows x86 arch:x86

5fea5f733090e7a72f70c5d7bb3b0c4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedDecrement
ReleaseMutex
GetFileType
SetStdHandle
GetProfileStringA
GetLastError
CreateMutexA
GetProcAddress
LoadLibraryA
GetModuleHandleA
FindFirstFileA
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
FindClose
FindNextFileA
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
CloseHandle
LocalFree
FormatMessageA
LoadResource
FindResourceA
LockResource
GlobalFree
HeapAlloc
HeapFree
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
IsBadReadPtr
IsBadWritePtr
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
GetFileAttributesA
GetThreadLocale
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
SetLastError
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GlobalUnlock
GetCurrentThreadId

user32

GetSysColorBrush
LoadStringA
InflateRect
GetDesktopWindow
CharNextA
CharUpperA
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
BeginPaint
GetWindowDC
ReleaseDC
wvsprintfA
MapWindowPoints
AdjustWindowRectEx
ScreenToClient
IsChild
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
IntersectRect
PostThreadMessageA
GetWindowPlacement
MapDialogRect
SetWindowContextHelpId
ShowWindow
MoveWindow
GetDlgCtrlID
GetWindowTextLengthA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
GetMenuState
SetRect
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
SetActiveWindow
GetClassNameA
GetWindowTextA
AttachThreadInput
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageA
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
PostQuitMessage
GetNextDlgGroupItem
ReleaseCapture
RegisterClipboardFormatA
SystemParametersInfoA
MessageBeep
SetWindowRgn
GetDC
GetCapture
GetCursorPos
WindowFromPoint
DrawEdge
OffsetRect
DrawFocusRect
GetSysColor
IsWindowVisible
BeginDeferWindowPos
EndDeferWindowPos
DefDlgProcA
IsWindowUnicode
GetWindowThreadProcessId
GetForegroundWindow
SetFocus
GetTopWindow
PostMessageA
SetForegroundWindow
BringWindowToTop
FindWindowA
LoadIconA
SetWindowLongA
GetWindowLongA
SendMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetParent
EnableWindow
LoadImageA
InvalidateRect
IsWindow
SetCursor
LoadCursorA
CreatePopupMenu
AppendMenuA
GetWindowRect
PtInRect
ClientToScreen
SetWindowPos
CopyRect
EqualRect
KillTimer
GetWindow
SetTimer
UpdateWindow
ModifyMenuA
CopyAcceleratorTableA
LoadBitmapA
DeferWindowPos
EndPaint

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
IntersectClipRect
OffsetViewportOrgEx
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
GetTextColor
GetBkColor
GetMapMode
DPtoLP
LPtoDP
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetPixel
CreateRectRgn
CombineRgn
SelectClipRgn
CreateCompatibleBitmap
DeleteDC
GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
StretchBlt
GetObjectA
CreateDIBitmap
GetTextExtentPointA
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
GetUserNameA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_GetImageCount
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_LoadImageA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoUninitialize
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoInitializeSecurity
CoCreateInstance

olepro32

ord253

oleaut32

VariantChangeType
VariantCopy
SysFreeString
SysAllocString
VariantInit
SysAllocStringLen
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringLen
VariantClear

wininet

InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SysMonFTPUploader.exe
.exe windows:4 windows x86 arch:x86

11f9b7db3411d24cfe05d4215cc16b2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
GetLastError
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LoadLibraryA
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
SetLastError
FreeLibrary
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetEnvironmentStrings
GetCurrentThreadId

user32

AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SetWindowTextA
ShowWindow
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
LoadStringA
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
CopyRect
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
UnregisterClassA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetObjectA
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetBkColor
SetTextColor
GetClipBox
GetStockObject
SelectObject
RestoreDC
SaveDC
CreateBitmap
DeleteDC

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

comctl32

ord17

wsock32

WSAStartup
WSACleanup

wininet

FtpCreateDirectoryA
FtpPutFileA
InternetConnectA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SysMonHelp.chm
.chm
SysMonSMTPSender.exe
.exe windows:4 windows x86 arch:x86

ae3c3b91e8663af46c6a4d32bcf03911

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
LCMapStringW
GetStdHandle
GetStringTypeA
GetStringTypeW
Sleep
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalDeleteAtom
GetModuleHandleA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
CreateEventA
RaiseException
GetTickCount
GetLocalTime
GetACP
GetThreadLocale
CompareStringW
CompareStringA
lstrlenW
GetOverlappedResult
GetVersion
InterlockedExchange
GetTimeZoneInformation
WriteFile
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
lstrlenA
lstrcpynA
FormatMessageA
LocalFree
WideCharToMultiByte
SetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
FreeLibrary
LoadLibraryA
LCMapStringA
GetProcAddress

user32

GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
DestroyWindow
IsWindow
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CopyRect
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
SendMessageA
UnregisterClassA
GetSysColorBrush
LoadCursorA
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetDlgItem

gdi32

SetMapMode
DeleteObject
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
RestoreDC
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SaveDC
ExtTextOutA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ScaleViewportExtEx
GetDeviceCaps

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shlwapi

PathFindExtensionA
PathFindFileNameA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
VariantClear

ws2_32

closesocket
WSAGetLastError
gethostname
socket
connect
send
recv
select
bind
gethostbyname
inet_addr
htons
WSACleanup
WSAStartup
shutdown
freeaddrinfo
getaddrinfo
WSACloseEvent
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSACreateEvent
WSASocketA

secur32

DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
CompleteAuthToken
InitializeSecurityContextA

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

dnsapi

DnsRecordListFree
DnsQuery_A

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SysMonScrCap.exe
.exe windows:4 windows x86 arch:x86

2c3ec3163cf4b39b8eeb4260c7867741

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
GetStartupInfoA
ExitProcess
HeapAlloc
HeapFree
RaiseException
TerminateProcess
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
WritePrivateProfileStringA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
LocalFree
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
GetProcAddress
SetLastError
GetCommandLineA
GlobalSize
GlobalAlloc
GlobalReAlloc
GetFileType
GlobalFree

user32

PostQuitMessage
SetCursor
IsWindowEnabled
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
EndDialog
SetWindowTextA
ShowWindow
GetClassNameA
PtInRect
LoadStringA
LoadCursorA
GetSysColorBrush
DestroyMenu
CharUpperA
PostMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
GetTopWindow
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetActiveWindow
MessageBoxA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
GetForegroundWindow
GetDC
ReleaseDC
GetDesktopWindow
GetWindowRect
GetDlgCtrlID
UnregisterClassA

gdi32

SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateCompatibleDC
SelectObject
SaveDC
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
RestoreDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetSystemPaletteEntries
DeleteDC
GetStockObject
GetObjectA
SelectPalette
RealizePalette
CreatePalette
GetDIBits

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SysMonUninstaller.exe
.exe windows:4 windows x86 arch:x86

996f6025ab2d64a5322a23c43fa7423a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GlobalSize
CopyFileA
RtlUnwind
GetStartupInfoA
ExitProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FatalAppExitA
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
SetFileTime
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
SystemTimeToFileTime
GetProfileStringA
LocalFileTimeToFileTime
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
lstrlenW
GetShortPathNameA
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
FindNextFileA
FindFirstFileA
FindClose
MulDiv
SetLastError
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
FormatMessageA
LocalFree
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetModuleHandleA
Module32First
Module32Next
DeleteFileA
RemoveDirectoryA
Sleep
CreateToolhelp32Snapshot
Process32Next
OpenProcess
TerminateProcess
CloseHandle
LoadLibraryA
GetProcAddress
CreateMutexA
GetLastError
ReleaseMutex
GetStdHandle
GetCommandLineA

user32

GetDialogBaseUnits
CharNextA
CopyAcceleratorTableA
SetRect
MessageBeep
DestroyMenu
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
CharUpperA
RegisterClipboardFormatA
AppendMenuA
RemoveMenu
PostThreadMessageA
DestroyIcon
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
LoadStringA
GetClassNameA
CharToOemA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
PostQuitMessage
GetParent
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
LoadBitmapA
SetWindowRgn
GetDC
GetCapture
GetCursorPos
WindowFromPoint
DrawEdge
OffsetRect
DrawFocusRect
SetCursor
GetSysColor
LoadCursorA
EqualRect
CopyRect
MessageBoxA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
SetForegroundWindow
IsWindow
InvalidateRect
LoadImageA
RedrawWindow
EnableWindow
PostMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
GetWindowLongA
SetWindowLongA
GetSysColorBrush
GetMenuStringA
DeleteMenu
InsertMenuA
GetDlgItem
PtInRect
LoadIconA
FindWindowA
BringWindowToTop
GetWindowThreadProcessId
GetDesktopWindow
WaitMessage
SetCapture
InflateRect
wvsprintfA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
SetFocus
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
OemToCharA
ShowScrollBar
SetScrollInfo

gdi32

SetBkColor
StartDocA
SaveDC
RestoreDC
GetStockObject
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
SetTextColor
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
PatBlt
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectA
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
CopyMetaFileA
CreateDCA
GetClipBox
GetDCOrgEx
CreateBitmap
GetPixel
CreateRectRgn
CombineRgn
SelectClipRgn
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
SelectObject
BitBlt
StretchBlt
GetObjectA
PolyBezierTo
CreateDIBitmap
GetTextExtentPointA
DeleteObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
ExtractIconA

comctl32

_TrackMouseEvent
ord17

oledlg

ord8

ole32

CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoFreeUnusedLibraries
ReleaseStgMedium
OleInitialize
CoDisconnectObject
OleRun
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleUninitialize

olepro32

ord253

oleaut32

SysFreeString
LoadTypeLi
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysReAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SysAllocStringByteLen
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysStringLen

Sections

.text
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xcacls.exe
.exe windows:5 windows x86 arch:x86

e415cc352b7172f591cdc3f7e08c0c5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
CloseHandle
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
FormatMessageW
GetLastError
LocalAlloc
LocalFree
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
Sleep
LoadLibraryA
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
FlushFileBuffers
LCMapStringA
LCMapStringW
RtlUnwind
VirtualQuery
SetFilePointer
SetStdHandle
VirtualProtect
GetSystemInfo
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
ReadFile
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime

advapi32

EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
GetSecurityDescriptorDacl
FreeSid
GetSidIdentifierAuthority
AllocateAndInitializeSid
LookupAccountSidW
LookupAccountNameW
GetLengthSid
InitializeAcl
AddAce

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48815f256b99e9e5b31546e652c07562

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 152KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

fa587d8a53143c15b39210826cc87bc8

Headers

File Characteristics

PDB Paths

Imports

winspool.drv

user32

kernel32

gdi32

comdlg32

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

version

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 12KB - Virtual size: 30KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 36KB - Virtual size: 32KB

5fea5f733090e7a72f70c5d7bb3b0c4e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 152KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 12KB - Virtual size: 30KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 36KB - Virtual size: 32KB

.text
Size: 340KB - Virtual size: 336KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 140KB - Virtual size: 139KB

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 20KB - Virtual size: 16KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 31KB

.rsrc
Size: 12KB - Virtual size: 11KB