44bd4f3041a153611c3658d4822967d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44bd4f3041a153611c3658d4822967d1_JaffaCakes118
Size

889KB
MD5

44bd4f3041a153611c3658d4822967d1
SHA1

aa4861069267a3fe194f5ac2ae8e001e0ad2060c
SHA256

3f726f1fcb740df2706f279cc6ce7713b0b5f8bf1109d699df7f0e80b771998a
SHA512

8f85edc23b2eca5984efd871c2438457910ee2d259389d3c4ebcdad21e3c4c50aeddbcc533ef1b96ce12cd72d68ac01ad1820df2676f2fe30feb0a35dbada29b
SSDEEP

24576:BKuvqNLULy9G5LrNiSa8hN9rUqRpgZQfZgDh3FiiO:aNLyyUrNiSa8hNaqRmUZgDviiO

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/蛋疼转换下载工具v3.0/edown.dll
unpack001/蛋疼转换下载工具v3.0/zlib1.dll
unpack001/蛋疼转换下载工具v3.0/蛋疼转换下载3.0.exe

Files

44bd4f3041a153611c3658d4822967d1_JaffaCakes118
.rar
蛋疼转换下载工具v3.0/XLDownload.dll
.dll windows:4 windows x86 arch:x86

fe18c649bd176fc0b713a53b973ded56

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

26/05/2011, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ShenZhen Thunder Networking Technologies Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\svn\xl7_client\src\XLDownload\src\XLDownload\ProductRelease\XLDownload.pdb

Imports

setupapi

SetupIterateCabinetW

ws2_32

WSAAsyncGetHostByName
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncSelect
getpeername
ntohs
getsockname
htons
inet_addr
gethostbyname
socket
connect
send
closesocket
recv
WSACleanup
WSAStartup

iphlpapi

GetAdaptersInfo

zlib1

compress

kernel32

lstrlenW
DeleteFileW
MoveFileW
CloseHandle
CreateFileW
WriteFile
SetEndOfFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
GetCurrentProcessId
UnmapViewOfFile
WaitForSingleObject
MapViewOfFile
GetCurrentThreadId
CreateFileMappingW
CreateMutexW
WaitForMultipleObjects
SetEvent
CreateEventW
MultiByteToWideChar
lstrlenA
GetModuleHandleW
TerminateThread
FreeLibrary
RemoveDirectoryW
CopyFileW
CreateDirectoryW
GetProcAddress
SetCurrentDirectoryW
LoadLibraryW
VirtualQuery
GetTempPathW
GetTempFileNameW
GetModuleFileNameW
GetFullPathNameW
GetCurrentDirectoryW
GetVolumeInformationA
WritePrivateProfileStringA
GetSystemDirectoryA
GetPrivateProfileStringA
InterlockedIncrement
InterlockedDecrement
lstrcpyW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
GetModuleFileNameA
IsBadCodePtr
lstrcatA
CreateDirectoryA
GetFileAttributesA
lstrcpyA
DeviceIoControl
CreateFileA
SetPriorityClass
DeleteFileA
FindClose
FindNextFileA
ReadFile
GetFileSize
FindFirstFileA
WideCharToMultiByte
FindFirstFileW
SetLastError
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
ExitProcess
GetCommandLineA
ExitThread
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
FlushFileBuffers
InterlockedCompareExchange
GetProcessHeap
HeapFree
GetVersionExA
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
GetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsBadReadPtr
IsValidCodePage
GetLocaleInfoW
GetLastError
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsBadStringPtrW
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
SetStdHandle
RaiseException
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateThread
GetFileType
GetOEMCP

user32

CharNextW
RegisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DialogBoxParamW
SetCapture
MessageBoxW
EnableWindow
InvalidateRect
UpdateWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
DestroyMenu
GetDesktopWindow
GetDoubleClickTime
CreatePopupMenu
AppendMenuW
ModifyMenuW
GetCursorPos
TrackPopupMenu
CreateDialogParamW
CreateWindowExW
RegisterClassExW
InSendMessage
ReplyMessage
FindWindowExW
SendMessageTimeoutW
wsprintfW
GetClassInfoExW
IsWindow
KillTimer
SetTimer
DestroyWindow
FindWindowW
EndDialog
TrackMouseEvent
LoadCursorW
SetCursor
UnregisterClassW
DefWindowProcW
LoadImageW
GetDlgItem
ShowWindow
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
ScreenToClient
GetClientRect
GetWindowRect
MoveWindow
PostMessageW
SendMessageW
GetWindowLongW
SetWindowLongW
CallWindowProcW
SetForegroundWindow

gdi32

GetStockObject
SetBkMode
TextOutW
SetTextColor
StretchBlt
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject
GetObjectW
CreateFontIndirectW
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW

shell32

SHGetSpecialFolderPathA
SHGetFolderPathW
ShellExecuteExW
ord165
Shell_NotifyIconW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

SHRegGetPathW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
StrCpyNW
PathIsDirectoryW
PathRemoveFileSpecW
PathCombineW
PathFindFileNameA

msimg32

AlphaBlend

dbghelp

MakeSureDirectoryPathExists

Exports

Exports

XLContinueTask
XLContinueTaskFromTdFile
XLGetErrorMsg
XLInitDownloadEngine
XLPauseTask
XLQueryTaskInfo
XLStopTask
XLURLDownloadToFile
XLUninitDownloadEngine

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蛋疼转换下载工具v3.0/edown.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2b62a271ede3a0c06985f5292de4a5c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
MultiByteToWideChar
WideCharToMultiByte
LocalFree
LCMapStringW
LCMapStringA
RtlUnwind
IsBadCodePtr
LoadLibraryA
GetProcAddress
GetOEMCP
CreateProcessA
CloseHandle
Sleep
GlobalAlloc
GlobalLock
GetCPInfo
GetStringTypeW
GetStringTypeA
VirtualAlloc
SetUnhandledExceptionFilter
HeapSize
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
GlobalUnlock
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
GetACP
GetCommandLineA
GetVersion
RaiseException
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy

user32

WaitForInputIdle
IsWindow
SendMessageA
SetForegroundWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

oleaut32

VariantClear
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord15
ord57
ord21
ord23
ord58
ord30
ord16
ord18
ord32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蛋疼转换下载工具v3.0/edown_link.htm
.html .vbs polyglot
蛋疼转换下载工具v3.0/zlib1.dll
.dll windows:4 windows x86 arch:x86

e9b5d30fbeb84dc7dd0e2c36954e6d47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr71

sprintf
strerror
_errno
memchr
_vsnprintf
free
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_onexit
_initterm
malloc
_lseek
_open
_read
_close
_write

kernel32

DisableThreadLibraryCalls

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蛋疼转换下载工具v3.0/蛋疼转换下载3.0.exe
.exe windows:4 windows x86 arch:x86

c03017e795d0c2e6edb028afcdac2616

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame
AVIStreamInfoA

winmm

midiStreamStop
midiStreamClose
midiStreamRestart
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutReset
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA
midiOutUnprepareHeader

ws2_32

accept
getpeername
recv
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa

kernel32

GetVersion
SetSystemPowerState
TerminateThread
InterlockedIncrement
InterlockedDecrement
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetTimeZoneInformation
SetLastError
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
WideCharToMultiByte
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedExchange
LockFile

user32

LoadStringA
GetSysColorBrush
GetDesktopWindow
DrawStateA
FrameRect
GetNextDlgTabItem
FindWindowA
EnumChildWindows
GetClassNameA
DrawIcon
CallWindowProcA
RegisterWindowMessageA
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
ExitWindowsEx
GetForegroundWindow
GetWindowTextA
GetDlgItem
IsIconic
SetCapture
UnregisterClassA

gdi32

RoundRect
GetCurrentObject
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
GetPixel
GetTextExtentPoint32A
BitBlt
StartPage
DPtoLP
GetTextMetricsA
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CombineRgn
CreateRectRgn
FillRgn
PatBlt
CreatePen
SelectObject
CreatePatternBrush
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateDIBSection
CreateRectRgnIndirect
SetBkColor
TextOutA
SetBkMode
SetTextColor
SetDIBitsToDevice
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
GetDeviceCaps

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA

shell32

DragQueryFileA
Shell_NotifyIconA
ShellExecuteA

ole32

CLSIDFromProgID
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
OleInitialize

oleaut32

RegisterTypeLi
SafeArrayGetElement
VariantCopyInd
VariantInit
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
SafeArrayAccessData
SysAllocString
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear

comctl32

ord17
ImageList_Destroy
_TrackMouseEvent

wldap32

ord29

Sections

.text
Size: 608KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
蛋疼转换下载工具v3.0/蛋疼转换下载工具v3.0说明书.txt
蛋疼转换下载工具v3.0/飘荡软件.url
.url

Sharing

General

Malware Config

Signatures

Files

fe18c649bd176fc0b713a53b973ded56

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:deCertificate

Extended Key Usages

Key Usages

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1aCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

setupapi

ws2_32

iphlpapi

zlib1

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

dbghelp

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 228KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 17KB - Virtual size: 17KB

2b62a271ede3a0c06985f5292de4a5c5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

atl

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

e9b5d30fbeb84dc7dd0e2c36954e6d47

Headers

File Characteristics

Imports

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 100B

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 4KB - Virtual size: 940B

c03017e795d0c2e6edb028afcdac2616

Headers

File Characteristics

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:f4:37:cb:40:e7:c3:e6:b6:63:b3:e3:ba:45:2f:de
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

.text
Size: 229KB - Virtual size: 228KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 100B

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 4KB - Virtual size: 940B

.text
Size: 608KB - Virtual size: 605KB

.rdata
Size: 712KB - Virtual size: 710KB

.data
Size: 84KB - Virtual size: 327KB

.rsrc
Size: 28KB - Virtual size: 27KB