42cc76d30771e8b2f9fc794b04cd24f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42cc76d30771e8b2f9fc794b04cd24f9_JaffaCakes118
Size

2.9MB
MD5

42cc76d30771e8b2f9fc794b04cd24f9
SHA1

aa972add67597012e37d495d87b6bdae8146d8c2
SHA256

b1c7cd8011dfa09a645bf368e8c1731c4e3f858795abd5f78c4e3268622fdff0
SHA512

b23c043e80498bbbfe7af698bfced3d8dbc5db65ed92cf9540fcfe6737162a3902a9e921f0c4d5ebf72a8219ff353d0cc57de64dca4e3ae2a3a6688dea41d641
SSDEEP

49152:i1QOk9rFB0CNZV8VGDd/824ecqAUVGToShIfxB0NsjW8+8pxVIlDhsXb5LrEGQL6:iQOk9oCNZVwsd0hecqi8MNUWyWwWGEQ3

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/无线网络破解工具(EWSA)v4.0 简体中文破解版/msimg32.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/无线网络破解工具(EWSA)v4.0 简体中文破解版/EWSA.exe	upx
static1/unpack001/无线网络破解工具(EWSA)v4.0 简体中文破解版/msimg32.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/无线网络破解工具(EWSA)v4.0 简体中文破解版/msimg32.dll
unpack002/out.upx

Files

42cc76d30771e8b2f9fc794b04cd24f9_JaffaCakes118
.rar
无线网络破解工具(EWSA)v4.0 简体中文破解版/EWSA.chm
.chm
无线网络破解工具(EWSA)v4.0 简体中文破解版/EWSA.exe
.exe windows:5 windows x86 arch:x86

9b4bc03515884f701124a5d6fd0c3002

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:1e:55:1f:64:de:b7:cd:9e:59:5f:91:4b:d8:c6:59:b5:67:79:cc
Signer

Actual PE Digest

5b:1e:55:1f:64:de:b7:cd:9e:59:5f:91:4b:d8:c6:59:b5:67:79:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW

kernel32

GetLocaleInfoA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostThreadMessageW
MessageBoxA

gdi32

GetPolyFillMode

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

advapi32

GetFileSecurityW

shell32

ExtractIconW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW

oledlg

OleUIBusyW

ole32

OleRegGetMiscStatus

oleaut32

SafeArrayGetUBound

winmm

timeGetTime

wininet

InternetCloseHandle

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.UPX1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
无线网络破解工具(EWSA)v4.0 简体中文破解版/ewsaserv.dll
.dll windows:4 windows x86 arch:x86

49c4588754f14a64198917308a50e842

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:7a:a9:2d:00:49:e3:4a:2f:7f:0d:6c:ef:07:3c:6d:7c:19:60:ec
Signer

Actual PE Digest

9c:7a:a9:2d:00:49:e3:4a:2f:7f:0d:6c:ef:07:3c:6d:7c:19:60:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
WaitNamedPipeA
CreateFileA
FlushFileBuffers
WriteFile
HeapAlloc
GetProcessHeap
HeapFree
LocalFree
OpenProcess
GetModuleHandleA
GetProcAddress
SetLastError
OpenEventA
ResetEvent
SetEvent
lstrlenA
lstrcatA
ReleaseMutex
CreateMutexA
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
CloseHandle
OpenFileMappingA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetLastError
LoadLibraryExA
FormatMessageA
FreeLibrary
GetVersionExA
lstrcpyA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
Sleep
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
SetStdHandle

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegFlushKey
GetSecurityDescriptorDacl
DeleteAce
RegOpenKeyExA
RegSetKeySecurity
RegCloseKey
LookupAccountSidA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

EnterMessageLoop
LsaDecryptData
LsaUnprotectData

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
无线网络破解工具(EWSA)v4.0 简体中文破解版/ewsaserv.exe
.exe windows:4 windows x86 arch:x86

915507198ccc5d6dae19d8305670a14b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7
Signer

Actual PE Digest

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
lstrlenA
OpenProcess
GetLastError
GetModuleFileNameA
lstrcpyA
lstrcpynA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
ResumeThread
WaitForSingleObject
GetExitCodeThread
LoadLibraryA
FreeLibrary
GetCurrentThread
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegFlushKey
RegCloseKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
无线网络破解工具(EWSA)v4.0 简体中文破解版/ewsaserv64.dll
.dll windows:4 windows x64 arch:x64

93241221a2e424664a332204fbb36df3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:76:aa:4d:d1:85:2c:53:dd:77:e3:ff:77:94:6b:8c:99:47:9f:b6
Signer

Actual PE Digest

45:76:aa:4d:d1:85:2c:53:dd:77:e3:ff:77:94:6b:8c:99:47:9f:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
FlushFileBuffers
DisableThreadLibraryCalls
WaitNamedPipeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
HeapAlloc
GetProcessHeap
HeapFree
LocalFree
OpenProcess
GetModuleHandleA
GetProcAddress
SetLastError
OpenEventA
ResetEvent
SetEvent
lstrlenA
lstrcatA
ReleaseMutex
CreateMutexA
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
CloseHandle
OpenFileMappingA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetLastError
LoadLibraryExA
FormatMessageA
FreeLibrary
lstrcpyA
GetVersionExA
RtlLookupFunctionEntry
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlVirtualUnwind
Sleep
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSection
SetStdHandle
WriteConsoleA

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegFlushKey
GetSecurityDescriptorDacl
DeleteAce
RegOpenKeyExA
RegSetKeySecurity
RegCloseKey
LookupAccountSidA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

EnterMessageLoop
LsaDecryptData
LsaUnprotectData

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
无线网络破解工具(EWSA)v4.0 简体中文破解版/ewsaserv64.exe
.exe windows:4 windows x64 arch:x64

6e3bc43ea0f96b9d65488cd204125cdc

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:e0:ff:76:2c:e2:a8:3a:63:c0:de:9a:5d:65:c2:b6:f3:40:ca:57
Signer

Actual PE Digest

53:e0:ff:76:2c:e2:a8:3a:63:c0:de:9a:5d:65:c2:b6:f3:40:ca:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrlenA
SetLastError
OpenProcess
GetLastError
GetModuleFileNameA
lstrcpyA
lstrcpynA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
ResumeThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThread
GetCurrentProcess
CloseHandle
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
GetCurrentThreadId
FlsAlloc
Sleep
HeapSize
ExitProcess
RtlUnwindEx
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
InitializeCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegFlushKey
RegCloseKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
无线网络破解工具(EWSA)v4.0 简体中文破解版/german.dic
无线网络破解工具(EWSA)v4.0 简体中文破解版/msimg32.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b4bc03515884f701124a5d6fd0c3002

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:caCertificate

Extended Key Usages

Key Usages

5b:1e:55:1f:64:de:b7:cd:9e:59:5f:91:4b:d8:c6:59:b5:67:79:ccSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

wininet

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 398KB

.data Size: - Virtual size: 430KB

.rsrc Size: 124KB - Virtual size: 238KB

.UPX0 Size: - Virtual size: 930KB

.UPX1 Size: 2.1MB - Virtual size: 2.1MB

49c4588754f14a64198917308a50e842

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:caCertificate

Extended Key Usages

Key Usages

9c:7a:a9:2d:00:49:e3:4a:2f:7f:0d:6c:ef:07:3c:6d:7c:19:60:ecSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

915507198ccc5d6dae19d8305670a14b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:caCertificate

Extended Key Usages

Key Usages

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 40KB - Virtual size: 39KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

5b:1e:55:1f:64:de:b7:cd:9e:59:5f:91:4b:d8:c6:59:b5:67:79:cc
Signer

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 398KB

.data
Size: - Virtual size: 430KB

.rsrc
Size: 124KB - Virtual size: 238KB

.UPX0
Size: - Virtual size: 930KB

.UPX1
Size: 2.1MB - Virtual size: 2.1MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

9c:7a:a9:2d:00:49:e3:4a:2f:7f:0d:6c:ef:07:3c:6d:7c:19:60:ec
Signer

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7
Signer

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

45:76:aa:4d:d1:85:2c:53:dd:77:e3:ff:77:94:6b:8c:99:47:9f:b6
Signer

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

53:e0:ff:76:2c:e2:a8:3a:63:c0:de:9a:5d:65:c2:b6:f3:40:ca:57
Signer

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 2KB - Virtual size: 4KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 729B

.data
Size: 4KB - Virtual size: 252B

.reloc
Size: 4KB - Virtual size: 212B