44de30846a7758eee22a45d124b8a775_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44de30846a7758eee22a45d124b8a775_JaffaCakes118
Size

1.7MB
MD5

44de30846a7758eee22a45d124b8a775
SHA1

16f64672a5cde1f28f7868b235501ffd8e06144f
SHA256

6978591af2f0367a4d5752f315694de8620e8ae01599bc46157636ef28bce441
SHA512

7ad5d5c9f1d455d8ff9a65a37192ba1fc5ee0079bc8cc46c4a1040e6e453672acb10aebc33cfab376af629692aba7d2352f4674d49765f9c2c002cb8b1253dc3
SSDEEP

24576:auM/QEPYdYyjklp6qJhlxvuwvF9n440gDLIfk96xy2X/cXa73/yLuYiGkGq6AA0R:916YJjklBJPvF9nzIoMJcS3Y5v9qt0y

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/KS-2008PLUS/disk/software/setupbig5.exe	upx
static1/unpack002/KS-2008PLUS/disk/software/setupen.exe	upx
static1/unpack002/KS-2008PLUS/disk/software/setupgb.exe	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack002/KS-2008PLUS/disk/Setup.exe
unpack002/KS-2008PLUS/disk/software/Driver/Kinstone3/Win2K/Kinstone3.DLL
unpack002/KS-2008PLUS/disk/software/Driver/Kinstone3/Win2K/Kinstone3.SYS
unpack002/KS-2008PLUS/disk/software/HICard.exe
unpack002/KS-2008PLUS/disk/software/HT-6025A.DLL
unpack002/KS-2008PLUS/disk/software/HiDev.dll
unpack002/KS-2008PLUS/disk/software/InstallDriver.exe
unpack002/KS-2008PLUS/disk/software/WatchCard.exe
unpack002/KS-2008PLUS/disk/software/msado15.dll
unpack002/KS-2008PLUS/disk/software/setupbig5.exe
unpack003/out.upx
unpack002/KS-2008PLUS/disk/software/setupen.exe
unpack004/out.upx
unpack002/KS-2008PLUS/disk/software/setupgb.exe
unpack005/out.upx

Files

44de30846a7758eee22a45d124b8a775_JaffaCakes118
.zip
ks-2008plus.rar
.rar
KS-2008PLUS/disk/Autorun.inf
KS-2008PLUS/disk/Setup.exe
.exe windows:4 windows x86 arch:x86

d5e5c12fd4621b0be9efdd23327abdfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4698
ord5307
ord5289
ord4079
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord2621
ord1134
ord800
ord537
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord5300
ord2725
ord5302
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord324
ord4234
ord535
ord4160
ord540
ord5572
ord4673
ord5953
ord4710
ord2379
ord6880
ord3092
ord755
ord470
ord5199
ord3346
ord2396
ord5731
ord1089
ord3922
ord1775
ord2512
ord6375
ord4274
ord2554
ord4486
ord5241
ord4407
ord2915
ord860
ord354
ord665
ord5186
ord1576
ord1979
ord3790
ord3318

msvcrt

__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
__set_app_type
_initterm
__getmainargs
_except_handler3
fseek
fread
fgetc
__CxxFrameHandler
_mbscmp
__dllonexit
_onexit
_exit
toupper
fopen
ftell
_XcptFilter
strstr
rewind
_acmdln
_setmbcp
fclose
_ftol
exit

kernel32

GetSystemDefaultLangID
GetCurrentDirectoryA
GetModuleHandleA
GlobalFree
GlobalUnlock
GetStartupInfoA
GlobalAlloc
GlobalLock

user32

SendMessageA
GetWindowRect
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
LoadIconA

gdi32

Rectangle

shell32

ShellExecuteExA

ole32

CreateStreamOnHGlobal

olepro32

ord251

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/Setup.ico
KS-2008PLUS/disk/readme/readmebig5.txt
KS-2008PLUS/disk/readme/readmeen.txt
KS-2008PLUS/disk/readme/readmegb.txt
KS-2008PLUS/disk/setup.bmp
KS-2008PLUS/disk/setup.ini
KS-2008PLUS/disk/software/Driver/Kinstone3/Win2K/Kinstone3.DLL
.dll windows:4 windows x86 arch:x86

617ab710d2b57bde7e643433e80d237c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryDosDeviceA
DefineDosDeviceA
CreateFileA
DeviceIoControl
TlsGetValue
GetModuleFileNameA
FreeEnvironmentStringsA
FlushFileBuffers
ReadFile
DeleteCriticalSection
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
LoadLibraryA
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
CloseHandle
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapReAlloc
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
SetFilePointer
RtlUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStringTypeA
GetStringTypeW
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

SendMessageA
CheckDlgButton
EnableWindow
GetDlgItem
MessageBoxA
SetWindowTextA
EndDialog
IsDlgButtonChecked
SetWindowLongA
DialogBoxParamA
GetWindowLongA
SetDlgItemInt
LoadStringA
GetDlgCtrlID

advapi32

RegEnumValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsA

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageA

Exports

Exports

SerialPropPageProvider

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/Driver/Kinstone3/Win2K/Kinstone3.INF
KS-2008PLUS/disk/software/Driver/Kinstone3/Win2K/Kinstone3.SYS
.sys windows:5 windows x86 arch:x86

c1a2a1fe1cc2a9da7249b37d81283f8b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\proj\driver_src\win2k\oxser\objfre\i386\oxser.pdb

Imports

ntoskrnl.exe

ZwSetValueKey
RtlAppendUnicodeToString
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
wcslen
ZwClose
IoOpenDeviceRegistryKey
MmMapIoSpace
MmUnmapIoSpace
KeRemoveQueueDpc
IoDisconnectInterrupt
KeSynchronizeExecution
IoGetConfigurationInformation
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
PoSetPowerState
IoDeleteDevice
IoCreateDevice
RtlIntegerToUnicodeString
WRITE_REGISTER_UCHAR
READ_REGISTER_UCHAR
KeInitializeDpc
RtlInitUnicodeString
KeInitializeSpinLock
IoDetachDevice
IoConnectInterrupt
IoAttachDeviceToDeviceStack
IofCompleteRequest
MmLockPagableSectionByHandle
KeSetEvent
PoRequestPowerIrp
PoStartNextPowerIrp
PoCallDriver
KeClearEvent
KeDelayExecutionThread
IoCancelIrp
_allmul
MmQuerySystemSize
KeQuerySystemTime
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
ExAllocatePoolWithQuotaTag
KeInsertQueueDpc
_alldiv
KeSetTimer
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoInvalidateDeviceState
KeCancelTimer
IoWMIRegistrationControl
_except_handler3
ZwQueryValueKey
memmove
RtlQueryRegistryValues
RtlWriteRegistryValue
ExAllocatePoolWithTag
RtlCopyUnicodeString
DbgBreakPoint
MmLockPagableDataSection
ExFreePoolWithTag
KeInitializeTimer
MmUnlockPagableImageSection

hal

ExAcquireFastMutex
READ_PORT_UCHAR
KfAcquireSpinLock
KfReleaseSpinLock
WRITE_PORT_UCHAR
ExReleaseFastMutex
KdComPortInUse

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 525B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESPR0
Size: 896B - Virtual size: 859B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESRP0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/Driver/Kinstone3/Win2K/Kinstone3M.INF
KS-2008PLUS/disk/software/HICard.exe
.exe windows:4 windows x86 arch:x86

dc876e50f92ae9d2796745bb6f7f6cca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3597
ord324
ord641
ord4234
ord4425
ord4627
ord860
ord2370
ord2302
ord5981
ord3092
ord6111
ord6334
ord6646
ord5572
ord2642
ord5953
ord6215
ord3998
ord3996
ord6007
ord6907
ord3301
ord3286
ord1105
ord2379
ord2814
ord920
ord3810
ord2915
ord693
ord3408
ord3227
ord2289
ord804
ord2919
ord2587
ord6055
ord1776
ord4406
ord5290
ord3394
ord4424
ord3729
ord567
ord4299
ord2086
ord6880
ord6785
ord2645
ord2301
ord2294
ord2362
ord3499
ord2515
ord355
ord348
ord663
ord1771
ord3079
ord4080
ord3758
ord2413
ord2581
ord4401
ord3402
ord3639
ord692
ord5710
ord3803
ord939
ord6199
ord2299
ord6197
ord6380
ord3663
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord665
ord1979
ord6385
ord5186
ord354
ord798
ord1997
ord4224
ord5465
ord5194
ord533
ord4673
ord341
ord654
ord6217
ord4284
ord6241
ord4148
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord3830
ord3825
ord5280
ord4353
ord3738
ord815
ord561
ord6366
ord2024
ord6140
ord2621
ord1205
ord4219
ord3831
ord2725
ord5289
ord755
ord470
ord6876
ord2582
ord4402
ord3370
ord3640
ord3571
ord2860
ord1641
ord2405
ord640
ord5785
ord1640
ord323
ord2414
ord3706
ord3626
ord6605
ord3089
ord5875
ord4476
ord1175
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4275
ord2763
ord6779
ord2764
ord6778
ord6648
ord3874
ord3610
ord802
ord800
ord542
ord3721
ord795
ord2864
ord3754
ord3753
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord613
ord289
ord4396
ord3572
ord609
ord2859
ord2574
ord1949
ord3619
ord818
ord2152
ord1233
ord2243
ord6453
ord2380
ord1816
ord4083
ord1802
ord556
ord809
ord1088
ord2122
ord2580
ord4400
ord3630
ord682
ord4480
ord4243
ord6696
ord5148
ord6242
ord2116
ord3797
ord3716
ord790
ord1871
ord6929
ord6927
ord4698
ord5307
ord2985
ord5683
ord4129
ord941
ord2818
ord825
ord6662
ord4278
ord858
ord1168
ord540
ord4160
ord535
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord2976
ord3081
ord4465
ord3262
ord3136
ord2982
ord3259
ord3147
ord2446
ord5277
ord2124
ord5065
ord5261
ord1727
ord2055
ord3749
ord6376
ord4837
ord2648
ord4441
ord1134
ord3798
ord1247
ord4376
ord4998
ord4853
ord835
ord5265
ord823
ord922
ord537
ord924
ord5714
ord4622
ord656
ord1576
ord5773
ord5442
ord3318

msvcrt

__p__commode
__setusermatherr
_initterm
_controlfp
wcslen
?terminate@@YAXXZ
_setmbcp
_mbsicmp
_mbscmp
__CxxFrameHandler
sprintf
_ftol
atoi
atol
??1type_info@@UAE@XZ
_except_handler3
_CxxThrowException
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_adjust_fdiv
__p__fmode
__set_app_type

kernel32

GetStartupInfoA
GetVersion
GetProcAddress
CloseHandle
FreeLibrary
TerminateProcess
OpenMutexA
CreateMutexA
ReleaseMutex
LoadLibraryA
GetTickCount
GetSystemDefaultLangID
Sleep
ResetEvent
WaitForSingleObject
GetFileAttributesA
InterlockedDecrement
SetEvent
MultiByteToWideChar
GetLastError
lstrlenA
WideCharToMultiByte
GetTempPathA
GetModuleHandleA
LocalFree
GetModuleFileNameA

user32

EnableWindow
KillTimer
GetParent
GetWindow
SetCursor
EnableMenuItem
SendMessageA
SetTimer
InvalidateRect
PostMessageA
SetWindowTextA
SystemParametersInfoA
GetWindowRect
MessageBoxA
SetRect
GrayStringA
DrawTextA
TabbedTextOutA
CopyRect
RegisterHotKey
GetCursorPos
GetWindowDC
ReleaseCapture
SetCapture
PtInRect
GetCaretPos
GetClassNameA
DrawIcon
ReleaseDC
IsWindow
SetWindowRgn
LoadBitmapA
LoadImageA
UnregisterHotKey
TrackPopupMenu
GetMenuItemID
LoadCursorA
UpdateWindow
GetSysColorBrush
GetClientRect
IsIconic
GetSystemMetrics
SetForegroundWindow
LoadIconA
RedrawWindow
LoadMenuA
GetSubMenu

gdi32

StretchBlt
GetObjectA
GetPixel
CreateCompatibleDC
CreateRectRgn
BitBlt
CombineRgn
SetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateCompatibleBitmap
CreateFontIndirectA
DeleteObject
GetDIBits
GetStockObject

advapi32

RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

comctl32

_TrackMouseEvent
UninitializeFlatSB
FlatSB_EnableScrollBar
InitializeFlatSB

ole32

CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantChangeType
GetErrorInfo
VariantCopy
VariantClear
SysAllocString

winmm

PlaySoundA
sndPlaySoundA

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/HICard.ico
KS-2008PLUS/disk/software/HT-6025A.DLL
.dll windows:4 windows x86 arch:x86

d7ce352149bbcbe1ed117391ae8a2537

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2385
ord5163
ord4398
ord4353
ord5290
ord3798
ord4837
ord5241
ord6374
ord4441
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2648
ord3402
ord3582
ord609
ord616
ord5683
ord6320
ord1651
ord567
ord668
ord3181
ord2781
ord2770
ord356
ord2818
ord535
ord5572
ord2915
ord2919
ord1105
ord5710
ord6779
ord4627
ord6055
ord860
ord6663
ord541
ord348
ord663
ord4078
ord1776
ord6929
ord6927
ord5465
ord5194
ord533
ord1200
ord4278
ord6662
ord926
ord6876
ord538
ord2820
ord3811
ord3663
ord2396
ord6143
ord6883
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord800
ord540
ord537
ord2763
ord4129
ord858
ord2578
ord4218
ord2411
ord2023
ord6778
ord2575
ord3574
ord4396
ord825
ord823
ord2725
ord3738
ord561
ord815
ord4080
ord4424
ord4622
ord3831
ord3079
ord3825
ord3081
ord3830
ord2976
ord3136
ord2985
ord3262
ord3147
ord4465
ord3259
ord5714
ord2982
ord3953
ord4698
ord5289
ord5307
ord5300
ord4079
ord5302
ord798
ord3346
ord1997
ord801
ord941
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord1988
ord5355
ord354
ord5186
ord6385
ord1979
ord665
ord389
ord2764
ord1228
ord3229
ord5204
ord1075
ord2393
ord690
ord5356
ord5808

msvcrt

strrchr
_stricmp
fclose
__CxxFrameHandler
atol
strstr
atoi
_mbsicmp
printf
fwrite
fseek
remove
free
_mbscmp
_EH_prolog
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
sprintf
fopen

kernel32

LeaveCriticalSection
WaitCommEvent
ResetEvent
SetCommMask
ClearCommError
WaitForSingleObject
SetEvent
GetModuleFileNameA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteFileA
FindFirstFileA
SetFileAttributesA
GetProcAddress
FreeLibrary
LoadLibraryA
lstrlenA
GetLastError
LocalAlloc
LocalFree
SetLastError
FormatMessageA
GetVersionExA
PurgeComm
Sleep
SetupComm
SetCommState
FlushFileBuffers
CloseHandle
SetCommTimeouts
GetCommState
CreateFileA
WriteFile
GetCommTimeouts
ReadFile
GetOverlappedResult
GetFileAttributesA
GetTempPathA
EnterCriticalSection
CreateEventA

user32

PostQuitMessage
wsprintfA
FindWindowA
ShowWindow
GetDlgItem
GetWindowLongA
SendMessageA
EnableWindow
MessageBoxA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CoUninitialize
CoInitialize

rasapi32

RasGetErrorStringA
RasSetEntryPropertiesA
RasValidateEntryNameA
RasHangUpA
RasGetConnectStatusA
RasSetEntryDialParamsA
RasDialA
RasDeleteEntryA
RasEnumConnectionsA

setupapi

SetupFindNextLine
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiRegisterDeviceInfo
SetupDiCreateDevRegKeyA
SetupGetStringFieldA
SetupCloseInfFile
SetupFindFirstLineA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA
SetupDiCallClassInstaller
SetupDiGetINFClassA
SetupDiSetDeviceRegistryPropertyA

wininet

InternetGetConnectedState

shell32

ShellExecuteA

Exports

Exports

_SmsSend@12
mdmClearLog
mdmGetActiveComPort
mdmGetCsq
mdmGetLastErrorDes
mdmGetRegStatus
mdmInitWatch
mdmInstallModemDrivers
mdmInstallPortDrivers
mdmModemExist
mdmNetConnectStatus
mdmNetDial
mdmNetGetDefaultSetting
mdmNetHangup
mdmNetSetCta
mdmNetTransmitStatus
mdmPbAddRec
mdmPbDelRec
mdmPbGetAllRec
mdmSetLastErrorDes
mdmSetLogFileName
mdmSmsDelRecvRec
mdmSmsDelSendRec
mdmSmsGetAllRecvRec
mdmSmsGetAllSendRec
mdmSmsSend
mdmStopDev
mdmUimExist
mdmUninstallModemDrivers
mdmUninstallPortDrivers
mdmVoiceCall
mdmVoiceCallAccept
mdmVoiceDelRec
mdmVoiceGetAllRec
mdmVoiceGetMaxVol
mdmVoiceGetVol
mdmVoiceSendDtmf
mdmVoiceSetVol
mdmVoiceShutdown
mdmWriteLog

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/HiDev.dll
.dll windows:4 windows x86 arch:x86

ad2a1eae411b2f6720c4ec9ccb2ca5d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_EH_prolog
??2@YAPAXI@Z
free
_onexit
__dllonexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
_initterm
__CxxFrameHandler

kernel32

LocalAlloc
LocalFree

setupapi

CM_Locate_DevNode_ExA
CM_Request_Device_Eject_ExA
CM_Locate_DevNodeA

mfc42

ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1116
ord1168
ord1578
ord6467
ord269
ord826
ord600

Exports

Exports

HiStopDev

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/InstallDriver.exe
.exe windows:4 windows x86 arch:x86

f71799f1c6883870175036ecbe9ea2ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3831
ord3825
ord3079
ord3830
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord2621
ord1134
ord540
ord800
ord537
ord5710
ord6929
ord6927
ord2763
ord4278
ord6663
ord5572
ord2915
ord2919
ord941
ord858
ord4129
ord5683
ord5953
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord3081
ord2976
ord2982
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord535
ord1146
ord1168
ord324
ord4234
ord6648
ord3092
ord4710
ord2379
ord755
ord470
ord5280
ord1105
ord6334
ord2645
ord2642
ord6215
ord3097
ord922
ord798
ord1997
ord4673
ord5194
ord533
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord5289
ord5714
ord2554
ord4486
ord6375
ord4274
ord4079
ord5307
ord4698
ord5300
ord2725
ord5302
ord5199
ord3346
ord2396
ord5731
ord1089
ord3922
ord6374
ord2512
ord4353
ord5163
ord5465
ord1576
ord665
ord3318
ord5186
ord1979
ord354
ord3790

msvcrt

_initterm
_adjust_fdiv
_acmdln
__getmainargs
__setusermatherr
__set_app_type
__p__commode
__p__fmode
_controlfp
_stricmp
_setmbcp
__CxxFrameHandler
_mbsicmp
_mbscmp
strstr
atol
exit
_XcptFilter
_exit
?terminate@@YAXXZ
__dllonexit
_onexit
_except_handler3
toupper
_ftol
fclose
rewind
fgetc
fread
fseek
ftell
fopen

kernel32

FreeLibrary
GetCurrentProcess
GetModuleFileNameA
Sleep
GetVersionExA
LoadLibraryA
GetSystemDefaultLangID
SetLastError
lstrlenA
GetProcAddress
LocalFree
GetLastError
LocalAlloc
GetStartupInfoA
GetModuleHandleA
GetFileAttributesA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc

user32

DrawIcon
SetTimer
GetSystemMetrics
PostQuitMessage
GetClientRect
SendMessageA
IsIconic
ExitWindowsEx
ShowWindow
EnableWindow
FindWindowA
GetWindow
GetClassNameA
GetWindowTextA
LoadIconA
GetWindowLongA
MessageBoxA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

setupapi

SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

ole32

CreateStreamOnHGlobal

olepro32

ord251

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/WatchCard.exe
.exe windows:4 windows x86 arch:x86

fd16e7963acf9e9fb727594d45a5d623

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4698
ord5307
ord4079
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord5302
ord2725
ord4424
ord3738
ord561
ord825
ord815
ord537
ord641
ord2514
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord4622
ord4080
ord3346
ord5300
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord4673
ord1168
ord324
ord4234
ord858
ord4278
ord6662
ord5683
ord2763
ord535
ord6648
ord2645
ord4710
ord2379
ord6215
ord755
ord470
ord6453
ord6197
ord6380
ord4486
ord6375
ord4274
ord800
ord540
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4353
ord5280
ord5163
ord6374
ord1146
ord1576

msvcrt

_setmbcp
__set_app_type
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
__p__fmode
__p__commode
sprintf
_mbscmp
atoi
_mbsicmp
__CxxFrameHandler

kernel32

CloseHandle
OpenProcess
CreateMutexA
OpenMutexA
GetModuleFileNameA
ReleaseMutex
Sleep
GetModuleHandleA
GetStartupInfoA
GetSystemDefaultLangID
TerminateProcess

user32

KillTimer
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
IsIconic
EnableWindow
LoadIconA
SetTimer
GetWindowThreadProcessId
FindWindowA

advapi32

RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/driver.ini
KS-2008PLUS/disk/software/logo.bmp
KS-2008PLUS/disk/software/modem.ini
KS-2008PLUS/disk/software/modem.mdb
KS-2008PLUS/disk/software/msado15.dll
.dll regsvr32 windows:5 windows x86 arch:x86

370f0131ab90b9472b45827763d9a064

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey

kernel32

DisableThreadLibraryCalls
TlsAlloc
TlsFree
GetCurrentProcessId
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
CompareStringA
LCMapStringA
LCMapStringW
CompareStringW
EnterCriticalSection
QueryPerformanceCounter
HeapDestroy
WaitForSingleObject
ReadFile
CreateFileW
GetLastError
lstrlenW
CreateFileA
WriteFile
GetProcAddress
FreeLibrary
Sleep
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
CreateThread
CloseHandle
GetUserDefaultLCID
GetCurrentThreadId
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
TlsGetValue
TlsSetValue
GetFileTime

msdart

GetModuleFileNameI
GetWindowsDirectoryI
RegEnumKeyExI
LoadStringI
FXMemDetach
MpGetHeapHandle
FXMemAttach
GetModuleHandleI
lstrcmpiI
_LoadVersionedResourceEx@16
GetVersionExI
MessageBoxI
GetWindowLongPtrI
GetWindowLongI
DeleteFileI
DefWindowProcI
lstrlenI
RegSetValueExI
RegQueryValueExI
RegOpenKeyExI
RegCreateKeyExI
RegDeleteKeyI
CharNextI
lstrcpyI
MpHeapReAlloc
GetTempFileNameI
LoadLibraryI
UMSEnterCSWraper
MPInitializeCriticalSection
MPDeleteCriticalSection
RegisterClassExI
CreateWindowExI
PostMessageI
UnregisterClassI
??1CReaderWriterLock3@@QAE@XZ
MpHeapAlloc
??0CReaderWriterLock3@@QAE@XZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
MpHeapFree
lstrcatI

msvcrt

_onexit
__dllonexit
_except_handler3
_adjust_fdiv
_initterm
sprintf
_wrename
rename
_waccess
_access
fseek
fwrite
fread
fclose
_ftol
swprintf
wcslen
free
_wcsnicmp
_wcsicmp
wcscpy
wcsncpy
wcschr
_purecall
wcscat
iswalnum
iswalpha
memmove
iswspace
wcsncmp
wcsstr
realloc
malloc
wcscmp
_wfopen
fopen
_ultow
_wtol
_HUGE
wcstod

ole32

StringFromCLSID
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
CoTaskMemAlloc
CoInitialize
CoUninitialize
CreateBindCtx
CreateFileMoniker
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SetErrorInfo
VariantChangeType
VariantClear
GetErrorInfo
LoadRegTypeLi
SysFreeString
VariantInit
SysAllocStringLen
SysStringLen
SafeArrayUnlock
SafeArrayLock
SysAllocString
VariantCopy
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate
SysStringByteLen
SafeArrayPutElement
SafeArrayGetElement
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
OaBuildVersion
SysReAllocStringLen
SafeArrayCopy

user32

GetDesktopWindow
GetWindow
IsWindowVisible
GetWindowThreadProcessId
DispatchMessageW
PeekMessageW
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DestroyWindow
GetActiveWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RNIGetCompatibleVersion
com_ms_wfc_data_Field_getBoolean
com_ms_wfc_data_Field_getByte
com_ms_wfc_data_Field_getBytes
com_ms_wfc_data_Field_getDataTimestamp
com_ms_wfc_data_Field_getDouble
com_ms_wfc_data_Field_getFloat
com_ms_wfc_data_Field_getInt
com_ms_wfc_data_Field_getLong
com_ms_wfc_data_Field_getShort
com_ms_wfc_data_Field_getString
com_ms_wfc_data_Field_isNull
com_ms_wfc_data_Field_loadMsjava
com_ms_wfc_data_Field_setDataDate

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/setupbig5.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/setupen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/setupgb.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KS-2008PLUS/disk/software/skinbig5.dll
KS-2008PLUS/disk/software/skinen.dll
KS-2008PLUS/disk/software/skingb.dll
KS-2008PLUS/disk/software/unwise.bat
˵.htm
.html

Sharing

General

Malware Config

Signatures

Files

d5e5c12fd4621b0be9efdd23327abdfc

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

ole32

olepro32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

617ab710d2b57bde7e643433e80d237c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

setupapi

comctl32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 4KB

c1a2a1fe1cc2a9da7249b37d81283f8b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

wmilib.sys

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 640B - Virtual size: 525B

.data Size: 384B - Virtual size: 280B

PAGESPR0 Size: 896B - Virtual size: 859B

PAGESRP0 Size: 12KB - Virtual size: 12KB

PAGESER Size: 15KB - Virtual size: 14KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

dc876e50f92ae9d2796745bb6f7f6cca

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

winmm

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

d7ce352149bbcbe1ed117391ae8a2537

Headers

File Characteristics

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 640B - Virtual size: 525B

.data
Size: 384B - Virtual size: 280B

PAGESPR0
Size: 896B - Virtual size: 859B

PAGESRP0
Size: 12KB - Virtual size: 12KB

PAGESER
Size: 15KB - Virtual size: 14KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 244B

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 416B

.rsrc
Size: 12KB - Virtual size: 9KB