45ff1790261e127dc7e72886f1e5cb16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45ff1790261e127dc7e72886f1e5cb16_JaffaCakes118
Size

1.3MB
MD5

45ff1790261e127dc7e72886f1e5cb16
SHA1

1a139bc9e567880114b7a735e83a5377946a943f
SHA256

5e15c2f528789bf52125f22edc5ef9e6b614c8ba0a3dff84134c1c8e00c774d7
SHA512

32fa798ab8c1f02be9edfa9c6f94f174f1e572696f34e376ae72fc74b5a67953d2adcd14577d1f4c376bed5ba770eb26a6d4be42c938dc8095ece08ac8bab4dd
SSDEEP

24576:o/PJOmuQVH4qCL4e+9w0G6HO+c6lN6Ucnl1P9LC4azsPiqgIJ408h/v:MPJOmum4V0w0G6u+naUcnlnXadW4Nn

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMAFrame.dll
unpack001/原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMPlatform.dll
unpack001/原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/Channel.dll
unpack001/原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/DiagChan.dll
unpack001/原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/UpgradeDownload.exe
unpack001/原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/lpk.dll

Files

45ff1790261e127dc7e72886f1e5cb16_JaffaCakes118
.rar
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMAConfig.xml
.xml
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMAConfig.xml.template
.xml
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMAConfigSchema.xml
.xml
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMAFrame.dll
.dll windows:4 windows x86 arch:x86

23ca613d440fa7eaa01a189032d30cd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

bmplatform

CreateBMObject

kernel32

WritePrivateProfileStringW
GetCurrentDirectoryW
GetModuleHandleW
GlobalFindAtomW
GlobalAddAtomW
FreeLibrary
LoadLibraryA
GetProcessVersion
GetFileAttributesW
GetFileTime
RtlUnwind
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
HeapSize
GetTimeZoneInformation
HeapReAlloc
Sleep
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
SetStdHandle
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
GetVersion
lstrcatW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
lstrcmpiW
GetFullPathNameW
GetVolumeInformationW
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcess
DuplicateHandle
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
lstrcmpA
FindNextFileW
lstrcpyW
FindFirstFileW
GetLastError
SetLastError
FindClose
LocalFree
lstrlenA
lstrlenW
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
lstrcpynW
MultiByteToWideChar
GetLocalTime
WideCharToMultiByte
WriteFile
GetPrivateProfileIntW
GetModuleFileNameW
CreateFileW
GetFileSize
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetStdHandle

user32

DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassW
GetClassInfoW
WinHelpW
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconW
LoadCursorW
GetSysColorBrush
DestroyMenu
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongW
CreateWindowExW
GetDlgItem
GetMenuItemCount
GetWindowTextW
SetWindowTextW
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameW
GrayStringW
DrawTextW
TabbedTextOutW
ReleaseDC
ClientToScreen
LoadStringW
UnregisterClassW
GetSystemMetrics
CharUpperW
wsprintfW
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
SetPropW
GetPropW
CallWindowProcW
UnhookWindowsHookEx
RemovePropW
DefWindowProcW
GetCursorPos
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
MessageBoxW
EnableWindow
SetCursor
SendMessageW
PostMessageW
PostQuitMessage
GetMessageTime
GetDC

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject
SetViewportOrgEx
GetDeviceCaps
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetObjectW
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

comctl32

ord17

Exports

Exports

CreateBMAFramework
CreateXmlConfigParse

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMError.ini
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMFileType.ini
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMPlatform.dll
.dll windows:4 windows x86 arch:x86

eb009761cebe4996d6d3000041233556

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

diagchan

?ReleaseBmChannel@@YAXPAVIProtocolChannel@@@Z
?CreateBmChannel@@YA_NPAPAVIProtocolChannel@@@Z

kernel32

GetCurrentProcess
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
RaiseException
HeapSize
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetProcessVersion
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
SetStdHandle
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
GetFileSize
GetLastError
CreateFileW
GetModuleFileNameW
WriteFile
InitializeCriticalSection
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryA
FreeLibrary
GlobalAddAtomW
GlobalFindAtomW
GetModuleHandleW
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringW
GlobalFlags
lstrcmpiW
SetLastError
GetVersion
lstrcpynW
lstrcpyW
lstrcatW
SetErrorMode
DeleteCriticalSection
TlsGetValue
LocalReAlloc
CloseHandle
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetLocalTime
GetPrivateProfileStringW
WaitForSingleObject
CreateThread
Sleep
LeaveCriticalSection
FreeEnvironmentStringsA
EnterCriticalSection

user32

RegisterWindowMessageW
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcW
RemovePropW
CallWindowProcW
GetPropW
SetPropW
CreateWindowExW
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassW
GetClassInfoW
WinHelpW
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconW
LoadCursorW
GetSysColorBrush
DestroyMenu
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongW
GetDlgItem
GrayStringW
DrawTextW
TabbedTextOutW
ReleaseDC
GetDC
GetMenuItemCount
wsprintfW
GetWindowTextW
SetWindowTextW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameW
LoadStringW
UnregisterClassW
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
MessageBoxW
SystemParametersInfoW
IsIconic
EnableWindow
SetCursor
SendMessageW
PostQuitMessage
UnhookWindowsHookEx
PostThreadMessageW
PostMessageW
GetMenuState

gdi32

CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetObjectW
DeleteObject

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

comctl32

ord17

Exports

Exports

CreateBMObject

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/BMTimeout.ini
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/Channel.dll
.dll windows:4 windows x86 arch:x86

487554e52986a82b1083d35f832f3783

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
GetSystemInfo
InitializeCriticalSection
SleepEx
VirtualAlloc
VirtualQuery
VirtualFree
CloseHandle
GetLastError
CreateFileW
Sleep
GetFileSize
GetModuleFileNameW
GetLocalTime
CreateThread
WaitForSingleObject
GetPrivateProfileIntW
ReadFile
ResetEvent
SetEvent
CreateEventW
SetThreadPriority
WaitForMultipleObjects
FreeConsole
FlushFileBuffers
GetConsoleWindow
GetTempPathW
IsBadWritePtr
WriteFile
lstrlenA
WriteConsoleW
WideCharToMultiByte
lstrcatA
SetConsoleTitleW
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetStdHandle
AllocConsole
CreateDirectoryW
GetFileAttributesW
lstrlenW
SetFilePointer
SetCommMask
PurgeComm
GetOverlappedResult
GetCommMask
WaitCommEvent
ClearCommError
SetCommState
GetCommState
SetupComm
SetCommTimeouts
GetModuleHandleW
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
SetEnvironmentVariableA
HeapReAlloc
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentThread
SetLastError
TlsFree
TlsAlloc
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
DeleteCriticalSection
ExitProcess
FatalAppExitA
HeapAlloc
TerminateProcess
GetCurrentProcess
SetConsoleCtrlHandler

user32

UnregisterClassW
DispatchMessageW
TranslateMessage
GetWindowLongW
SetWindowLongW
CreateWindowExW
RegisterClassExW
GetSystemMenu
EnableMenuItem
ShowWindow
GetMessageW
PostMessageW
PostThreadMessageW

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathIsRelativeW

ws2_32

closesocket
WSACloseEvent
WSACleanup
WSAGetLastError
WSASetEvent
WSAGetOverlappedResult
WSARecv
WSAResetEvent
recv
WSAEventSelect
WSAWaitForMultipleEvents
WSASend
listen
bind
htons
WSACreateEvent
WSASocketW
WSAEnumNetworkEvents
WSAConnect
htonl
WSAAccept
WSAStartup
shutdown

Exports

Exports

CreateChannel
ReleaseChannel

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/Channel.ini
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/DiagChan.dll
.dll windows:4 windows x86 arch:x86

49358c4972c2c3b19d89d9c56abf2ca2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
CreateEventW
CloseHandle
SetEvent
GetTickCount
ResetEvent
WaitForSingleObject
Sleep
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileIntW
InitializeCriticalSectionAndSpinCount
GetSystemInfo
SleepEx
VirtualAlloc
VirtualFree
VirtualQuery
FreeConsole
FlushFileBuffers
GetConsoleWindow
GetTempPathW
IsBadWritePtr
WriteFile
GetFileSize
lstrlenA
GetLocalTime
WriteConsoleW
WideCharToMultiByte
lstrcatA
SetConsoleTitleW
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetStdHandle
AllocConsole
GetLastError
CreateDirectoryW
GetFileAttributesW
lstrlenW
SetFilePointer
CreateFileW
RtlUnwind
GetCommandLineA
GetVersion
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
HeapFree
TlsAlloc
TlsFree
SetLastError
GetCurrentThread
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
SetConsoleCtrlHandler
FatalAppExitA
HeapReAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
MultiByteToWideChar
ReadFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetEndOfFile

channel

CreateChannel
ReleaseChannel

shlwapi

PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW

user32

GetMessageW
PostThreadMessageW
ShowWindow
EnableMenuItem
GetSystemMenu

Exports

Exports

?CreateBmChannel@@YA_NPAPAVIProtocolChannel@@@Z
?CreateBmPackage@@YA_NPAPAVIProtocolPackage@@@Z
?CreateDiagChannel@@YA_NPAPAVIProtocolChannel@@@Z
?CreateDiagPackage@@YA_NPAPAVIProtocolPackage@@@Z
?ReleaseBmChannel@@YAXPAVIProtocolChannel@@@Z
?ReleaseBmPackage@@YAXPAVIProtocolPackage@@@Z
?ReleaseDiagChannel@@YAXPAVIProtocolChannel@@@Z
?ReleaseDiagPackage@@YAXPAVIProtocolPackage@@@Z

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/DiagChan.ini
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/MCPType.ini
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/UpgradeDownload.exe
.exe windows:4 windows x86 arch:x86

54b4e6819903157336f675e2e84e1d9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

bmaframe

CreateBMAFramework
CreateXmlConfigParse

kernel32

UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
SetStdHandle
HeapSize
VirtualAlloc
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
CompareStringA
CompareStringW
GetDriveTypeA
GetACP
GetOEMCP
SetEnvironmentVariableA
HeapReAlloc
TerminateProcess
HeapFree
HeapAlloc
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
ExitProcess
GetStartupInfoW
GetCurrentDirectoryW
FindResourceExW
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
SizeofResource
GlobalGetAtomNameW
GetDiskFreeSpaceW
SetFileTime
GetTempFileNameW
lstrcmpW
GlobalAlloc
InterlockedExchange
GetProfileStringA
GlobalAddAtomA
FindResourceA
lstrcmpA
lstrcmpiA
GetCurrentThread
MulDiv
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
GetVolumeInformationW
LoadLibraryW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
LocalFree
GetModuleHandleA
LoadLibraryA
FreeLibrary
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
lstrcpynW
lstrlenW
lstrcpyW
lstrcatW
IsBadReadPtr
IsBadWritePtr
GetModuleFileNameA
GetFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrlenA
FindNextFileW
CreateEventW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
Sleep
SetEvent
CreateThread
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileSectionW
WritePrivateProfileSectionW
FindFirstFileW
FindClose
GetVersion
GetPrivateProfileStringW
GetFileAttributesW
SetFileAttributesW
WritePrivateProfileStringW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
DeleteFileW
RemoveDirectoryW
GetTickCount
GetTempPathW
CreateDirectoryW
GetLastError
WriteFile
GetFileSize
CloseHandle
ReadFile
CreateFileW
GetModuleFileNameW
GetPrivateProfileIntW
SetUnhandledExceptionFilter

user32

DestroyIcon
GetMenuStringW
DeleteMenu
InsertMenuW
LockWindowUpdate
GetDCEx
GetSysColorBrush
LoadCursorW
IsZoomed
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
TranslateAcceleratorW
LoadAcceleratorsW
LoadStringW
SetWindowContextHelpId
SetCursor
ShowOwnedPopups
PostQuitMessage
GetMessageW
ValidateRect
GetCursorPos
WindowFromPoint
SetRectEmpty
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
MapDialogRect
GetAsyncKeyState
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CharNextW
EnableMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetTopWindow
MessageBoxW
IsChild
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
GetWindowTextLengthW
GetDlgCtrlID
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
CopyAcceleratorTableW
GetNextDlgGroupItem
SetParent
RegisterClipboardFormatW
CheckMenuItem
IntersectRect
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
DrawIcon
GetDesktopWindow
PtInRect
GetMessagePos
ScreenToClient
GetCapture
ReleaseCapture
MapWindowPoints
OffsetRect
SetCapture
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
GetSystemMetrics
DrawFrameControl
DrawFocusRect
GetDC
ReleaseDC
GetWindow
GetClassNameW
LoadImageW
FrameRect
IsRectEmpty
IsWindow
GetWindowTextW
EnumWindows
PeekMessageW
SetMenu
GetKeyState
MessageBeep
TranslateMessage
DispatchMessageW
SetRect
GetCaretPos
keybd_event
UnregisterClassW
PostThreadMessageW
KillTimer
SetTimer
GetSysColor
CopyRect
InflateRect
UpdateWindow
PostMessageW
GetFocus
FillRect
GetClientRect
GetParent
DrawTextW
LoadBitmapW
GetWindowRect
EnableWindow
InvalidateRect
LoadIconW
SendMessageW

gdi32

GetCharWidthW
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetTextColor
GetBkColor
LPtoDP
GetTextExtentPointA
ExtTextOutA
CreateRectRgnIndirect
PatBlt
Escape
TextOutW
SelectClipRgn
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateRectRgn
LineTo
MoveToEx
IntersectClipRect
CreateDIBitmap
GetObjectW
BitBlt
EnumFontFamiliesExW
CreateFontIndirectW
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox
CreateFontW
CreateDIBSection
Rectangle
ExtTextOutW
CreatePen
GetTextMetricsW
CreateCompatibleBitmap
DeleteDC
GetTextExtentPoint32W
SetBkMode
SelectObject
SetTextColor
DeleteObject
CreateSolidBrush
CreateCompatibleDC
ExcludeClipRect

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
RegQueryValueExW
RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
SetFileSecurityW
GetFileSecurityW
RegCreateKeyW
RegSetValueW
RegEnumValueW

shell32

DragQueryFileW
DragFinish
SHGetFileInfoW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
ExtractIconW

comctl32

ImageList_Draw
ImageList_GetIconSize
ImageList_AddMasked
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_EndDrag
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ord17
ImageList_DragMove
ImageList_LoadImageW
ImageList_DrawEx

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
OleFlushClipboard
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
OleRun
OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes

olepro32

ord253

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType
VariantCopy
SysAllocStringLen
VariantTimeToSystemTime
GetErrorInfo

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 744KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/UpgradeDownload.ini
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/lpk.dll
.dll windows:5 windows x86 arch:x86

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
RtlMoveMemory
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
RtlZeroMemory
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls

user32

wsprintfW

shell32

ord64
ord92

shlwapi

SHRegGetValueW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Bin/udl_bkmark.bmp
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Doc/UpgradeDownload User Guide (en).doc
.doc windows office2003
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Doc/UpgradeDownload User Guide (zh).doc
.doc windows office2003
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Doc/~$gradeDownload User Guide (zh).doc
原厂平台驱动及教程UPGRADEDOWNLOAD_R2.9.7003/Release notes.xls
.xls windows office2003

Sharing

General

Malware Config

Signatures

Files

23ca613d440fa7eaa01a189032d30cd0

Headers

File Characteristics

Imports

bmplatform

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 20KB

eb009761cebe4996d6d3000041233556

Headers

File Characteristics

Imports

diagchan

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 16KB - Virtual size: 12KB

487554e52986a82b1083d35f832f3783

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 28KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 8KB - Virtual size: 6KB

49358c4972c2c3b19d89d9c56abf2ca2

Headers

File Characteristics

Imports

kernel32

channel

shlwapi

user32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 8KB - Virtual size: 5KB

54b4e6819903157336f675e2e84e1d9f

Headers

File Characteristics

Imports

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 20KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 208KB - Virtual size: 206KB

.data
Size: 36KB - Virtual size: 55KB

.rsrc
Size: 744KB - Virtual size: 741KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 672B

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 512B - Virtual size: 494B