JaffaCakes118_83fe0ab384d1cca50ffd7f3c685c254f

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_83fe0ab384d1cca50ffd7f3c685c254f
Size

1.5MB
MD5

83fe0ab384d1cca50ffd7f3c685c254f
SHA1

06dc51c9e0bb8058f0448f4c169a005e6810c1b1
SHA256

3fc05836e01475cf81027002ed8a67bb54b98462108899d1026170226ef155b2
SHA512

134e9b2fe5c937014ce60051ea74ac49ef179f77ad5291d05b94316e6055542f92d39d3b29e2284c99ae1c583ce2668818d879e26fccb5bf3ef7117d8954b2cc
SSDEEP

24576:LFDOfmhCWCAauY1sJQ/WkBbV34zOENOWKrqBN0NhBfoVxs/yTuPOYpMUXLJTmi+q:ZCOOAzY1f/YfOuH0N/fEs/oudMjG

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2/Activity.dll
unpack001/2/LogViewer.exe
unpack001/2/MouseHook.dll
unpack001/2/RunOnce.exe
unpack001/2/USBFind.dll
unpack001/2/iSafeProtect.dll
unpack001/2/pdata.exe
unpack001/2/winsrv.exe
unpack001/2/zlib1d.dll

Files

JaffaCakes118_83fe0ab384d1cca50ffd7f3c685c254f
.rar
2/Activity.dll
.dll windows:4 windows x86 arch:x86

76f02d30ef6eb12ff2d909043012d3e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
CloseHandle
FlushFileBuffers
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
HeapValidate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
SetConsoleCtrlHandler
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
UnhandledExceptionFilter
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetFilePointer
Sleep
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetEnvironmentVariableA

user32

PostMessageA
UnhookWindowsHookEx
SetWindowsHookExA
RegisterWindowMessageA
CallNextHookEx

Exports

Exports

clearLBDownHook
setLBDownHook

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2/Log/Pic/2011-02-03_21-18-24.png
.png
2/Log/Pic/2011-02-03_21-19-24.png
.png
2/LogViewer.exe
.exe windows:5 windows x86 arch:x86

956f0e38bb7e7df766f66ada0e52e21b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFree
GlobalUnlock
GlobalLock
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
MulDiv
LocalFree
GetModuleFileNameW
GetThreadLocale
lstrcmpA
EnumResourceLanguagesA
ConvertDefaultLocale
GetConsoleCP
FileTimeToLocalFileTime
LockFile
UnlockFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetFileSizeEx
GetFileTime
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
LocalReAlloc
GetCurrentDirectoryA
SetErrorMode
GetDriveTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
SetFilePointer
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetTimeZoneInformation
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
WriteFile
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
GetCurrentThread
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetStartupInfoA
GetDateFormatA
GetTimeFormatA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
RtlUnwind
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcpynA
GetUserDefaultLangID
CopyFileA
SetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
FreeResource
GetCPInfo
lstrlenW
GetVersion
GetVersionExA
FormatMessageA
GetProcessHeap
HeapAlloc
GetFileAttributesA
GetModuleFileNameA
DeleteFileA
GetTempPathA
GlobalAlloc
lstrcpyA
GetCommandLineA
ExitProcess
FreeLibrary
GetLocalTime
Sleep
UnmapViewOfFile
OpenEventA
OpenMutexA
CreateMutexA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
ReleaseMutex
InterlockedDecrement
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
MultiByteToWideChar
lstrlenA
CreateEventA
CreateThread
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
OutputDebugStringW
FileTimeToSystemTime
OutputDebugStringA

user32

SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
UnregisterClassA
CharUpperA
SetRectEmpty
DestroyMenu
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
WindowFromPoint
CharNextA
GetWindowThreadProcessId
GetMenuStringA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
MoveWindow
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
GetKeyState
SetMenu
SetForegroundWindow
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
GetWindow
GetTopWindow
IsWindowVisible
RemovePropA
GetPropA
wvsprintfA
wvsprintfW
wsprintfA
FillRect
SetPropA
SetWindowRgn
LoadImageA
RegisterClassExA
GetDC
RemoveMenu
ModifyMenuA
InsertMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
PostThreadMessageA
RegisterClipboardFormatA
ReleaseCapture
DeleteMenu
CreatePopupMenu
CreateMenu
DrawEdge
GetNextDlgGroupItem
TrackPopupMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowRect
GetClientRect
SendMessageA
InvalidateRect
EnableWindow
LoadBitmapA
ReleaseDC
GetWindowLongA
DestroyIcon
DialogBoxIndirectParamA
EndDialog
DrawIconEx
GetSysColor
MessageBeep
LoadIconA
SetWindowTextA
SetWindowLongA
SetWindowPos
ShowWindow
GetDlgItem
LoadCursorA
IsWindowEnabled
DrawTextW
GetWindowTextA
SetCursor
PtInRect
RedrawWindow
SetTimer
KillTimer
GetParent
RegisterWindowMessageA
CopyRect
PostMessageA
GetSystemMetrics
SetRect
GetSysColorBrush
SystemParametersInfoA
GetMenuItemInfoA
GetDesktopWindow
ScreenToClient
MapWindowPoints
IsIconic
DrawIcon
GetCursorPos

gdi32

GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetTextColor
GetCharWidthA
StretchDIBits
GetRgnBox
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
ExtSelectClipRgn
DeleteObject
SetROP2
RestoreDC
SaveDC
SetBkColor
GetClipBox
CreateRectRgnIndirect
GetPixel
CreateRectRgn
CombineRgn
GetStockObject
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateFontIndirectA
CreateHatchBrush
CreatePen
CreateDIBSection
DeleteDC
GetTextExtentPoint32W
Rectangle
GetTextExtentPoint32A
CreateBrushIndirect
SetTextColor
SetBkMode
SelectObject
GetTextMetricsA
SetPixel
CreateFontA
GetObjectA
CreateBitmap
Escape
ExtTextOutA
TextOutA
BitBlt
RectVisible
PtVisible
LPtoDP
DPtoLP
GetMapMode
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathIsDirectoryA

oledlg

ord8

ole32

CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoCreateInstance
OleRun
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocString
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VarUdateFromDate
SysStringLen
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromCy
GetErrorInfo
SysAllocStringLen

gdiplus

GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipGetImagePixelFormat
GdipDrawImageRectRect
GdipReleaseDC
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapSetResolution
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipGetImageFlags
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipFree
GdipDisposeImage
GdipCloneImage

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 415KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2/MouseHook.dll
.dll windows:5 windows x86 arch:x86

4515124842f4fa6b387d1ecca10c2eed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FlushFileBuffers
CloseHandle
OutputDebugStringA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA

user32

UnhookWindowsHookEx
RegisterWindowMessageA

Exports

Exports

clearMyHook
setCapGranularity
setMyHook

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2/Pa.ini
2/RunOnce.exe
.exe windows:5 windows x86 arch:x86

e81d55e83373ed9e333086adab360cf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\iSafeSVN\isafe\QQlog\RunOnce.pdb

Imports

kernel32

GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
HeapAlloc
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
HeapFree
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
GlobalFlags
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryA
lstrcmpW
GetVersionExA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GlobalAlloc
FormatMessageA
LocalFree
GetCurrentProcessId
GetLastError
MulDiv
GetModuleHandleA
GetProcAddress
SetLastError
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcpynA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetModuleFileNameA
ExitProcess
MultiByteToWideChar
lstrlenA
OutputDebugStringA
FreeEnvironmentStringsW
GetFileAttributesW

user32

RegisterClipboardFormatA
PostThreadMessageA
CharNextA
ReleaseCapture
SetCapture
DestroyMenu
UnregisterClassA
GetSysColorBrush
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetFocus
GetForegroundWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
UpdateWindow
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
SetFocus
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetLastActivePopup
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
CharUpperA
DrawTextA
TabbedTextOutA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
DispatchMessageA
CopyAcceleratorTableA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindow
IsWindowVisible
GetTopWindow
RemovePropA
SetPropA
GetPropA
ScreenToClient
DrawIcon
IsIconic
MessageBoxA
LoadIconA
SetCursor
PtInRect
SendMessageA
GetWindowLongA
GetWindowTextW
IsWindowEnabled
LoadCursorA
KillTimer
InvalidateRect
SetTimer
GetParent
GetClientRect
RedrawWindow
EnableWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
LoadBitmapA

gdi32

CreateBitmap
GetStockObject
GetDeviceCaps
ExtTextOutA
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateSolidBrush
GetTextMetricsA
CreateFontA
Escape

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipMeasureString
GdipDrawString
GdipGraphicsClear
GdipSetTextRenderingHint
GdipReleaseDC
GdipGetImageGraphicsContext
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipDeleteBrush
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipLoadImageFromFile
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipFree

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2/USBFind.dll
.dll windows:5 windows x86 arch:x86

0de354de6b0fb01e1fd433c705c3990d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\iSafeSVN\isafe\USBFind\bin\USBFind.pdb

Imports

kernel32

UnmapViewOfFile
GetLastError
FileTimeToSystemTime
OutputDebugStringA
CloseHandle
FlushFileBuffers
GetDateFormatA
SystemTimeToTzSpecificLocalTime
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

RegisterDeviceNotificationA
IsWindow

advapi32

RegQueryValueExA
RegCloseKey

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

Exports

Exports

FirstDriveFromMask
RegisterNotify
UpdateDevice

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2/data.ldb
2/data.mdb
2/edata.txt
2/gdata.bin
2/iSafeProtect.dll
.dll windows:5 windows x86 arch:x86

80276017373e641b1d3f5f6b5132d4a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DuplicateHandle
GetCurrentProcess
CreateProcessW
TerminateProcess
WriteFile
OutputDebugStringA
SetLastError
GetCurrentProcessId
WaitForSingleObject
lstrcpynA
SetEvent
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingA
OpenFileMappingA
CreateMutexA
OpenMutexA
CreateEventA
OpenEventA
FlushFileBuffers
CreateFileA
CloseHandle
GetProcAddress
LoadLibraryA
ReleaseMutex
FreeLibrary
WriteConsoleW
GetConsoleOutputCP
VirtualProtect
FlushInstructionCache
VirtualQuery
HeapFree
HeapReAlloc
HeapAlloc
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RaiseException
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA

user32

CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA

gdi32

StartDocW

advapi32

RegEnumValueW

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

InstallHook
UninstallHook

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2/msadoex.dll
2/pdata.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\VCExercise\consoleGmail\obj\Release\pdata.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2/winsrv.exe
.exe windows:5 windows x86 arch:x86

2e8529716183b6237856e17d9713eb4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
HeapCreate
VirtualFree
GetStdHandle
GetConsoleCP
GetConsoleMode
GetOEMCP
GetModuleHandleW
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetCPInfo
InterlockedIncrement
IsValidCodePage
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetCurrentProcessId
GetModuleFileNameW
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
SetLastError
lstrcmpW
FreeResource
lstrcpynA
WritePrivateProfileStringA
GetPrivateProfileStringA
SetCurrentDirectoryA
HeapAlloc
GetComputerNameA
lstrlenW
CreateThread
ReadDirectoryChangesW
ResetEvent
GlobalAlloc
GlobalHandle
GlobalFree
GlobalLock
GlobalUnlock
IsBadReadPtr
ExitProcess
TerminateThread
GetVolumeInformationA
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
GetUserDefaultLangID
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEvent
ReleaseMutex
WaitForSingleObject
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileAttributesW
GetCurrentDirectoryA
GetVersionExA
CreateToolhelp32Snapshot
Process32First
Process32Next
DeviceIoControl
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetProcessHeap
HeapFree
Sleep
CreateProcessA
GetLocalTime
lstrcpyA
GetModuleFileNameA
MulDiv
GetTickCount
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
OutputDebugStringA
ReadFile
SetFilePointer
WriteFile
GetFileAttributesA
GetLastError
CreateFileA
GetACP
CloseHandle

user32

CharNextA
ReleaseCapture
SetCapture
UnregisterClassA
DestroyMenu
SetWindowContextHelpId
MapDialogRect
GetMessageA
ValidateRect
CharUpperA
GetCursorPos
ShowWindow
MoveWindow
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetMenuState
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetFocus
GetWindowTextLengthA
GetLastActivePopup
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
CopyAcceleratorTableA
SetForegroundWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
GetTopWindow
GetWindow
RemovePropA
LoadBitmapA
PostMessageA
SetWindowRgn
GetClientRect
GetPropA
SetPropA
ScreenToClient
GetSysColorBrush
RegisterClassExA
SetRect
RegisterHotKey
RegisterRawInputDevices
GetRawInputData
GetLastInputInfo
GetClassNameA
PostQuitMessage
GetClipboardData
CloseClipboard
UnregisterHotKey
GetForegroundWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
IsIconic
GetSystemMenu
DrawIcon
MessageBoxA
GetKeyState
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
FindWindowA
PeekMessageA
RegisterClipboardFormatA
EnableWindow
GetParent
ReleaseDC
GetDC
wvsprintfA
GetWindowRect
SendMessageA
LoadIconA
SetWindowPos
RegisterWindowMessageA
GetSystemMetrics
UpdateWindow
SetWindowLongA
GetWindowLongA
InflateRect
DrawTextA
InvalidateRect
RedrawWindow
DrawIconEx
DestroyIcon
DrawStateA
CopyRect
OffsetRect
LoadImageA
GetSysColor
FrameRect
DrawFocusRect
PtInRect
FillRect
GetWindowDC
SetTimer
KillTimer
TranslateMessage
DispatchMessageA
IsWindowVisible
GetWindowTextA
DrawTextW
IsWindowEnabled
SetWindowTextA
GetDlgItem
SetFocus
GetDlgItemTextA
EndDialog
GetDesktopWindow
SetCursor
IsWindow
LoadCursorA
WindowFromPoint

gdi32

ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetRgnBox
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetWindowExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateFontIndirectA
GetDIBits
CreateDCA
SetPixel
GetTextExtentPoint32A
GetTextColor
GetBkColor
CreatePen
GetTextMetricsA
GetStockObject
FillRgn
CreateRoundRectRgn
CreateBitmap
GetDeviceCaps
SelectObject
DeleteObject
GetPixel
BitBlt
Rectangle
CreateCompatibleDC
CombineRgn
CreateRectRgn
GetObjectA
CreateSolidBrush
CreateCompatibleBitmap
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

ControlService
RegSetValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
GetUserNameA
RegEnumKeyExA
RegDeleteKeyA
StartServiceA
OpenSCManagerA
OpenServiceA
RegDeleteValueA
CloseServiceHandle
CreateServiceA
RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegEnumValueA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA

comctl32

_TrackMouseEvent

shlwapi

PathStripToRootA
PathFindFileNameA
PathIsUNCA
PathIsDirectoryA
PathFindExtensionA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoTaskMemFree
CoInitialize
CoUninitialize
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StringFromGUID2
CoCreateInstance
OleRun
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUdateFromDate
SysAllocStringLen
SysStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromCy
OleCreateFontIndirect
VariantInit
SysFreeString
GetErrorInfo
SysAllocString

gdiplus

GdipAlloc
GdipLoadImageFromFile
GdipDisposeImage
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateFromHDC
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipReleaseDC
GdipGraphicsClear
GdipDrawImageRectRect
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipFree
GdipDeleteGraphics

mousehook

setMyHook
clearMyHook

ws2_32

setsockopt
inet_addr
bind
WSAIoctl
recvfrom
inet_ntoa
ntohs
ntohl
htonl
sendto
htons
WSAStartup
socket
closesocket
WSACleanup

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

activity

setLBDownHook
clearLBDownHook

isafeprotect

UninstallHook
InstallHook

usbfind

UpdateDevice
RegisterNotify
FirstDriveFromMask

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2/zlib1d.dll
.dll windows:4 windows x86 arch:x86

2a3748b99ef78bd38d01b7a93f88959e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
ftell
fprintf
_fdopen
fopen
_errno
strcpy
strlen
malloc
sprintf
fwrite
fread
memcpy
free
_vsnprintf
fflush
fseek
fputc
strcat
strerror
clearerr
_initterm
_adjust_fdiv
__dllonexit
_onexit
fclose
_chkesp

kernel32

DisableThreadLibraryCalls

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76f02d30ef6eb12ff2d909043012d3e8

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 25KB

.idata Size: 4KB - Virtual size: 2KB

.JOE Size: 4KB - Virtual size: 260B

.reloc Size: 8KB - Virtual size: 6KB

956f0e38bb7e7df766f66ada0e52e21b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

version

Sections

.text Size: 450KB - Virtual size: 449KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 13KB - Virtual size: 28KB

.rsrc Size: 415KB - Virtual size: 416KB

4515124842f4fa6b387d1ecca10c2eed

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 10KB

.JOE Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 3KB

e81d55e83373ed9e333086adab360cf8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 55KB - Virtual size: 55KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 25KB

.idata
Size: 4KB - Virtual size: 2KB

.JOE
Size: 4KB - Virtual size: 260B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 450KB - Virtual size: 449KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 13KB - Virtual size: 28KB

.rsrc
Size: 415KB - Virtual size: 416KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 10KB

.JOE
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 345KB - Virtual size: 344KB

.reloc
Size: 35KB - Virtual size: 34KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.JOE
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B