Analysis Date2015-01-29 20:33:30
MD56f99fff4bbaf3c045e6b3ae2963c732a
SHA10b9a469887b10cdb4eb3ce8fe2631fc565a78765

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7ebfade271f75cb4c180603ab653af42 sha1: 45720e3559680fe044efceba32f55e60ed85f918 size: 23552
Section.rdata md5: 9d6e96915262c9d1129a16fa0b02a19a sha1: e46950b3424baeebebe8ab21b9f9674839c38bd6 size: 4608
Section.data md5: dbf10679c897d0edeee280fffdad552f sha1: f257e37a5d8648d6123cef40868059ee78a136b9 size: 1024
Section.ndata md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: c4c958c28b647bdd63f8cbbff60abd7f sha1: e0d69c7340b89f3bd9b81cebbdc4773949147a8a size: 8192
Timestamp2009-06-18 21:33:27
VersionLegalCopyright: JIGUANGSHURUFA.COM 版权所有
InternalName: 极光拼音输入法
FileVersion: 3.0.1.14
CompanyName: http://jiguangshurufa.com/
Comments: 极光拼音输入法安装程序
ProductName: 极光拼音输入法
ProductVersion: 3.0.1.14
FileDescription: 极光拼音输入法安装程序
PackerNullsoft PiMP Stub -> SFX
PEhashbd0cc7366ee60c62365cc166daecbcaac762505a
IMPhash099c0646ea7282d232219f8807883be0
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)no_virus
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7no_virus
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
 " "GE..
080403a8
3.0.1.14
333f3
Comments
CompanyName
f3fff
FileDescription
FileVersion
http://jiguangshurufa.com/
InternalName
JIGUANGSHURUFA.COM 
LegalCopyright
msctls_progress32
Please wait while Setup is loading...
ProductName
ProductVersion
StringFileInfo
SysListView32
Translation
VarFileInfo
VS_VERSION_INFO
"""""/
*?|<>/":
?02ZV4c
(}0$}v
=17yONj
190f]T
1)e^pj
1FPzfp
1'( i~8
1M_heW
2+dK[V
2-JE]hR
2Sj	DWnT
/3\c1P
57nvH|
5h/,7t
/?|6"J
|6Xemy
7H>dYP9
==$7kV
8L.5Sk4n
_(8mz9
8_N6U_
8NCRCu
^}9IF-
9n`"J2X
[9o~d=
\a00X|
A]Bje{
AdjustTokenPrivileges
ADVAPI32
ADVAPI32.dll
AppendMenuA
+Apw~c
@AqUD0J
'aR1R)
avRMH)
AYf}2h4
BeginPaint
c2INnB"
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CloseHandle
 %Clx=
CoCreateInstance
COMCTL32.dll
CompareFileTime
Control Panel\Desktop\ResourceLocale
CopyFileA
CoTaskMemFree
CreateBrushIndirect
CreateDialogParamA
CreateDirectoryA
CreateFileA
CreateFontIndirectA
CreatePopupMenu
CreateProcessA
CreateThread
CreateWindowExA
CvvD0$
c?]w<P
... %d%%
D$0+D$(P
@.data
D$(+D$ SSP
.DEFAULT\Control Panel\International
DefWindowProcA
DeleteFileA
DeleteObject
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
D$(SPS
DyRJ	UM
EKf5sT
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EpbmgV
Error launching installer
Error writing temporary file. Make sure your temp folder is valid.
e&~sbm
ExitProcess
ExitWindowsEx
ExpandEnvironmentStringsA
:?`f3<
?FDUp5
FillRect
FindClose
FindFirstFileA
FindNextFileA
FindWindowExA
.F'	J9
F!l%eG
FreeLibrary
(FyR2`
G*| 5"~
GDI32.dll
GetClassInfoA
GetClientRect
GetCommandLineA
GetCurrentProcess
GetDeviceCaps
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItem
GetDlgItemTextA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFullPathNameA
GetLastError
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSysColor
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTempFileNameA
GetTempPathA
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowLongA
GetWindowRect
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
{<G/[UV
Hb1\iC
HDOd6.+n
}h=L$E
H	 {O~
HrCg@b	g
http://nsis.sf.net/NSIS_Error
hU=6jrDUnt
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
incomplete download and damaged media. Contact the
Installer integrity check has failed. Common causes include
installer's author to obtain a new copy.
Instu`
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
i%uu8jp
IyU>:^
J1Q!}H
j8{M0nLt7
,=`jaH
+JBT>#
Jc2O?x
~Jd:vXlg
jK]#MaH
j]YH|$L!I
\.!K/5Y3
k69s5;FR
KERNEL32
KERNEL32.dll
]%(l,|5[SD
l[GHhT
LMJGZcp
LoadBitmapA
LoadCursorA
LoadImageA
LoadLibraryA
LoadLibraryExA
L-o"l%ek
LookupPrivilegeValueA
L*p7LZG
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
lunI:x
LXM'Tp
(M3<;qAU
MessageBoxIndirectA
mhb|	p
\Microsoft\Internet Explorer\Quick Launch
mLl`pIf
More information at:
MoveFileA
MoveFileExA
$MrIt]
MulDiv
MultiByteToWideChar
>}<&n3
.ndata
NSIS Error
~nsu.tmp
NullsoftInst
NulluN	E
N~Xjn:
!O?#6SW6Y
ole32.dll
OleInitialize
OleUninitialize
oLLLLL
OpenClipboard
OpenProcessToken
@oQ4mR
(O#Re)
oY~KmU
ozR1ML
*p6Js	
P{9?WO	k>/X
PeekMessageA
Pi\e#`u{
PostQuitMessage
PPPPPP
Pq5clK
Q@H7Ev
QHH!Ci
}*qQ_1
q_t4w1+-
`.rdata
ReadFile
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegisterClassA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RemoveDirectoryA
[Rename]
RichEd20
RichEd32
RichEdit
RichEdit20A
Richu)
RT~|T_@
*rw.Ev
)[s4G?b#
sB6jG{
ScrdRff
ScreenToClient
SearchPathA
SelectObject
SendMessageA
SendMessageTimeoutA
SeShutdownPrivilege
SetBkColor
SetBkMode
SetClassLongA
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetDlgItemTextA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetForegroundWindow
SetTextColor
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SHAutoComplete
SHBrowseForFolderA
SHELL32.dll
ShellExecuteA
SHFileOperationA
SHFOLDER
SHGetFileInfoA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHLWAPI
ShowWindow
softuW
Software\Microsoft\Windows\CurrentVersion
SQSSSPW
SystemParametersInfoA
sz'8a9
> _?=t
T2vy*3
#T33[=
!This program cannot be run in DOS mode.
TNH'K(<+
_^[t	P
TrackPopupMenu
UFc.2l
unpacking data: %d%%
USER32.dll
U#*|Sz
%u.%u%s%s
uz;;@_
v95DpA
VDQYp[z
verifying installer: %d%%
VerQueryValueA
VERSION.dll
vEsI5M~
v"	zW,
WaitForSingleObject
W`$f@AuE
WriteFile
WritePrivateProfileStringA
wr""/p
wsprintfA
wwwwwwww
wwwwwwwxp
wxr""/p
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
=X{\N8
YA)FWF
\YHp {
Y]{j+`
yTQ)<F
>@*$YZ
z5-L(y
Zgd/ _ML
$zng97
 Zx=Vb
^zz111
^zz1111
^zz1111M
^zz1111MM
zz1111MMM