1c307877b29bfa741b365fa9a05373160ad5bf98608de2a847a4b8231174d1de

Sharing

Copy URL

Twitter E-mail

General

Target

1c307877b29bfa741b365fa9a05373160ad5bf98608de2a847a4b8231174d1de
Size

7.3MB
MD5

c4783d1f7c68d86b10c4df39d0c0ac00
SHA1

48d1d59bab611e9cd768829aba6d41ec5d0b8df1
SHA256

1c307877b29bfa741b365fa9a05373160ad5bf98608de2a847a4b8231174d1de
SHA512

00b972eb8c53cf7e9c4b4b1795b685d136cf1bfd59691ad88a5578145d73bcbf4a24119c3588e7bd2ae51f759142129b0077f1439a8a075016c2510f2c770b8b
SSDEEP

196608:S3vJtiTHzCllvJtiTHHOq1R3vJtiTHzUqlQ3RRp:AteHzGteHH9teHzYp

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Interop.ADQX.dll	vmprotect
static1/unpack001/qq_post1.4/Interop.ADQX.dll	vmprotect

Files

1c307877b29bfa741b365fa9a05373160ad5bf98608de2a847a4b8231174d1de
.zip
FastVerCode.dll
.dll windows x86

27e7e1e624350fc9412adeceda4f8d53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2818
ord540
ord858
ord939
ord2915
ord3584
ord543
ord803
ord3922
ord801
ord541
ord941
ord4129
ord2764
ord860
ord690
ord1988
ord5808
ord1074
ord1075
ord1116
ord3229
ord389
ord665
ord1979
ord5186
ord354
ord6663
ord5710
ord5683
ord4278
ord823
ord5442
ord3318
ord6283
ord6282
ord2614
ord4202
ord6662
ord6874
ord5207
ord5440
ord6383
ord5450
ord6394
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord535
ord940
ord825
ord800
ord537
ord1176
ord3663
ord5204

msvcrt

__CxxFrameHandler
_CxxThrowException
_mbscmp
rand
srand
time
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit

kernel32

LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetComputerNameA
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree

shlwapi

StrToIntA

wininet

InternetSetOptionA

Exports

Exports

GetUserInfo
GetUserInfo_A
RecByte
RecByte_2
RecByte_A
RecByte_A_2
RecYZM
RecYZM_2
RecYZM_A
RecYZM_A_2
Reglz
ReportError

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ICSharpCode.SharpZipLib.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.ADODB.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.ADOX.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.ADQX.dll
.dll windows x86

217705e1e02e6d3b6c634d6849100e28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

kernel32

GetVersionExA
GetVersion
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetTopWindow

gdi32

ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegDeleteKeyA

comctl32

ord17

shlwapi

PathFindExtensionA

oleaut32

VariantInit

Exports

Exports

CheckRuntime
EncryptString
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
GetModuleBase
MainDLL
_CorExeMain

Sections

.text
Size: - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Interop.ADQX64.dll
.dll windows x64

68f10cbba5fb9bf38383210562853137

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleInformation

iphlpapi

GetAdaptersInfo

kernel32

DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
FlsSetValue
GetCommandLineA
GetProcessHeap
RaiseException
RtlPcToFileHeader
ExitProcess
LocalReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
FlsFree
FlsAlloc
Sleep
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetThreadLocale
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetSystemTime
ResumeThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
SuspendThread
WriteProcessMemory
VirtualProtectEx
SetFilePointer
ReadFile
GetVersionExA
GetCurrentProcess
SetPriorityClass
CreateFileA
DeviceIoControl
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
TerminateProcess
GetModuleHandleA
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion

user32

DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetTimer
MessageBoxA
CharUpperA
GetWindow

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenEventLogA
ReportEventA
CloseEventLog

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
MainDLL

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.JPO.dll
.dll windows x86

b8a6eae64d86678cb66465e7a223e2b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
CryptAcquireContextA

ole32

CoTaskMemAlloc

kernel32

CreateFileW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
EncodePointer
HeapAlloc
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
CloseHandle
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetModuleFileNameW
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
IsProcessorFeaturePresent
FlushFileBuffers
HeapReAlloc
LoadLibraryW
WriteConsoleW

Exports

Exports

DataSec
DeDesCBC
DesCBC
DesDeEncry
DesEncry
JS_start
MD5xxx
desInit
jiami

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.JRO.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LZConfig.ini
UUWiseHelper.dll
.dll windows x86

9894069603e9ee2c6b8236a442edd823

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
ReadFile
GetFileSize
GetProcAddress
LoadLibraryW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
lstrlenW
GlobalUnlock
GlobalLock
GlobalSize
lstrcatW
lstrcpyW
IsBadReadPtr
InitializeCriticalSection
DeleteCriticalSection
SetFilePointer
WriteFile
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetPrivateProfileIntW
FreeLibrary
DisableThreadLibraryCalls
LocalFree
LocalAlloc
lstrlenA
MultiByteToWideChar
WaitForSingleObject
CreateThread
lstrcpynW
IsBadWritePtr
SetEvent
lstrcpyA
lstrcpynA
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
GetTickCount
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringW

user32

GetDC
ReleaseDC
wsprintfA
GetWindowDC
wsprintfW

gdi32

CreateCompatibleBitmap
GetObjectW
GetDIBits
CreateCompatibleDC
DeleteObject
SelectObject
BitBlt
DeleteDC

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SysAllocString
SafeArrayCreateVector
VariantClear

shlwapi

PathRemoveFileSpecW
PathAppendW
StrStrIW

urlmon

FindMimeFromData

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage

iphlpapi

GetAdaptersInfo

Exports

Exports

gifAddBitmap
gifAddScreen
gifAppendMultiScreen
gifClear
gifClose
gifCreate
gifGetStream2
gifSaveToFileA
gifSaveToFileW
uu_AsyncRecognizeByCodeTypeAndPathA
uu_AsyncRecognizeByCodeTypeAndPathW
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_GetAsyncRecognizeResultW
uu_SysCallOneParam
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeGifByCodeTypeA
uu_recognizeGifByCodeTypeW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.ini
data/account.mdb
data/backup/20131101/account.mdb
data/backup/20140503/account.mdb
data/textBox3.txt
data_qq/qq253484631.txt
dl.dll
img/logo128.ico
irisskin2.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 532KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
luyou/ALCATEL SpeedTouch511e.ini
luyou/ALPHA A8.ini
luyou/ALPHA AFW-GR55 mini.ini
luyou/ALPHA K3.ini
luyou/ALPHA V4.ini
luyou/ALPHA VCE.ini
luyou/ASUS RX3041X.ini
luyou/ASUS WL530g 2.ini
luyou/ASUS WL530g.ini
luyou/AboveCable ACRT2010-11.ini
luyou/Alpha GR50.ini
luyou/Aolynk BR104.ini
luyou/Boc R460.ini
luyou/D-Link DI-504.ini
luyou/D-Link DI-524.ini
luyou/D-Link DI-524M.ini
luyou/D-Link DI-604+.ini
luyou/D-Link DI-604.ini
luyou/D-Link DI-614+.ini
luyou/D-Link DI-624+A.ini
luyou/D-Link DI-624.ini
luyou/D-Link DI-808HV.ini
luyou/D-Link DIR-100.ini
luyou/D-Link DIR-300.ini
luyou/D-Link DIR-600.ini
luyou/D-Link DIR-615 A1 1.10.ini
luyou/D-Link DIR-615.ini
luyou/FAST FR40.ini
luyou/FAST FR402.ini
luyou/HL-RT700.ini
luyou/Hi-Spider Hotel_V3.ini
luyou/HuaWei 3COM BR104.ini
luyou/HuaWei 3COM BR204+.ini
luyou/HuaWei HG520.ini
luyou/HuaWei WBR204G+.ini
luyou/HuaWei WBR204G.ini
luyou/IP-Com 11N.ini
luyou/IP-Com Soho 2.ini
luyou/IP-Com Soho 3.ini
luyou/IP-Com Soho.ini
luyou/IPTime G100R.ini
luyou/IPTime N300R.ini
luyou/KINGNET 3.1.ini
luyou/KINGNET 3.2.ini
luyou/KINGNET KN-S1060.ini
luyou/KINGNET KN-S10602.ini
luyou/KINGNET KN-S1060T.ini
luyou/KINGNET KN-WR710H.ini
luyou/LINKSYS WRT54G.ini
luyou/LINKSYS WRT54GC.ini
luyou/LinkSYS 2.00.20.ini
luyou/LinkSYS BEFSR41.ini
luyou/LinkSYS BEFW11S4.ini
luyou/LinkSYS WRK54G(2).ini
luyou/LinkSYS WRK54G.ini
luyou/Mercury MW54R.ini
luyou/Mercury Soho MR804(2).ini
luyou/Mercury Soho MR804.ini
luyou/Motorola G.ini
luyou/NetCore 2105+NR.ini
luyou/NetCore 2305NR.ini
luyou/NetCore 2505+NR.ini
luyou/NetCore 2805NR.ini
luyou/NetCore 54M2.ini
luyou/NetCore 605GR.ini
luyou/NetCore NR+205.ini
luyou/NetShare R-1200.ini
luyou/NetShare R-1800.ini
luyou/NetShare V1.005.ini
luyou/Netgear WGR614.ini
luyou/SMC SMC7004VBR.ini
luyou/TP-Link 402M.ini
luyou/TP-Link R4148.ini
luyou/TP-Link TD-8810.ini
luyou/TP-Link TD-8820.ini
luyou/TP-Link TL-R402M.ini
luyou/TP-Link TL-R410.ini
luyou/TP-Link TL-R460.ini
luyou/TP-Link TL-R860 860M.ini
luyou/TP-Link TL-R860+.ini
luyou/TP-Link TL-WR340G V5.ini
luyou/TP-Link TL-WR340G.ini
luyou/TP-Link TL-WR641G 642G.ini
luyou/TP-Link TL-WR941N TL-WR942N.ini
luyou/Tenda NAT Router.ini
luyou/Tenda R01-029.ini
luyou/Tenda Soho(2).ini
luyou/Tenda Soho.ini
luyou/Tenda TEI402.ini
luyou/Tenda TEI402M.ini
luyou/Tenda TEI480T+.ini
luyou/Tenda TEI6606.ini
luyou/Tenda TEI6608.ini
luyou/Tenda TEI6608S 2.ini
luyou/Tenda TEI6608S.ini
luyou/Tenda TEI6611S.ini
luyou/Tenda W311R.ini
luyou/Tenda W541R.ini
luyou/UCOM URS-983(2).ini
luyou/UCOM URS-983.ini
luyou/Vigor 2901.ini
luyou/Wealnet R-2804P.ini
luyou/Wealnet R-2808M.ini
qq_post.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/FastVerCode.dll
.dll windows x86

27e7e1e624350fc9412adeceda4f8d53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2818
ord540
ord858
ord939
ord2915
ord3584
ord543
ord803
ord3922
ord801
ord541
ord941
ord4129
ord2764
ord860
ord690
ord1988
ord5808
ord1074
ord1075
ord1116
ord3229
ord389
ord665
ord1979
ord5186
ord354
ord6663
ord5710
ord5683
ord4278
ord823
ord5442
ord3318
ord6283
ord6282
ord2614
ord4202
ord6662
ord6874
ord5207
ord5440
ord6383
ord5450
ord6394
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord535
ord940
ord825
ord800
ord537
ord1176
ord3663
ord5204

msvcrt

__CxxFrameHandler
_CxxThrowException
_mbscmp
rand
srand
time
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit

kernel32

LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetComputerNameA
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree

shlwapi

StrToIntA

wininet

InternetSetOptionA

Exports

Exports

GetUserInfo
GetUserInfo_A
RecByte
RecByte_2
RecByte_A
RecByte_A_2
RecYZM
RecYZM_2
RecYZM_A
RecYZM_A_2
Reglz
ReportError

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/ICSharpCode.SharpZipLib.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/Interop.ADODB.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/Interop.ADOX.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/Interop.ADQX.dll
.dll windows x86

217705e1e02e6d3b6c634d6849100e28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

kernel32

GetVersionExA
GetVersion
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetTopWindow

gdi32

ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegDeleteKeyA

comctl32

ord17

shlwapi

PathFindExtensionA

oleaut32

VariantInit

Exports

Exports

CheckRuntime
EncryptString
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
GetModuleBase
MainDLL
_CorExeMain

Sections

.text
Size: - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qq_post1.4/Interop.ADQX64.dll
.dll windows x64

68f10cbba5fb9bf38383210562853137

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleInformation

iphlpapi

GetAdaptersInfo

kernel32

DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
FlsSetValue
GetCommandLineA
GetProcessHeap
RaiseException
RtlPcToFileHeader
ExitProcess
LocalReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
FlsFree
FlsAlloc
Sleep
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetThreadLocale
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetSystemTime
ResumeThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
SuspendThread
WriteProcessMemory
VirtualProtectEx
SetFilePointer
ReadFile
GetVersionExA
GetCurrentProcess
SetPriorityClass
CreateFileA
DeviceIoControl
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
TerminateProcess
GetModuleHandleA
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion

user32

DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetTimer
MessageBoxA
CharUpperA
GetWindow

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenEventLogA
ReportEventA
CloseEventLog

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
MainDLL

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/Interop.JPO.dll
.dll windows x86

b8a6eae64d86678cb66465e7a223e2b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
CryptAcquireContextA

ole32

CoTaskMemAlloc

kernel32

CreateFileW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
EncodePointer
HeapAlloc
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
CloseHandle
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetModuleFileNameW
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
IsProcessorFeaturePresent
FlushFileBuffers
HeapReAlloc
LoadLibraryW
WriteConsoleW

Exports

Exports

DataSec
DeDesCBC
DesCBC
DesDeEncry
DesEncry
JS_start
MD5xxx
desInit
jiami

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/Interop.JRO.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/LZConfig.ini
qq_post1.4/UUWiseHelper.dll
.dll windows x86

9894069603e9ee2c6b8236a442edd823

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
ReadFile
GetFileSize
GetProcAddress
LoadLibraryW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
lstrlenW
GlobalUnlock
GlobalLock
GlobalSize
lstrcatW
lstrcpyW
IsBadReadPtr
InitializeCriticalSection
DeleteCriticalSection
SetFilePointer
WriteFile
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetPrivateProfileIntW
FreeLibrary
DisableThreadLibraryCalls
LocalFree
LocalAlloc
lstrlenA
MultiByteToWideChar
WaitForSingleObject
CreateThread
lstrcpynW
IsBadWritePtr
SetEvent
lstrcpyA
lstrcpynA
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
GetTickCount
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringW

user32

GetDC
ReleaseDC
wsprintfA
GetWindowDC
wsprintfW

gdi32

CreateCompatibleBitmap
GetObjectW
GetDIBits
CreateCompatibleDC
DeleteObject
SelectObject
BitBlt
DeleteDC

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SysAllocString
SafeArrayCreateVector
VariantClear

shlwapi

PathRemoveFileSpecW
PathAppendW
StrStrIW

urlmon

FindMimeFromData

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage

iphlpapi

GetAdaptersInfo

Exports

Exports

gifAddBitmap
gifAddScreen
gifAppendMultiScreen
gifClear
gifClose
gifCreate
gifGetStream2
gifSaveToFileA
gifSaveToFileW
uu_AsyncRecognizeByCodeTypeAndPathA
uu_AsyncRecognizeByCodeTypeAndPathW
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_GetAsyncRecognizeResultW
uu_SysCallOneParam
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeGifByCodeTypeA
uu_recognizeGifByCodeTypeW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/data/account.mdb
qq_post1.4/data/backup/20140503/account.mdb
qq_post1.4/dl.dll
qq_post1.4/img/logo128.ico
qq_post1.4/irisskin2.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 532KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qq_post1.4/luyou/ALCATEL SpeedTouch511e.ini
qq_post1.4/luyou/ALPHA A8.ini
qq_post1.4/luyou/ALPHA AFW-GR55 mini.ini
qq_post1.4/luyou/ALPHA K3.ini
qq_post1.4/luyou/ALPHA V4.ini
qq_post1.4/luyou/ALPHA VCE.ini
qq_post1.4/luyou/ASUS RX3041X.ini
qq_post1.4/luyou/ASUS WL530g 2.ini
qq_post1.4/luyou/ASUS WL530g.ini
qq_post1.4/luyou/AboveCable ACRT2010-11.ini
qq_post1.4/luyou/Alpha GR50.ini
qq_post1.4/luyou/Aolynk BR104.ini
qq_post1.4/luyou/Boc R460.ini
qq_post1.4/luyou/D-Link DI-504.ini
qq_post1.4/luyou/D-Link DI-524.ini
qq_post1.4/luyou/D-Link DI-524M.ini
qq_post1.4/luyou/D-Link DI-604+.ini
qq_post1.4/luyou/D-Link DI-604.ini
qq_post1.4/luyou/D-Link DI-614+.ini
qq_post1.4/luyou/D-Link DI-624+A.ini
qq_post1.4/luyou/D-Link DI-624.ini
qq_post1.4/luyou/D-Link DI-808HV.ini
qq_post1.4/luyou/D-Link DIR-100.ini
qq_post1.4/luyou/D-Link DIR-300.ini
qq_post1.4/luyou/D-Link DIR-600.ini
qq_post1.4/luyou/D-Link DIR-615 A1 1.10.ini
qq_post1.4/luyou/D-Link DIR-615.ini
qq_post1.4/luyou/FAST FR40.ini
qq_post1.4/luyou/FAST FR402.ini
qq_post1.4/luyou/HL-RT700.ini
qq_post1.4/luyou/Hi-Spider Hotel_V3.ini
qq_post1.4/luyou/HuaWei 3COM BR104.ini
qq_post1.4/luyou/HuaWei 3COM BR204+.ini
qq_post1.4/luyou/HuaWei HG520.ini
qq_post1.4/luyou/HuaWei WBR204G+.ini
qq_post1.4/luyou/HuaWei WBR204G.ini
qq_post1.4/luyou/IP-Com 11N.ini
qq_post1.4/luyou/IP-Com Soho 2.ini
qq_post1.4/luyou/IP-Com Soho 3.ini
qq_post1.4/luyou/IP-Com Soho.ini
qq_post1.4/luyou/IPTime G100R.ini
qq_post1.4/luyou/IPTime N300R.ini
qq_post1.4/luyou/KINGNET 3.1.ini
qq_post1.4/luyou/KINGNET 3.2.ini
qq_post1.4/luyou/KINGNET KN-S1060.ini
qq_post1.4/luyou/KINGNET KN-S10602.ini
qq_post1.4/luyou/KINGNET KN-S1060T.ini
qq_post1.4/luyou/KINGNET KN-WR710H.ini
qq_post1.4/luyou/LINKSYS WRT54G.ini
qq_post1.4/luyou/LINKSYS WRT54GC.ini
qq_post1.4/luyou/LinkSYS 2.00.20.ini
qq_post1.4/luyou/LinkSYS BEFSR41.ini
qq_post1.4/luyou/LinkSYS BEFW11S4.ini
qq_post1.4/luyou/LinkSYS WRK54G(2).ini
qq_post1.4/luyou/LinkSYS WRK54G.ini
qq_post1.4/luyou/Mercury MW54R.ini
qq_post1.4/luyou/Mercury Soho MR804(2).ini
qq_post1.4/luyou/Mercury Soho MR804.ini
qq_post1.4/luyou/Motorola G.ini
qq_post1.4/luyou/NetCore 2105+NR.ini
qq_post1.4/luyou/NetCore 2305NR.ini
qq_post1.4/luyou/NetCore 2505+NR.ini
qq_post1.4/luyou/NetCore 2805NR.ini
qq_post1.4/luyou/NetCore 54M2.ini
qq_post1.4/luyou/NetCore 605GR.ini
qq_post1.4/luyou/NetCore NR+205.ini
qq_post1.4/luyou/NetShare R-1200.ini
qq_post1.4/luyou/NetShare R-1800.ini
qq_post1.4/luyou/NetShare V1.005.ini
qq_post1.4/luyou/Netgear WGR614.ini
qq_post1.4/luyou/SMC SMC7004VBR.ini
qq_post1.4/luyou/TP-Link 402M.ini
qq_post1.4/luyou/TP-Link R4148.ini
qq_post1.4/luyou/TP-Link TD-8810.ini
qq_post1.4/luyou/TP-Link TD-8820.ini
qq_post1.4/luyou/TP-Link TL-R402M.ini
qq_post1.4/luyou/TP-Link TL-R410.ini
qq_post1.4/luyou/TP-Link TL-R460.ini
qq_post1.4/luyou/TP-Link TL-R860 860M.ini
qq_post1.4/luyou/TP-Link TL-R860+.ini
qq_post1.4/luyou/TP-Link TL-WR340G V5.ini
qq_post1.4/luyou/TP-Link TL-WR340G.ini
qq_post1.4/luyou/TP-Link TL-WR641G 642G.ini
qq_post1.4/luyou/TP-Link TL-WR941N TL-WR942N.ini
qq_post1.4/luyou/Tenda NAT Router.ini
qq_post1.4/luyou/Tenda R01-029.ini
qq_post1.4/luyou/Tenda Soho(2).ini
qq_post1.4/luyou/Tenda Soho.ini
qq_post1.4/luyou/Tenda TEI402.ini
qq_post1.4/luyou/Tenda TEI402M.ini
qq_post1.4/luyou/Tenda TEI480T+.ini
qq_post1.4/luyou/Tenda TEI6606.ini
qq_post1.4/luyou/Tenda TEI6608.ini
qq_post1.4/luyou/Tenda TEI6608S 2.ini
qq_post1.4/luyou/Tenda TEI6608S.ini
qq_post1.4/luyou/Tenda TEI6611S.ini
qq_post1.4/luyou/Tenda W311R.ini
qq_post1.4/luyou/Tenda W541R.ini
qq_post1.4/luyou/UCOM URS-983(2).ini
qq_post1.4/luyou/UCOM URS-983.ini
qq_post1.4/luyou/Vigor 2901.ini
qq_post1.4/luyou/Wealnet R-2804P.ini
qq_post1.4/luyou/Wealnet R-2808M.ini
qq_post1.4/qq_post.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/setting.ini
qq_post1.4/skin.ssk
qq_post1.4/QQȺӪ.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qq_post1.4/QQȺӪ1.4.zip
.zip
qq_post1.4/˵.txt
setting.ini
setup.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin.ssk
下载说明.htm
.html .js
QQȺӪ1.4.exe
.exe windows x86

0212b6cb1564d3d4a9941cd6d6f259fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
FormatMessageA
UnmapViewOfFile
TerminateThread
LocalFree
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
CreateFileMappingA
MapViewOfFile
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
TerminateProcess
ExitThread
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
FindFirstFileA
FindClose
GetFileAttributesA
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetClipboardData
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
CloseClipboard
wsprintfA
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
WaitForInputIdle
GetTopWindow
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
UnregisterClassA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA

gdi32

GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
SetStretchBltMode
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
SetBkColor
CreatePen
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleInitialize
OleUninitialize
CLSIDFromString

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

ioctlsocket
connect
recv
listen
getpeername
accept
WSAGetLastError
__WSAFDIsSet
ntohs
getsockname
socket
gethostname
inet_addr
bind
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
recvfrom

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
GetFileTitleA

Sections

.text
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
˵.txt

Sharing

General

Malware Config

Signatures

Files

27e7e1e624350fc9412adeceda4f8d53

Headers

File Characteristics

Imports

netapi32

mfc42

msvcrt

kernel32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 4KB - Virtual size: 3KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 184KB - Virtual size: 183KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 88KB - Virtual size: 84KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 24KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 4KB - Virtual size: 12B

217705e1e02e6d3b6c634d6849100e28

Headers

File Characteristics

Imports

version

psapi

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 179KB

.rdata Size: - Virtual size: 33KB

.data Size: - Virtual size: 49KB

.vmp0 Size: - Virtual size: 922KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 228B

.rsrc Size: 8KB - Virtual size: 16KB

68f10cbba5fb9bf38383210562853137

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 184KB - Virtual size: 183KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 88KB - Virtual size: 84KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: - Virtual size: 179KB

.rdata
Size: - Virtual size: 33KB

.data
Size: - Virtual size: 49KB

.vmp0
Size: - Virtual size: 922KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 228B

.rsrc
Size: 8KB - Virtual size: 16KB

.text
Size: 311KB - Virtual size: 310KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 14KB - Virtual size: 47KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB