d060429e811c24d8c08ab4419e43dac40120ad65c302e9522ac2ad7c5aff82f9

Sharing

Copy URL Twitter E-mail

General

Target

d060429e811c24d8c08ab4419e43dac40120ad65c302e9522ac2ad7c5aff82f9
Size

6.4MB
MD5

9328c96a0bb8eb0c7738f2419d2c5951
SHA1

0839e41b81092456974837ab2c43cb1b57a801b0
SHA256

d060429e811c24d8c08ab4419e43dac40120ad65c302e9522ac2ad7c5aff82f9
SHA512

2f6c161b02453dd8de70413aeef7230fa95aef4058440fce166ea9dcdbcdd9e827f1af5b868a51a57a4b1cc5f8170f3d15da00321b3348a73ccfe21241a75fcf
SSDEEP

196608:flrcyIET0Ew6OzsaOVR9QQC1tLPtku8mfg0L1HMd3:NrcAT5wvzsHPQt2u8mRL16

Score

9^/10

aspackv2 upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/plugin/dm.dll	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/plugin/BAOBAO.DLL	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/plugin/dm.dll	upx

Files

d060429e811c24d8c08ab4419e43dac40120ad65c302e9522ac2ad7c5aff82f9
.zip
1234软件园.url
.url
CrackCaptchaClient.dll
.dll windows x86

a3335cae779ad559beb138ecc35a17a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getpeername
ntohs
htonl
ntohl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSAResetEvent
recv
send
connect
htons
WSACloseEvent
WSACreateEvent
ioctlsocket
socket
inet_addr
WSAGetLastError
closesocket
inet_ntoa
gethostbyname
gethostname
WSACleanup
WSAStartup

kernel32

LCMapStringW
LoadLibraryW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
CloseHandle
WaitForMultipleObjects
LoadLibraryA
GetProcAddress
CreateFileA
DeviceIoControl
GetVersionExA
MultiByteToWideChar
GetLastError
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObject
CreateEventA
SetEvent
GetStringTypeW
HeapDestroy
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
ResetEvent
SystemTimeToFileTime
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
Sleep
WriteFile
FreeLibrary
CreateSemaphoreA
ReleaseSemaphore
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetStartupInfoW
GetFileType
SetHandleCount
RtlUnwind
SetStdHandle
SetEnvironmentVariableA
FlushFileBuffers
GetDriveTypeW
SetEndOfFile
ReadFile
WriteConsoleW
CreateFileW
IsProcessorFeaturePresent
GetModuleFileNameW
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
CompareStringW
HeapCreate
EncodePointer
DecodePointer
ExitThread
CreateThread
FindClose
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
HeapSize
DeleteFileA
MoveFileA
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetTimeZoneInformation
GetModuleHandleW
ExitProcess
GetCPInfo
GetACP
GetOEMCP

user32

IsRectEmpty
ScreenToClient
GetSystemMetrics
GetDC
GetWindowDC
ReleaseDC
FindWindowExA
GetWindowRect

gdi32

BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
GetDIBits

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetReadFile
InternetOpenA

iphlpapi

GetAdaptersInfo

Exports

Exports

CreateCrackCaptchaClient

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Phrases.ini
[ľ]dnfȫԶ&&ϼ3.32.exe
.exe windows x86

bb6353df3998b4fbc1a98beea1f93b41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

mfc42

ord1640
ord323
ord2405
ord5785
ord1175
ord2096
ord2408
ord5860
ord3986
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3395
ord3730
ord807
ord2920
ord2012
ord3289
ord2120
ord554
ord4163
ord1644
ord1146
ord5572
ord2919
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord6146
ord5883
ord1073
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord491
ord1907
ord4258
ord489
ord768
ord283
ord4478
ord4267
ord2450
ord1908
ord4406
ord3729
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord496
ord804
ord497
ord4259
ord4284
ord4715
ord2370
ord857
ord465
ord1572
ord1199
ord2575
ord4396
ord3574
ord609
ord556
ord809
ord2122
ord2639
ord2862
ord3996
ord3302
ord2817
ord801
ord5829
ord3726
ord541
ord2065
ord3716
ord790
ord2301
ord2358
ord6111
ord926
ord6334
ord2642
ord3610
ord656
ord2086
ord5053
ord4774
ord5981
ord6270
ord613
ord289
ord6358
ord1088
ord6449
ord2727
ord6467
ord2730
ord2729
ord1568
ord1180
ord6380
ord2289
ord1200
ord6153
ord5645
ord5583
ord6385
ord2393
ord3790
ord6283
ord6282
ord6877
ord2784
ord4278
ord3089
ord2860
ord3797
ord2299
ord2298
ord3317
ord1158
ord6883
ord773
ord501
ord2448
ord3903
ord5834
ord2044
ord3887
ord2830
ord4222
ord5467
ord1581
ord2918
ord1989
ord2805
ord960
ord6314
ord4179
ord6389
ord5445
ord6012
ord5775
ord2603
ord3180
ord3183
ord3176
ord3508
ord3652
ord703
ord6143
ord1802
ord1934
ord1935
ord6662
ord6663
ord923
ord925
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord715
ord2621
ord1205
ord1134
ord824
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord1105
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord2820
ord498
ord415
ord755
ord470
ord5637
ord5849
ord3475
ord4287
ord2109
ord1081
ord1008
ord6928
ord4476
ord284
ord6453
ord798
ord1997
ord6407
ord5194
ord6194
ord5303
ord2726
ord4699
ord5715
ord3741
ord817
ord2256
ord565
ord3361
ord326
ord4299
ord4400
ord3630
ord3706
ord5786
ord2582
ord4402
ord3370
ord3640
ord693
ord682
ord4243
ord6907
ord5861
ord3998
ord6007
ord3286
ord936
ord932
ord6675
ord6888
ord3495
ord3698
ord765
ord2108
ord2244
ord4457
ord4981
ord4499
ord1949
ord4034
ord6929
ord2765
ord913
ord4204
ord6876
ord859
ord5600
ord1083
ord5607
ord2762
ord5278
ord3496
ord3528
ord3005
ord2136
ord1601
ord403
ord879
ord2740
ord2801
ord882
ord5778
ord547
ord699
ord700
ord603
ord2454
ord1969
ord273
ord404
ord3438
ord1871
ord6571
ord5460
ord5620
ord2775
ord5605
ord5642
ord6307
ord521
ord3226
ord777
ord1770
ord462
ord743
ord2170
ord850
ord861
ord394
ord696
ord698
ord3939
ord3937
ord398
ord396
ord3437
ord909
ord4185
ord4187
ord3435
ord911
ord1842
ord844
ord4188
ord912
ord397
ord3938
ord5601
ord5594
ord5593
ord1085
ord6567
ord4189
ord6779
ord5643
ord3702
ord654
ord6140
ord341
ord4167
ord5631
ord3584
ord543
ord803
ord6874
ord812
ord6144
ord5862
ord5610
ord559
ord1799
ord614
ord2623
ord290
ord4226
ord2486
ord4003
ord446
ord6354
ord5500
ord5689
ord6462
ord3237
ord4694
ord5148
ord3631
ord1233
ord5597
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord2243
ord683
ord3138
ord2827
ord665
ord924
ord640
ord3619
ord3596
ord3957
ord5953
ord2078
ord2754
ord2080
ord2116
ord6616
ord6669
ord6442
ord2114
ord2089
ord2113
ord2119
ord6785
ord2094
ord3223
ord4386
ord1093
ord2593
ord506
ord3221
ord2042
ord6267
ord2564
ord3222
ord4317
ord4023
ord1829
ord816
ord562
ord6605
ord6743
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401

msvcrt

_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_strnicmp
wcsstr
_wcslwr
mbstowcs
_beginthreadex
isupper
_mbstok
_mbsnbcmp
_pctype
_isctype
__mb_cur_max
toupper
towlower
_setmbcp
towupper
__dllonexit
isxdigit
printf
qsort
freopen
strncmp
_iob
fprintf
_stricmp
calloc
realloc
_strupr
??8type_info@@QBEHABV0@@Z
_tempnam
_itoa
strpbrk
fwrite
_CxxThrowException
_getch
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_mbsnbicmp
_mbspbrk
_ismbcspace
tolower
_mbschr
isspace
strtod
_except_handler3
strncpy
_strdup
_splitpath
isprint
islower
isalnum
_mbsstr
strstr
strchr
isalpha
isdigit
sprintf
atol
_mbsicmp
_mbsnbcpy
_purecall
memmove
wcscmp
_ftol
wcslen
wcscpy
malloc
ftell
rewind
fread
free
fgets
fopen
fseek
fgetc
fclose
fputc
rand
time
srand
sscanf
atoi
__CxxFrameHandler
_mbscmp
??0exception@@QAE@ABQBD@Z

kernel32

GlobalSize
GlobalReAlloc
SetUnhandledExceptionFilter
Module32Next
Module32First
CreateToolhelp32Snapshot
MulDiv
SizeofResource
SystemTimeToFileTime
GetSystemTime
GetFileSizeEx
SleepEx
TerminateThread
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
WriteFile
GetLocalTime
LocalFileTimeToFileTime
SetFileTime
LCMapStringA
TerminateProcess
VirtualFree
VirtualQuery
GetSystemInfo
GetStringTypeExA
GetUserDefaultLCID
GetStringTypeExW
LCMapStringW
InterlockedCompareExchange
FlushInstructionCache
VirtualAlloc
GetStartupInfoA
LocalFree
ReleaseMutex
CreateMutexA
ReadProcessMemory
OutputDebugStringA
GetCurrentThread
SuspendThread
CopyFileA
WaitForMultipleObjects
PulseEvent
ResumeThread
TlsAlloc
TlsSetValue
FormatMessageA
LocalAlloc
GetFileSize
ReadFile
GlobalFree
GetACP
SetEnvironmentVariableA
VirtualProtect
InterlockedIncrement
SetEvent
ResetEvent
Beep
IsDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
WritePrivateProfileSectionA
GetCurrentDirectoryA
GetFileAttributesExA
GetPrivateProfileSectionA
InterlockedExchange
GetCurrentThreadId
QueryPerformanceFrequency
FindNextFileA
OpenProcess
VirtualProtectEx
GetCurrentProcessId
MoveFileA
GetFileAttributesA
OpenMutexA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetCurrentDirectoryA
GetSystemDirectoryA
IsDBCSLeadByte
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetTempFileNameA
GetProfileStringA
GetPrivateProfileStringA
WriteProfileStringA
CreateFileA
DeviceIoControl
GetProcAddress
CompareStringA
lstrcatA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
lstrcpynA
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree
CreateThread
GetExitCodeThread
GetLastError
CreateEventA
CloseHandle
Sleep
GetCurrentProcess
SetPriorityClass
GetPrivateProfileIntA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetVersion
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
WaitForSingleObject
GetTempPathA
CreateDirectoryA
DeleteFileA
IsBadReadPtr
SetFileAttributesA
MoveFileExA
GetTickCount
WritePrivateProfileStringA
QueryPerformanceCounter
FindFirstFileA
SetLastError
OpenEventA

user32

GetSystemMetrics
AppendMenuA
InsertMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetDC
DrawTextA
ReleaseDC
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
DrawIconEx
DestroyIcon
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
GetParent
RedrawWindow
IsWindow
GetKeyState
SystemParametersInfoA
GetSysColorBrush
SetWindowLongA
SetWindowPos
KillTimer
SetTimer
PostMessageA
GetDesktopWindow
LoadBitmapA
RemoveMenu
DeleteMenu
IsWindowVisible
GetClientRect
GetSubMenu
TabbedTextOutA
GrayStringA
GetDlgCtrlID
PostQuitMessage
GetWindowRect
EnableWindow
SendMessageA
GetNextDlgTabItem
SetActiveWindow
SetCursorPos
ClipCursor
GetAsyncKeyState
GetWindowDC
GetMessageA
EqualRect
SetParent
GetForegroundWindow
GetGUIThreadInfo
DestroyWindow
PostThreadMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExA
GetCursorPos
ScreenToClient
IsIconic
DrawIcon
LoadIconA
LoadMenuA
LoadCursorA
CopyIcon
PtInRect
ReleaseCapture
SetCapture
wsprintfA
SetForegroundWindow
GetWindowLongA
MessageBoxA
SetWindowTextA
EndDialog
LoadImageA
GetIconInfo
SendInput
UnregisterHotKey
RegisterHotKey
MapVirtualKeyA
GetDoubleClickTime
CheckMenuItem
SetCaretPos
GetCapture
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumDisplaySettingsA
DefWindowProcA
UnregisterClassA
CreateWindowExA
RegisterClassA
ShowWindow
EnumWindows
SetClassLongA
GetClassLongA
SetRectEmpty
GetFocus
RegisterWindowMessageA
IsRectEmpty
UpdateWindow
LockWindowUpdate
BringWindowToTop
SetScrollPos
GetClassInfoA
DrawFrameControl
ShowScrollBar
LoadStringA
LoadStringW
CreateIconIndirect
DrawStateA
FrameRect
InflateRect
OffsetRect
DrawFocusRect
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
DestroyCursor
IsMenu

gdi32

GetTextMetricsA
GetBkColor
GetCurrentObject
CreateRectRgn
SetPixelV
GetNearestColor
GetBrushOrgEx
SetBrushOrgEx
RoundRect
SetDIBits
GetDIBColorTable
PatBlt
GetObjectA
PtVisible
RectVisible
Rectangle
CreateHatchBrush
TextOutA
ExtTextOutA
Escape
CreatePatternBrush
GetStockObject
SetTextColor
SetBkColor
CreateBitmap
CreateRectRgnIndirect
GetDIBits
CreateDCA
GetDeviceCaps
GetBkMode
CreatePen
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32W
GetTextExtentPoint32A
Ellipse
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateDIBSection
GetPixel
SetPixel

advapi32

ControlService
RegCreateKeyExA
CloseServiceHandle
CreateServiceA
DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIconSize
_TrackMouseEvent
ImageList_Draw

ole32

CLSIDFromString
CLSIDFromProgID
StgCreateDocfileOnILockBytes
StgOpenStorage
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleRun
StgCreateDocfile
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID
CoInitialize
CoCreateInstance

oleaut32

SetErrorInfo
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
SysStringLen
SysAllocStringLen
VariantCopy
LoadTypeLi
SysAllocString
VariantInit
VariantClear
SysFreeString
CreateErrorInfo
VariantChangeType
GetErrorInfo

urlmon

URLDownloadToFileA

msvcp60

?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0runtime_error@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??1logic_error@std@@UAE@XZ
??_7runtime_error@std@@6B@
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0bad_exception@std@@QAE@ABV01@@Z
??1bad_exception@std@@UAE@XZ
??_7bad_exception@std@@6B@
??0bad_exception@std@@QAE@PBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??_7logic_error@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBG1@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?what@logic_error@std@@UBEPBDXZ
?_Xlen@std@@YAXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0locale@std@@QAE@XZ
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?clear@ios_base@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ

winmm

PlaySoundA
timeGetTime

shlwapi

SHDeleteKeyA
PathFileExistsA

ws2_32

ntohs
ntohl
socket
connect
recv
WSASend
WSASendTo
WSARecvFrom
ioctlsocket
WSAAccept
listen
bind
htons
gethostbyname
inet_ntoa
inet_addr
send
closesocket
htonl
WSACleanup
WSAStartup
WSAGetLastError
setsockopt
WSASocketA
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
shutdown
WSARecv
WSAConnect

psapi

EnumProcessModules

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

imagehlp

MakeSureDirectoryPathExists
ImageNtHeader

dinput8

DirectInput8Create

wininet

InternetSetOptionA

uxtheme

SetThemeAppProperties

comdlg32

GetOpenFileNameA

olepro32

ord251

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/BAOBAO.DLL
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 232KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
plugin/Bkgnd.dll
.dll regsvr32 windows x86

afd0c76cb946728fd0639bbc36336f6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord561
ord815
ord5500
ord1132
ord1131
ord941
ord6354
ord823
ord860
ord535
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord2915
ord825
ord537
ord540
ord2818
ord4204
ord1601
ord800
ord743
ord446
ord2486
ord4226
ord4486
ord6375
ord4274
ord4003
ord4622
ord1223
ord290
ord2623
ord1206
ord614
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424

msvcrt

__CxxFrameHandler
strtol
_ftol
sprintf
wcstombs
strchr
strrchr
free
sscanf
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
malloc

kernel32

LocalAlloc
LocalFree
Sleep
GlobalFree
IsDBCSLeadByte
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
OutputDebugStringA

user32

IsRectEmpty
GetWindowDC
GetWindowRect
ClientToScreen
GetDC
ReleaseDC
PostMessageA
MapVirtualKeyA
SendMessageA
GetGUIThreadInfo
GetWindowThreadProcessId
GetForegroundWindow

gdi32

RealizePalette
DeleteDC
DeleteObject
CreateDCA
CreateCompatibleDC
SelectPalette
SelectObject
BitBlt
GetObjectA
GetDIBits
GetStockObject
CreateCompatibleBitmap

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Bkgnd.ini
plugin/Bkgnd.ocx
.dll regsvr32 windows x86

5e803a6fedb4e3e0a59ccfe0a833d3ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaAptOffset
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/BkgndColor.dll
.dll regsvr32 windows x86

0b501e04791adaf9382223e7d946167b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3081
ord3738
ord561
ord815
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord5500
ord1132
ord1131
ord6354
ord540
ord860
ord1601
ord800
ord743
ord446
ord2486
ord3262
ord600
ord1243
ord1176
ord1168
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord342
ord1182
ord1577
ord1575
ord1116
ord269
ord826
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord4226

msvcrt

_ftol
sprintf
strtol
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
strchr
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_EH_prolog
atoi
strrchr

kernel32

WritePrivateProfileStringA
IsDebuggerPresent
IsBadWritePtr
IsBadCodePtr
GetEnvironmentVariableA
GetPrivateProfileStringA
LocalAlloc
LocalFree
OutputDebugStringA
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GetModuleFileNameA

user32

PrintWindow
GetWindowDC
GetWindowRect
IsRectEmpty
GetDC
ClientToScreen
ReleaseDC

gdi32

CreateDCA
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
BitBlt
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/BkgndColor.ini
plugin/Color.dll
.dll regsvr32 windows x86

16d9b119286d0c668823c55aa6c96eef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3663
ord3626
ord2450
ord2405
ord823
ord640
ord2414
ord860
ord535
ord4278
ord858
ord6928
ord323
ord1640
ord1871
ord6354
ord941
ord1131
ord1132
ord5500
ord815
ord561
ord3738
ord3081
ord3262
ord3571
ord825
ord2818
ord4204
ord1601
ord540
ord537
ord2915
ord800
ord465
ord743
ord446
ord2486
ord1641
ord5714
ord5289
ord5307
ord4698
ord4079
ord4226
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274

msvcrt

strtol
__CxxFrameHandler
sprintf
_ftol
sscanf
atol
__dllonexit
_mbscmp
free
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
wcstombs
strchr
strrchr
malloc

kernel32

WritePrivateProfileStringA
LocalAlloc
LocalFree
GetPrivateProfileStringA
GetModuleFileNameA
IsDebuggerPresent

user32

GetDC
ReleaseDC
GetSystemMetrics

gdi32

CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA
GetDIBits
SelectObject

oleaut32

VariantClear

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Color.ini
plugin/Color.ocx
.dll regsvr32 windows x86

78cfb62b497e49781501abac8bc50d61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
ord588
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
ord301
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
ord520
ord307
__vbaFpR8
_CIsin
ord632
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
ord710
__vbaExceptHandler
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaR4ForNextCheck
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaFpI4
ord616
ord617
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
__vbaI2ErrVar
ord619
__vbaR8IntI4
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Console.dll
.dll regsvr32 windows x86

3ee25517d80f50b3dc6c3077fe84ed0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2915
ord1131
ord537
ord6354
ord540
ord2818
ord1601
ord800
ord743
ord446
ord2486
ord941
ord4226
ord1132
ord5500
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord860
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262
ord3081
ord3738
ord561
ord815

msvcrt

free
__CxxFrameHandler
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
strrchr
wcstombs
_initterm
_EH_prolog
_onexit
__dllonexit
??2@YAPAXI@Z
strchr

kernel32

AllocConsole
WriteFile
SetConsoleCtrlHandler
GetModuleHandleA
ReadConsoleInputA
LocalFree
GetStdHandle
ReadFile
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetProcAddress
FreeConsole
LocalAlloc

user32

SetForegroundWindow

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Console.ini
plugin/Console.ocx
.dll regsvr32 windows x86

05e5315ecb6e3288c7c1b1d7c76a356a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaAptOffset
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Dama2QMPlugin.dll
.dll regsvr32 windows x86

850d447da0913208f00c689e35f4b03f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord540
ord4003
ord4274
ord6375
ord4486
ord3147
ord2982
ord1799
ord535
ord859
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord825
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262
ord3081
ord3738
ord561
ord815
ord5500
ord1132
ord1131
ord2915
ord941
ord537
ord1601
ord800
ord743
ord446
ord2486
ord4226
ord823
ord3259
ord939
ord940
ord6877
ord860
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord6354

msvcrt

tmpfile
exit
getenv
_snprintf
strcpy
strlen
pow
bsearch
exp
log
sqrt
fabs
atan2
memcmp
memcpy
_open
_unlink
_setmode
_read
_write
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_EH_prolog
_beginthreadex
_purecall
rand
srand
_CxxThrowException
vsprintf
strtok
isdigit
atol
_stricmp
free
strncmp
_strnicmp
_atoi64
gmtime
mktime
time
_errno
strstr
memmove
isxdigit
strtoul
_ftol
modf
strchr
strrchr
_stat
remove
rename
fopen
fprintf
vfprintf
fclose
sscanf
sprintf
_except_handler3
__CxxFrameHandler
_close
_strupr
wcstombs
fread
fwrite
fseek
ftell
fflush
fputc
getc
fgets
fscanf
floor
ldiv
realloc
strncpy
calloc
_swab
_setjmp3
__CxxLongjmpUnwind
longjmp
_CIpow
printf
isprint
tmpnam
abort
_pctype
_isctype
__mb_cur_max
_lseek
ceil
_iob
atoi
atof
qsort
putc
_getcwd
fgetc
perror

kernel32

GlobalAlloc
GlobalFree
IsDebuggerPresent
GetModuleFileNameA
ExitProcess
LocalAlloc
LocalFree
ReleaseSemaphore
CreateSemaphoreA
MultiByteToWideChar
WideCharToMultiByte
DeviceIoControl
GetVersionExA
MulDiv
WriteFile
SystemTimeToFileTime
GetCurrentProcess
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
GetPrivateProfileStringA
GetPrivateProfileIntA
WaitForSingleObject
HeapAlloc
CreateEventA
CloseHandle
WaitForMultipleObjects
lstrlenA
GetProcAddress
LoadLibraryA
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
ReadFile
GetFileSize
GetLastError
CreateFileA
TlsGetValue
FreeLibrary
TlsSetValue
Sleep
InterlockedIncrement
HeapDestroy
GetProcessHeap
HeapFree
FileTimeToSystemTime
GetTickCount
ResetEvent
SetEvent
GetCurrentDirectoryA
WritePrivateProfileStringA

user32

GetDC
GetWindowDC
ReleaseDC
IsWindow
ScreenToClient
GetWindowRect
IsRectEmpty
FindWindowExA
GetSysColor
GetSystemMetrics

gdi32

DeleteObject
SelectObject
PlayEnhMetaFile
RealizePalette
DeleteDC
CreatePalette
GetEnhMetaFilePaletteEntries
ExtTextOutA
SetBkColor
DeleteEnhMetaFile
GetDeviceCaps
SetWinMetaFileBits
GetDIBits
GetEnhMetaFileHeader
SetEnhMetaFileBits
SelectPalette
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

ws2_32

WSACloseEvent
htonl
ioctlsocket
closesocket
WSACleanup
WSAGetLastError
socket
WSACreateEvent
recv
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSAResetEvent
inet_ntoa
ntohs
getsockname
WSAStartup
connect
gethostbyname
inet_addr
htons
send
gethostname
ntohl
getpeername

ole32

CoTaskMemFree
StringFromCLSID

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 960KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Encrypt.dll
.dll regsvr32 windows x86

142837ed94ddbf154f04f47094070bfe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord668
ord2770
ord356
ord537
ord800
ord1601
ord540
ord825
ord860
ord4204
ord743
ord6354
ord941
ord2915
ord1131
ord1132
ord446
ord2486
ord4226
ord5500
ord815
ord561
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4003
ord4622
ord1223
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
strrchr
strchr
wcstombs
free
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
fclose
__CxxFrameHandler
_mbscmp

kernel32

WritePrivateProfileStringA
IsDebuggerPresent
LocalFree
LocalAlloc
GetModuleFileNameA
GetPrivateProfileStringA

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
?clear@ios_base@std@@QAEXH_N@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Encrypt.ini
plugin/Encrypt.ocx
.dll regsvr32 windows x86

c125471084411a6bd855be0ebf4c378f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
ord301
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
ord307
_CIsin
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
ord616
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/File.dll
.dll regsvr32 windows x86

a10a0592e6925a16bb3205010b141edd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord533
ord6407
ord2818
ord4278
ord536
ord858
ord535
ord2915
ord6662
ord5194
ord5465
ord924
ord939
ord1997
ord798
ord6354
ord941
ord1131
ord1132
ord5500
ord815
ord561
ord3738
ord3081
ord3262
ord354
ord5186
ord3318
ord1979
ord665
ord3790
ord6153
ord537
ord940
ord540
ord823
ord825
ord860
ord1601
ord800
ord743
ord446
ord2486
ord4226
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord859
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300

msvcrt

_tzset
atoi
sscanf
__CxxFrameHandler
_mkdir
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
wcstombs
_timezone
strrchr
strchr
rename

kernel32

CloseHandle
CreateFileA
WriteFile
ReadFile
SetFilePointer
SystemTimeToFileTime
OpenFile
SetFileTime
MoveFileA
DeleteFileA
GetFileAttributesA
CopyFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
IsDebuggerPresent
LocalFree
LocalAlloc
_lclose

comdlg32

GetOpenFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/File.ini
plugin/File.ocx
.dll regsvr32 windows x86

69f8b9fb23a868cec043acc9adc26d96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaVarCat
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/GetSysInfo.dll
.dll regsvr32 windows x86

c7e26a54a63442c678a21968d23a3416

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord540
ord2818
ord6354
ord1131
ord1132
ord5500
ord815
ord1601
ord800
ord743
ord446
ord2486
ord561
ord3738
ord3081
ord3262
ord5714
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord860
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord4226

msvcrt

__CxxFrameHandler
??2@YAPAXI@Z
__dllonexit
_onexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
atoi
strrchr
strchr
_initterm
free

kernel32

GetModuleFileNameA
LocalAlloc
LocalFree
GetVolumeInformationA
GetLocalTime
GetVersion
WritePrivateProfileStringA
GetPrivateProfileStringA
IsDebuggerPresent
GetEnvironmentVariableA
IsBadCodePtr
IsBadWritePtr

user32

EnumDisplaySettingsA
GetSystemMetrics

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/GetSysInfo.ini
plugin/HYDati.dll
.dll regsvr32 windows x86

ded68fdf4d1a5ec7f9be18f70a672060

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

setsockopt
select
__WSAFDIsSet
socket
gethostbyname
htons
connect
send
WSAStartup
shutdown
closesocket
ioctlsocket
recv
WSAGetLastError

kernel32

MultiByteToWideChar
GetTickCount
Sleep
WideCharToMultiByte
GetLocalTime
DeleteFileA
ExitThread
CreateThread
LocalFree
FormatMessageA
GetLastError
GetTempPathA
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
lstrlenW
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
TerminateThread
LoadResource
FindResourceA
LoadLibraryExA
SetThreadLocale
GetThreadLocale
TlsGetValue
TlsAlloc
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
WriteFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoW
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
GetProcessHeap
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCPInfo
LCMapStringW
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
SizeofResource
ReadFile
SetEndOfFile
ExitProcess
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CloseHandle
SetFilePointer
EncodePointer
DecodePointer
HeapFree
HeapAlloc
RtlUnwind
VirtualProtect
VirtualAlloc

user32

CharNextW
CharNextA
FillRect
GetDesktopWindow
GetWindowDC

advapi32

RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegOpenKeyExA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
VariantClear

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
GetStockObject
DeleteObject
CreateDIBSection

gdiplus

GdiplusStartup
GdipCloneImage
GdipDrawImageRectI
GdipDrawImageI
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapSetPixel
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile
GdipDeleteGraphics
GdipFree
GdipAlloc

Exports

Exports

Charge
CheckAccAuthcode
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableLog
GetAnswer
QueryBalance
QueryLoad
RegisterSubacc
ReportError
SendFile
SendImage
SetAuthor
SetMode

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/JS_DT.DLL
.dll regsvr32 windows x86

b66c33921e7483ae7fef8feea453e94a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaGosubReturn
__vbaAptOffset
__vbaStrVarMove
__vbaLenBstr
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord518
ord519
__vbaStrCat
__vbaSetSystemError
ord662
__vbaHresultCheckObj
__vbaLenVar
__vbaVargVarCopy
_adj_fdiv_m32
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord593
__vbaVarForInit
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
__vbaBoolVarNull
__vbaRefVarAry
__vbaVargVar
_CIsin
ord631
__vbaVarCmpGt
__vbaVargVarMove
ord632
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
ord310
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
ord710
__vbaVarMul
__vbaExceptHandler
ord312
ord712
__vbaStrToUnicode
__vbaInputFile
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
ord716
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord536
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaVarSetObj
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
__vbaVarMod
__vbaVarTstGe
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
ord619
__vbaStrVarCopy
_allmul
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/MICROSU.DLL
.dll regsvr32 windows x86

029d879b9d95b64ba2793cf3a6f1179f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord518
ord662
ord593
ord594
ord595
ord598
ord631
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord569
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord716
ord717
ProcCallEngine
ord535
ord644
ord570
ord648
ord571
ord573
ord578
ord685
ord101
ord102
ord103
ord104
ord610
ord105
ord612
ord619
ord546

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Media.dll
.dll regsvr32 windows x86

ad4a40c665cadb0f107e26d05c0debd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetLineInfoA
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerClose
mixerGetNumDevs
waveOutOpen
mixerGetID
waveOutClose
mixerOpen
mciSendStringA

mfc42

ord2486
ord446
ord743
ord941
ord2818
ord540
ord2915
ord825
ord4226
ord860
ord800
ord4129
ord537
ord815
ord561
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5500
ord1132
ord1131
ord6354
ord823
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord6375
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord1601
ord4003
ord4274
ord1116

msvcrt

wcstombs
strchr
strrchr
atol
_mbscmp
__CxxFrameHandler
free
malloc
__dllonexit
_onexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm

kernel32

IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
LocalFree
GetShortPathNameA
Beep

user32

CallWindowProcA
GetCursorPos
SetWindowLongA
GetWindowLongA
DestroyWindow
ShowWindow
CreateWindowExA
DefWindowProcA
RegisterClassExA

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Media.ini
plugin/Media.ocx
.dll regsvr32 windows x86

1d805a7973c763418634b3e45039e7b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
ord307
__vbaFPFix
_CIsin
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
ord616
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Memory.dll
.dll regsvr32 windows x86

782fb5d2779c606c6cb3e9c92d6db5a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord941
ord537
ord6354
ord4204
ord823
ord825
ord540
ord860
ord1601
ord800
ord743
ord446
ord2486
ord4226
ord2915
ord1131
ord1132
ord5500
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262
ord3081
ord3738
ord561
ord815

msvcrt

_initterm
__CxxFrameHandler
free
malloc
??1type_info@@UAE@XZ
_adjust_fdiv
strrchr
strchr
wcstombs
strtol
_onexit
__dllonexit
sprintf

kernel32

GetTickCount
WideCharToMultiByte
OutputDebugStringA
lstrlenA
GetExitCodeProcess
TerminateProcess
GetPriorityClass
GetCurrentProcess
LocalFree
LocalAlloc
ReadProcessMemory
WritePrivateProfileStringA
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
OpenProcess
SetPriorityClass
CloseHandle

user32

IsWindow
wsprintfA
GetWindowThreadProcessId

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Memory.ini
plugin/Memory.ocx
.dll regsvr32 windows x86

65af37bae664fe4f72f838f0ca2bbe0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
ord301
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Microrui.dll
.dll regsvr32 windows x86

6b070756e4dc7f07221bc74d3c190636

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord518
ord662
ord593
ord594
ord595
ord598
ord631
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord569
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord716
ord717
ProcCallEngine
ord535
ord644
ord570
ord648
ord571
ord573
ord578
ord685
ord101
ord102
ord103
ord104
ord610
ord105
ord612
ord617
ord619
ord546

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Msg.dll
.dll regsvr32 windows x86

822d3ecf48a41b86df18a99da942259e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord268
ord389
ord922
ord4204
ord2818
ord2915
ord860
ord940
ord5207
ord4203
ord825
ord1567
ord859
ord690
ord743
ord446
ord2486
ord4226
ord6354
ord1131
ord1132
ord5500
ord815
ord561
ord3738
ord823
ord858
ord536
ord941
ord939
ord540
ord535
ord3081
ord3262
ord5714
ord5289
ord5307
ord800
ord537
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4003
ord1601
ord4622
ord1223
ord290
ord2623
ord1206
ord614
ord4424
ord4080
ord3079
ord3825
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831

msvcrt

floor
__CxxFrameHandler
_ftol
strtoul
_mbscmp
rand
srand
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
atoi
strrchr
strchr
wcstombs
__dllonexit
sprintf
fclose
strncpy

kernel32

GetModuleFileNameA
LocalAlloc
LocalFree
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
TlsGetValue
GetEnvironmentVariableA
IsDebuggerPresent

user32

ReleaseDC
GetDC
DrawTextA
InvalidateRect

gdi32

SetTextColor

shell32

Shell_NotifyIconA

msvcp60

??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0locale@std@@QAE@XZ
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??1locale@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
?clear@ios_base@std@@QAEXH_N@Z

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

ole32

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Msg.ini
plugin/Msg.ocx
.dll regsvr32 windows x86

05e5315ecb6e3288c7c1b1d7c76a356a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaAptOffset
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Net.dll
.dll regsvr32 windows x86

f31db322725c89acdcdc646dbdcd3bb6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaGosubReturn
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaGosubFree
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaAryLock
__vbaStrComp
__vbaStrToAnsi
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Net.ini
plugin/Net.ocx
.dll regsvr32 windows x86

fc86e7549caca62c14ba61a1b65b78f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
ord301
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaAryLock
__vbaStrToAnsi
__vbaFpI4
ord616
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Office.dll
.dll regsvr32 windows x86

a407438b8c4a71fae32a332f8c5a817e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaGosubReturn
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVargVar
_CIsin
__vbaChkstk
__vbaGosubFree
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord645
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaStrComp
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Office.ini
plugin/Office.ocx
.dll regsvr32 windows x86

e4d28ee25dc45ebbecc0bc70e22dd561

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
ord307
_CIsin
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
ord616
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Pic.dll
.dll regsvr32 windows x86

9d837035acaae8b82110cf620a038f18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord561
ord815
ord5500
ord1132
ord1131
ord941
ord6354
ord823
ord860
ord5710
ord924
ord535
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord1601
ord540
ord537
ord2915
ord800
ord825
ord743
ord446
ord2486
ord4226
ord4486
ord6375
ord4274
ord4003
ord4622
ord1223
ord290
ord2623
ord1206
ord614
ord4424
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080

msvcrt

__CxxFrameHandler
_mbscmp
free
wcscmp
malloc
wcstombs
strchr
strrchr
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit

kernel32

WriteFile
LocalAlloc
LocalFree
CreateFileA
GlobalFree
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
DeleteFileA
DeleteCriticalSection
GlobalAlloc
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalLock
GlobalUnlock

user32

IsRectEmpty
GetDC
ReleaseDC

gdi32

DeleteDC
DeleteObject
CreateDCA
CreateCompatibleDC
RealizePalette
SelectObject
BitBlt
GetObjectA
GetDIBits
GetDeviceCaps
SelectPalette
GetStockObject
CreateCompatibleBitmap

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdipCloneImage

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Pic.ini
plugin/Pic.ocx
.dll regsvr32 windows x86

3e15b89e99b38af09d70c1b256a846ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaAptOffset
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/RegDll.dll
.dll regsvr32 windows x86

f076a1e4fbab4d2c4bccbdc4ea8a1b72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord825
ord1223
ord4622
ord4226
ord2486
ord4003
ord446
ord743
ord1569
ord1196
ord1168
ord6467
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord3830
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262
ord3081
ord3738
ord561
ord815
ord5500
ord1132
ord1131
ord6354
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord2976
ord2985
ord3136
ord4465
ord3147
ord3259
ord2982
ord1799
ord1089
ord823
ord1578
ord600
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
wcstombs
__dllonexit
_onexit
free
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm

kernel32

LocalFree
LoadLibraryA
FreeLibrary
GetProcAddress
LocalAlloc

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

ole32

OleInitialize
CoTaskMemFree
StringFromCLSID
OleUninitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/RegDll.ini
plugin/Sys.dll
.dll regsvr32 windows x86

8942c3e9159ff5e44b99b3b05f222dbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

mfc42

ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262
ord3081
ord3738
ord561
ord815
ord5500
ord1132
ord535
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4003
ord4622
ord1223
ord290
ord2623
ord1206
ord614
ord4424
ord4080
ord3079
ord3825
ord3831
ord3830
ord941
ord2976
ord2985
ord2915
ord1601
ord1168
ord537
ord540
ord2818
ord823
ord825
ord1158
ord860
ord6663
ord800
ord743
ord446
ord2486
ord4226
ord1131
ord3346
ord3136
ord4465
ord3259
ord6354
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord1799
ord2982
ord3147

msvcrt

strrchr
strchr
wcstombs
__CxxFrameHandler
free
malloc
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

GetPrivateProfileStringA
GetModuleFileNameA
IsDebuggerPresent
LocalAlloc
LocalFree
GetLocalTime
GetVolumeInformationA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetCurrentDirectoryA
GlobalSize
GetVersionExA
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringA

user32

EmptyClipboard
OpenClipboard
SetClipboardData
CloseClipboard
ExitWindowsEx
ChangeDisplaySettingsA
GetClipboardData

gdi32

CreateDCA
GetDeviceCaps
DeleteDC

advapi32

RegOpenKeyA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
OpenProcessToken

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Sys.ini
plugin/Sys.ocx
.dll regsvr32 windows x86

5e803a6fedb4e3e0a59ccfe0a833d3ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaAptOffset
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Web.dll
.dll regsvr32 windows x86

3bda4e16faafbd5c4a3fdaf434f98b0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry

shlwapi

SHDeleteKeyA

mfc42

ord5714
ord3262
ord5307
ord3081
ord4079
ord5302
ord3738
ord561
ord815
ord5500
ord1132
ord1131
ord5572
ord2919
ord1601
ord537
ord2818
ord2915
ord4204
ord540
ord860
ord941
ord800
ord940
ord823
ord743
ord446
ord2486
ord4226
ord825
ord6354
ord5300
ord3346
ord4698
ord5289
ord2396
ord5199
ord1089
ord3922
ord5731
ord269
ord826
ord600
ord2512
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord1578

msvcrt

wcstombs
strchr
_mbsicmp
_mbscmp
__CxxFrameHandler
strrchr
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit

kernel32

WritePrivateProfileStringA
LocalAlloc
LocalFree
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleFileNameA
CreateProcessA
CreateEventA
WaitForSingleObject
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
IsDebuggerPresent
GetPrivateProfileStringA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

VariantClear
VariantCopy
SysAllocString

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Web.ini
plugin/Web.ocx
.dll regsvr32 windows x86

f6d2a5c8edfef3fd3d1856245e008255

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaAptOffset
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
ord301
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Window.dll
.dll regsvr32 windows x86

83008a536ed5f37cb5c6b7641fa8c04b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2915
ord6394
ord5450
ord6383
ord5440
ord535
ord861
ord540
ord860
ord1871
ord6354
ord941
ord1131
ord1132
ord5500
ord815
ord561
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord539
ord537
ord2764
ord2818
ord939
ord800
ord1601
ord3663
ord825
ord823
ord743
ord446
ord2486
ord4226
ord3346
ord2396
ord290
ord2623
ord1206
ord614
ord4424
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4003
ord4622
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord859
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord1223

msvcrt

free
strrchr
strchr
sprintf
__CxxFrameHandler
_mbscmp
sscanf
wcstombs
malloc
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
atoi

kernel32

LocalFree
Sleep
LocalAlloc
MultiByteToWideChar
GetCurrentThreadId
CreateToolhelp32Snapshot
Module32First
CloseHandle
GetModuleFileNameA
IsDebuggerPresent
GetEnvironmentVariableA
TlsGetValue
lstrlenA
GetPrivateProfileStringA
WritePrivateProfileStringA

user32

GetClassNameA
SendMessageA
GetWindowThreadProcessId
GetWindowRect
MoveWindow
ShowWindow
PostMessageA
IsWindow
SetForegroundWindow
EnumWindows
GetWindowTextA
GetWindowLongA
GetClientRect
GetGUIThreadInfo
AttachThreadInput
SetWindowTextA
GetWindow
GetCursorPos
WindowFromPoint
GetForegroundWindow
FindWindowExA
FindWindowA
MapVirtualKeyA
SetWindowPos

oleaut32

SysAllocString
VariantClear
VariantCopy

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
StringFromCLSID

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/Window.ini
plugin/Window.ocx
.dll regsvr32 windows x86

5e803a6fedb4e3e0a59ccfe0a833d3ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaAptOffset
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/bt_kt.txt
plugin/dm.dll
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CBFunA
CBFunB
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 640KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 343KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
plugin/dnf_dl.txt
plugin/dnf_sz.txt
plugin/dnf_zm.txt
plugin/lyydt.dll
.dll regsvr32 windows x86

5e0a4254389041a34c19abb0feba2681

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
ord693
__vbaFreeVar
__vbaGosubReturn
__vbaAptOffset
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord518
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
__vbaGosubFree
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaCyI4
__vbaObjVar
__vbaI2I4
ord562
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCySub
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaLateMemCall
__vbaStrToAnsi
__vbaStrComp
__vbaVarCopy
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/lzdt.dll
.dll regsvr32 windows x86

3617189445fb122770df3a97b8348a84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaGosubReturn
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaGosubFree
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrComp
__vbaStrToAnsi
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/mp_cn.txt
plugin/phrases.ini
plugin/sxdt.dll
.dll regsvr32 windows x86

8e9f597fc0c6610be42b30463b45e93d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLineInputStr
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord516
_adj_fprem1
ord518
ord626
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaLateMemSt
__vbaVarForInit
ord593
__vbaExitProc
ord594
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord520
__vbaBoolVarNull
_CIsin
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
EVENT_SINK_Release
ord600
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaVarCopy
ord617
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaForEachVar
__vbaStrVarCopy
ord619
_allmul
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/win7ֿ/pmwpzt.txt
plugin/win7ֿ/ʶܵ뿴.txt
plugin/wy.txt
plugin/xp&win7ûphrase.ini·.txt
plugin/xpֿ/pmwpzt.txt
plugin/xpֿ/ʶܵ뿴.txt
plugin/ȡ_¼ʱ_δ.bmp
plugin/ȷ_¼ʱ_δ.bmp
plugin/.wav
plugin/ι.ini
plugin/.txt
plugin/_¼.bmp
plugin/ļ¼/־.txt
plugin/ļ¼/ϼ־.txt
plugin/뷨.ini
plugin/֤ͼ.bmp
plugin/֤ĸ.bmp
下载说明.txt
.txt
Į/alarm.mp3
Į/cfg.ini
Į/ʹ˵.txt
Į/Į.exe
.exe windows x86

87b6824e26c1b95f3dd33369920b3de1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord567
ord692
ord2294
ord2371
ord823
ord755
ord640
ord2397
ord2406
ord2745
ord323
ord470
ord3566
ord3621
ord3658
ord1634
ord1633
ord5781
ord3867
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord6211
ord2910
ord617
ord5297
ord5208
ord296
ord986
ord520
ord4154
ord6113
ord2613
ord1131
ord4370
ord4847
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord3634
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord338
ord652
ord4817
ord1937
ord4268
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord4426
ord560
ord813
ord5256
ord4294
ord2078
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord366
ord674
ord5248
ord4331
ord535
ord1569
ord4418
ord3397
ord5286
ord4395
ord1768
ord6051
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord4118
ord2859
ord3084
ord5276
ord3871
ord3870
ord5977
ord6370
ord537
ord4124
ord4219
ord4704
ord2810
ord3087
ord2634
ord6195
ord6330
ord5568
ord5237
ord4229
ord2293
ord2354
ord2362
ord2355
ord825
ord324
ord540
ord861
ord641
ord800
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord4347
ord5157
ord2377
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4947
ord5261
ord1165

msvcrt

_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__CxxFrameHandler
memcpy
wcscmp
sprintf
strlen
atoi
wcscat
wcsrchr
free
memset
strcpy
_purecall
_wfopen
fclose
exit
_XcptFilter
_exit
vsprintf
strncat
strstr
strncpy
_itoa
fread
fwrite
fseek
ftell
fflush
fputc
getc
fgets
fscanf
malloc
strncmp
swprintf
_wsplitpath
sscanf
wcscpy
wcslen
strcat
strrchr
??1type_info@@UAE@XZ
getenv
_iob
fprintf
isprint
realloc
floor
_ftol
wcsncpy
calloc
_wcsnicmp
_CIpow
ldiv
_CIacos
_CIfmod
qsort
rand
_cabs
ceil
longjmp
_setjmp3
__CxxLongjmpUnwind
_CxxThrowException
printf

kernel32

InterlockedIncrement
WaitForSingleObject
PostQueuedCompletionStatus
InterlockedDecrement
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetQueuedCompletionStatus
GetStartupInfoW
SetEvent
CreateIoCompletionPort
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
CreateThread
Sleep
Beep
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LockResource
LoadResource
SizeofResource
GetModuleFileNameW
GetLocalTime
CreateDirectoryW
GetModuleHandleW
SetUnhandledExceptionFilter
SetFilePointer
CreateFileW
FormatMessageW
VirtualQuery
IsBadWritePtr
WriteFile
WritePrivateProfileStringA
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
SetCurrentDirectoryA
GetLastError
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
OpenEventW
InterlockedExchange
GetSystemInfo

user32

SendMessageW
GetFocus
PostMessageW
SetTimer
KillTimer
InvalidateRect
GetClientRect
UpdateWindow
GetWindowRect
SetWindowTextW
MessageBoxW
ReleaseDC
GetDC
GetIconInfo
DrawTextW
wvsprintfW
EnableWindow

gdi32

CreateRectRgn
CreateFontIndirectW
GetStockObject
SetTextColor
SetBkMode
StretchDIBits
RectVisible
CreateBitmap
SetBkColor
StretchBlt
SaveDC
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
RestoreDC
RealizePalette
GetDIBits
CreateDIBSection
CreateDIBPatternBrushPt
SetBrushOrgEx
PatBlt
DeleteObject
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CombineRgn

winmm

mciSendCommandW

ws2_32

gethostname
gethostbyname
inet_ntoa
WSAStartup
WSAGetLastError
ntohs
WSASend
closesocket
WSAIoctl
listen
bind
htons
inet_addr
socket
setsockopt
recv
getsockopt
send
WSACleanup
WSARecv

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBG0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z

Sections

.text
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dm0
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
°汾αûԶ˵.txt
־.txt

Sharing

General

Malware Config

Signatures

Files

a3335cae779ad559beb138ecc35a17a3

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 198KB - Virtual size: 197KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

bb6353df3998b4fbc1a98beea1f93b41

Headers

File Characteristics

Imports

iphlpapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

msvcp60

winmm

shlwapi

ws2_32

psapi

rpcrt4

imagehlp

dinput8

wininet

uxtheme

comdlg32

olepro32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 544KB - Virtual size: 543KB

.data Size: 80KB - Virtual size: 1.4MB

.idata Size: 36KB - Virtual size: 32KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.vmp0 Size: 112KB - Virtual size: 110KB

.vmp1 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 80KB - Virtual size: 77KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 232KB - Virtual size: 564KB

DATA Size: 4KB - Virtual size: 12KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 21KB - Virtual size: 40KB

.rsrc Size: 11KB - Virtual size: 28KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

afd0c76cb946728fd0639bbc36336f6e

Headers

.text
Size: 198KB - Virtual size: 197KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 544KB - Virtual size: 543KB

.data
Size: 80KB - Virtual size: 1.4MB

.idata
Size: 36KB - Virtual size: 32KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.vmp0
Size: 112KB - Virtual size: 110KB

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 80KB - Virtual size: 77KB

CODE
Size: 232KB - Virtual size: 564KB

DATA
Size: 4KB - Virtual size: 12KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 21KB - Virtual size: 40KB

.rsrc
Size: 11KB - Virtual size: 28KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 128KB - Virtual size: 124KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.sxdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB