1de7aadfca5941af0635e8d28264d85135c02a0f499da6fa8c3e04b4d8e4d56f

Sharing

Copy URL Twitter E-mail

General

Target

1de7aadfca5941af0635e8d28264d85135c02a0f499da6fa8c3e04b4d8e4d56f
Size

9.1MB
MD5

a190bf953498c3625f3b32fa07ed4f38
SHA1

e26a05ba6997009e558e8b1715cb9cd91b6414dd
SHA256

1de7aadfca5941af0635e8d28264d85135c02a0f499da6fa8c3e04b4d8e4d56f
SHA512

0189a541ab4bb90142d27be59ae6f6b7b3f83294b84bb5f731e01f80fa7bd097d44cf7d321c303b929e895f7ca8012ad188edea19da86773184e0f21590992a2
SSDEEP

196608:2aR+CmFWaS6cUnjVMVmNlrKOfddCq+vRMbPfYicqccSeofG0zv14Zeqc5cMNo/6:2aRBRj6cUnjKVmbKojx+J0YicqccSrGi

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SSTap/LibPrivoxy.dll
unpack001/SSTap/LiveUpdate.dll
unpack001/SSTap/SStap.exe
unpack001/SSTap/TAP.exe
unpack001/SSTap/Uninstall.exe
unpack001/SSTap/libcurl.dll
unpack001/SSTap/libintl3.dll
unpack001/SSTap/libsodiumR.dll
unpack001/SSTap/tap-driver/x64/tap0901.sys
unpack001/SSTap/tap-driver/x64/tapinstall.exe
unpack001/SSTap/tap-driver/x86/tapinstall.exe
unpack001/SSTap/unbound/unbound.exe

Files

1de7aadfca5941af0635e8d28264d85135c02a0f499da6fa8c3e04b4d8e4d56f
.zip
SSTap/Changelog.txt
SSTap/LibPrivoxy.dll
.dll windows:5 windows x86

d22d0791d52912dd4c038de1d99cd9e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
SetCurrentDirectoryA
SetLastError
GetFullPathNameA
LoadLibraryA
SetProcessShutdownParameters
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeCriticalSection
GetLocalTime
GetCurrentThreadId
LockResource
GetLastError
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
GetProcAddress
GetTickCount
SetEnvironmentVariableA
CompareStringW
CreateFileW
SetEndOfFile
GetDriveTypeW
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
InterlockedExchange
QueryPerformanceCounter
MultiByteToWideChar
GetModuleHandleW
CloseHandle
GetCurrentProcess
TerminateProcess
LoadLibraryW
HeapFree
GetProcessHeap
HeapAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
HeapReAlloc
ExitThread
ResumeThread
CreateThread
EncodePointer
DecodePointer
ExitProcess
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapCreate
HeapDestroy
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameW
SetHandleCount
GetStartupInfoW
GetTimeZoneInformation
CreateFileA
GetCurrentDirectoryW
ReadFile
SetFilePointer
IsProcessorFeaturePresent
HeapSize
LCMapStringW
RaiseException

ws2_32

recv
connect
setsockopt
WSAStartup
getsockname
bind
ntohs
__WSAFDIsSet
closesocket
gethostbyaddr
gethostbyname
send
listen
accept
inet_ntoa
htonl
WSAGetLastError
htons
select
inet_addr
socket
ntohl

wininet

InternetSetOptionW

Exports

Exports

ChangeSystemProxy
GetPrivoxyPacUrl
GetPrivoxyProxyAddr
RemoveSystemProxy
calc_cmd_hash
get_privoxy_port
is_privoxy_started
start_privoxy
stop_privoxy

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/LiveUpdate.dll
.dll windows:5 windows x86

b2c4288249de8427d73476df2ecd4448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindNextFileW
FindFirstFileW
CreateThread
CloseHandle
TerminateThread
SetEndOfFile
WriteConsoleW
HeapReAlloc
CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
GetLastError
FreeLibrary
SetLastError
GetCurrentProcess
TerminateProcess
LoadLibraryW
GetTickCount
Sleep
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameW
SetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoW
GetCommandLineA
GetSystemTimeAsFileTime
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteFile
SetStdHandle
DeleteFileW

user32

SendMessageW
MessageBoxW

shell32

ShellExecuteW

libcurl

curl_easy_getinfo
curl_easy_perform
curl_easy_cleanup
curl_easy_init
curl_version_info
curl_global_init
curl_easy_setopt
curl_slist_free_all
curl_global_cleanup
curl_slist_append

ws2_32

setsockopt

shlwapi

PathFindFileNameW

Exports

Exports

CheckVersion
CleanUpdation
DoUpdate
GetNewVersionInfo
HasNewVersionReady
InstallUpdation
SetLiveUpdateDataEncrypted

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/SStap.exe
.exe windows:5 windows x86

77c51f1589fd38fd96fe42c8589fd399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libintl3

ord49
ord26
ord35
ord51
ord27

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA

libprivoxy

start_privoxy
ChangeSystemProxy
RemoveSystemProxy
is_privoxy_started

libsodiumr

sodium_init
crypto_aead_xchacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_stream_chacha20_xor_ic
crypto_stream_chacha20_ietf_xor_ic
sodium_increment
crypto_aead_xchacha20poly1305_ietf_decrypt

liveupdate

CleanUpdation
HasNewVersionReady
GetNewVersionInfo
DoUpdate
InstallUpdation

kernel32

GetUserDefaultLCID
FindResourceExW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
ExitThread
GetTimeZoneInformation
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatW
GetDateFormatW
GetFileInformationByHandle
PeekNamedPipe
GetFileType
VirtualAlloc
HeapQueryInformation
HeapSize
SetStdHandle
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
IsProcessorFeaturePresent
GetOEMCP
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
GetCurrentDirectoryW
GetSystemDirectoryW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalGetAtomNameW
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetPrivateProfileIntW
lstrcmpA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
VirtualProtect
GlobalDeleteAtom
InitializeCriticalSectionAndSpinCount
lstrcmpW
SystemTimeToFileTime
IsValidCodePage
GetACP
SetThreadLocale
GetCommandLineW
GetCPInfo
GetVersion
FreeResource
GlobalSize
WinExec
lstrcatW
HeapReAlloc
SearchPathW
GetProfileIntW
GetTempPathW
HeapCreate
FileTimeToSystemTime
GetUserDefaultLangID
LocalAlloc
OpenMutexW
CreateMutexW
lstrcmpiW
lstrcpynW
HeapAlloc
GetProcessHeap
HeapFree
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
VerSetConditionMask
TerminateProcess
GetVersionExW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
CopyFileW
GetFileAttributesW
lstrlenA
GetModuleFileNameA
CreateEventW
GetSystemDirectoryA
LoadLibraryA
WaitForMultipleObjects
GetThreadContext
SetThreadContext
ResetEvent
GetCurrentThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
TlsFree
TlsAlloc
OpenProcess
TlsGetValue
TlsSetValue
InterlockedExchange
InterlockedExchangeAdd
CreateEventA
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
SetErrorMode
GlobalFindAtomW
InterlockedCompareExchange
SetEvent
CancelIo
DeviceIoControl
ReadFile
CreateFileA
DeleteCriticalSection
PostQueuedCompletionStatus
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatus
QueryPerformanceCounter
LocalFree
FormatMessageW
InterlockedDecrement
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeThread
WaitForSingleObject
CreateProcessW
CreateDirectoryW
SetUnhandledExceptionFilter
SetFilePointer
GetLocalTime
GlobalMemoryStatus
lstrcpyW
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
GetFileTime
GetFileSize
CreateFileW
GetModuleFileNameW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
RaiseException
OutputDebugStringW
lstrlenW
WriteFile
InterlockedIncrement
FreeLibrary
GetTickCount
Sleep
ResumeThread
FindClose
FindNextFileW
FindFirstFileW
GetThreadLocale
CreateThread
CloseHandle
TerminateThread
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
DeactivateActCtx
SetLastError
CompareStringW
MulDiv
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteFileW
GetFileSizeEx
VerifyVersionInfoW
GetFileAttributesExW
RtlUnwind

user32

InvertRect
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
PostThreadMessageW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
IsClipboardFormatAvailable
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
NotifyWinEvent
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
SetRectEmpty
CharUpperW
ShowOwnedPopups
WaitMessage
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
HideCaret
ShowScrollBar
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
GetWindow
IntersectRect
GetWindowThreadProcessId
GetLastActivePopup
EndPaint
GetWindowRgn
GetWindowDC
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
GetMenuStringW
DispatchMessageW
TranslateMessage
ScreenToClient
GetAsyncKeyState
BringWindowToTop
DeleteMenu
RemoveMenu
GetSysColorBrush
CreateMenu
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
GetDesktopWindow
SystemParametersInfoW
GetMenuItemInfoW
DrawEdge
GetMenuItemID
RegisterWindowMessageW
SetRect
FrameRect
LoadMenuW
CreateIconIndirect
GetIconInfo
DrawStateW
DrawFocusRect
TrackPopupMenuEx
GetSubMenu
DestroyIcon
DestroyMenu
DestroyCursor
MessageBeep
ReleaseDC
SetCapture
ReleaseCapture
GetActiveWindow
WindowFromPoint
ClientToScreen
GetParent
GetNextDlgTabItem
SetParent
DestroyAcceleratorTable
SetClassLongW
DrawFrameControl
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
CopyIcon
CharUpperBuffW
IsCharLowerW
MapVirtualKeyExW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
InflateRect
GetFocus
SetWindowRgn
GetWindowLongW
IsZoomed
PtInRect
DrawIconEx
OffsetRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TranslateMDISysAccel
GetUpdateRect
GetDoubleClickTime
SubtractRect
GetScrollPos
GetClassInfoW
SendMessageA
FindWindowW
MessageBoxW
wsprintfW
wvsprintfW
GetCursorPos
CreatePopupMenu
GetKeyState
IsWindow
DrawIcon
IsIconic
SetFocus
SetForegroundWindow
SetActiveWindow
LoadIconW
LoadImageW
AppendMenuW
GetSystemMenu
InvalidateRect
EnumChildWindows
ShowWindow
IsWindowVisible
PostMessageW
KillTimer
SetTimer
GetClientRect
LoadBitmapW
GrayStringW
DrawTextExW
TabbedTextOutW
MoveWindow
GetDC
SetWindowPos
GetMonitorInfoW
MonitorFromRect
GetWindowRect
RedrawWindow
GetComboBoxInfo
LoadCursorW
SetCursor
GetSystemMetrics
FillRect
EnableWindow
SendMessageW
CopyRect
GetSysColor
DrawTextW
BeginPaint
SetMenu

gdi32

GetTextCharsetInfo
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
CreateEllipticRgn
Polyline
Polygon
OffsetRgn
SetDIBColorTable
EnumFontFamiliesExW
EnumFontFamiliesW
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
GetTextFaceW
SetTextAlign
MoveToEx
LineTo
StretchDIBits
CreateDIBitmap
GetCharWidthW
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateRectRgn
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
BitBlt
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
SelectClipRgn
GetTextColor
CreateSolidBrush
GetTextMetricsW
PtVisible
RectVisible
SetLayout
GetLayout
TextOutW
ExtTextOutW
ExtFloodFill
Escape
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CopyMetaFileW
CreateDCW
Rectangle
CreateHatchBrush
PatBlt
CreateDIBSection
Ellipse
GetBkMode
CreatePen
SetPixel
GetPixel
DeleteDC
SetTextColor
SetBkColor
CreateBitmap
RoundRect
CreateRoundRectRgn
DeleteObject
GetObjectW
GetCurrentObject
GetStockObject
StretchBlt
SelectObject
CreateFontW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

OpenSCManagerW
CloseServiceHandle
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
UnlockServiceDatabase
ChangeServiceConfigW
LockServiceDatabase
QueryServiceConfigW
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
CommandLineToArgvW
SHGetFileInfoW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
SHGetPathFromIDListW
SHGetDesktopFolder
DragQueryFileW
DragFinish

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathAddBackslashW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW

ole32

ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
CoInitialize
CoCreateInstance
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoTaskMemFree
CoInitializeEx
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
DoDragDrop
RegisterDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoLockObjectExternal
CoUninitialize
RevokeDragDrop

oleaut32

SafeArrayGetElemsize
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantChangeType
VariantCopy
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrFromDate
VariantClear
SysAllocString
VariantTimeToSystemTime
OleLoadPicture
SystemTimeToVariantTime
LoadTypeLi
SysAllocStringLen
OleCreateFontIndirect
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipSaveImageToStream
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromStream

wsock32

WSAGetLastError
bind
listen
select
sendto
WSACleanup
recv
__WSAFDIsSet
send
connect
gethostname
WSAStartup
setsockopt
htons
socket
ntohs
accept
closesocket
gethostbyname
inet_addr
ioctlsocket
inet_ntoa
recvfrom
getsockname
htonl
ntohl
WSASetLastError
getpeername

dbghelp

MiniDumpWriteDump

iphlpapi

DeleteIpForwardEntry
CreateIpForwardEntry
GetIpAddrTable
GetIpForwardTable
GetAdaptersInfo
GetIfEntry

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSACreateEvent
getaddrinfo
WSASocketA
WSASend
WSARecv
WSAIoctl
WSAWaitForMultipleEvents
WSAEventSelect
WSAEnumNetworkEvents
WSACloseEvent
freeaddrinfo

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

libcurl

curl_global_cleanup
curl_slist_append
curl_easy_getinfo
curl_easy_perform
curl_easy_cleanup
curl_easy_init
curl_version_info
curl_global_init
curl_easy_setopt
curl_slist_free_all

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dtors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/TAP.exe
.exe windows:5 windows x86

8678954090831925d3414ae7dfe9f0b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetSystemDirectoryW
lstrcpyW
GetWindowsDirectoryW
GetNumberFormatW
GetCurrentDirectoryW
GetPrivateProfileStringW
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
EncodePointer
DecodePointer
ExitProcess
GetCommandLineW
HeapSetInformation
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
RaiseException
HeapQueryInformation
HeapSize
ExitThread
CreateThread
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringW
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
ResumeThread
SetThreadPriority
GetLocaleInfoW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
GlobalAddAtomW
GlobalFlags
lstrcmpW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
CompareStringW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
InterlockedDecrement
InterlockedIncrement
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameW
CopyFileW
GlobalSize
lstrlenW
MulDiv
SetThreadLocale
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
SetCurrentDirectoryW
GetModuleFileNameW
LocalFree
HeapAlloc
HeapFree
GlobalUnlock
GlobalFree
GlobalLock
lstrlenA
GlobalAlloc
Sleep
GetTickCount
LoadLibraryW
GetSystemInfo
FormatMessageW
TerminateProcess
GetCurrentProcess
SetLastError
FreeLibrary
GetLastError
GetModuleHandleW
GetProcAddress
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
FreeResource
GlobalFindAtomW
GetFullPathNameW
GlobalDeleteAtom
CloseHandle
WaitForSingleObject
FindResourceW
LoadResource
LockResource
GetUserDefaultUILanguage
SizeofResource

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

libintl3

ord35
ord51
ord26
ord27
ord62

iphlpapi

GetAdaptersInfo

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImageHeight

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

user32

CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetKeyNameTextW
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
PostThreadMessageW
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
CopyRect
DrawStateW
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
CharUpperW
DestroyIcon
SetWindowPos
ShowWindow
MoveWindow
LoadAcceleratorsW
IsWindow
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
GetFocus
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextLengthW
GetWindowTextW
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
GetSystemMenu
LoadMenuW
SetClassLongW
WindowFromPoint
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DeleteMenu
ShowOwnedPopups
CreateDialogIndirectParamW
EndDialog
DrawIconEx
GetNextDlgGroupItem
KillTimer
SetTimer
LoadImageW
GetIconInfo
OffsetRect
GetNextDlgTabItem
MessageBeep
NotifyWinEvent
SetCursor
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
GetAsyncKeyState
SetCapture
InvalidateRect
MapVirtualKeyW
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoW
EndDeferWindowPos
GetMenuItemInfoW
IntersectRect
InflateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
IsIconic
RegisterWindowMessageW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
SetWindowLongW
DrawEdge
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
EndPaint
BeginDeferWindowPos
DestroyMenu

gdi32

SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateDCW
CopyMetaFileW
SetTextColor
GetTextFaceW
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetObjectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetTextExtentPoint32W
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW

shell32

SHAppBarMessage
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
DragQueryFileW
DragFinish

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

VarBstrFromDate
SysAllocStringLen
VariantInit
SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/Uninstall.exe
.exe windows:4 windows x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SSTap/config/config.ini
SSTap/config/dns.ini
SSTap/config/localhost.ini
SSTap/config/proxylist.json
SSTap/lang/sstap.po
SSTap/lang/zh_CN.po
SSTap/lang/zh_CN/LC_MESSAGES/scap.mo
SSTap/lang/zh_TW.po
SSTap/lang/zh_TW/LC_MESSAGES/scap.mo
SSTap/libcurl.dll
.dll windows:5 windows x86

c00e99520ed4012222aebd3f26382e7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htonl
gethostname
ntohl
getaddrinfo
freeaddrinfo
sendto
select
__WSAFDIsSet
WSASetLastError
connect
socket
closesocket
getpeername
getsockopt
setsockopt
WSAIoctl
WSAStartup
WSACleanup
htons
bind
listen
ntohs
getsockname
accept
send
recvfrom
ioctlsocket
recv
WSAGetLastError
shutdown

wldap32

ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord22

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
FindWindowA
SendMessageA

kernel32

GetStringTypeW
CreateFileW
LoadLibraryW
GetProcessHeap
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
HeapDestroy
HeapCreate
GetCurrentDirectoryW
GetFullPathNameA
IsProcessorFeaturePresent
FlushFileBuffers
GetConsoleCP
WriteFile
LCMapStringW
WideCharToMultiByte
GetStartupInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
WriteConsoleW
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
HeapSize
RtlUnwind
FlushConsoleInputBuffer
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
GetTickCount
ExpandEnvironmentStringsA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
SleepEx
VerifyVersionInfoA
VerSetConditionMask
SetLastError
FormatMessageA
Sleep
CloseHandle
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetModuleHandleA
GetVersion
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFilePointer
FindClose
GetDriveTypeA
FindFirstFileExA
HeapReAlloc
HeapFree
HeapAlloc
ExitThread
CreateThread
DecodePointer
GetCommandLineA
CreateFileA
GetModuleHandleW
ExitProcess
EncodePointer
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info
libssh2_agent_connect
libssh2_agent_disconnect
libssh2_agent_free
libssh2_agent_get_identity
libssh2_agent_init
libssh2_agent_list_identities
libssh2_agent_userauth
libssh2_banner_set
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_get_exit_signal
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust2
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_exit
libssh2_free
libssh2_hostkey_hash
libssh2_init
libssh2_keepalive_config
libssh2_keepalive_send
libssh2_knownhost_add
libssh2_knownhost_addc
libssh2_knownhost_check
libssh2_knownhost_checkp
libssh2_knownhost_del
libssh2_knownhost_free
libssh2_knownhost_get
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_knownhost_readline
libssh2_knownhost_writefile
libssh2_knownhost_writeline
libssh2_poll
libssh2_poll_channel_read
libssh2_scp_recv
libssh2_scp_send64
libssh2_scp_send_ex
libssh2_session_abstract
libssh2_session_banner_get
libssh2_session_banner_set
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_get_timeout
libssh2_session_handshake
libssh2_session_hostkey
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_set_timeout
libssh2_session_startup
libssh2_session_supported_algs
libssh2_sftp_close_handle
libssh2_sftp_fstat_ex
libssh2_sftp_fstatvfs
libssh2_sftp_get_channel
libssh2_sftp_init
libssh2_sftp_last_error
libssh2_sftp_mkdir_ex
libssh2_sftp_open_ex
libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_seek
libssh2_sftp_seek64
libssh2_sftp_shutdown
libssh2_sftp_stat_ex
libssh2_sftp_statvfs
libssh2_sftp_symlink_ex
libssh2_sftp_tell
libssh2_sftp_tell64
libssh2_sftp_unlink_ex
libssh2_sftp_write
libssh2_trace
libssh2_trace_sethandler
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_publickey
libssh2_userauth_publickey_fromfile_ex

Sections

.text
Size: 961KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/libiconv2.dll
.dll .ps1 windows:4 windows x86
SSTap/libintl3.dll
.dll windows:4 windows x86

11d4cea984db7aee4eb18d2031242a3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libiconv2

libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

AddAtomA
AreFileApisANSI
CloseHandle
CreateDirectoryA
CreateFileA
DeviceIoControl
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetACP
GetAtomNameA
GetCurrentDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
HeapAlloc
HeapFree
LoadLibraryA
MultiByteToWideChar
PeekNamedPipe
SearchPathA
SetErrorMode
UnlockFile
lstrcmpiA
lstrcpyA

msvcrt

_chmod
_close
_getpid
_open
_read
_strdup
_stricmp
__dllonexit
__mb_cur_max
_assert
_close
_errno
_fdopen
_filelengthi64
_flsbuf
_get_osfhandle
_getcwd
_iob
_isctype
_open
_pctype
_snprintf
_snwprintf
_stricmp
_vsnprintf
_vsnwprintf
abort
calloc
ctime
fclose
fflush
fgets
fopen
fprintf
fputwc
free
fwrite
getenv
isalpha
malloc
memcpy
printf
realloc
setlocale
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtoul
tolower
toupper
vfprintf
vfwprintf
vsprintf
wcschr

ole32

CoCreateInstance
CoUninitialize
OleInitialize

Exports

Exports

DllGetVersion
_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_language
_nl_find_msg
_nl_free_domain_conv
_nl_init_domain_conv
_nl_language_preferences_default
_nl_load_domain
_nl_locale_name
_nl_locale_name_default
_nl_locale_name_posix
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_asprintf
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_printf
libintl_relocate
libintl_set_relocation_prefix
libintl_snprintf
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_vasnprintf
libintl_vasnwprintf
libintl_vasprintf
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsnprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
locale_charset
ngettext
st_flags
textdomain

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SSTap/libsodiumR.dll
.dll windows:5 windows x86

dd1fdd2850ed70f36f4d9d9239752fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
VirtualFree
InitializeCriticalSection
VirtualAlloc
VirtualLock
GetSystemInfo
VirtualProtect
VirtualUnlock
InterlockedCompareExchange
GetLastError
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapReAlloc
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CompareStringW
SetEnvironmentVariableA

advapi32

SystemFunction036

Exports

Exports

crypto_aead_aes256gcm_abytes
crypto_aead_aes256gcm_beforenm
crypto_aead_aes256gcm_decrypt
crypto_aead_aes256gcm_decrypt_afternm
crypto_aead_aes256gcm_decrypt_detached
crypto_aead_aes256gcm_decrypt_detached_afternm
crypto_aead_aes256gcm_encrypt
crypto_aead_aes256gcm_encrypt_afternm
crypto_aead_aes256gcm_encrypt_detached
crypto_aead_aes256gcm_encrypt_detached_afternm
crypto_aead_aes256gcm_is_available
crypto_aead_aes256gcm_keybytes
crypto_aead_aes256gcm_keygen
crypto_aead_aes256gcm_npubbytes
crypto_aead_aes256gcm_nsecbytes
crypto_aead_aes256gcm_statebytes
crypto_aead_chacha20poly1305_abytes
crypto_aead_chacha20poly1305_decrypt
crypto_aead_chacha20poly1305_decrypt_detached
crypto_aead_chacha20poly1305_encrypt
crypto_aead_chacha20poly1305_encrypt_detached
crypto_aead_chacha20poly1305_ietf_abytes
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_decrypt_detached
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_encrypt_detached
crypto_aead_chacha20poly1305_ietf_keybytes
crypto_aead_chacha20poly1305_ietf_keygen
crypto_aead_chacha20poly1305_ietf_npubbytes
crypto_aead_chacha20poly1305_ietf_nsecbytes
crypto_aead_chacha20poly1305_keybytes
crypto_aead_chacha20poly1305_keygen
crypto_aead_chacha20poly1305_npubbytes
crypto_aead_chacha20poly1305_nsecbytes
crypto_aead_xchacha20poly1305_ietf_abytes
crypto_aead_xchacha20poly1305_ietf_decrypt
crypto_aead_xchacha20poly1305_ietf_decrypt_detached
crypto_aead_xchacha20poly1305_ietf_encrypt
crypto_aead_xchacha20poly1305_ietf_encrypt_detached
crypto_aead_xchacha20poly1305_ietf_keybytes
crypto_aead_xchacha20poly1305_ietf_keygen
crypto_aead_xchacha20poly1305_ietf_npubbytes
crypto_aead_xchacha20poly1305_ietf_nsecbytes
crypto_auth
crypto_auth_bytes
crypto_auth_hmacsha256
crypto_auth_hmacsha256_bytes
crypto_auth_hmacsha256_final
crypto_auth_hmacsha256_init
crypto_auth_hmacsha256_keybytes
crypto_auth_hmacsha256_keygen
crypto_auth_hmacsha256_statebytes
crypto_auth_hmacsha256_update
crypto_auth_hmacsha256_verify
crypto_auth_hmacsha512
crypto_auth_hmacsha512256
crypto_auth_hmacsha512256_bytes
crypto_auth_hmacsha512256_final
crypto_auth_hmacsha512256_init
crypto_auth_hmacsha512256_keybytes
crypto_auth_hmacsha512256_keygen
crypto_auth_hmacsha512256_statebytes
crypto_auth_hmacsha512256_update
crypto_auth_hmacsha512256_verify
crypto_auth_hmacsha512_bytes
crypto_auth_hmacsha512_final
crypto_auth_hmacsha512_init
crypto_auth_hmacsha512_keybytes
crypto_auth_hmacsha512_keygen
crypto_auth_hmacsha512_statebytes
crypto_auth_hmacsha512_update
crypto_auth_hmacsha512_verify
crypto_auth_keybytes
crypto_auth_keygen
crypto_auth_primitive
crypto_auth_verify
crypto_box
crypto_box_afternm
crypto_box_beforenm
crypto_box_beforenmbytes
crypto_box_boxzerobytes
crypto_box_curve25519xchacha20poly1305_beforenm
crypto_box_curve25519xchacha20poly1305_beforenmbytes
crypto_box_curve25519xchacha20poly1305_detached
crypto_box_curve25519xchacha20poly1305_detached_afternm
crypto_box_curve25519xchacha20poly1305_easy
crypto_box_curve25519xchacha20poly1305_easy_afternm
crypto_box_curve25519xchacha20poly1305_keypair
crypto_box_curve25519xchacha20poly1305_macbytes
crypto_box_curve25519xchacha20poly1305_noncebytes
crypto_box_curve25519xchacha20poly1305_open_detached
crypto_box_curve25519xchacha20poly1305_open_detached_afternm
crypto_box_curve25519xchacha20poly1305_open_easy
crypto_box_curve25519xchacha20poly1305_open_easy_afternm
crypto_box_curve25519xchacha20poly1305_publickeybytes
crypto_box_curve25519xchacha20poly1305_seal
crypto_box_curve25519xchacha20poly1305_seal_open
crypto_box_curve25519xchacha20poly1305_sealbytes
crypto_box_curve25519xchacha20poly1305_secretkeybytes
crypto_box_curve25519xchacha20poly1305_seed_keypair
crypto_box_curve25519xchacha20poly1305_seedbytes
crypto_box_curve25519xsalsa20poly1305
crypto_box_curve25519xsalsa20poly1305_afternm
crypto_box_curve25519xsalsa20poly1305_beforenm
crypto_box_curve25519xsalsa20poly1305_beforenmbytes
crypto_box_curve25519xsalsa20poly1305_boxzerobytes
crypto_box_curve25519xsalsa20poly1305_keypair
crypto_box_curve25519xsalsa20poly1305_macbytes
crypto_box_curve25519xsalsa20poly1305_noncebytes
crypto_box_curve25519xsalsa20poly1305_open
crypto_box_curve25519xsalsa20poly1305_open_afternm
crypto_box_curve25519xsalsa20poly1305_publickeybytes
crypto_box_curve25519xsalsa20poly1305_secretkeybytes
crypto_box_curve25519xsalsa20poly1305_seed_keypair
crypto_box_curve25519xsalsa20poly1305_seedbytes
crypto_box_curve25519xsalsa20poly1305_zerobytes
crypto_box_detached
crypto_box_detached_afternm
crypto_box_easy
crypto_box_easy_afternm
crypto_box_keypair
crypto_box_macbytes
crypto_box_noncebytes
crypto_box_open
crypto_box_open_afternm
crypto_box_open_detached
crypto_box_open_detached_afternm
crypto_box_open_easy
crypto_box_open_easy_afternm
crypto_box_primitive
crypto_box_publickeybytes
crypto_box_seal
crypto_box_seal_open
crypto_box_sealbytes
crypto_box_secretkeybytes
crypto_box_seed_keypair
crypto_box_seedbytes
crypto_box_zerobytes
crypto_core_hchacha20
crypto_core_hchacha20_constbytes
crypto_core_hchacha20_inputbytes
crypto_core_hchacha20_keybytes
crypto_core_hchacha20_outputbytes
crypto_core_hsalsa20
crypto_core_hsalsa20_constbytes
crypto_core_hsalsa20_inputbytes
crypto_core_hsalsa20_keybytes
crypto_core_hsalsa20_outputbytes
crypto_core_salsa20
crypto_core_salsa2012
crypto_core_salsa2012_constbytes
crypto_core_salsa2012_inputbytes
crypto_core_salsa2012_keybytes
crypto_core_salsa2012_outputbytes
crypto_core_salsa208
crypto_core_salsa208_constbytes
crypto_core_salsa208_inputbytes
crypto_core_salsa208_keybytes
crypto_core_salsa208_outputbytes
crypto_core_salsa20_constbytes
crypto_core_salsa20_inputbytes
crypto_core_salsa20_keybytes
crypto_core_salsa20_outputbytes
crypto_generichash
crypto_generichash_blake2b
crypto_generichash_blake2b_bytes
crypto_generichash_blake2b_bytes_max
crypto_generichash_blake2b_bytes_min
crypto_generichash_blake2b_final
crypto_generichash_blake2b_init
crypto_generichash_blake2b_init_salt_personal
crypto_generichash_blake2b_keybytes
crypto_generichash_blake2b_keybytes_max
crypto_generichash_blake2b_keybytes_min
crypto_generichash_blake2b_keygen
crypto_generichash_blake2b_personalbytes
crypto_generichash_blake2b_salt_personal
crypto_generichash_blake2b_saltbytes
crypto_generichash_blake2b_statebytes
crypto_generichash_blake2b_update
crypto_generichash_bytes
crypto_generichash_bytes_max
crypto_generichash_bytes_min
crypto_generichash_final
crypto_generichash_init
crypto_generichash_keybytes
crypto_generichash_keybytes_max
crypto_generichash_keybytes_min
crypto_generichash_keygen
crypto_generichash_primitive
crypto_generichash_statebytes
crypto_generichash_update
crypto_hash
crypto_hash_bytes
crypto_hash_primitive
crypto_hash_sha256
crypto_hash_sha256_bytes
crypto_hash_sha256_final
crypto_hash_sha256_init
crypto_hash_sha256_statebytes
crypto_hash_sha256_update
crypto_hash_sha512
crypto_hash_sha512_bytes
crypto_hash_sha512_final
crypto_hash_sha512_init
crypto_hash_sha512_statebytes
crypto_hash_sha512_update
crypto_kdf_blake2b_bytes_max
crypto_kdf_blake2b_bytes_min
crypto_kdf_blake2b_contextbytes
crypto_kdf_blake2b_derive_from_key
crypto_kdf_blake2b_keybytes
crypto_kdf_bytes_max
crypto_kdf_bytes_min
crypto_kdf_contextbytes
crypto_kdf_derive_from_key
crypto_kdf_keybytes
crypto_kdf_keygen
crypto_kdf_primitive
crypto_kx_client_session_keys
crypto_kx_keypair
crypto_kx_primitive
crypto_kx_publickeybytes
crypto_kx_secretkeybytes
crypto_kx_seed_keypair
crypto_kx_seedbytes
crypto_kx_server_session_keys
crypto_kx_sessionkeybytes
crypto_onetimeauth
crypto_onetimeauth_bytes
crypto_onetimeauth_final
crypto_onetimeauth_init
crypto_onetimeauth_keybytes
crypto_onetimeauth_keygen
crypto_onetimeauth_poly1305
crypto_onetimeauth_poly1305_bytes
crypto_onetimeauth_poly1305_final
crypto_onetimeauth_poly1305_init
crypto_onetimeauth_poly1305_keybytes
crypto_onetimeauth_poly1305_keygen
crypto_onetimeauth_poly1305_statebytes
crypto_onetimeauth_poly1305_update
crypto_onetimeauth_poly1305_verify
crypto_onetimeauth_primitive
crypto_onetimeauth_statebytes
crypto_onetimeauth_update
crypto_onetimeauth_verify
crypto_pwhash
crypto_pwhash_alg_argon2i13
crypto_pwhash_alg_argon2id13
crypto_pwhash_alg_default
crypto_pwhash_argon2i
crypto_pwhash_argon2i_alg_argon2i13
crypto_pwhash_argon2i_bytes_max
crypto_pwhash_argon2i_bytes_min
crypto_pwhash_argon2i_memlimit_interactive
crypto_pwhash_argon2i_memlimit_max
crypto_pwhash_argon2i_memlimit_min
crypto_pwhash_argon2i_memlimit_moderate
crypto_pwhash_argon2i_memlimit_sensitive
crypto_pwhash_argon2i_opslimit_interactive
crypto_pwhash_argon2i_opslimit_max
crypto_pwhash_argon2i_opslimit_min
crypto_pwhash_argon2i_opslimit_moderate
crypto_pwhash_argon2i_opslimit_sensitive
crypto_pwhash_argon2i_passwd_max
crypto_pwhash_argon2i_passwd_min
crypto_pwhash_argon2i_saltbytes
crypto_pwhash_argon2i_str
crypto_pwhash_argon2i_str_verify
crypto_pwhash_argon2i_strbytes
crypto_pwhash_argon2i_strprefix
crypto_pwhash_argon2id
crypto_pwhash_argon2id_alg_argon2id13
crypto_pwhash_argon2id_bytes_max
crypto_pwhash_argon2id_bytes_min
crypto_pwhash_argon2id_memlimit_interactive
crypto_pwhash_argon2id_memlimit_max
crypto_pwhash_argon2id_memlimit_min
crypto_pwhash_argon2id_memlimit_moderate
crypto_pwhash_argon2id_memlimit_sensitive
crypto_pwhash_argon2id_opslimit_interactive
crypto_pwhash_argon2id_opslimit_max
crypto_pwhash_argon2id_opslimit_min
crypto_pwhash_argon2id_opslimit_moderate
crypto_pwhash_argon2id_opslimit_sensitive
crypto_pwhash_argon2id_passwd_max
crypto_pwhash_argon2id_passwd_min
crypto_pwhash_argon2id_saltbytes
crypto_pwhash_argon2id_str
crypto_pwhash_argon2id_str_verify
crypto_pwhash_argon2id_strbytes
crypto_pwhash_argon2id_strprefix
crypto_pwhash_bytes_max
crypto_pwhash_bytes_min
crypto_pwhash_memlimit_interactive
crypto_pwhash_memlimit_max
crypto_pwhash_memlimit_min
crypto_pwhash_memlimit_moderate
crypto_pwhash_memlimit_sensitive
crypto_pwhash_opslimit_interactive
crypto_pwhash_opslimit_max
crypto_pwhash_opslimit_min
crypto_pwhash_opslimit_moderate
crypto_pwhash_opslimit_sensitive
crypto_pwhash_passwd_max
crypto_pwhash_passwd_min
crypto_pwhash_primitive
crypto_pwhash_saltbytes
crypto_pwhash_scryptsalsa208sha256
crypto_pwhash_scryptsalsa208sha256_bytes_max
crypto_pwhash_scryptsalsa208sha256_bytes_min
crypto_pwhash_scryptsalsa208sha256_ll
crypto_pwhash_scryptsalsa208sha256_memlimit_interactive
crypto_pwhash_scryptsalsa208sha256_memlimit_max
crypto_pwhash_scryptsalsa208sha256_memlimit_min
crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive
crypto_pwhash_scryptsalsa208sha256_opslimit_interactive
crypto_pwhash_scryptsalsa208sha256_opslimit_max
crypto_pwhash_scryptsalsa208sha256_opslimit_min
crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive
crypto_pwhash_scryptsalsa208sha256_passwd_max
crypto_pwhash_scryptsalsa208sha256_passwd_min
crypto_pwhash_scryptsalsa208sha256_saltbytes
crypto_pwhash_scryptsalsa208sha256_str
crypto_pwhash_scryptsalsa208sha256_str_verify
crypto_pwhash_scryptsalsa208sha256_strbytes
crypto_pwhash_scryptsalsa208sha256_strprefix
crypto_pwhash_str
crypto_pwhash_str_verify
crypto_pwhash_strbytes
crypto_pwhash_strprefix
crypto_scalarmult
crypto_scalarmult_base
crypto_scalarmult_bytes
crypto_scalarmult_curve25519
crypto_scalarmult_curve25519_base
crypto_scalarmult_curve25519_bytes
crypto_scalarmult_curve25519_scalarbytes
crypto_scalarmult_primitive
crypto_scalarmult_scalarbytes
crypto_secretbox
crypto_secretbox_boxzerobytes
crypto_secretbox_detached
crypto_secretbox_easy
crypto_secretbox_keybytes
crypto_secretbox_keygen
crypto_secretbox_macbytes
crypto_secretbox_noncebytes
crypto_secretbox_open
crypto_secretbox_open_detached
crypto_secretbox_open_easy
crypto_secretbox_primitive
crypto_secretbox_xchacha20poly1305_detached
crypto_secretbox_xchacha20poly1305_easy
crypto_secretbox_xchacha20poly1305_keybytes
crypto_secretbox_xchacha20poly1305_macbytes
crypto_secretbox_xchacha20poly1305_noncebytes
crypto_secretbox_xchacha20poly1305_open_detached
crypto_secretbox_xchacha20poly1305_open_easy
crypto_secretbox_xsalsa20poly1305
crypto_secretbox_xsalsa20poly1305_boxzerobytes
crypto_secretbox_xsalsa20poly1305_keybytes
crypto_secretbox_xsalsa20poly1305_keygen
crypto_secretbox_xsalsa20poly1305_macbytes
crypto_secretbox_xsalsa20poly1305_noncebytes
crypto_secretbox_xsalsa20poly1305_open
crypto_secretbox_xsalsa20poly1305_zerobytes
crypto_secretbox_zerobytes
crypto_shorthash
crypto_shorthash_bytes
crypto_shorthash_keybytes
crypto_shorthash_keygen
crypto_shorthash_primitive
crypto_shorthash_siphash24
crypto_shorthash_siphash24_bytes
crypto_shorthash_siphash24_keybytes
crypto_shorthash_siphashx24
crypto_shorthash_siphashx24_bytes
crypto_shorthash_siphashx24_keybytes
crypto_sign
crypto_sign_bytes
crypto_sign_detached
crypto_sign_ed25519
crypto_sign_ed25519_bytes
crypto_sign_ed25519_detached
crypto_sign_ed25519_keypair
crypto_sign_ed25519_open
crypto_sign_ed25519_pk_to_curve25519
crypto_sign_ed25519_publickeybytes
crypto_sign_ed25519_secretkeybytes
crypto_sign_ed25519_seed_keypair
crypto_sign_ed25519_seedbytes
crypto_sign_ed25519_sk_to_curve25519
crypto_sign_ed25519_sk_to_pk
crypto_sign_ed25519_sk_to_seed
crypto_sign_ed25519_verify_detached
crypto_sign_ed25519ph_final_create
crypto_sign_ed25519ph_final_verify
crypto_sign_ed25519ph_init
crypto_sign_ed25519ph_statebytes
crypto_sign_ed25519ph_update
crypto_sign_edwards25519sha512batch
crypto_sign_edwards25519sha512batch_keypair
crypto_sign_edwards25519sha512batch_open
crypto_sign_final_create
crypto_sign_final_verify
crypto_sign_init
crypto_sign_keypair
crypto_sign_open
crypto_sign_primitive
crypto_sign_publickeybytes
crypto_sign_secretkeybytes
crypto_sign_seed_keypair
crypto_sign_seedbytes
crypto_sign_statebytes
crypto_sign_update
crypto_sign_verify_detached
crypto_stream
crypto_stream_aes128ctr
crypto_stream_aes128ctr_afternm
crypto_stream_aes128ctr_beforenm
crypto_stream_aes128ctr_beforenmbytes
crypto_stream_aes128ctr_keybytes
crypto_stream_aes128ctr_noncebytes
crypto_stream_aes128ctr_xor
crypto_stream_aes128ctr_xor_afternm
crypto_stream_chacha20
crypto_stream_chacha20_ietf
crypto_stream_chacha20_ietf_keybytes
crypto_stream_chacha20_ietf_keygen
crypto_stream_chacha20_ietf_noncebytes
crypto_stream_chacha20_ietf_xor
crypto_stream_chacha20_ietf_xor_ic
crypto_stream_chacha20_keybytes
crypto_stream_chacha20_keygen
crypto_stream_chacha20_noncebytes
crypto_stream_chacha20_xor
crypto_stream_chacha20_xor_ic
crypto_stream_keybytes
crypto_stream_keygen
crypto_stream_noncebytes
crypto_stream_primitive
crypto_stream_salsa20
crypto_stream_salsa2012
crypto_stream_salsa2012_keybytes
crypto_stream_salsa2012_keygen
crypto_stream_salsa2012_noncebytes
crypto_stream_salsa2012_xor
crypto_stream_salsa208
crypto_stream_salsa208_keybytes
crypto_stream_salsa208_keygen
crypto_stream_salsa208_noncebytes
crypto_stream_salsa208_xor
crypto_stream_salsa20_keybytes
crypto_stream_salsa20_keygen
crypto_stream_salsa20_noncebytes
crypto_stream_salsa20_xor
crypto_stream_salsa20_xor_ic
crypto_stream_xchacha20
crypto_stream_xchacha20_keybytes
crypto_stream_xchacha20_keygen
crypto_stream_xchacha20_noncebytes
crypto_stream_xchacha20_xor
crypto_stream_xchacha20_xor_ic
crypto_stream_xor
crypto_stream_xsalsa20
crypto_stream_xsalsa20_keybytes
crypto_stream_xsalsa20_keygen
crypto_stream_xsalsa20_noncebytes
crypto_stream_xsalsa20_xor
crypto_stream_xsalsa20_xor_ic
crypto_verify_16
crypto_verify_16_bytes
crypto_verify_32
crypto_verify_32_bytes
crypto_verify_64
crypto_verify_64_bytes
randombytes
randombytes_buf
randombytes_buf_deterministic
randombytes_close
randombytes_implementation_name
randombytes_random
randombytes_salsa20_implementation
randombytes_seedbytes
randombytes_set_implementation
randombytes_stir
randombytes_sysrandom_implementation
randombytes_uniform
sodium_add
sodium_allocarray
sodium_bin2hex
sodium_compare
sodium_free
sodium_hex2bin
sodium_increment
sodium_init
sodium_is_zero
sodium_library_minimal

Sections

.text
Size: 849KB - Virtual size: 849KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/privoxy-log.log
SSTap/privoxy.conf
SSTap/readme.txt
SSTap/rules/China-IP-only.rules
SSTap/rules/Skip-all-China-IP-and-LAN.rules
SSTap/rules/Skip-all-China-IP.rules
SSTap/skins/default/bottom-border.bmp
SSTap/skins/default/button.bmp
SSTap/skins/default/checkbox.bmp
SSTap/skins/default/dialog-sysbutton.bmp
SSTap/skins/default/dialog-title.bmp
SSTap/skins/default/left-right-border.bmp
SSTap/skins/default/res.ini
SSTap/tap-driver/x64/OemVista.inf
SSTap/tap-driver/x64/OemWin2k.inf
SSTap/tap-driver/x64/install.bat
SSTap/tap-driver/x64/tap0901.cat
SSTap/tap-driver/x64/tap0901.sys
.sys windows:6 windows x64

a13cebc938af36dab20cc614c6fb7e94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
IoCsqInitialize
IoCsqRemoveNextIrp
IoCsqInsertIrp
MmMapLockedPagesSpecifyCache
IofCompleteRequest
RtlAppendUnicodeStringToString
_vsnprintf
KeAcquireSpinLockRaiseToDpc
RtlFreeAnsiString
KeReleaseSpinLock
RtlUnicodeStringToAnsiString
__C_specific_handler

ndis.sys

NdisCloseConfiguration
NdisAllocateMemoryWithTag
NdisMSendNetBufferListsComplete
NdisAllocateNetBufferAndNetBufferList
NdisSetEvent
NdisAllocateMdl
NdisMIndicateReceiveNetBufferLists
NdisFreeMdl
NdisFreeNetBufferList
NdisRegisterDeviceEx
NdisMIndicateStatusEx
NdisDeregisterDeviceEx
NdisMSetMiniportAttributes
NdisOpenConfigurationEx
NdisReadConfiguration
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisInitializeReadWriteLock
NdisFreeNetBufferListPool
NdisAllocateMemoryWithTagPriority
NdisInitializeEvent
NdisAcquireReadWriteLock
NdisResetEvent
NdisReleaseReadWriteLock
NdisFreeMemory
NdisAllocateNetBufferListPool
NdisWaitEvent
NdisGetSystemUpTimeEx
NdisGetDataBuffer

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/tap-driver/x64/tapinstall.exe
.exe windows:6 windows x64

4dedaf984510c806d325f29e45ab7ae3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalFree
FormatMessageW
FileTimeToSystemTime
GetCurrentProcess
CreateFileW
SetFilePointerEx
HeapReAlloc
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
GetLastError
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
GetDateFormatW
FindClose
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
OutputDebugStringW
OutputDebugStringA
SetStdHandle
GetStringTypeW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetCurrentThread
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteConsoleW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection

user32

CharNextW
LoadStringW

advapi32

RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegDeleteValueW
RegCloseKey
InitiateSystemShutdownExW

ole32

CLSIDFromString

setupapi

CM_Get_Next_Res_Des_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_First_Log_Conf_Ex
CM_Free_Res_Des_Handle
CM_Free_Log_Conf_Handle
SetupDiGetDriverInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupScanFileQueueW
SetupCloseFileQueue
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoListExW
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExW
CM_Disconnect_Machine
CM_Connect_MachineW
SetupDiClassGuidsFromNameExW
SetupDiClassNameFromGuidExW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenClassRegKeyExW
SetupDiCallClassInstaller
SetupDiGetClassDescriptionExW
SetupDiBuildClassInfoListExW
SetupDiGetINFClassW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoList
SetupCopyOEMInfW
CM_Get_Res_Des_Data_Size_Ex

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/tap-driver/x86/OemWin2k.inf
SSTap/tap-driver/x86/install.bat
SSTap/tap-driver/x86/tap0901.cat
SSTap/tap-driver/x86/tap0901.sys
.sys windows:6 windows x86

7bc0e747b3ccfdebdacc897735028b04

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2013, 00:00

Not After

04/06/2014, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:58:7a:a4:bc:eb:8d:a5:61:ca:0c:5b:ca:96:4f:b2
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/08/2013, 00:00

Not After

02/09/2016, 12:00

Subject

CN=OpenVPN Technologies\, Inc.,O=OpenVPN Technologies\, Inc.,L=Pleasanton,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:03:12:b3:2a:4f:df:48:c0:cc:8f:e1:86:58:a2:d0:73:7c:c2:03
Signer

Actual PE Digest

6e:03:12:b3:2a:4f:df:48:c0:cc:8f:e1:86:58:a2:d0:73:7c:c2:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
memcpy
KeRemoveQueueDpc
KeBugCheckEx
KeTickCount
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
KeInitializeDpc
MmMapLockedPagesSpecifyCache
MmMapLockedPages
RtlCreateSecurityDescriptor
ZwOpenFile
ZwSetSecurityObject
ZwClose
KeInsertQueueDpc
IoReleaseCancelSpinLock
IofCompleteRequest
memset
RtlFreeUnicodeString
RtlUnwind
RtlUnicodeToMultiByteN

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

ndis.sys

NdisMRegisterMiniport
NdisTerminateWrapper
NdisMRegisterUnloadHandler
NdisMSetAttributesEx
NdisMRegisterAdapterShutdownHandler
NdisOpenConfiguration
NdisReadConfiguration
NdisCloseConfiguration
NdisMRegisterDevice
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMSleep
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisInitializeWrapper

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/tap-driver/x86/tapinstall.exe
.exe windows:5 windows x86

85b7d4dcb4b574dd1bbe4544947006ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
FileTimeToSystemTime
FormatMessageW
CreateFileW
WriteConsoleW
GetCurrentProcess
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
GetLastError
GetFileAttributesW
FindClose
FindNextFileW
GetFullPathNameW
GetDateFormatW
FindFirstFileW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetStringTypeW
GetFileType
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
DecodePointer
TlsFree
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

user32

CharNextW
LoadStringW

advapi32

AdjustTokenPrivileges
OpenProcessToken
InitiateSystemShutdownExW
RegQueryValueExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
RegSetValueExW
RegDeleteValueW
OpenServiceW
LookupPrivilegeValueW

ole32

CLSIDFromString

setupapi

SetupDiGetDriverInstallParamsW
SetupFindFirstLineW
SetupDiSetDeviceInstallParamsW
CM_Free_Res_Des_Handle
SetupOpenInfFileW
SetupGetStringFieldW
SetupDiBuildDriverInfoList
CM_Get_Res_Des_Data_Size_Ex
SetupDiGetDriverInfoDetailW
CM_Get_First_Log_Conf_Ex
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupCloseFileQueue
SetupDiDestroyDriverInfoList
SetupDiOpenDevRegKey
CM_Get_Res_Des_Data_Ex
SetupCloseInfFile
CM_Get_Next_Res_Des_Ex
SetupOpenFileQueue
SetupScanFileQueueW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoListExW
SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiOpenClassRegKeyExW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Connect_MachineW
SetupDiCallClassInstaller
SetupDiGetDeviceInfoListDetailW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsExW
SetupDiGetDeviceInstallParamsW
CM_Locate_DevNode_ExW
CM_Disconnect_Machine
CM_Get_Device_ID_ExW
CM_Reenumerate_DevNode_Ex
SetupDiSetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameExW
CM_Get_DevNode_Status_Ex
SetupDiBuildClassInfoListExW
SetupDiGetClassDescriptionExW
SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
CM_Free_Log_Conf_Handle

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSTap/temp/4f286bcd4446432c2dbf3f141c8825b3.cache
SSTap/temp/97ad56231cb00332aa2fcc93687c90bd.cache
SSTap/unbound/forward-zone/template.china-list.conf
SSTap/unbound/template-service.conf
SSTap/unbound/unbound.exe
.exe windows:4 windows x64

3e9d878cd04a3bdc401c1f095362c644

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
DeleteService
DeregisterEventSource
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
RegisterEventSourceW
RegisterServiceCtrlHandlerA
ReportEventA
ReportEventW
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW

kernel32

CloseHandle
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetExitCodeProcess
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetVersion
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__C_specific_handler
__argv
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_ctime64
_errno
_exit
_fileno
_fmode
_get_osfhandle
_getch
_getpid
_gmtime64
_initterm
_isctype
_localtime64
_lock
_onexit
_setmode
_snwprintf
_stat64
_stricmp
_vsnwprintf
_strnicmp
_time64
_unlock
_vsnprintf
_wfopen
abort
asctime
atoi
atol
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
isgraph
islower
isprint
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putchar
puts
qsort
raise
realloc
rename
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
strtol
strtoul
tolower
toupper
ungetc
vfprintf
wcscpy
wcsstr
wcstombs
_unlink
_tzset
_strdup
_open
_isatty
_getpid
_fileno
_close
_chdir

user32

GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ReleaseDC

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getprotobyname
getprotobynumber
getservbyname
getsockopt
htonl
htons
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d22d0791d52912dd4c038de1d99cd9e0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 317KB - Virtual size: 317KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 10KB - Virtual size: 26KB

.rsrc Size: 643KB - Virtual size: 643KB

.reloc Size: 60KB - Virtual size: 59KB

b2c4288249de8427d73476df2ecd4448

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

libcurl

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 281KB - Virtual size: 281KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 11KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 61KB - Virtual size: 60KB

77c51f1589fd38fd96fe42c8589fd399

Headers

DLL Characteristics

File Characteristics

Imports

libintl3

wininet

libprivoxy

libsodiumr

liveupdate

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

wsock32

dbghelp

iphlpapi

version

ws2_32

oleacc

imm32

winmm

libcurl

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 592KB - Virtual size: 592KB

.data Size: 62KB - Virtual size: 180KB

.ctors Size: 512B - Virtual size: 4B

.dtors Size: 512B - Virtual size: 4B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 10KB - Virtual size: 26KB

.rsrc
Size: 643KB - Virtual size: 643KB

.reloc
Size: 60KB - Virtual size: 59KB

.text
Size: 281KB - Virtual size: 281KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 11KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 61KB - Virtual size: 60KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 592KB - Virtual size: 592KB

.data
Size: 62KB - Virtual size: 180KB

.ctors
Size: 512B - Virtual size: 4B

.dtors
Size: 512B - Virtual size: 4B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 314KB - Virtual size: 314KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 287KB - Virtual size: 287KB

.data
Size: 24KB - Virtual size: 98KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 206KB - Virtual size: 205KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 482KB - Virtual size: 482KB

.text
Size: 961KB - Virtual size: 961KB

.rdata
Size: 304KB - Virtual size: 303KB

.data
Size: 32KB - Virtual size: 47KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 56KB - Virtual size: 56KB