2f773115130c859b6659f55836385a6c9792109a299bd78cc8d2c1b6adcf5db3

Sharing

Copy URL Twitter E-mail

General

Target

2f773115130c859b6659f55836385a6c9792109a299bd78cc8d2c1b6adcf5db3
Size

1.8MB
MD5

8dc9c11c8f3e1d8cb87d4a22831185c6
SHA1

0f5bcd5dcef6bd1b67c098a8846f9569fa38bbb0
SHA256

2f773115130c859b6659f55836385a6c9792109a299bd78cc8d2c1b6adcf5db3
SHA512

fc3b35a45e4681a3e36c3796c754c6bf6c9942402485a4685919ce1c1ddc15416922480d60117abef0b3197ee1645476bb138d6ddf8798d08eb7492cd247f52a
SSDEEP

49152:dkRNlMJ5ENG5orYbCS0k0n0/Fd8OKtOdL:ORNlmYLSqqT8OKtyL

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/新建文件夹/XunLeiBH.dll
unpack001/新建文件夹/helpost.exe
unpack001/新建文件夹/libexpat.dll
unpack001/新建文件夹/libpng13.dll

Files

2f773115130c859b6659f55836385a6c9792109a299bd78cc8d2c1b6adcf5db3
.zip
新建文件夹/Microsoft.VC90.ATL.manifest
.xml
新建文件夹/Microsoft.VC90.CRT.manifest
新建文件夹/XLFSIO.dll
.dll windows:5 windows x86

2347993f7de0127c1411289199f4b2e5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

26/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

26/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:38:70:47:b1:81:08:be:d7:87:73:71:26:4f:73:a6:03:14:50:39:cf:f8:43:00:0a:53:84:1c:a3:24:c9:8d
Signer

Actual PE Digest

b7:38:70:47:b1:81:08:be:d7:87:73:71:26:4f:73:a6:03:14:50:39:cf:f8:43:00:0a:53:84:1c:a3:24:c9:8d

Digest Algorithm

sha256

PE Digest Matches

true

87:c7:a6:47:16:93:ef:20:98:b7:e5:78:93:49:9b:23:da:f0:45:76
Signer

Actual PE Digest

87:c7:a6:47:16:93:ef:20:98:b7:e5:78:93:49:9b:23:da:f0:45:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LockResource
SizeofResource
LoadResource
FindResourceW
LoadLibraryW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
InterlockedIncrement
FreeResource
InterlockedDecrement
IsDebuggerPresent
OutputDebugStringW
DebugBreak
GetCurrentThreadId
GetModuleFileNameW
VirtualQuery
GetTickCount
GetLastError
GetCurrentProcessId
LeaveCriticalSection
FindClose
FindNextFileW
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
EnterCriticalSection
DeleteCriticalSection
FindFirstFileW
InitializeCriticalSection

shlwapi

PathCanonicalizeW
PathCombineW

msvcp90

?assign@?$char_traits@_W@std@@SAPA_WPA_WI_W@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?eq@?$char_traits@_W@std@@SA_NAB_W0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?assign@?$char_traits@D@std@@SAXAADABD@Z
?find@?$char_traits@_W@std@@SAPB_WPB_WIAB_W@Z
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?_Copy_s@?$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z
?_Move_s@?$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z
?assign@?$char_traits@_W@std@@SAXAA_WAB_W@Z
?_Xran@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Copy_s@?$char_traits@D@std@@SAPADPADIPBDI@Z
?_Move_s@?$char_traits@D@std@@SAPADPADIPBDI@Z

msvcr90

__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_amsg_exit
_except_handler4_common
__clean_type_info_names_internal
_adjust_fdiv
_purecall
__CxxFrameHandler3
_CxxThrowException
memcpy
memset
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
fread
fwrite
ftell
fseek
fclose
_wfopen
wcsncpy
ldiv
memmove_s
_wcsicmp
strncmp
free
__RTDynamicCast
_wcsnicmp
_time64
_chsize
_fileno
rand
srand
tolower
strncpy
fopen
ferror
?_query_new_handler@@YAP6AHI@ZXZ
strlen
wcscpy
wcslen
strcpy
?_query_new_mode@@YAHXZ
bsearch
qsort
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e

Exports

Exports

XLFS_AddRefStream
XLFS_CacheGC
XLFS_CloseDirectory
XLFS_CloseFile
XLFS_CreateStreamFromFile
XLFS_CreateStreamFromMemory
XLFS_CreateStreamFromMountFile
XLFS_CreateStreamFromResource
XLFS_DeleteFile
XLFS_DirExists
XLFS_FileExists
XLFS_FixPath
XLFS_GetCacheFile
XLFS_GetFileAbsPath
XLFS_GetFilePosition
XLFS_GetFileSize
XLFS_GetRealAbsPath
XLFS_GetRealAbsPathCount
XLFS_GetXARFileType
XLFS_Init
XLFS_IsEOF
XLFS_MountDir
XLFS_MountFile
XLFS_OpenDirectory
XLFS_OpenFile
XLFS_ReadDirectory
XLFS_ReadFile
XLFS_ReleaseStream
XLFS_SeekFile
XLFS_SetXARDecryptCallBack
XLFS_SetXARProtocol
XLFS_Stat
XLFS_StreamGetPosition
XLFS_StreamGetSize
XLFS_StreamRead
XLFS_StreamSeek
XLFS_StreamSetPosition
XLFS_StreamSetSize
XLFS_StreamWrite
XLFS_UnMount
XLFS_Uninit
XLFS_UpdateCacheFile
XLFS_WriteFile

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uestat
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/XLGraphic.dll
.dll windows:5 windows x86

068eaff42e938805ea525a3e32eb7b30

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

26/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

26/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:d5:43:af:4e:09:bd:f1:44:0a:b9:f1:3f:f2:89:26:0c:6a:94:09:bc:89:bc:27:97:18:89:9c:9a:04:de:52
Signer

Actual PE Digest

1a:d5:43:af:4e:09:bd:f1:44:0a:b9:f1:3f:f2:89:26:0c:6a:94:09:bc:89:bc:27:97:18:89:9c:9a:04:de:52

Digest Algorithm

sha256

PE Digest Matches

true

0e:56:93:b1:19:e4:1f:90:da:76:02:ae:e6:50:5b:30:73:7b:57:e3
Signer

Actual PE Digest

0e:56:93:b1:19:e4:1f:90:da:76:02:ae:e6:50:5b:30:73:7b:57:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libpng13

ord7
ord12
ord122
ord98
ord180
ord76
ord136
ord108
ord99
ord100
ord87
ord81
ord75
ord14

msimg32

AlphaBlend

xlfsio

XLFS_Init
XLFS_CreateStreamFromFile
XLFS_StreamRead
XLFS_CreateStreamFromMemory
XLFS_CreateStreamFromMountFile
XLFS_ReleaseStream

shlwapi

PathAppendW
PathFileExistsW
PathFindExtensionW

kernel32

GetSystemTimeAsFileTime
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetVersionExW
lstrcmpiW
GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
IsDebuggerPresent
OutputDebugStringW
DebugBreak
GetCurrentThreadId
GetModuleFileNameW
VirtualQuery
LoadLibraryW
FreeLibrary
GetTickCount
GetLastError
GetCurrentProcessId
GetPrivateProfileStringW
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter

user32

IsRectEmpty
IntersectRect
SubtractRect
InflateRect
PtInRect
GetWindowDC
SystemParametersInfoW
GetDC
ReleaseDC
CopyRect
EqualRect
UnionRect
SetRectEmpty
OffsetRect
SetRect

gdi32

CreateCompatibleDC
CreateDIBSection
GetDeviceCaps
SelectObject
SetDIBitsToDevice
DeleteDC
DeleteObject
StretchDIBits
EnumFontFamiliesExW
GetGlyphOutlineW
CreateFontIndirectW
GetOutlineTextMetricsW
CreateFontW
GetFontData

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW

msvcp90

?_Move_s@?$char_traits@D@std@@SAPADPADIPBDI@Z
?_Copy_s@?$char_traits@D@std@@SAPADPADIPBDI@Z
?assign@?$char_traits@D@std@@SAXAADABD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?assign@?$char_traits@D@std@@SAPADPADID@Z
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?assign@?$char_traits@_W@std@@SAXAA_WAB_W@Z
?assign@?$char_traits@_W@std@@SAPA_WPA_WI_W@Z
?_Move_s@?$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z
?_Copy_s@?$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z

msvcr90

memmove
strrchr
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
fclose
_amsg_exit
_initterm_e
strncpy
wcsrchr
wcsstr
_wtoi
_itow
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
fread
fseek
ftell
fopen
memchr
strncmp
atol
strstr
atoi
?_query_new_handler@@YAP6AHI@ZXZ
wcscpy
wcslen
strcpy
strlen
memcmp
?_query_new_mode@@YAHXZ
_unlock
__dllonexit
??0exception@std@@QAE@ABQBD@Z
_encode_pointer
_lock
_onexit
memset
memcpy
__CxxFrameHandler3
_CIsqrt
floor
_purecall
ldiv
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
longjmp
_wcsicmp
_setjmp3
__CxxLongjmpUnwind
free
memmove_s
sprintf
_itoa
_CIcos
_CIsin
qsort
wcsncpy
wcsncmp
_decode_pointer

Exports

Exports

XL_ARGB2PARGB
XL_AddCurveControlPoint
XL_AddRefBitmap
XL_AddRefBrush
XL_AddRefCurve
XL_AddRefFont
XL_AddRefImageList
XL_AddRefImageSeq
XL_AddRefMask
XL_AddRefPen
XL_AddRefTextEnv
XL_AddRefTexture
XL_AddRefTrans
XL_AddSubTrans
XL_AddTextureBlock
XL_AdjustBitmapColor
XL_AdjustColor
XL_AlphaPaintBitmap
XL_BindExpObject
XL_BindExpRect
XL_BindMaskSource
XL_BindRectExpRect
XL_Blend
XL_BuildMaskCache
XL_CaclExp
XL_CaclRectExp
XL_ClearMaskCache
XL_ClipSubBindBitmap
XL_CloneBitmap
XL_CloneEXP
XL_CloneMask
XL_CloneTrans
XL_ConvertBitmap
XL_CopyRect
XL_CreateBindBitmap
XL_CreateBindBitmapEx
XL_CreateBitmap
XL_CreateBrush
XL_CreateCurve
XL_CreateExp
XL_CreateFont
XL_CreateImageList
XL_CreateImageSeq
XL_CreatePen
XL_CreateRectExp
XL_CreateRotateTrans
XL_CreateStretchTrans
XL_CreateSubMask
XL_CreateTextEnv
XL_CreateTextEnv2
XL_CreateTexture
XL_CreateTrans
XL_CreateTransferTrans
XL_DefaultGraphicHint
XL_DeleteExp
XL_DeleteFont
XL_DeleteRectExp
XL_DeleteTextEvn
XL_DoTrans
XL_DrawEllipse
XL_DrawLine
XL_DrawMultilineText
XL_DrawPolygon
XL_DrawRectangle
XL_DrawRectangle2
XL_DrawSinglelineText
XL_EnableRenderMode
XL_EnableShadow
XL_EqualRect
XL_ExtractBitmap
XL_FillBitmap
XL_FillBlend
XL_GC
XL_GetBitmapBuffer
XL_GetBitmapChanel
XL_GetBitmapInfo
XL_GetBitmapMainColor
XL_GetBitmapPixelBytes
XL_GetBknColor
XL_GetBknMode
XL_GetColorVariance
XL_GetCurveControlPoint
XL_GetCurveControlPointCount
XL_GetCurveInfo
XL_GetCurvePosition
XL_GetCurveProgress
XL_GetCurveType
XL_GetDefaultFaceName
XL_GetDefaultFont
XL_GetExpString
XL_GetExpValue
XL_GetHSVModify
XL_GetImageCount
XL_GetImageListBitmap
XL_GetLineGap
XL_GetLogBrush
XL_GetLogFont
XL_GetLogPen
XL_GetMaskSize
XL_GetMaskSource
XL_GetMaskSourceChanel
XL_GetMaskSourceType
XL_GetMultilineTextExtent
XL_GetRectExpHeight
XL_GetRectExpLeft
XL_GetRectExpRect
XL_GetRectExpTop
XL_GetRectExpWidth
XL_GetSinglelineTextExtent
XL_GetSubTrans
XL_GetSubTransCount
XL_GetTextAlignment
XL_GetTextBorderWidth
XL_GetTextCharacterExtra
XL_GetTextColor
XL_GetTextEffectColor
XL_GetTextEffectType
XL_GetTextExtentAndBaseLine
XL_GetTextFont
XL_GetTextForceUnderline
XL_GetTextLRGap
XL_GetTextType
XL_GetTextureBitmap
XL_GetTextureType
XL_GetTransInfo
XL_HSL2RGB
XL_HSV2RGB
XL_ImageSeqAddImage
XL_ImageSeqBeginAddImage
XL_ImageSeqEndAddImage
XL_ImageSeqGetCount
XL_ImageSeqGetImage
XL_ImageSeqGetImageByIndex
XL_InflateRect
XL_InitGraphicLib
XL_IntersectRect
XL_IntersectRectEx
XL_IsBitmapLossyCliped
XL_IsBitmapOwnerBuffer
XL_IsBitmapPreMultiplied
XL_IsFreeTypeEnabled
XL_IsRectEmpty
XL_IsRectIntersect
XL_IsRenderModeEnabled
XL_IsSupportFont
XL_LoadBitmapFromFile
XL_LoadBitmapFromMemory
XL_LoadBitmapFromMemoryEx
XL_LoadPngFromFile
XL_LoadPngFromStream
XL_NewMask
XL_OffsetRect
XL_PARGB2ARGB
XL_PaintBitmap
XL_PaintImageList
XL_PaintTexture
XL_PreMultiplyBitmap
XL_PrepareGraphicParam
XL_PtInRect
XL_RGB2HSL
XL_RGB2HSV
XL_RegisterImageLoader
XL_ReleaseBitmap
XL_ReleaseBrush
XL_ReleaseCurve
XL_ReleaseFont
XL_ReleaseImageList
XL_ReleaseImageSeq
XL_ReleaseMask
XL_ReleasePen
XL_ReleaseTextEnv
XL_ReleaseTexture
XL_ReleaseTrans
XL_RemoveCurveControlPoint
XL_RemoveImageloader
XL_RemoveTextureBlock
XL_ResetAlphaChannel
XL_SetAntialiasMode
XL_SetBknColor
XL_SetBknMode
XL_SetBrushColor
XL_SetConfigFontName
XL_SetExp
XL_SetFreeTypeEnabled
XL_SetHintMode
XL_SetImageListBitmap
XL_SetLCDModeFactor
XL_SetLineGap
XL_SetLoadNoBitmap
XL_SetMaskBmpStretch
XL_SetMaskSize
XL_SetPenColor
XL_SetRect
XL_SetRectEmpty
XL_SetRectExpHeight
XL_SetRectExpLeft
XL_SetRectExpTop
XL_SetRectExpWidth
XL_SetShadowColor
XL_SetShadowOffset
XL_SetTextAlignment
XL_SetTextBorderWidth
XL_SetTextCharacterExtra
XL_SetTextColor
XL_SetTextEffectColor
XL_SetTextEffectType
XL_SetTextFont
XL_SetTextForceUnderline
XL_SetTextLRGap
XL_SetTextType
XL_SetTextureBitmap
XL_SetTextureOrigin
XL_SetTextureRect
XL_SetTransDistDisp2obs
XL_SetTransParam
XL_SetTransRegion
XL_StatObject
XL_StretchBitmap
XL_StretchBlend
XL_SubtractRect
XL_TabbedTextOut
XL_TransGetDestBmpSize
XL_TransKeepCentreRect
XL_TransPoint
XL_TransRect
XL_UnInitGraphicLib
XL_UnionRect
XL_UnionRectEx

Sections

.text
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uestat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/XLLuaRuntime.dll
.dll windows:5 windows x86

a3c7e84b81974bc68a2eda53abd09101

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

26/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

26/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:23:10:6e:41:69:47:40:3c:fd:45:10:6c:7f:56:f6:96:06:ec:c6:b8:e6:c3:16:2f:fe:3b:8d:42:9f:bd:36
Signer

Actual PE Digest

a2:23:10:6e:41:69:47:40:3c:fd:45:10:6c:7f:56:f6:96:06:ec:c6:b8:e6:c3:16:2f:fe:3b:8d:42:9f:bd:36

Digest Algorithm

sha256

PE Digest Matches

true

94:43:78:b9:42:14:9a:59:a7:1b:98:12:a4:da:33:ff:b5:60:0d:11
Signer

Actual PE Digest

94:43:78:b9:42:14:9a:59:a7:1b:98:12:a4:da:33:ff:b5:60:0d:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xlfsio

XLFS_Init
XLFS_OpenFile
XLFS_IsEOF
XLFS_ReadFile
XLFS_CloseFile
XLFS_FixPath

kernel32

GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
OpenProcess
InitializeCriticalSection
VirtualQuery
ReadProcessMemory
DisableThreadLibraryCalls
GetModuleFileNameA
FormatMessageA
GetLastError
FreeLibrary
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryW
GetTickCount
GetCurrentProcessId
OpenFileMappingA
OpenMutexA
MapViewOfFile
ReleaseMutex
CreateFileMappingA
WaitForSingleObject
CreateMutexA
CloseHandle
UnmapViewOfFile
GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
DebugBreak
GetSystemTimeAsFileTime

user32

MessageBoxW

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?_Xlen@_String_base@std@@SAXXZ
?_Move_s@?$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z
?_Copy_s@?$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z
?_Xran@_String_base@std@@SAXXZ
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr90

__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException
_purecall
__CxxFrameHandler3
free
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
memmove_s
wcsncpy
memcpy_s
sprintf
memcpy
memset
atoi
ldiv
_CIsqrt
_i64toa
_atoi64
wcsrchr
strchr
fread
feof
strerror
_errno
fclose
ferror
ungetc
fopen
freopen
getc
__iob_func
fprintf
strstr
fputs
isspace
strtoul
_CIpow
floor
fgets
_setjmp3
exit
longjmp
_pclose
_wfopen
_popen
tmpfile
fscanf
clearerr
fwrite
ftell
fseek
setvbuf
fflush
iscntrl
localeconv
isalnum
isdigit
isalpha
_CIsin
_CIsinh
_CIcos
_CIcosh
_CItan
_CItanh
_CIasin
_CIacos
_CIatan
_CIatan2
ceil
_CIfmod
modf
_CIlog
_CIlog10
_CIexp
frexp
ldexp
rand
srand
_HUGE
strrchr
getenv
strtod
strncat
strcspn
strncpy
_difftime64
_gmtime64
_localtime64
_mktime64
_time64
system
remove
rename
tmpnam
clock
strftime
setlocale
tolower
toupper
isxdigit
isupper
ispunct
islower
memchr
strpbrk
strcoll
_wcsdup
?_query_new_handler@@YAP6AHI@ZXZ
strlen
wcscpy
wcslen
strcpy
?_query_new_mode@@YAHXZ
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit

Exports

Exports

XLLRT_AddLoadLuaFile
XLLRT_AddRefChunk
XLLRT_AddRefEnv
XLLRT_AddRefRunTime
XLLRT_BeginEnumGlobalAPI
XLLRT_BeginEnumGlobalClass
XLLRT_BeginEnumGlobalObject
XLLRT_CheckInt64
XLLRT_CheckXLObject
XLLRT_CheckXLObjectEx
XLLRT_CreateChunk
XLLRT_CreateChunkFromFile
XLLRT_CreateChunkFromModule
XLLRT_CreateEnv
XLLRT_CreateRunTime
XLLRT_DebugCreateLogs
XLLRT_DebugCreateStackMemPool
XLLRT_DebugDesroyStackMemPool
XLLRT_DebugDestroyLogs
XLLRT_DebugDestroyState
XLLRT_DebugGetCallLog
XLLRT_DebugGetCurState
XLLRT_DebugGetDebugeeName
XLLRT_DebugGetDumpList
XLLRT_DebugGetProcessCallLog
XLLRT_DebugGetProcessCurState
XLLRT_DebugGetProcessStackLog
XLLRT_DebugGetStackLog
XLLRT_DebugGetStateFromDump
XLLRT_DebugGetType
XLLRT_DebugInit
XLLRT_DebugLogsPopNextLog
XLLRT_DebugMemPoolGetLogs
XLLRT_DebugOutputLuaStack
XLLRT_DestroyEnv
XLLRT_DestroyRunTime
XLLRT_DoRegisterClass
XLLRT_DumpTable
XLLRT_EndEnum
XLLRT_ErrorHandle
XLLRT_GetAllLuaState
XLLRT_GetChunkName
XLLRT_GetChunkType
XLLRT_GetEnv
XLLRT_GetFunctionAddress
XLLRT_GetInt64
XLLRT_GetLastError
XLLRT_GetLoadLuaFileByIndex
XLLRT_GetLoadLuaFileCount
XLLRT_GetLuaState
XLLRT_GetNextGlobalAPI
XLLRT_GetNextGlobalClass
XLLRT_GetNextGlobalObject
XLLRT_GetOwnerEnv
XLLRT_GetRuntime
XLLRT_GetRuntimeFromLuaState
XLLRT_GetVersion
XLLRT_GetXLObject
XLLRT_GetXLObjectClass
XLLRT_GetXLObjectEx
XLLRT_IsClassRegistered
XLLRT_IsDerivedClass
XLLRT_IsGlobalAPIRegistered
XLLRT_IsGlobalObjRegistered
XLLRT_LuaCall
XLLRT_PrepareChunk
XLLRT_PushInt64
XLLRT_PushXLObject
XLLRT_PushXLObjectEx
XLLRT_RegisterClass
XLLRT_RegisterGlobalAPI
XLLRT_RegisterGlobalObj
XLLRT_RegisterGlobalSetCallback
XLLRT_RegisterInt64
XLLRT_ReleaseChunk
XLLRT_ReleaseEnv
XLLRT_ReleaseRunTime
XLLRT_RemoveClassFunctionHook
XLLRT_RemoveGlobalAPI
XLLRT_RemoveGlobalAPIHook
XLLRT_RemoveGlobalObj
XLLRT_RemoveGlobalObjectFunctionHook
XLLRT_RunChunk
XLLRT_SetClassFunctionHook
XLLRT_SetGlobalAPIHook
XLLRT_SetGlobalObjectFunctionHook
XLLRT_Stat
XLLRT_SwitchRuntimeThread
XLLRT_UnRegisterClass
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_loadwithpath
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlevel
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uestat
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/XLUE.dll
.dll windows:5 windows x86

5391d09a4e33e49d693dc1a99f9d0468

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

26/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

26/07/2018, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:87:f6:49:a7:06:8e:32:37:b9:e2:ce:e7:33:f0:3c:a6:0c:84:ab:28:04:a6:e8:89:89:52:de:35:dc:79:b8
Signer

Actual PE Digest

39:87:f6:49:a7:06:8e:32:37:b9:e2:ce:e7:33:f0:3c:a6:0c:84:ab:28:04:a6:e8:89:89:52:de:35:dc:79:b8

Digest Algorithm

sha256

PE Digest Matches

true

70:57:e7:0e:44:b3:a7:3d:ad:a7:7e:da:bd:c1:3a:cb:53:a4:5d:c3
Signer

Actual PE Digest

70:57:e7:0e:44:b3:a7:3d:ad:a7:7e:da:bd:c1:3a:cb:53:a4:5d:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xlgraphic

XL_CreateBindBitmap
XL_EnableShadow
XL_SetShadowOffset
XL_SetShadowColor
XL_SetTextEffectType
XL_SetTextLRGap
XL_PaintTexture
XL_GetBitmapBuffer
XL_GetImageCount
XL_GetImageListBitmap
XL_ReleaseImageList
XL_ExtractBitmap
XL_SetImageListBitmap
XL_ReleaseCurve
XL_GetCurveProgress
XL_AddCurveControlPoint
XL_RGB2HSL
XL_AdjustColor
XL_SetPenColor
XL_SetBrushColor
XL_GetLogBrush
XL_ReleasePen
XL_GetLogPen
XL_GetTextureType
XL_GetTextureBitmap
XL_ReleaseTexture
XL_RemoveTextureBlock
XL_AddTextureBlock
XL_SetTextureRect
XL_SetTextureBitmap
XL_ReleaseTextEnv
XL_GetTextBorderWidth
XL_SetTextBorderWidth
XL_GetTextEffectColor
XL_SetTextEffectColor
XL_GetMultilineTextExtent
XL_GetSinglelineTextExtent
XL_GetLineGap
XL_SetLineGap
XL_GetTextCharacterExtra
XL_SetTextCharacterExtra
XL_GetTextAlignment
XL_SetTextAlignment
XL_GetTextFont
XL_SetTextFont
XL_GetBknMode
XL_SetBknMode
XL_GetBknColor
XL_SetBknColor
XL_GetTextColor
XL_SetTextColor
XL_GetTextType
XL_SetTextType
XL_GetLogFont
XL_GetBitmapChanel
XL_GetBitmapMainColor
XL_TabbedTextOut
XL_DrawMultilineText
XL_DrawSinglelineText
XL_DrawEllipse
XL_DrawPolygon
XL_DrawRectangle
XL_DrawLine
XL_StretchBitmap
XL_StretchBlend
XL_GetDefaultFont
XL_DefaultGraphicHint
XL_Blend
XL_IsBitmapOwnerBuffer
XL_GetBitmapInfo
XL_FillBitmap
XL_CloneBitmap
XL_ClipSubBindBitmap
XL_ReleaseMask
XL_CreateSubMask
XL_GetMaskSize
XL_BuildMaskCache
XL_GetMaskSourceChanel
XL_BindMaskSource
XL_GetMaskSource
XL_GetMaskSourceType
XL_ImageSeqAddImage
XL_ImageSeqEndAddImage
XL_ImageSeqBeginAddImage
XL_ImageSeqGetCount
XL_ImageSeqGetImageByIndex
XL_AdjustBitmapColor
XL_TransRect
XL_TransKeepCentreRect
XL_TransGetDestBmpSize
XL_TransPoint
XL_ReleaseTrans
XL_AddSubTrans
XL_SetTransDistDisp2obs
XL_DoTrans
XL_AddRefImageSeq
XL_AddRefBrush
XL_AddRefPen
XL_ReleaseBrush
XL_BindExpObject
XL_BindExpRect
XL_DeleteExp
XL_EqualRect
XL_GetExpValue
XL_CaclExp
XL_CloneEXP
XL_SetExp
XL_CreateExp
XL_GetExpString
XL_GetCurveControlPoint
XL_GetCurveControlPointCount
XL_CloneTrans
XL_SetMaskSize
XL_AddRefMask
XL_SetFreeTypeEnabled
XL_SetConfigFontName
XL_IsSupportFont
XL_GetDefaultFaceName
XL_CreateStretchTrans
XL_CreateTransferTrans
XL_CreateRotateTrans
XL_AddRefTrans
XL_AddRefTextEnv
XL_AddRefImageList
XL_AddRefFont
XL_AddRefTexture
XL_AddRefCurve
XL_AddRefBitmap
XL_CreatePen
XL_CreateBrush
XL_CreateImageList
XL_CreateTexture
XL_CreateTextEnv
XL_CreateTextEnv2
XL_CreateFont
XL_ReleaseFont
XL_CreateCurve
XL_LoadBitmapFromFile
XL_CreateBitmap
XL_ReleaseBitmap
XL_PaintBitmap
XL_SetMaskBmpStretch
XL_CreateImageSeq
XL_DeleteFont
XL_SetTextureOrigin
XL_FillBlend
XL_ReleaseImageSeq
XL_NewMask

xlluaruntime

XLLRT_DebugDesroyStackMemPool
XLLRT_DebugDestroyLogs
XLLRT_DebugLogsPopNextLog
XLLRT_DebugMemPoolGetLogs
XLLRT_DebugCreateLogs
XLLRT_DebugOutputLuaStack
XLLRT_DebugCreateStackMemPool
XLLRT_ReleaseRunTime
XLLRT_GetLuaState
XLLRT_ReleaseEnv
XLLRT_GetRuntime
lua_pcall
XLLRT_RunChunk
XLLRT_AddRefEnv
XLLRT_CreateChunk
XLLRT_CreateChunkFromModule
XLLRT_CreateChunkFromFile
XLLRT_AddRefRunTime
lua_remove
XLLRT_AddRefChunk
XLLRT_DoRegisterClass
XLLRT_GetRuntimeFromLuaState
XLLRT_PrepareChunk
lua_newuserdata
lua_setmetatable
XLLRT_ReleaseChunk
XLLRT_GetEnv
XLLRT_CreateRunTime
XLLRT_CreateEnv
XLLRT_DestroyEnv
XLLRT_DestroyRunTime
lua_gc
lua_pushnil
luaL_checklstring
lua_tolstring
luaL_checkudata
XLLRT_PushXLObject
XLLRT_RegisterGlobalObj
lua_touserdata
lua_pushstring
lua_pushinteger
lua_insert
lua_gettable
lua_tonumber
lua_getmetatable
lua_rawequal
lua_isuserdata
lua_next
lua_getfield
XLLRT_LuaCall
lua_pushthread
XLLRT_RegisterGlobalAPI
lua_createtable
lua_setfield
lua_rawgeti
lua_settop
lua_isstring
lua_gettop
luaL_checknumber
lua_pushnumber
lua_pushlightuserdata
XLLRT_RegisterClass
lua_tointeger
lua_pushvalue
luaL_ref
luaL_unref
lua_type
lua_toboolean
lua_isnumber
lua_pushboolean
luaL_checkinteger

imm32

ImmGetCompositionFontW
ImmSetCompositionWindow
ImmAssociateContext
ImmAssociateContextEx
ImmSetCompositionFontW
ImmGetContext
ImmReleaseContext

xlfsio

XLFS_CloseDirectory
XLFS_UpdateCacheFile
XLFS_MountDir
XLFS_FileExists
XLFS_IsEOF
XLFS_CloseFile
XLFS_OpenFile
XLFS_GetFileSize
XLFS_ReadFile
XLFS_DirExists
XLFS_ReadDirectory
XLFS_OpenDirectory
XLFS_ReleaseStream
XLFS_CreateStreamFromMountFile
XLFS_UnMount
XLFS_Init

kernel32

CreateFileW
SetFilePointer
SetEndOfFile
DeleteFileW
FlushFileBuffers
GetLastError
WriteFile
GetLocalTime
CloseHandle
InitializeCriticalSection
HeapAlloc
VirtualProtect
GetCurrentThreadId
SetLastError
GetCurrentProcess
FlushInstructionCache
GetProcessHeap
GetUserDefaultLCID
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
ResumeThread
SetThreadPriority
FreeLibrary
GetSystemDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileW
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
CreateMutexW
WriteProcessMemory
VirtualProtectEx
GetCurrentProcessId
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
lstrlenW
GlobalFree
GetVersionExW
SizeofResource
LoadResource
FindResourceW
EnumResourceNamesW
SetEvent
ResetEvent
CreateEventW
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
WideCharToMultiByte
MultiByteToWideChar
IsDebuggerPresent
OutputDebugStringW
DebugBreak
UnmapViewOfFile
VirtualQuery
ReleaseMutex
LocalFree
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
GetFileSize
ReadFile
LockResource
FreeResource
AddAtomW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
CreateProcessW
OpenMutexW
TlsAlloc
MulDiv
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapFree
LoadLibraryW

user32

GetClassInfoExW
LoadCursorW
OffsetRect
SetRectEmpty
IntersectRect
IsWindow
ShowWindow
GetFocus
SetFocus
GetWindowDC
ReleaseDC
IsRectEmpty
DefWindowProcW
DestroyWindow
SetWindowLongW
GetWindowLongW
CallWindowProcW
CreateWindowExW
GetWindow
SetCursor
EqualRect
CopyRect
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsChild
PostMessageW
SendMessageW
PtInRect
GetWindowRect
GetCursorPos
TrackMouseEvent
ScreenToClient
IsWindowEnabled
WindowFromPoint
GetMessagePos
SetTimer
KillTimer
MoveWindow
SetWindowPos
SetParent
wsprintfW
GetDC
GetSysColor
RegisterClassExW
GetParent
GetClassNameW
GetAncestor
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetSystemMetrics
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
SetRect
UnionRect
MonitorFromRect
DestroyAcceleratorTable
GetWindowPlacement
MapWindowPoints
GetClientRect
DialogBoxIndirectParamW
EndDialog
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MonitorFromPoint
GetDoubleClickTime
RedrawWindow
GetWindowRgn
DeferWindowPos
GetClassLongW
PrintWindow
GetWindowTextW
GetWindowTextLengthW
CharNextW
GetMonitorInfoW
RegisterWindowMessageW
InvalidateRect
EndPaint
BeginPaint
GetActiveWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoW
SetActiveWindow
SetCapture
GetCapture
ReleaseCapture
ClientToScreen
UpdateLayeredWindow
IsZoomed
IsIconic
EnableWindow
SetWindowTextW
SetLayeredWindowAttributes
SetWindowRgn
BringWindowToTop
GetKeyState
SetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetCaretBlinkTime
UnregisterClassA
CreateAcceleratorTableW

gdi32

GetStockObject
GetObjectW
GetTextMetricsW
CombineRgn
CreateRectRgnIndirect
GetRgnBox
GetCurrentObject
GetDeviceCaps
CopyMetaFileW
CreateSolidBrush
StretchBlt
GetRegionData
SelectClipRgn
SetStretchBltMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
SetWindowOrgEx
CreateDIBSection
BitBlt
DeleteObject
ExtCreateRegion
PtInRegion
OffsetRgn
CreateRoundRectRgn
GetClipBox
CreateRectRgn
CreateFontIndirectW
PatBlt

advapi32

GetSecurityDescriptorLength
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorSacl

ole32

OleLockRunning
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CoGetClassObject
CLSIDFromString
CreateStreamOnHGlobal
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
OleGetClipboard
OleSetClipboard
CoGetMalloc
StgCreateDocfile

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantCopy
VarBstrCmp
VariantInit

atl90

ord41
ord43
ord44
ord27
ord30
ord28
ord32
ord59
ord42
ord31

shlwapi

PathCombineW
PathIsDirectoryW
PathIsRelativeW
PathCanonicalizeW
PathFindFileNameW
PathRemoveExtensionW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW

msvcp90

?max@?$numeric_limits@I@std@@SAIXZ
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?assign@?$char_traits@_W@std@@SAPA_WPA_WI_W@Z
?find@?$char_traits@_W@std@@SAPB_WPB_WIAB_W@Z
?eq@?$char_traits@_W@std@@SA_NAB_W0@Z
?find@?$char_traits@D@std@@SAPBDPBDIABD@Z
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?assign@?$char_traits@D@std@@SAXAADABD@Z
?_Copy_s@?$char_traits@D@std@@SAPADPADIPBDI@Z
?_Move_s@?$char_traits@D@std@@SAPADPADIPBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?assign@?$char_traits@_W@std@@SAXAA_WAB_W@Z
?_Copy_s@?$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z
?_Move_s@?$char_traits@_W@std@@SAPA_WPA_WIPB_WI@Z

msvcr90

fopen
fread
fclose
strtol
_wtoi
fabs
__CxxFrameHandler3
_CxxThrowException
memcmp
_recalloc
free
swprintf_s
strncpy
ldiv
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
strncmp
__RTDynamicCast
sprintf
strcmp
_stricmp
strlen
wcscpy
sscanf
atoi
wcslen
memset
memmove_s
wcsncpy
_strnicmp
atol
rand
srand
memcpy
_vswprintf_c_l
swscanf
wcscmp
_wcsicmp
_time64
strcpy
atof
?_query_new_handler@@YAP6AHI@ZXZ
_beginthreadex
?_query_new_mode@@YAHXZ
malloc
memcpy_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_purecall

libexpat

ord35
ord21
ord63
ord16
ord48
ord2
ord52
ord20
ord12
ord25
ord50

shell32

SHAppBarMessage

gdiplus

GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipFree
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateFromHDC
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromGdiDib
GdipAlloc

Exports

Exports

XLI18N_ActiveLocation
XLI18N_GetActiveLocationID
XLI18N_GetLanguagePackage
XLI18N_GetRootDir
XLI18N_GetSupportLocationList
XLI18N_GetTextIDAssertMode
XLI18N_Init
XLI18N_IsSupportLocation
XLI18N_LoadText
XLI18N_LoadTextFromPackage
XLI18N_PreloadLanguagePackage
XLI18N_RegisterLocationChangeEvent
XLI18N_RegisterLuaClass
XLI18N_ReleaseLanguagePackage
XLI18N_RemoveLocationChangeEvent
XLI18N_SetTextIDAssertMode
XLI18N_UnloadLanguagePackage
XLUE_AddObjChild
XLUE_AddRefAnimation
XLUE_AddRefResRealHandle
XLUE_AddRefResource
XLUE_AddXARSearchPath
XLUE_AlphaChagneAniSetKeyAlpha
XLUE_AlphaChangAniBindRenderObj
XLUE_AngleChangeAniBindRenderObj
XLUE_AngleChangeAniSetKeyAngle
XLUE_AngleChangeAniSetKeyRange
XLUE_AniBindCurve
XLUE_AniBindCurveID
XLUE_AniGetCurve
XLUE_AniGetCurveID
XLUE_AsynLoadXAR
XLUE_B3DAniSetBlendMode
XLUE_B3DAniSetCentrePoint
XLUE_B3DAniSetCentrePointMode
XLUE_B3DAniSetDistanceDisp2Obs
XLUE_B3DAniSetPositionMode
XLUE_B3DAniSetSizeLimitMode
XLUE_B3DAniSetZPlane
XLUE_BeginEnumHostWnd
XLUE_BindUIObjectTree
XLUE_CanObjHandleInput
XLUE_CenterHostWnd
XLUE_CheckBitmap
XLUE_CheckBrush
XLUE_CheckColor
XLUE_CheckColor2
XLUE_CheckCurve
XLUE_CheckFont
XLUE_CheckImageList
XLUE_CheckImageSeq
XLUE_CheckMask
XLUE_CheckObject
XLUE_CheckObjectEx
XLUE_CheckPen
XLUE_CheckRes
XLUE_CheckResEx
XLUE_CheckTexture
XLUE_ClearAllXARSearchPath
XLUE_ClearLuaObj
XLUE_CreateAnimation
XLUE_CreateHostWnd
XLUE_CreateObj
XLUE_CreateObjTree
XLUE_DeleteHostWnd
XLUE_DestoryObj
XLUE_DestroyObjTree
XLUE_DoMessageLoopWork
XLUE_EnableObjInputTarget
XLUE_FireExtObjEvent
XLUE_GC
XLUE_GetAnimationClassName
XLUE_GetAnimationRunningTime
XLUE_GetAnimationState
XLUE_GetBindUIObjectTree
XLUE_GetBitmap
XLUE_GetBitmapFromProvider
XLUE_GetBrush
XLUE_GetBrushFromProvider
XLUE_GetColor
XLUE_GetColorFromProvider
XLUE_GetControlObject
XLUE_GetControlObjectEx
XLUE_GetCurve
XLUE_GetCurveFromProvider
XLUE_GetExtHandle
XLUE_GetFont
XLUE_GetFontFromProvider
XLUE_GetGlobalResProvider
XLUE_GetHostWndAppWindow
XLUE_GetHostWndByHandle
XLUE_GetHostWndByID
XLUE_GetHostWndCacheRect
XLUE_GetHostWndClassName
XLUE_GetHostWndCursorID
XLUE_GetHostWndEnable
XLUE_GetHostWndID
XLUE_GetHostWndLayered
XLUE_GetHostWndMaxTrackSize
XLUE_GetHostWndMinTrackSize
XLUE_GetHostWndParent
XLUE_GetHostWndRect
XLUE_GetHostWndTitle
XLUE_GetHostWndToolWindow
XLUE_GetHostWndTopMost
XLUE_GetHostWndVisible
XLUE_GetHostWndWindowHandle
XLUE_GetImageList
XLUE_GetImageListFromProvider
XLUE_GetImageObjBitmap
XLUE_GetImageObjResID
XLUE_GetImageSeq
XLUE_GetImageSeqFromProvider
XLUE_GetKeyAnimationTotalTime
XLUE_GetLayerObjClipSens
XLUE_GetLuaStack
XLUE_GetNextHostWnd
XLUE_GetObjAbsPos
XLUE_GetObjAbsZorder
XLUE_GetObjCaptureMouse
XLUE_GetObjCaretLimitRect
XLUE_GetObjChild
XLUE_GetObjChildByCmd
XLUE_GetObjChildByID
XLUE_GetObjChildCount
XLUE_GetObjChildrenEnable
XLUE_GetObjChildrenVisible
XLUE_GetObjClassName
XLUE_GetObjCursorID
XLUE_GetObjDropEnable
XLUE_GetObjEnable
XLUE_GetObjFather
XLUE_GetObjFatherEnable
XLUE_GetObjFatherVisible
XLUE_GetObjFocus
XLUE_GetObjFocusStrategy
XLUE_GetObjID
XLUE_GetObjInheritMask
XLUE_GetObjLimitRect
XLUE_GetObjMaskBlendType
XLUE_GetObjMaskPos
XLUE_GetObjOwner
XLUE_GetObjPos
XLUE_GetObjPrivateEnable
XLUE_GetObjPrivateVisible
XLUE_GetObjResProvider
XLUE_GetObjTabGroup
XLUE_GetObjTabOrder
XLUE_GetObjTabStop
XLUE_GetObjTree
XLUE_GetObjTreeBindHostWnd
XLUE_GetObjTreeCaptureMouseObj
XLUE_GetObjTreeFocusObj
XLUE_GetObjTreeID
XLUE_GetObjTreeObjectCount
XLUE_GetObjTreeRootObj
XLUE_GetObjVisible
XLUE_GetObjZorder
XLUE_GetOwnerControl
XLUE_GetPen
XLUE_GetPenFromProvider
XLUE_GetRealObjHostWindow
XLUE_GetRealObjWindow
XLUE_GetRenderObjAlpha
XLUE_GetRes
XLUE_GetResExtHandle
XLUE_GetResFromProvider
XLUE_GetResID
XLUE_GetResProviderFromXAR
XLUE_GetResRealHandle
XLUE_GetResType
XLUE_GetTexture
XLUE_GetTextureFromProvider
XLUE_GetUIObject
XLUE_GetUpdateFPS
XLUE_GetWindowBitmap
XLUE_HitTest
XLUE_HostWndCreateWnd
XLUE_HostWndDestroyWnd
XLUE_HostWndDoModal
XLUE_HostWndEndDialog
XLUE_HostWndPtToScreenPt
XLUE_HostWndPtToTreePt
XLUE_HostWndRectToScreenRect
XLUE_HostWndRectToTreeRect
XLUE_Init
XLUE_InitLoader
XLUE_InitLuaHost
XLUE_IsAnimationValid
XLUE_IsChild
XLUE_IsControl
XLUE_IsHostWndValid
XLUE_IsObjLimit
XLUE_IsObjLimitChild
XLUE_IsObjTreeValid
XLUE_IsObjValid
XLUE_IsResProviderValid
XLUE_IsXARInAsynLoading
XLUE_IsXARLoaded
XLUE_KillTimer
XLUE_LoadXAR
XLUE_LoadXLUEApp
XLUE_MaskChangeAniBindMaskObj
XLUE_MaskChangeAniGetBindMaskObj
XLUE_MaskChangeAniSetMaskKeyFrame
XLUE_MaxHostWnd
XLUE_MinHostWnd
XLUE_MoveHostWnd
XLUE_ObjBindLayer
XLUE_ObjGetLayer
XLUE_ObjHitTest
XLUE_ObjPaint
XLUE_ObjProcessInput
XLUE_ObjPushDirtyRect
XLUE_ObjRouteToFather
XLUE_ObjSetDefaultRediretorByEvent
XLUE_ObjSetRediretorByEvent
XLUE_PosChangAniBindLayoutObj
XLUE_PosChangeAniSetKeyPos
XLUE_PosChangeAniSetKeyRect
XLUE_PreRegisterExtType
XLUE_PushBitmap
XLUE_PushBrush
XLUE_PushColor
XLUE_PushColor2
XLUE_PushCurve
XLUE_PushFont
XLUE_PushImageList
XLUE_PushImageSeq
XLUE_PushMask
XLUE_PushObjTreeDirtyRect
XLUE_PushObject
XLUE_PushPen
XLUE_PushRes
XLUE_PushTexture
XLUE_QueryObjFocus
XLUE_QueryTimer
XLUE_RegisterAnimation
XLUE_RegisterExtObj
XLUE_RegisterExtRes
XLUE_RegisterHostWnd
XLUE_RegisterMessageLoopListener
XLUE_RegisterResource
XLUE_RegisterStandardObjects
XLUE_ReleaseAnimation
XLUE_ReleaseResRealHandle
XLUE_ReleaseResource
XLUE_RemoveGlobalHook
XLUE_RemoveObjAllChildren
XLUE_RemoveObjChild
XLUE_RemoveXARSearchPath
XLUE_RenderObject
XLUE_RenderTree
XLUE_ResProviderAttachResEvent
XLUE_ResProviderDetachResEvent
XLUE_RestoreHostWnd
XLUE_ResumeAnimation
XLUE_ScreenPtToHostWndPt
XLUE_ScreenRectToHostWndRect
XLUE_SelectResPackage
XLUE_SetDS
XLUE_SetGlobalHook
XLUE_SetHostWndAppWindow
XLUE_SetHostWndCacheRect
XLUE_SetHostWndCursorID
XLUE_SetHostWndEnable
XLUE_SetHostWndLayered
XLUE_SetHostWndMaxTrackSize
XLUE_SetHostWndMinTrackSize
XLUE_SetHostWndParent
XLUE_SetHostWndTitle
XLUE_SetHostWndToolWindow
XLUE_SetHostWndTopMost
XLUE_SetHostWndVisible
XLUE_SetIDTimer
XLUE_SetImageObjBitmap
XLUE_SetImageObjResID
XLUE_SetKeyAnimationBindObj
XLUE_SetKeyAnimationForceStop
XLUE_SetKeyAnimationLoop
XLUE_SetKeyAnimationTotalTime
XLUE_SetLayerObjClipSens
XLUE_SetLoadStrategy
XLUE_SetObjCaptureMouse
XLUE_SetObjChildrenEnable
XLUE_SetObjChildrenVisible
XLUE_SetObjCursorID
XLUE_SetObjDropEnable
XLUE_SetObjEnable
XLUE_SetObjEnableEx
XLUE_SetObjFocus
XLUE_SetObjFocusEx
XLUE_SetObjFocusStrategy
XLUE_SetObjID
XLUE_SetObjInheritMask
XLUE_SetObjLimit
XLUE_SetObjLimitChild
XLUE_SetObjMaskBlendType
XLUE_SetObjMaskPos
XLUE_SetObjMaskPosExp
XLUE_SetObjMaskPosExp2
XLUE_SetObjPos
XLUE_SetObjPosExp
XLUE_SetObjPosExp2
XLUE_SetObjResProvider
XLUE_SetObjTabGroup
XLUE_SetObjTabOrder
XLUE_SetObjTabStop
XLUE_SetObjTreeRootObj
XLUE_SetObjVisible
XLUE_SetObjZorder
XLUE_SetOnceIDTimer
XLUE_SetOnceTimer
XLUE_SetRealObjWindow
XLUE_SetRenderObjAlpha
XLUE_SetRenderObjAlphaEx
XLUE_SetTextObjectDefaultTextType
XLUE_SetTimer
XLUE_SetTreeMaxClosure
XLUE_SetUpdateFPS
XLUE_ShowHostWnd
XLUE_Stat
XLUE_StopAnimation
XLUE_TreePtToHostWndPt
XLUE_TreeRectToHostWndRect
XLUE_TurnObjectAniBindBackObj
XLUE_TurnObjectAniBindFrontObj
XLUE_TurnObjectAniBindRenderObj
XLUE_TurnObjectAniSetFlag
XLUE_UnbindUIObjectTree
XLUE_Uninit
XLUE_UninitHandleMap
XLUE_UninitLoader
XLUE_UninitLuaHost
XLUE_UnloadAllXAR
XLUE_UnregisterMessageLoopListener
XLUE_UpdateAnimationRunningTime
XLUE_VerifyXAR
XLUE_VerifyXAR2
XLUE_XARExist
XLUE_XML_BeginGetAttribute
XLUE_XML_Free
XLUE_XML_GetChildByIndex
XLUE_XML_GetChildCount
XLUE_XML_GetName
XLUE_XML_GetNextAttribute
XLUE_XML_GetValue

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uestat
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uestr
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/XunLeiBH.dll
.dll windows:5 windows x86

e8fcd924004be61375969e3c785cbe33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr90

ftell
fprintf
_fdopen
fopen
sprintf
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
clearerr
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strerror
malloc
fputc
fseek
fflush
_vsnprintf
free
fclose
_errno
fread
ferror
fwrite
memset
_initterm_e
memcpy

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/atl90.dll
.dll windows:5 windows x86

17ed9dd04d0bbfc19b81bf75e8ebe774

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:6d:3d:ae:3c:49:8d:0c:c8:1e:e8:4a:30:a0:be:2d:0c:0c:f3:b0
Signer

Actual PE Digest

44:6d:3d:ae:3c:49:8d:0c:c8:1e:e8:4a:30:a0:be:2d:0c:0c:f3:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameW
WideCharToMultiByte
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
lstrcmpW
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
LockResource
LocalAlloc
InterlockedExchange
LoadLibraryA
HeapFree
HeapAlloc
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
ExitProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
InterlockedCompareExchange
GetProcessHeap
IsProcessorFeaturePresent
lstrcmpA
GetModuleHandleA

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetPerUserRegistration
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlSetPerUserRegistration
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/helpost.exe
.exe windows:5 windows x86

6bb94f8d918f73478aee5a6db44ed3be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xlue

XLUE_AddXARSearchPath
XLUE_LoadXAR
XLUE_InitLoader

xlgraphic

XL_InitGraphicLib
XL_PrepareGraphicParam
XL_SetFreeTypeEnabled

xlluaruntime

luaL_checkinteger
lua_tonumber
lua_next
lua_settable
lua_createtable
XLLRT_RegisterClass
XLLRT_PushXLObject
lua_pushlstring
lua_toboolean
lua_tolstring
XLLRT_ReleaseRunTime
lua_tointeger
lua_pushnil
luaL_unref
lua_insert
lua_getfield
lua_remove
lua_isuserdata
lua_getmetatable
luaL_ref
lua_pushinteger
lua_rawgeti
lua_type
lua_pushstring
lua_pushboolean
XLLRT_RegisterGlobalObj
luaL_checkudata
luaL_checknumber
luaL_checklstring
lua_pushnumber
lua_settop
XLLRT_ReleaseEnv
lua_gettop
XLLRT_GetEnv
XLLRT_LuaCall
XLLRT_GetRuntime

xlfsio

XLFS_Init

ws2_32

WSAGetLastError
getpeername
ntohs
WSAAsyncGetHostByName
WSACancelAsyncRequest
WSAAsyncSelect
closesocket
connect
htons
send
recv
inet_addr
socket
getsockname
WSAStartup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

SetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetVolumeInformationW
GetDiskFreeSpaceExW
WriteFile
SystemTimeToFileTime
SetFileTime
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RemoveDirectoryW
DeleteFileW
CreateMutexW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
GetModuleFileNameW
GetTempPathW
RaiseException
GetLastError
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
FindFirstFileW
GetCurrentProcess
CreateDirectoryW
GetPrivateProfileStringW
WideCharToMultiByte
CopyFileW
GetVersionExW
MultiByteToWideChar
WritePrivateProfileStringW
MoveFileW
FindClose
Process32FirstW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
FlushInstructionCache
SetLastError
VirtualQuery
IsBadCodePtr
GetFileAttributesW
lstrcatW
GetFileSizeEx
CreateFileW
GetFileAttributesExW
TerminateProcess
GetStartupInfoW
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
WaitForMultipleObjects
CreateThread
TerminateThread
WaitForSingleObject
SetEvent
CreateEventW
GetVersion

user32

SetTimer
KillTimer
CreateWindowExW
PostMessageW
SetWindowLongW
GetWindowLongW
UnregisterClassA
GetMonitorInfoW
MonitorFromPoint
GetCursorPos
GetKeyState
CallWindowProcW
PostQuitMessage
GetDesktopWindow
DestroyWindow
GetMessageW
LoadCursorW
FindWindowW
GetClassInfoExW
TranslateMessage
RegisterClassExW
PeekMessageW
SendMessageW
DispatchMessageW
IsWindow
DefWindowProcW
wsprintfW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen

atl90

ord64
ord61
ord23
ord44
ord43

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathCombineW
PathAppendW
PathFileExistsW
PathIsDirectoryW
SHGetValueW

comctl32

InitCommonControlsEx

msvcp90

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0strstreambuf@std@@QAE@PBDH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1strstreambuf@std@@UAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z

msvcr90

free
_recalloc
??_V@YAXPAX@Z
__wargv
exit
??2@YAPAXI@Z
wcschr
_wcsicmp
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
fseek
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcsncat
wcsrchr
__CxxFrameHandler3
memset
_CxxThrowException
_purecall
tolower
strstr
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
memmove_s
swprintf_s
??3@YAXPAX@Z
fgetwc
getc
feof
fwrite
fwprintf
toupper
_beginthreadex
_swprintf
_wfopen
fread
ferror
fclose
memcpy
strcmp
_wstat64i32
strftime
_gmtime64
??0exception@std@@QAE@ABQBD@Z
swscanf
_atoi64
_wtoi64
_ui64tow
_ui64toa
_ultow
_stricmp
sscanf
strncmp
atol
strlen
_strnicmp
atoi

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/libexpat.dll
.dll windows:5 windows x86

174ec97c99326b1ea1fa85329a941203

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
WriteConsoleW
GetFileType
GetStdHandle
GetCurrentThreadId
GetCommandLineA
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
HeapValidate
IsBadReadPtr
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetLastError
SetConsoleCtrlHandler
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
FatalAppExitA
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
WriteFile
InterlockedExchange
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlUnwind
OutputDebugStringA
OutputDebugStringW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetFilePointer
GetTimeZoneInformation
CreateFileA
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_FreeContentModel
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetParsingStatus
XML_GetSpecifiedAttributeCount
XML_MemFree
XML_MemMalloc
XML_MemRealloc
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_ParserReset
XML_ResumeParser
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_StopParser
XML_UseForeignDTD
XML_UseParserAsHandlerArg

Sections

.textbss
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/libpng13.dll
.dll windows:5 windows x86

0e9abea7df606c7eed96b212bae99492

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

zlib1

deflateReset
deflateInit2_
deflateEnd
deflate
inflateEnd
inflateInit_
inflate
inflateReset
crc32

msvcr90

malloc
free
memcpy
_setjmp3
fread
abs
fabs
pow
strtod
strlen
longjmp
fflush
_gmtime64
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
abort
_snprintf
memset
memcmp
fwrite

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess

Exports

Exports

png_access_version_number
png_build_grayscale_palette
png_check_cHRM_fixed
png_check_sig
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_struct
png_destroy_struct_2
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_asm_flagmask
png_get_asm_flags
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_int_32
png_get_interlace_type
png_get_io_ptr
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pixel_aspect_ratio
png_get_pixels_per_meter
png_get_progressive_ptr
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_16
png_get_uint_31
png_get_uint_32
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_meter
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_malloc
png_malloc_default
png_malloc_warn
png_memcpy_check
png_memset_check
png_mmx_support
png_permit_empty_plte
png_permit_mng_features
png_process_data
png_progressive_combine_row
png_read_end
png_read_image
png_read_info
png_read_init
png_read_init_2
png_read_init_3
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_asm_flags
png_set_bKGD
png_set_background
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_dither
png_set_error_fn
png_set_expand
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gray_1_2_4_to_8
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_progressive_read_fn
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_strip_error_numbers
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_init
png_write_init_2
png_write_init_3
png_write_png
png_write_row
png_write_rows
png_write_sig

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2347993f7de0127c1411289199f4b2e5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1fCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

b7:38:70:47:b1:81:08:be:d7:87:73:71:26:4f:73:a6:03:14:50:39:cf:f8:43:00:0a:53:84:1c:a3:24:c9:8dSigner

87:c7:a6:47:16:93:ef:20:98:b7:e5:78:93:49:9b:23:da:f0:45:76Signer

Headers

File Characteristics

Imports

kernel32

shlwapi

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 147KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 3KB

.uestat Size: 512B - Virtual size: 108B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 8KB

068eaff42e938805ea525a3e32eb7b30

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1fCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1a:d5:43:af:4e:09:bd:f1:44:0a:b9:f1:3f:f2:89:26:0c:6a:94:09:bc:89:bc:27:97:18:89:9c:9a:04:de:52Signer

0e:56:93:b1:19:e4:1f:90:da:76:02:ae:e6:50:5b:30:73:7b:57:e3Signer

Headers

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

b7:38:70:47:b1:81:08:be:d7:87:73:71:26:4f:73:a6:03:14:50:39:cf:f8:43:00:0a:53:84:1c:a3:24:c9:8d
Signer

87:c7:a6:47:16:93:ef:20:98:b7:e5:78:93:49:9b:23:da:f0:45:76
Signer

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 3KB

.uestat
Size: 512B - Virtual size: 108B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1a:d5:43:af:4e:09:bd:f1:44:0a:b9:f1:3f:f2:89:26:0c:6a:94:09:bc:89:bc:27:97:18:89:9c:9a:04:de:52
Signer

0e:56:93:b1:19:e4:1f:90:da:76:02:ae:e6:50:5b:30:73:7b:57:e3
Signer

.text
Size: 582KB - Virtual size: 582KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 2KB - Virtual size: 324KB

.uestat
Size: 512B - Virtual size: 64B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 14KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

45:98:a2:8d:fd:dc:bc:31:de:d0:f2:98:07:c5:a7:43
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

a2:23:10:6e:41:69:47:40:3c:fd:45:10:6c:7f:56:f6:96:06:ec:c6:b8:e6:c3:16:2f:fe:3b:8d:42:9f:bd:36
Signer

94:43:78:b9:42:14:9a:59:a7:1b:98:12:a4:da:33:ff:b5:60:0d:11
Signer

.text
Size: 188KB - Virtual size: 188KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 1KB - Virtual size: 2KB

.uestat
Size: 512B - Virtual size: 68B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate