1dc2acf07601cb568647e8aedf4d5124b20bb076b4a14915a9355389d65d08cb

Sharing

Copy URL Twitter E-mail

General

Target

1dc2acf07601cb568647e8aedf4d5124b20bb076b4a14915a9355389d65d08cb
Size

4.4MB
MD5

9c4813e9434aa613d8ae7e00fe9cb399
SHA1

a1a1340b158170a21a23bbd916b5d12cb6edbd19
SHA256

1dc2acf07601cb568647e8aedf4d5124b20bb076b4a14915a9355389d65d08cb
SHA512

800b01f3387b93aff1a45f1a85d637e96379e4dac2ee47f7a60384dbaf024e16b785fda776c5f782db424794a32b8d4adfe25a8b4988e987acd85c26be2c0602
SSDEEP

98304:pevMpwTOpFeEDvWj+tnBasLNzteBdgWF0OjBpCjErYoJ23CUOPv70nmYD/0L5:pdaKeErWj+tBaspztefFd4kYZ3CHgmYo

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/网易云游戏多开器/HPSocket4C.dll
unpack001/网易云游戏多开器/RapidJSON.dll
unpack001/网易云游戏多开器/网易云游戏多开登录器.exe

Files

1dc2acf07601cb568647e8aedf4d5124b20bb076b4a14915a9355389d65d08cb
.zip
网易云游戏多开器/HPSocket4C.dll
.dll windows:5 windows x86

4bb510d708fb7470d7a52eba38dc482f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateWaitableTimerA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetSystemInfo
GetExitCodeThread
TerminateThread
ResetEvent
InterlockedExchange
PostQueuedCompletionStatus
RaiseException
SetEvent
GetQueuedCompletionStatus
CreateIoCompletionPort
UnmapViewOfFile
lstrlenA
CreateFileA
GetProcAddress
GetModuleHandleA
GetFileSize
CreateFileMappingA
MapViewOfFileEx
MultiByteToWideChar
WaitForMultipleObjects
InterlockedExchangeAdd
SetWaitableTimer
CancelWaitableTimer
TryEnterCriticalSection
CreateTimerQueueTimer
DeleteTimerQueueTimer
SystemTimeToFileTime
GetSystemTime
GetModuleHandleExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFiber
SwitchToFiber
CreateFiber
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
DeleteTimerQueueEx
ReadConsoleA
ReadConsoleW
GetEnvironmentVariableW
CompareStringW
GetDriveTypeW
WriteConsoleW
FlushFileBuffers
CreateTimerQueue
Sleep
CreateEventA
GetNativeSystemInfo
SwitchToThread
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreA
GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetLastError
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
SetEnvironmentVariableA
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsProcessorFeaturePresent
RtlUnwind
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetEndOfFile
GetConsoleCP
SetStdHandle
GetStartupInfoW
SetHandleCount
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetConsoleCtrlHandler
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineA
CreateThread
ExitThread
CreateFileW
SetFilePointer
EncodePointer
DecodePointer
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
InterlockedCompareExchange
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
DeleteCriticalSection
SetConsoleMode
InitializeCriticalSectionAndSpinCount

user32

GetProcessWindowStation
GetUserObjectInformationW
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
MessageBoxW
PeekMessageA

advapi32

CryptSignHashW
ReportEventW
RegisterEventSourceW
CryptEnumProvidersW
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptGenRandom
CryptDecrypt
CryptCreateHash
CryptSetHashParam
DeregisterEventSource
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextW

shlwapi

StrPBrkA
StrChrA
PathFileExistsA
PathIsDirectoryA

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps

ws2_32

WSARecv
WSASend
closesocket
shutdown
sendto
send
ioctlsocket
setsockopt
htonl
ntohl
WSASendTo
getsockname
WSAAddressToStringA
freeaddrinfo
getaddrinfo
WSAStringToAddressA
getsockopt
WSAIoctl
WSASetLastError
htons
WSAGetLastError
ntohs
WSARecvFrom
WSAStartup
WSACleanup
bind
socket
WSAGetOverlappedResult
connect
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
recv
WSACloseEvent
listen
recvfrom
getpeername

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertOpenStore

Exports

Exports

Create_HP_HttpAgent
Create_HP_HttpAgentListener
Create_HP_HttpClient
Create_HP_HttpClientListener
Create_HP_HttpServer
Create_HP_HttpServerListener
Create_HP_HttpSyncClient
Create_HP_HttpsAgent
Create_HP_HttpsClient
Create_HP_HttpsServer
Create_HP_HttpsSyncClient
Create_HP_SSLAgent
Create_HP_SSLClient
Create_HP_SSLPackAgent
Create_HP_SSLPackClient
Create_HP_SSLPackServer
Create_HP_SSLPullAgent
Create_HP_SSLPullClient
Create_HP_SSLPullServer
Create_HP_SSLServer
Create_HP_SocketTaskObj
Create_HP_TcpAgent
Create_HP_TcpAgentListener
Create_HP_TcpClient
Create_HP_TcpClientListener
Create_HP_TcpPackAgent
Create_HP_TcpPackAgentListener
Create_HP_TcpPackClient
Create_HP_TcpPackClientListener
Create_HP_TcpPackServer
Create_HP_TcpPackServerListener
Create_HP_TcpPullAgent
Create_HP_TcpPullAgentListener
Create_HP_TcpPullClient
Create_HP_TcpPullClientListener
Create_HP_TcpPullServer
Create_HP_TcpPullServerListener
Create_HP_TcpServer
Create_HP_TcpServerListener
Create_HP_ThreadPool
Create_HP_UdpArqClient
Create_HP_UdpArqClientListener
Create_HP_UdpArqServer
Create_HP_UdpArqServerListener
Create_HP_UdpCast
Create_HP_UdpCastListener
Create_HP_UdpClient
Create_HP_UdpClientListener
Create_HP_UdpServer
Create_HP_UdpServerListener
Destroy_HP_HttpAgent
Destroy_HP_HttpAgentListener
Destroy_HP_HttpClient
Destroy_HP_HttpClientListener
Destroy_HP_HttpServer
Destroy_HP_HttpServerListener
Destroy_HP_HttpSyncClient
Destroy_HP_HttpsAgent
Destroy_HP_HttpsClient
Destroy_HP_HttpsServer
Destroy_HP_HttpsSyncClient
Destroy_HP_SSLAgent
Destroy_HP_SSLClient
Destroy_HP_SSLPackAgent
Destroy_HP_SSLPackClient
Destroy_HP_SSLPackServer
Destroy_HP_SSLPullAgent
Destroy_HP_SSLPullClient
Destroy_HP_SSLPullServer
Destroy_HP_SSLServer
Destroy_HP_SocketTaskObj
Destroy_HP_TcpAgent
Destroy_HP_TcpAgentListener
Destroy_HP_TcpClient
Destroy_HP_TcpClientListener
Destroy_HP_TcpPackAgent
Destroy_HP_TcpPackAgentListener
Destroy_HP_TcpPackClient
Destroy_HP_TcpPackClientListener
Destroy_HP_TcpPackServer
Destroy_HP_TcpPackServerListener
Destroy_HP_TcpPullAgent
Destroy_HP_TcpPullAgentListener
Destroy_HP_TcpPullClient
Destroy_HP_TcpPullClientListener
Destroy_HP_TcpPullServer
Destroy_HP_TcpPullServerListener
Destroy_HP_TcpServer
Destroy_HP_TcpServerListener
Destroy_HP_ThreadPool
Destroy_HP_UdpArqClient
Destroy_HP_UdpArqClientListener
Destroy_HP_UdpArqServer
Destroy_HP_UdpArqServerListener
Destroy_HP_UdpCast
Destroy_HP_UdpCastListener
Destroy_HP_UdpClient
Destroy_HP_UdpClientListener
Destroy_HP_UdpServer
Destroy_HP_UdpServerListener
HP_Agent_Connect
HP_Agent_ConnectWithExtra
HP_Agent_ConnectWithExtraAndLocalAddressPort
HP_Agent_ConnectWithExtraAndLocalPort
HP_Agent_ConnectWithLocalAddress
HP_Agent_ConnectWithLocalPort
HP_Agent_Disconnect
HP_Agent_DisconnectLongConnections
HP_Agent_DisconnectSilenceConnections
HP_Agent_GetAllConnectionIDs
HP_Agent_GetConnectPeriod
HP_Agent_GetConnectionCount
HP_Agent_GetConnectionExtra
HP_Agent_GetFreeBufferObjHold
HP_Agent_GetFreeBufferObjPool
HP_Agent_GetFreeSocketObjHold
HP_Agent_GetFreeSocketObjLockTime
HP_Agent_GetFreeSocketObjPool
HP_Agent_GetLastError
HP_Agent_GetLastErrorDesc
HP_Agent_GetLocalAddress
HP_Agent_GetMaxConnectionCount
HP_Agent_GetOnSendSyncPolicy
HP_Agent_GetPendingDataLength
HP_Agent_GetRemoteAddress
HP_Agent_GetRemoteHost
HP_Agent_GetSendPolicy
HP_Agent_GetSilencePeriod
HP_Agent_GetState
HP_Agent_GetWorkerThreadCount
HP_Agent_HasStarted
HP_Agent_IsConnected
HP_Agent_IsMarkSilence
HP_Agent_IsPauseReceive
HP_Agent_IsSecure
HP_Agent_PauseReceive
HP_Agent_Send
HP_Agent_SendPackets
HP_Agent_SendPart
HP_Agent_SetConnectionExtra
HP_Agent_SetFreeBufferObjHold
HP_Agent_SetFreeBufferObjPool
HP_Agent_SetFreeSocketObjHold
HP_Agent_SetFreeSocketObjLockTime
HP_Agent_SetFreeSocketObjPool
HP_Agent_SetMarkSilence
HP_Agent_SetMaxConnectionCount
HP_Agent_SetOnSendSyncPolicy
HP_Agent_SetSendPolicy
HP_Agent_SetWorkerThreadCount
HP_Agent_Start
HP_Agent_Stop
HP_Client_GetConnectionID
HP_Client_GetExtra
HP_Client_GetFreeBufferPoolHold
HP_Client_GetFreeBufferPoolSize
HP_Client_GetLastError
HP_Client_GetLastErrorDesc
HP_Client_GetLocalAddress
HP_Client_GetPendingDataLength
HP_Client_GetRemoteHost
HP_Client_GetState
HP_Client_HasStarted
HP_Client_IsConnected
HP_Client_IsPauseReceive
HP_Client_IsSecure
HP_Client_PauseReceive
HP_Client_Send
HP_Client_SendPackets
HP_Client_SendPart
HP_Client_SetExtra
HP_Client_SetFreeBufferPoolHold
HP_Client_SetFreeBufferPoolSize
HP_Client_Start
HP_Client_StartWithBindAddress
HP_Client_StartWithBindAddressAndLocalPort
HP_Client_Stop
HP_GetHPSocketVersion
HP_GetSocketErrorDesc
HP_HttpAgent_GetAllCookies
HP_HttpAgent_GetAllHeaderNames
HP_HttpAgent_GetAllHeaders
HP_HttpAgent_GetContentEncoding
HP_HttpAgent_GetContentLength
HP_HttpAgent_GetContentType
HP_HttpAgent_GetCookie
HP_HttpAgent_GetHeader
HP_HttpAgent_GetHeaders
HP_HttpAgent_GetLocalVersion
HP_HttpAgent_GetParseErrorCode
HP_HttpAgent_GetStatusCode
HP_HttpAgent_GetTransferEncoding
HP_HttpAgent_GetUpgradeType
HP_HttpAgent_GetVersion
HP_HttpAgent_GetWSMessageState
HP_HttpAgent_IsHttpAutoStart
HP_HttpAgent_IsKeepAlive
HP_HttpAgent_IsUpgrade
HP_HttpAgent_IsUseCookie
HP_HttpAgent_SendChunkData
HP_HttpAgent_SendConnect
HP_HttpAgent_SendDelete
HP_HttpAgent_SendGet
HP_HttpAgent_SendHead
HP_HttpAgent_SendLocalFile
HP_HttpAgent_SendOptions
HP_HttpAgent_SendPatch
HP_HttpAgent_SendPost
HP_HttpAgent_SendPut
HP_HttpAgent_SendRequest
HP_HttpAgent_SendTrace
HP_HttpAgent_SendWSMessage
HP_HttpAgent_SetHttpAutoStart
HP_HttpAgent_SetLocalVersion
HP_HttpAgent_SetUseCookie
HP_HttpAgent_StartHttp
HP_HttpClient_GetAllCookies
HP_HttpClient_GetAllHeaderNames
HP_HttpClient_GetAllHeaders
HP_HttpClient_GetContentEncoding
HP_HttpClient_GetContentLength
HP_HttpClient_GetContentType
HP_HttpClient_GetCookie
HP_HttpClient_GetHeader
HP_HttpClient_GetHeaders
HP_HttpClient_GetLocalVersion
HP_HttpClient_GetParseErrorCode
HP_HttpClient_GetStatusCode
HP_HttpClient_GetTransferEncoding
HP_HttpClient_GetUpgradeType
HP_HttpClient_GetVersion
HP_HttpClient_GetWSMessageState
HP_HttpClient_IsHttpAutoStart
HP_HttpClient_IsKeepAlive
HP_HttpClient_IsUpgrade
HP_HttpClient_IsUseCookie
HP_HttpClient_SendChunkData
HP_HttpClient_SendConnect
HP_HttpClient_SendDelete
HP_HttpClient_SendGet
HP_HttpClient_SendHead
HP_HttpClient_SendLocalFile
HP_HttpClient_SendOptions
HP_HttpClient_SendPatch
HP_HttpClient_SendPost
HP_HttpClient_SendPut
HP_HttpClient_SendRequest
HP_HttpClient_SendTrace
HP_HttpClient_SendWSMessage
HP_HttpClient_SetHttpAutoStart
HP_HttpClient_SetLocalVersion
HP_HttpClient_SetUseCookie
HP_HttpClient_StartHttp
HP_HttpCookie_HLP_CurrentUTCTime
HP_HttpCookie_HLP_ExpiresToMaxAge
HP_HttpCookie_HLP_MakeExpiresStr
HP_HttpCookie_HLP_MaxAgeToExpires
HP_HttpCookie_HLP_ParseExpires
HP_HttpCookie_HLP_ToString
HP_HttpCookie_MGR_ClearCookies
HP_HttpCookie_MGR_DeleteCookie
HP_HttpCookie_MGR_IsEnableThirdPartyCookie
HP_HttpCookie_MGR_LoadFromFile
HP_HttpCookie_MGR_RemoveExpiredCookies
HP_HttpCookie_MGR_SaveToFile
HP_HttpCookie_MGR_SetCookie
HP_HttpCookie_MGR_SetEnableThirdPartyCookie
HP_HttpServer_GetAllCookies
HP_HttpServer_GetAllHeaderNames
HP_HttpServer_GetAllHeaders
HP_HttpServer_GetContentEncoding
HP_HttpServer_GetContentLength
HP_HttpServer_GetContentType
HP_HttpServer_GetCookie
HP_HttpServer_GetHeader
HP_HttpServer_GetHeaders
HP_HttpServer_GetHost
HP_HttpServer_GetLocalVersion
HP_HttpServer_GetMethod
HP_HttpServer_GetParseErrorCode
HP_HttpServer_GetReleaseDelay
HP_HttpServer_GetTransferEncoding
HP_HttpServer_GetUpgradeType
HP_HttpServer_GetUrlField
HP_HttpServer_GetUrlFieldSet
HP_HttpServer_GetVersion
HP_HttpServer_GetWSMessageState
HP_HttpServer_IsHttpAutoStart
HP_HttpServer_IsKeepAlive
HP_HttpServer_IsUpgrade
HP_HttpServer_Release
HP_HttpServer_SendChunkData
HP_HttpServer_SendLocalFile
HP_HttpServer_SendResponse
HP_HttpServer_SendWSMessage
HP_HttpServer_SetHttpAutoStart
HP_HttpServer_SetLocalVersion
HP_HttpServer_SetReleaseDelay
HP_HttpServer_StartHttp
HP_HttpSyncClient_CleanupRequestResult
HP_HttpSyncClient_GetConnectTimeout
HP_HttpSyncClient_GetRequestTimeout
HP_HttpSyncClient_GetResponseBody
HP_HttpSyncClient_OpenUrl
HP_HttpSyncClient_SetConnectTimeout
HP_HttpSyncClient_SetRequestTimeout
HP_SSLAgent_CleanupSSLContext
HP_SSLAgent_GetSSLSessionInfo
HP_SSLAgent_IsSSLAutoHandShake
HP_SSLAgent_SetSSLAutoHandShake
HP_SSLAgent_SetupSSLContext
HP_SSLAgent_SetupSSLContextByMemory
HP_SSLAgent_StartSSLHandShake
HP_SSLClient_CleanupSSLContext
HP_SSLClient_GetSSLSessionInfo
HP_SSLClient_IsSSLAutoHandShake
HP_SSLClient_SetSSLAutoHandShake
HP_SSLClient_SetupSSLContext
HP_SSLClient_SetupSSLContextByMemory
HP_SSLClient_StartSSLHandShake
HP_SSLServer_AddSSLContext
HP_SSLServer_AddSSLContextByMemory
HP_SSLServer_BindSSLServerName
HP_SSLServer_CleanupSSLContext
HP_SSLServer_GetSSLSessionInfo
HP_SSLServer_IsSSLAutoHandShake
HP_SSLServer_SetSSLAutoHandShake
HP_SSLServer_SetupSSLContext
HP_SSLServer_SetupSSLContextByMemory
HP_SSLServer_StartSSLHandShake
HP_SSL_DefaultServerNameCallback
HP_SSL_RemoveThreadLocalState
HP_Server_Disconnect
HP_Server_DisconnectLongConnections
HP_Server_DisconnectSilenceConnections
HP_Server_GetAllConnectionIDs
HP_Server_GetConnectPeriod
HP_Server_GetConnectionCount
HP_Server_GetConnectionExtra
HP_Server_GetFreeBufferObjHold
HP_Server_GetFreeBufferObjPool
HP_Server_GetFreeSocketObjHold
HP_Server_GetFreeSocketObjLockTime
HP_Server_GetFreeSocketObjPool
HP_Server_GetLastError
HP_Server_GetLastErrorDesc
HP_Server_GetListenAddress
HP_Server_GetLocalAddress
HP_Server_GetMaxConnectionCount
HP_Server_GetOnSendSyncPolicy
HP_Server_GetPendingDataLength
HP_Server_GetRemoteAddress
HP_Server_GetSendPolicy
HP_Server_GetSilencePeriod
HP_Server_GetState
HP_Server_GetWorkerThreadCount
HP_Server_HasStarted
HP_Server_IsConnected
HP_Server_IsMarkSilence
HP_Server_IsPauseReceive
HP_Server_IsSecure
HP_Server_PauseReceive
HP_Server_Send
HP_Server_SendPackets
HP_Server_SendPart
HP_Server_SetConnectionExtra
HP_Server_SetFreeBufferObjHold
HP_Server_SetFreeBufferObjPool
HP_Server_SetFreeSocketObjHold
HP_Server_SetFreeSocketObjLockTime
HP_Server_SetFreeSocketObjPool
HP_Server_SetMarkSilence
HP_Server_SetMaxConnectionCount
HP_Server_SetOnSendSyncPolicy
HP_Server_SetSendPolicy
HP_Server_SetWorkerThreadCount
HP_Server_Start
HP_Server_Stop
HP_Set_FN_Agent_OnClose
HP_Set_FN_Agent_OnConnect
HP_Set_FN_Agent_OnHandShake
HP_Set_FN_Agent_OnPrepareConnect
HP_Set_FN_Agent_OnPullReceive
HP_Set_FN_Agent_OnReceive
HP_Set_FN_Agent_OnSend
HP_Set_FN_Agent_OnShutdown
HP_Set_FN_Client_OnClose
HP_Set_FN_Client_OnConnect
HP_Set_FN_Client_OnHandShake
HP_Set_FN_Client_OnPrepareConnect
HP_Set_FN_Client_OnPullReceive
HP_Set_FN_Client_OnReceive
HP_Set_FN_Client_OnSend
HP_Set_FN_HttpAgent_OnBody
HP_Set_FN_HttpAgent_OnChunkComplete
HP_Set_FN_HttpAgent_OnChunkHeader
HP_Set_FN_HttpAgent_OnClose
HP_Set_FN_HttpAgent_OnConnect
HP_Set_FN_HttpAgent_OnHandShake
HP_Set_FN_HttpAgent_OnHeader
HP_Set_FN_HttpAgent_OnHeadersComplete
HP_Set_FN_HttpAgent_OnMessageBegin
HP_Set_FN_HttpAgent_OnMessageComplete
HP_Set_FN_HttpAgent_OnParseError
HP_Set_FN_HttpAgent_OnPrepareConnect
HP_Set_FN_HttpAgent_OnReceive
HP_Set_FN_HttpAgent_OnSend
HP_Set_FN_HttpAgent_OnShutdown
HP_Set_FN_HttpAgent_OnStatusLine
HP_Set_FN_HttpAgent_OnUpgrade
HP_Set_FN_HttpAgent_OnWSMessageBody
HP_Set_FN_HttpAgent_OnWSMessageComplete
HP_Set_FN_HttpAgent_OnWSMessageHeader
HP_Set_FN_HttpClient_OnBody
HP_Set_FN_HttpClient_OnChunkComplete
HP_Set_FN_HttpClient_OnChunkHeader
HP_Set_FN_HttpClient_OnClose
HP_Set_FN_HttpClient_OnConnect
HP_Set_FN_HttpClient_OnHandShake
HP_Set_FN_HttpClient_OnHeader
HP_Set_FN_HttpClient_OnHeadersComplete
HP_Set_FN_HttpClient_OnMessageBegin
HP_Set_FN_HttpClient_OnMessageComplete
HP_Set_FN_HttpClient_OnParseError
HP_Set_FN_HttpClient_OnPrepareConnect
HP_Set_FN_HttpClient_OnReceive
HP_Set_FN_HttpClient_OnSend
HP_Set_FN_HttpClient_OnStatusLine
HP_Set_FN_HttpClient_OnUpgrade
HP_Set_FN_HttpClient_OnWSMessageBody
HP_Set_FN_HttpClient_OnWSMessageComplete
HP_Set_FN_HttpClient_OnWSMessageHeader
HP_Set_FN_HttpServer_OnAccept
HP_Set_FN_HttpServer_OnBody
HP_Set_FN_HttpServer_OnChunkComplete
HP_Set_FN_HttpServer_OnChunkHeader
HP_Set_FN_HttpServer_OnClose
HP_Set_FN_HttpServer_OnHandShake
HP_Set_FN_HttpServer_OnHeader
HP_Set_FN_HttpServer_OnHeadersComplete
HP_Set_FN_HttpServer_OnMessageBegin
HP_Set_FN_HttpServer_OnMessageComplete
HP_Set_FN_HttpServer_OnParseError
HP_Set_FN_HttpServer_OnPrepareListen
HP_Set_FN_HttpServer_OnReceive
HP_Set_FN_HttpServer_OnRequestLine
HP_Set_FN_HttpServer_OnSend
HP_Set_FN_HttpServer_OnShutdown
HP_Set_FN_HttpServer_OnUpgrade
HP_Set_FN_HttpServer_OnWSMessageBody
HP_Set_FN_HttpServer_OnWSMessageComplete
HP_Set_FN_HttpServer_OnWSMessageHeader
HP_Set_FN_Server_OnAccept
HP_Set_FN_Server_OnClose
HP_Set_FN_Server_OnHandShake
HP_Set_FN_Server_OnPrepareListen
HP_Set_FN_Server_OnPullReceive
HP_Set_FN_Server_OnReceive
HP_Set_FN_Server_OnSend
HP_Set_FN_Server_OnShutdown
HP_TcpAgent_GetKeepAliveInterval
HP_TcpAgent_GetKeepAliveTime
HP_TcpAgent_GetSocketBufferSize
HP_TcpAgent_IsReuseAddress
HP_TcpAgent_SendSmallFile
HP_TcpAgent_SetKeepAliveInterval
HP_TcpAgent_SetKeepAliveTime
HP_TcpAgent_SetReuseAddress
HP_TcpAgent_SetSocketBufferSize
HP_TcpClient_GetKeepAliveInterval
HP_TcpClient_GetKeepAliveTime
HP_TcpClient_GetSocketBufferSize
HP_TcpClient_SendSmallFile
HP_TcpClient_SetKeepAliveInterval
HP_TcpClient_SetKeepAliveTime
HP_TcpClient_SetSocketBufferSize
HP_TcpPackAgent_GetMaxPackSize
HP_TcpPackAgent_GetPackHeaderFlag
HP_TcpPackAgent_SetMaxPackSize
HP_TcpPackAgent_SetPackHeaderFlag
HP_TcpPackClient_GetMaxPackSize
HP_TcpPackClient_GetPackHeaderFlag
HP_TcpPackClient_SetMaxPackSize
HP_TcpPackClient_SetPackHeaderFlag
HP_TcpPackServer_GetMaxPackSize
HP_TcpPackServer_GetPackHeaderFlag
HP_TcpPackServer_SetMaxPackSize
HP_TcpPackServer_SetPackHeaderFlag
HP_TcpPullAgent_Fetch
HP_TcpPullAgent_Peek
HP_TcpPullClient_Fetch
HP_TcpPullClient_Peek
HP_TcpPullServer_Fetch
HP_TcpPullServer_Peek
HP_TcpServer_GetAcceptSocketCount
HP_TcpServer_GetKeepAliveInterval
HP_TcpServer_GetKeepAliveTime
HP_TcpServer_GetSocketBufferSize
HP_TcpServer_GetSocketListenQueue
HP_TcpServer_SendSmallFile

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
网易云游戏多开器/RapidJSON.dll
.dll windows:5 windows x86

15f588b88914dd29bd3be717b4ff369d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
HeapReAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW

Exports

Exports

rapidjson_create_value_by_pointer
rapidjson_create_value_by_pointer_string
rapidjson_docment_create
rapidjson_docment_destory
rapidjson_docment_get_allocator
rapidjson_docment_get_error_offset
rapidjson_docment_get_parse_error
rapidjson_docment_parse
rapidjson_docment_parse_insitu
rapidjson_docment_swap
rapidjson_get_value_by_pointer
rapidjson_get_value_by_pointer_string
rapidjson_get_value_by_pointer_with_default
rapidjson_get_value_by_pointer_with_default_string
rapidjson_pointer_append
rapidjson_pointer_create
rapidjson_pointer_create_value
rapidjson_pointer_create_value2
rapidjson_pointer_destory
rapidjson_pointer_erase
rapidjson_pointer_get
rapidjson_pointer_get_parse_error_code
rapidjson_pointer_get_parse_error_offset
rapidjson_pointer_get_token_count
rapidjson_pointer_get_tokens
rapidjson_pointer_get_with_default
rapidjson_pointer_get_with_default_bool
rapidjson_pointer_get_with_default_double
rapidjson_pointer_get_with_default_float
rapidjson_pointer_get_with_default_int
rapidjson_pointer_get_with_default_int64
rapidjson_pointer_get_with_default_string
rapidjson_pointer_get_with_default_uint
rapidjson_pointer_get_with_default_uint64
rapidjson_pointer_isvalid
rapidjson_pointer_set
rapidjson_pointer_set_bool
rapidjson_pointer_set_double
rapidjson_pointer_set_float
rapidjson_pointer_set_int
rapidjson_pointer_set_int64
rapidjson_pointer_set_string
rapidjson_pointer_set_uint
rapidjson_pointer_set_uint64
rapidjson_pointer_stringify
rapidjson_pointer_stringify_uri_fragment
rapidjson_pointer_swap
rapidjson_set_value_by_pointer
rapidjson_set_value_by_pointer_string
rapidjson_string_buffer_clear
rapidjson_string_buffer_create
rapidjson_string_buffer_destory
rapidjson_string_buffer_flush
rapidjson_string_buffer_get_length
rapidjson_string_buffer_get_size
rapidjson_string_buffer_get_string
rapidjson_string_buffer_pop
rapidjson_string_buffer_push
rapidjson_string_buffer_pushunsafe
rapidjson_string_buffer_put
rapidjson_string_buffer_putunsafe
rapidjson_string_buffer_reserve
rapidjson_string_buffer_shrink_to_fit
rapidjson_swap_value_by_pointer
rapidjson_swap_value_by_pointer_string
rapidjson_value_accept
rapidjson_value_add_member
rapidjson_value_add_member_array
rapidjson_value_add_member_bool
rapidjson_value_add_member_double
rapidjson_value_add_member_float
rapidjson_value_add_member_int
rapidjson_value_add_member_int64
rapidjson_value_add_member_null
rapidjson_value_add_member_object
rapidjson_value_add_member_string
rapidjson_value_clear
rapidjson_value_copy
rapidjson_value_create
rapidjson_value_destory
rapidjson_value_erase
rapidjson_value_erase_member
rapidjson_value_find_member
rapidjson_value_get_at
rapidjson_value_get_bool
rapidjson_value_get_capacity
rapidjson_value_get_double
rapidjson_value_get_float
rapidjson_value_get_int
rapidjson_value_get_int64
rapidjson_value_get_member_capacity
rapidjson_value_get_member_count
rapidjson_value_get_members
rapidjson_value_get_size
rapidjson_value_get_string
rapidjson_value_get_string_length
rapidjson_value_get_type
rapidjson_value_get_values
rapidjson_value_has_member
rapidjson_value_is_array
rapidjson_value_is_bool
rapidjson_value_is_double
rapidjson_value_is_empty
rapidjson_value_is_false
rapidjson_value_is_float
rapidjson_value_is_int
rapidjson_value_is_int64
rapidjson_value_is_lossless_double
rapidjson_value_is_lossless_float
rapidjson_value_is_null
rapidjson_value_is_number
rapidjson_value_is_object
rapidjson_value_is_object_empty
rapidjson_value_is_string
rapidjson_value_is_true
rapidjson_value_is_uint
rapidjson_value_is_uint64
rapidjson_value_popback
rapidjson_value_pushback
rapidjson_value_pushback_array
rapidjson_value_pushback_bool
rapidjson_value_pushback_double
rapidjson_value_pushback_float
rapidjson_value_pushback_int
rapidjson_value_pushback_int64
rapidjson_value_pushback_null
rapidjson_value_pushback_object
rapidjson_value_pushback_string
rapidjson_value_remove_all_members
rapidjson_value_remove_member
rapidjson_value_set_array
rapidjson_value_set_bool
rapidjson_value_set_double
rapidjson_value_set_float
rapidjson_value_set_int
rapidjson_value_set_int64
rapidjson_value_set_null
rapidjson_value_set_object
rapidjson_value_set_string
rapidjson_value_swap
rapidjson_writer_bool
rapidjson_writer_create
rapidjson_writer_destory
rapidjson_writer_double
rapidjson_writer_endarray
rapidjson_writer_endobject
rapidjson_writer_flush
rapidjson_writer_get_max_decimal_places
rapidjson_writer_int
rapidjson_writer_int64
rapidjson_writer_is_complete
rapidjson_writer_key
rapidjson_writer_null
rapidjson_writer_rawnumber
rapidjson_writer_rawvalue
rapidjson_writer_reset
rapidjson_writer_set_max_decimal_places
rapidjson_writer_startarray
rapidjson_writer_startobject
rapidjson_writer_string
rapidjson_writer_uint
rapidjson_writer_uint64

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
网易云游戏多开器/list.edb
网易云游戏多开器/注意.txt
网易云游戏多开器/网易云游戏多开登录器.exe
.exe windows:4 windows x86

7ce02a888644192331ef07ae3573a367

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA
waveOutRestart
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiOutUnprepareHeader

ws2_32

ntohl
getsockname
ntohs
__WSAFDIsSet
accept
getpeername
listen
recv
ioctlsocket
recvfrom
sendto
socket
htonl
bind
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
inet_addr
gethostname
connect

kernel32

SuspendThread
InterlockedDecrement
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReleaseMutex
CreateMutexA
TerminateThread
GetVersion
GetTimeZoneInformation
SetLastError
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
MoveFileA
DeleteFileA
CopyFileA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedExchange
InterlockedIncrement

user32

SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetClassLongA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
EndPaint
BeginPaint
CharUpperA
GetWindowTextLengthA
GetDlgItem
GetClassNameA
GetDesktopWindow
UnregisterHotKey
RegisterHotKey
CreateWindowExA
GetNextDlgTabItem
GetWindowTextA
SetWindowTextA
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
GetTabbedTextExtentA
DrawStateA
GrayStringA
TabbedTextOutA
WindowFromDC
EnumChildWindows
GetWindowDC
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
FrameRect
GetPropA
MoveWindow
CallWindowProcA
SetPropA
DrawTextA
GetCursor
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
ScrollWindowEx
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
ReleaseCapture
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
CreateMenu
SetMenu
UnregisterClassA

gdi32

FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreatePatternBrush
CreateBitmap
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateSolidBrush
CreateFontIndirectA
ExtSelectClipRgn
GetViewportExtEx
GetTextMetricsA
TranslateCharsetInfo
CreateFontA
SetDIBitsToDevice
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
SetTextColor
SetBkMode
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
GetDeviceCaps
GetTextExtentPoint32A
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
SetROP2
SetPolyFillMode
RoundRect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn

msimg32

GradientFill

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

advapi32

RegCreateKeyExA
RegQueryValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA
DragQueryFileA
DragFinish
DragAcceptFiles

ole32

CLSIDFromString
OleUninitialize
OleInitialize
CoCreateInstance
OleRun
CLSIDFromProgID

oleaut32

SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
VariantClear
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData

odbc32

ord10
ord18
ord13
ord61
ord16
ord5
ord4
ord48
ord49
ord20
ord17
ord59
ord8
ord44
ord46
ord68
ord43
ord41
ord2
ord1
ord23
ord50
ord45
ord51
ord15
ord9
ord14
ord11
ord3
ord19
ord72
ord12

comctl32

ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_AddMasked
_TrackMouseEvent
ImageList_Draw
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_Read
ord17

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网易云游戏多开器/网易多开器使用说明.png
.png
网易云游戏多开器/谷歌浏览器ChromeSetup.exe
.exe windows:5 windows x86

7e2f200a9ecaa7ee1d0f7298f297d727

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:78:64:ad:83:d1:0a:df:74:12:91:dc:08:71:32:3c:fe:36:c1:8a:24:78:a7:7e:57:39:21:94:6b:41:9e:21
Signer

Actual PE Digest

5d:78:64:ad:83:d1:0a:df:74:12:91:dc:08:71:32:3c:fe:36:c1:8a:24:78:a7:7e:57:39:21:94:6b:41:9e:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
OutputDebugStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadFile
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
SetFilePointer
VirtualQuery
CreateDirectoryW
SizeofResource
RemoveDirectoryW
GetEnvironmentVariableW
GetTempPathW
FormatMessageW
GetFileAttributesExW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
LocalFree
VerSetConditionMask
CopyFileW
VerifyVersionInfoW
GetTempFileNameW
lstrcmpiW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

shlwapi

PathAppendW
PathCanonicalizeW
PathQuoteSpacesW

ole32

CoUninitialize
CoInitializeEx

shell32

ord680
SHGetFolderPathW

user32

MessageBoxW
CharLowerBuffW

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
网易云游戏多开器/配置.ini

Sharing

General

Malware Config

Signatures

Files

4bb510d708fb7470d7a52eba38dc482f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

winmm

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 540KB - Virtual size: 540KB

.data Size: 28KB - Virtual size: 47KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 101KB - Virtual size: 100KB

15f588b88914dd29bd3be717b4ff369d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

7ce02a888644192331ef07ae3573a367

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 132KB - Virtual size: 493KB

.rsrc Size: 44KB - Virtual size: 40KB

7e2f200a9ecaa7ee1d0f7298f297d727

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5Certificate

Extended Key Usages

Key Usages

01Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 540KB - Virtual size: 540KB

.data
Size: 28KB - Virtual size: 47KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 101KB - Virtual size: 100KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 132KB - Virtual size: 493KB

.rsrc
Size: 44KB - Virtual size: 40KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

01
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5d:78:64:ad:83:d1:0a:df:74:12:91:dc:08:71:32:3c:fe:36:c1:8a:24:78:a7:7e:57:39:21:94:6b:41:9e:21
Signer

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 4KB