Shadowsocks-4[.]1[.]6[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Shadowsocks-4.1.6.rar
Size

7.6MB
MD5

d7a4b5a6e33a526b2341ed3d19af966d
SHA1

df40b246de25a77055e526312606fed16614d43c
SHA256

34da03684e06065451a4f3e9d64b98980985904f4f6883000c411a9b5507b62e
SHA512

c312e99b404f944caad1e0035d6ff5194dadb0f21b8ea5fd33665d7c62d89453ccf4ad0fa297ecd5e2fdee999d4dfc9bfbdf2fd95e6f4f0aab3e6e139007ed47
SSDEEP

196608:FUGj7cVZSNMfx5iS81mBlPuFuY4Q7+noIs7AHbVUW:FJUVu+bYUsFurnOLW

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Shadowsocks-4.1.6/Shadowsocks.exe
unpack001/Shadowsocks-4.1.6/libwinpthread-1.dll
unpack001/Shadowsocks-4.1.6/obfs-local.exe
unpack002/libwinpthread-1.dll
unpack002/obfs-local.exe
unpack003/Shadowsocks.exe
unpack004/Shadowsocks.exe
unpack001/Shadowsocks-4.1.6/ss_win_temp/libsscrypto.dll
unpack001/Shadowsocks-4.1.6/ss_win_temp/ss_privoxy.exe
unpack001/Shadowsocks-4.1.6/ss_win_temp/sysproxy.exe

Files

Shadowsocks-4.1.6.rar
.rar
Shadowsocks-4.1.6/Shadowsocks.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/gui-config.json
Shadowsocks-4.1.6/libwinpthread-1.dll
.dll windows:4 windows x64 arch:x64

72491fa5a641cd17744506e0613db9e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__C_specific_handler
__dllonexit
__iob_func
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_lock
_onexit
_setjmp
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memmove
memset
printf
realloc
signal
strlen
strncmp
vfprintf
longjmp

Exports

Exports

__pth_gpointer_locked
__pthread_clock_nanosleep
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
clock_getres
clock_gettime
clock_nanosleep
clock_settime
nanosleep
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/obfs-local.exe
.exe windows:4 windows x64 arch:x64

add7d20276f74efa6b4704cd9d0126cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LocalFree
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__argv
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_exit
_fmode
_get_osfhandle
_initterm
_isctype
_localtime64
_lock
_onexit
_open_osfhandle
_stat64
_strnicmp
_time64
_unlock
_vsnprintf
abort
atoi
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fread
free
fseek
ftell
fwprintf
fwrite
getenv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putchar
puts
raise
rand
realloc
signal
sprintf
srand
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strspn
strtok
tolower
vfprintf
wcscpy
_snwprintf
_strdup
_dup2
_close

libwinpthread-1

clock_gettime
pthread_getspecific
pthread_key_create
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

user32

MessageBoxW

ws2_32

WSAAddressToStringA
WSACleanup
WSAGetLastError
WSARecv
WSASend
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
htonl
htons
ioctlsocket
listen
recv
select
send
setsockopt
socket

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/obfs-local.zip
.zip
libwinpthread-1.dll
.dll windows:4 windows x64 arch:x64

72491fa5a641cd17744506e0613db9e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__C_specific_handler
__dllonexit
__iob_func
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_lock
_onexit
_setjmp
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memmove
memset
printf
realloc
signal
strlen
strncmp
vfprintf
longjmp

Exports

Exports

__pth_gpointer_locked
__pthread_clock_nanosleep
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
clock_getres
clock_gettime
clock_nanosleep
clock_settime
nanosleep
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
obfs-local.exe
.exe windows:4 windows x64 arch:x64

add7d20276f74efa6b4704cd9d0126cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LocalFree
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__argv
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_exit
_fmode
_get_osfhandle
_initterm
_isctype
_localtime64
_lock
_onexit
_open_osfhandle
_stat64
_strnicmp
_time64
_unlock
_vsnprintf
abort
atoi
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fread
free
fseek
ftell
fwprintf
fwrite
getenv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putchar
puts
raise
rand
realloc
signal
sprintf
srand
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strspn
strtok
tolower
vfprintf
wcscpy
_snwprintf
_strdup
_dup2
_close

libwinpthread-1

clock_gettime
pthread_getspecific
pthread_key_create
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

user32

MessageBoxW

ws2_32

WSAAddressToStringA
WSACleanup
WSAGetLastError
WSARecv
WSASend
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
htonl
htons
ioctlsocket
listen
recv
select
send
setsockopt
socket

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/pac.txt
.js
Shadowsocks-4.1.6/ss_win_temp/Shadowsocks-4.1.7.1.zip
.zip
Shadowsocks.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/ss_win_temp/Shadowsocks-4.1.7.zip
.zip
Shadowsocks.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/ss_win_temp/libsscrypto.dll
.dll windows:6 windows x86 arch:x86

dace1149051a6f7b92d15fb6b418c89b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
CloseHandle
ReadFile
GetConsoleMode
ReadConsoleW
CompareStringW
LCMapStringW
GetStdHandle
GetFileType
GetACP
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
TlsFree
GetProcessHeap
SetConsoleCtrlHandler
GetStringTypeW
CreateFileW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
SetFilePointerEx
HeapSize
HeapReAlloc
SetEndOfFile
WriteConsoleW
DecodePointer
RaiseException
TlsSetValue
GetSystemInfo
InitializeCriticalSection
Sleep
DeleteFiber
GetTickCount
GlobalMemoryStatus
ConvertFiberToThread
LoadLibraryA
LoadLibraryW
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
InterlockedFlushSList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

CryptSetHashParam
DeregisterEventSource
RegisterEventSourceW
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
ReportEventW
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
SystemFunction036

ws2_32

recv
send
WSASetLastError
WSACleanup
closesocket
WSAGetLastError

crypt32

CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Exports

Exports

EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_reset
EVP_CIPHER_CTX_set_key_length
EVP_CIPHER_CTX_set_padding
EVP_CipherFinal_ex
EVP_CipherInit_ex
EVP_CipherUpdate
EVP_get_cipherbyname
cipher_auth_decrypt
cipher_auth_encrypt
cipher_free
cipher_get_size_ex
cipher_info_from_string
cipher_init
cipher_reset
cipher_set_iv
cipher_setkey
cipher_setup
cipher_update
crypto_aead_aes256gcm_decrypt
crypto_aead_aes256gcm_encrypt
crypto_aead_aes256gcm_is_available
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_aead_xchacha20poly1305_ietf_decrypt
crypto_aead_xchacha20poly1305_ietf_encrypt
crypto_stream_chacha20_ietf_xor_ic
crypto_stream_chacha20_xor_ic
crypto_stream_salsa20_xor_ic
hkdf
md5_ret
sodium_increment
sodium_init

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/ss_win_temp/privoxy_1983382122.conf
Shadowsocks-4.1.6/ss_win_temp/privoxy_615854347.conf
Shadowsocks-4.1.6/ss_win_temp/privoxy_934013683.conf
Shadowsocks-4.1.6/ss_win_temp/shadowsocks.log
Shadowsocks-4.1.6/ss_win_temp/ss_privoxy.exe
.exe windows:4 windows x86 arch:x86

2d62bd63a553a6c4e2fc62fbdd07262c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

DeleteObject
GetStockObject

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFullPathNameA
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetCurrentDirectoryA
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__argc
__argv
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_access
_fmode
_initterm
_iob
_lock
_onexit
_putenv
_setjmp3
_snwprintf
_stat
_strdup
_stricmp
_strnicmp
_ultoa
_tzset
_unlock
_vsnprintf
time
mktime
localtime
gmtime
atoi
abort
calloc
exit
fclose
fgets
fopen
fprintf
fputs
fread
free
fseek
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
puts
raise
rand
realloc
setbuf
signal
sprintf
srand
sscanf
strchr
strcmp
strcpy
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strstr
strtol
tolower
toupper
ungetc
vfprintf
wcscpy
wcstombs

shell32

ShellExecuteA
Shell_NotifyIconA

user32

CallWindowProcA
CheckMenuItem
ClientToScreen
CreateWindowExA
DefWindowProcA
DestroyMenu
DestroyWindow
DispatchMessageA
EnableMenuItem
GetClientRect
GetCursorPos
GetKeyState
GetMessageA
GetSubMenu
GetWindowLongA
GetWindowTextLengthA
KillTimer
LoadIconA
LoadMenuA
MessageBoxA
MessageBoxW
PostMessageA
PostQuitMessage
RegisterClassA
RegisterClassExA
RegisterWindowMessageA
SendMessageA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
ShowWindow
TrackPopupMenu
TranslateMessage
UpdateWindow

ws2_32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getsockname
getsockopt
htonl
inet_addr
listen
recv
select
send
setsockopt
socket

Exports

Exports

Argc
Argv
CanSystemSupportServices
CreateTrayWindow
EditFile
InitLogWindow
InitWin32
LogPutString
LogShowActivity
OnLogCommand
OnLogInitMenu
OnLogRButtonUp
OnLogTimer
ShowLogWindow
TermLogWindow
TrayAddIcon
TrayDeleteIcon
TraySetIcon
WinMain@16
__mon_yday
__pth_gpointer_locked
__pthread_clock_nanosleep
__pthread_shallcancel
__xl_f
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_setnobreak
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
accept_connection
acl_addr
actions_to_html
actions_to_line_of_text
actions_to_text
add_help_link
add_loader
add_to_iob
adler32
adler32_combine
adler32_combine64
adler32_z
alloc_http_response
any_loaded_file_changed
bRunAsService
bind_port
bindup
block_acl
block_url
buf_free
cgi_default
cgi_edit_actions
cgi_edit_actions_add_url
cgi_edit_actions_add_url_form
cgi_edit_actions_for_url
cgi_edit_actions_list
cgi_edit_actions_remove_url
cgi_edit_actions_remove_url_form
cgi_edit_actions_section_add
cgi_edit_actions_section_remove
cgi_edit_actions_section_swap
cgi_edit_actions_submit
cgi_edit_actions_url
cgi_edit_actions_url_form
cgi_error_404
cgi_error_bad_param
cgi_error_disabled
cgi_error_file
cgi_error_file_read_only
cgi_error_memory
cgi_error_modified
cgi_error_no_template
cgi_error_parse
cgi_error_unknown
cgi_init_error_messages
cgi_redirect
cgi_robots_txt
cgi_send_banner
cgi_send_default_favicon
cgi_send_error_favicon
cgi_send_stylesheet
cgi_send_url_info_osd
cgi_send_user_manual
cgi_show_client_tags
cgi_show_request
cgi_show_status
cgi_show_url_info
cgi_toggle
cgi_toggle_client_tag
cgi_transparent_image
check_file_changed
check_negative_tag_patterns
chomp
clear_iob
client_has_requested_tag
client_tag_match
client_tags_mutex
client_transfer_encoding
clients
close_socket
close_unusable_connections
compile_dynamic_pcrs_job_list
cond_print
cond_print_set
configfile
connect_port_is_forbidden
connect_to
connection_destination_matches
connection_reuse_mutex
content_filters_enabled
content_requires_filtering
copy_action
crc32
crc32_combine
crc32_combine64
crc32_z
create_pattern_spec
current_action_to_html
daemon_mode
data_is_available
debug_level_is_enabled
decompress_iob
default_exports
destroy_list
direct_response
disable_client_specific_tag
disable_logging
dispatch_cgi
do_sema_b_wait_intern
drain_and_close_socket
dump_map
edit_free_file
edit_parse_actions_file
edit_read_actions_file
edit_read_file
edit_read_line
edit_write_file
enable_client_specific_tag
enlist
enlist_first
enlist_unique
enlist_unique_header
error_response
execute_content_filters
files
filters_available
finish_http_response
flush_iob
forget_connection
forward_url
forwarded_connect
free_action
free_action_spec
free_alias_list
free_csp_resources
free_current_action
free_http_request
free_http_response
free_map
free_pattern_spec
g_bCloseHidesWindow
g_bHighlightMessages
g_bLimitBufferSize
g_bLogMessages
g_bShowActivityAnimation
g_bShowLogWindow
g_bShowOnTaskBar
g_default_actions_file
g_default_filterfile
g_hInstance
g_hiconApp
g_hwndLogFrame
g_nCmdShow
g_nFontSize
g_nMaxBufferLines
g_szFontFaceName
g_trustfile
g_user_actions_file
g_user_filterfile
gai_strerrorA
gai_strerrorW
get_action_token
get_actions
get_char_param
get_crc_table
get_destination_from_headers
get_expected_content_length
get_filter
get_header
get_header_value
get_host_information
get_http_time
get_last_url
get_next_tag_timeout_for_client
get_number_param
get_string_param
get_tag_list_for_client
get_url_actions
gif_deanimate
global_toggle_state
gmtime_mutex
hash_string
html_encode
html_encode_and_free_original
image_blank_data
image_blank_length
image_pattern_data
image_pattern_length
inflate
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
inflate_copyright
inflate_fast
inflate_table
init_action
init_current_action
init_domain_components
init_error_log
init_list
init_log_module
initialize_reusable_connections
install_service
is_imageurl
is_untrusted_url
jb_err_to_string
list_append_list_unique
list_contains_item
list_duplicate
list_is_empty
list_remove_all
list_remove_item
list_remove_list
list_to_text
load_action_files
load_config
load_re_filterfiles
load_trustfile
localtime_mutex
log_error
log_init_mutex
log_mutex
lookup
make_menu
make_path
malloc_or_die
map
map_block_keep
map_block_killer
map_conditional
mark_connection_closed
match_portlist
merge_actions
merge_current_action
nanosleep
new_map
parse_forwarder_address
parse_http_request
parse_http_url
pcre_compile
pcre_copy_substring
pcre_exec
pcre_free
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_substring
pcre_get_substring_list
pcre_info
pcre_maketables
pcre_malloc
pcre_study
pcre_version
pcrs_compile
pcrs_compile_command
pcrs_compile_dynamic_command
pcrs_execute
pcrs_execute_list
pcrs_execute_single_command
pcrs_free_job
pcrs_free_joblist
pcrs_get_delimiter
pcrs_job_is_dynamic
pcrs_strerror
percent_encode_url
pick_from_range
privoxy_millisleep
privoxy_mutex_lock
privoxy_mutex_unlock
privoxy_strlcat
privoxy_strlcpy
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_delay_np_ms
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
rand_mutex
read_config_line
read_socket
real_main
redirect_url
regcomp
regerror
regexec
regfree
remember_connection
requested_tags
resolve_hostname_to_ip
resolver_mutex
rewrite_url
run_loader
rwl_print
rwl_print_set
save_connection_destination
sed
set_client_address
set_debug_level
show_version
simple_read_line
socket_is_still_alive
ssplit
strclean
strcmpic
strdup_or_die
string_append
string_join
string_move
string_toupper
strncmpic
strptime
sweep
szThisServiceName
template_fill
template_fill_for_cgi
template_load
thread_print
thread_print_set
timegm
trust_url
uninstall_service
unload_actions_file
unload_forward_spec
unmap
update_action_bits_for_tag
update_server_headers
url_decode
url_encode
url_match
url_requires_percent_encoding
urls_read
urls_rejected
w32ServiceDispatchTable
w32_close_service_handle
w32_create_service
w32_delete_service
w32_open_sc_manager
w32_open_service
w32_query_service_config
w32_register_service_ctrl_handler
w32_service_exit_notify
w32_service_listen_loop
w32_set_service_cwd
w32_set_service_status
w32_start_service_ctrl_dispatcher
win32_blurb
write_socket
write_socket_delayed
xtoi
zError
z_errmsg
zalloc
zalloc_or_die
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/ss_win_temp/sysproxy.exe
.exe windows:6 windows x64 arch:x64

fab070037efad15d6ea85ef3c8fe31a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
FormatMessageW
GetLastError
GlobalFree
HeapAlloc
GetProcessHeap
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
SetStdHandle
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

rasapi32

RasEnumEntriesW

wininet

InternetQueryOptionW
InternetSetOptionW

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shadowsocks-4.1.6/ss_win_temp/user-wininet.json
Shadowsocks-4.1.6/statistics-config.json

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 12B

72491fa5a641cd17744506e0613db9e1

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 160B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 2KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 92B

add7d20276f74efa6b4704cd9d0126cb

Headers

File Characteristics

Imports

kernel32

msvcrt

libwinpthread-1

user32

ws2_32

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 1024B - Virtual size: 944B

.rdata Size: 13KB - Virtual size: 13KB

.pdata Size: 7KB - Virtual size: 7KB

.xdata Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 116KB - Virtual size: 116KB

/31 Size: 17KB - Virtual size: 16KB

/45 Size: 18KB - Virtual size: 17KB

/57 Size: 9KB - Virtual size: 9KB

/70 Size: 2KB - Virtual size: 1KB

/81 Size: 69KB - Virtual size: 68KB

/92 Size: 9KB - Virtual size: 8KB

72491fa5a641cd17744506e0613db9e1

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 160B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 2KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 160B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 92B

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 1024B - Virtual size: 944B

.rdata
Size: 13KB - Virtual size: 13KB

.pdata
Size: 7KB - Virtual size: 7KB

.xdata
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 116KB - Virtual size: 116KB

/31
Size: 17KB - Virtual size: 16KB

/45
Size: 18KB - Virtual size: 17KB

/57
Size: 9KB - Virtual size: 9KB

/70
Size: 2KB - Virtual size: 1KB

/81
Size: 69KB - Virtual size: 68KB

/92
Size: 9KB - Virtual size: 8KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 160B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 92B

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 1024B - Virtual size: 944B

.rdata
Size: 13KB - Virtual size: 13KB

.pdata
Size: 7KB - Virtual size: 7KB

.xdata
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 116KB - Virtual size: 116KB

/31
Size: 17KB - Virtual size: 16KB

/45
Size: 18KB - Virtual size: 17KB

/57
Size: 9KB - Virtual size: 9KB

/70
Size: 2KB - Virtual size: 1KB

/81
Size: 69KB - Virtual size: 68KB

/92
Size: 9KB - Virtual size: 8KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 329KB - Virtual size: 328KB

.data
Size: 20KB - Virtual size: 39KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 41KB - Virtual size: 41KB